This Briefing presents our research on parser differentials for the PE format. We defined a custom language to write "formal models" of various PE loaders, for different versions of Windows and reverse-engineering tools. We then built a framework that, using these models, can perform a number of analyses that aid reverse-engineering tasks....
By: Dario Nisi, Mariano Graziano, Yanick Fratantonio & Davide Balzarotti
Full Abstract & Presentation Materials: [ Ссылка ]
