Compiler-Agnostic Function Detection in Binaries

Our function detector is now available open source. Clone the repository as follows:

git clone https://bitbucket.org/vusec/nucleus.git

The paper describing the tool is available here, and will be presented at EuroS&P, April 26-28 2017.

Usage

To reproduce the configuration from our paper and output a list of function addresses and sizes, use:

nucleus -d linear -f -e <binary>

To generate an IDA Python script that can import our function detection results into IDA, use:

nucleus -d linear -i idafuncs.py -e <binary>

Acknowledgements

This work was supported by the Netherlands Organisation for Scientific Research through grant NWO 639.023.309 VICI “Dowsing” project. The public artifacts reflect only the authors’ view. The funding agencies are not responsible for any use that may be made of the information they contain.

Systems and Network Security Group at VU Amsterdam