Control Structure Analysis and Recovery of Embedded Binaries

Existing decompilers use rule-based algorithms to transform unstructured Control flow graph (CFG) into equivalent high-level programming language constructs with "goto" statements. One problem of such approaches is that they generate a large number of "goto"s in the output code, which reduce the readability and hinder the understanding of input binaries. A global search algorithm is proposed based on structural analysis. This algorithm restructures a CFG and generates fewer number of "goto" statements than the rule-based algorithm does. We also present a Genetic algorithm (GA) for the global search approach to locate near optimal solutions for large CFGs. Evaluation results on a set of real CFGs show that the genetic algorithm-based heuristic for global search is capable of finding high-quality solutions.