Skip to main content

Pinky: A Modern Malware-Oriented Dynamic Information Retrieval Tool

  • Conference paper
  • First Online:
Innovative Security Solutions for Information Technology and Communications (SecITC 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14534))

  • 129 Accesses

Abstract

We present here a reverse engineering tool that can be used for information retrieval and anti-malware techniques. Our main contribution is the design and implementation of an instrumentation framework aimed at providing insight on the emulation process. Sample emulation is achieved via translation of the binary code to an intermediate representation followed by compilation and execution. The design makes this a versatile tool that can be used for multiple task such as information retrieval, reverse engineering, debugging, and integration with anti-malware products.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Alberitin, A.: Corkami PE files corpus (2015). https://code.google.com/archive/p/corkami/wikis/PE.wiki. https://github.com/corkami/pocs/tree/master/PE. Accessed 17 Apr 2020

  2. Beauchamp, T., Weston, D.: Dtrace: the reverse engineer’s unexpected swiss army knife. Blackhat Europe (2008)

    Google Scholar 

  3. Bebenita, M., Chang, M., Wagner, G., Gal, A., Wimmer, C., Franz, M.: Trace-based compilation in execution environments without interpreters. In: Proceedings of the 8th International Conference on the Principles and Practice of Programming in Java, pp. 59–68 (2010)

    Google Scholar 

  4. Bellard, F.: Qemu, a fast and portable dynamic translator. In: USENIX Annual Technical Conference, FREENIX Track, vol. 41, p. 46 (2005)

    Google Scholar 

  5. Blaauw, G.A., Brooks Jr, F.P.: Computer Architecture: Concepts and Evolution. Addison-Wesley Longman Publishing Co., Inc. (1997)

    Google Scholar 

  6. Cifuentes, C., Van Emmerik, M.: UQBT: adaptable binary translation at low cost. Computer 33(3), 60–66 (2000)

    Article  Google Scholar 

  7. Golub, G.H., Van Loan, C.F.: Matrix Computations, vol. 3. JHU Press, Baltimore (2012)

    Google Scholar 

  8. Gregg, B., Mauro, J.: DTrace: Dynamic Tracing in Oracle Solaris, Mac OS X, and FreeBSD. Prentice Hall Professional (2011)

    Google Scholar 

  9. Hartmann, T., Noll, A., Gross, T.: Efficient code management for dynamic multi-tiered compilation systems. In: Proceedings of the 2014 International Conference on Principles and Practices of Programming on the Java Platform: Virtual machines, Languages, and Tools, pp. 51–62 (2014)

    Google Scholar 

  10. Henderson, A., et al.: Make it work, make it right, make it fast: building a platform-neutral whole-system dynamic binary analysis platform. In: Proceedings of the 2014 International Symposium on Software Testing and Analysis, pp. 248–258 (2014)

    Google Scholar 

  11. Intel: Intel® 64 and IA-32 architectures software developer’s manual. Intel (2019)

    Google Scholar 

  12. Jamil, T.: RISC versus CISC. IEEE Potentials 14(3), 13–16 (1995)

    Article  Google Scholar 

  13. Kobalicek, P.: asmjit-complete x86/x64 JIT assembler for C++ language (2011)

    Google Scholar 

  14. Lawton, K.P.: Bochs: a portable PC emulator for Unix/X. Linux J. 1996(29es), 7 (1996)

    Google Scholar 

  15. Lu, H.: ELF: from the programmer’s perspective (1995)

    Google Scholar 

  16. McDougall, R., Mauro, J., Gregg, B.: Solaris Performance and Tools: DTrace and MDB Techniques for Solaris 10 and OpenSolaris. Prentice Hall, Hoboken (2006)

    Google Scholar 

  17. Nethercote, N.: Dynamic binary analysis and instrumentation. Technical report, University of Cambridge, Computer Laboratory (2004)

    Google Scholar 

  18. Nethercote, N., Seward, J.: Valgrind: a framework for heavyweight dynamic binary instrumentation. ACM SIGPLAN Not. 42(6), 89–100 (2007)

    Article  Google Scholar 

  19. Null, L., Lobur, J.: The Essentials of Computer Organization and Architecture. Jones & Bartlett Publishers, Burlington (2014)

    Google Scholar 

  20. O’Callahan, R., Jones, C., Froyd, N., Huey, K., Noll, A., Partush, N.: Engineering record and replay for deployability. In: 2017 USENIX Annual Technical Conference (USENIX ATC 2017), pp. 377–389 (2017)

    Google Scholar 

  21. Pietrek, M.: Peering inside the PE: a tour of the Win32 (R) portable executable file format. Microsoft Syst. J.-US Edition 9(3), 15–38 (1994)

    Google Scholar 

  22. Shapiro, R., Bratus, S., Smith, S.W.: “Weird machines” in ELF: a spotlight on the underappreciated metadata. In: Presented as part of the 7th USENIX Workshop on Offensive Technologies (2013)

    Google Scholar 

  23. Thampi, V.: Udis86: disassembler library for x86 and x86-64 (2009)

    Google Scholar 

  24. Troger, J., Cifuentes, C.: Analysis of virtual method invocation for binary translation. In: Ninth Working Conference on Reverse Engineering, 2002 Proceedings, pp. 65–74. IEEE (2002)

    Google Scholar 

  25. Ung, D., Cifuentes, C.: Dynamic binary translation using run-time feedbacks. Sci. Comput. Program. 60(2), 189–204 (2006)

    Article  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Paul Irofti .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Irofti, P. (2024). Pinky: A Modern Malware-Oriented Dynamic Information Retrieval Tool. In: Manulis, M., Maimuţ, D., Teşeleanu, G. (eds) Innovative Security Solutions for Information Technology and Communications. SecITC 2023. Lecture Notes in Computer Science, vol 14534. Springer, Cham. https://doi.org/10.1007/978-3-031-52947-4_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-52947-4_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-52946-7

  • Online ISBN: 978-3-031-52947-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics