unstrip is a library fingerprinting tool for stripped binaries.
- Identifies GNU C Library wrapper functions in an stripped input binary and outputs a new binary with meaningful names assigned to these functions.
- Other functions are located and labeled with targXXXXXX names (where XXXXXX is the address of the function entry point in hex).
- Includes a "learning" mode to add new fingerprints to the database.
- Currently operates on 32-bit binaries.
Emily R. Jacobson, Nathan Rosenblum, and Barton P. Miller,
"Labeling Library Functions in Stripped Binaries",
ACM SIGPLAN-SIGSOFT workshop on Program Analysis for Software Tools and Engineering (PASTE), Szeged, Hungary, September 2011.
Nathan E. Rosenblum, Xiaojin (Jerry) Zhu, Barton P. Miller, and Karen Hunt,
"Learning to Analyze Binary Computer Code",
23rd Conference on Artificial Intelligence (AAAI-08),
Chicago, Illinois, July 2008.
Laune C. Harris and Barton P. Miller,
"Practical Analysis of Stripped Binary Code",
Workshop on Binary Instrumentation and Applications (WBIA-05),
St. Louis, Missouri, September 2005.