DDisasm is a fast disassembler which is accurate enough for the resulting assembly code to be reassembled. DDisasm is implemented using the Datalog (souffle) declarative logic programming language to compile disassembly rules and heuristics.
The disassembler first parses ELF file information and decodes a superset of possible instructions to create an initial set of datalog facts. These facts are analyzed to identify code location, symbolization, and function boundaries. The results of this analysis, a refined set of datalog facts, are then translated to the GTIRB intermediate representation for binary analysis and reverse engineering. The GTIRB pretty printer may then be used to pretty print the GTIRB to reassemblable assembly code.
View the repository at github.com/grammatech/ddisasm or read the USENIX paper "Datalog Disassembly", a distinguished paper award winner, for more information.
Use the grammatech/ddisasm
Docker image to try out ddisasm quickly.
This material is based upon work supported by the Navy and the Office of Naval Research under Contract(s) No. N68335-17-C-0700. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Navy or the Office of Naval Research.
