How argXtract works

argXtract performs 6 main functions:

1. Disassembles a stripped binary (technically, argXtract doesn't do this; it uses Capstone to obtain the disassembly).
2. Identifies the application code base. This enables absolute addressing to work properly.
3. Identifies inline data. This prevents incorrect traces due to data being identified as code.
4. Estimates function boundaries. We use the estimated functions for the tracing step and for function pattern matching.
5. Determines locations within the disassembly of API calls of interest and generates call chains.
6. Traces through code and processes arguments.

Further details can be found in our paper: argXtract: Deriving IoT Security Configurations via Automated Static Analysis of Stripped ARM Binaries (link to preprint).