Compiler-Agnostic Function Detection in Binaries

We propose Nucleus, a novel function detection algorithm for binaries. In contrast to prior work, Nucleus is compiler-agnostic, and does not require any learning phase or signature information. Instead of scanning for signatures, Nucleus detects functions at the Control Flow Graph-level, making it inherently suitable for difficult cases such as non-contiguous or multi-entry functions. We evaluate Nucleus on a diverse set of 476 C and C ++ binaries, compiled with gcc, clang and Visual Studio for x86 and x64, at optimization levels O0-O3. We achieve consistently good performance, with a mean F-score of 0.95.