期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

反汇编过程中call指令后混淆数据的识别 被引量:3

Identification of Obfuscated Data After call Instruction in Disassembly Process
在线阅读 下载PDF
导出
摘要 恶意程序往往使用各种混淆手段来阻碍静态反汇编,call指令后插入数据便是常用的一种,对该方式的混淆进行研究,提出一种有效的识别call指令后混淆数据的方法。该方法基于改进的递归分析反汇编算法,分两阶段对混淆进行处理。经测试验证,该方法可有效地对此种混淆做出判断,提高反汇编的准确性。 A number of obfuscation techniques are used to foil thc static disassembly process by malware, in which embedding obfuscated data after call instruction is the most common style. This paper presents a detection arithmetic that can abstract the obfuscated data accurately after the call instruction. Based on improved recursive traversal disassembly arithmetic, this method can handle this style of obsfuscation in two phases. A test report is provided to prove the effect of this arithmetic.
作者 岳峰 庞建民 赵荣彩 白莉莉
机构地区 信息工程大学信息工程学院
出处 《计算机工程》 CAS CSCD 北大核心 2010年第7期144-146,共3页 Computer Engineering
基金 国家"863"计划基金资助项目(2006AA01Z408)
关键词 静态反汇编 代码混淆 恶意代码 static disassembly code obfuscation malicious code
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献5

  • 1Kruegel C, Robertson W, Valeur F, et al. Static Disassembly of Obfuscated Binaries[D]. California, USA: University of California Santa Barbara, 2004.
  • 2Linn C, Debray S. Obfuscation of Executable Code to Improve Resistance to Static Disassembly[C]//Proc. of the 10th ACM Conference on Computer and Communications Security. Washington D. C., USA: [s. n.], 2003: 290-299.
  • 3Eilam E. Reversing: Secrets of Reverse Engineering[M]. [S. l.]: Wiley Publishing, Inc., 2005.
  • 4Lakhotia A, Kumar E U, Venable M. A Method for Detecting Obfuscated Calls in Malicious Binaries[J]. IEEE Transactions on Software Engineering, 2005, 31(11): 955-967.
  • 5Udupa S K, Debray S K, Madou M. Deobfuscation: Reverse Engineering Obfuscated Code[C]//Proc. of the 12th Working Conference on Reverse Engineering. Washington D. C., USA: IEEE Computer Society, 2005: 45-54.

同被引文献19

  • 1吴金波,蒋烈辉.反静态反汇编技术研究[J].计算机应用,2005,25(3):623-625. 被引量:5
  • 2吴金波,蒋烈辉,赵鹏.基于控制流的静态反汇编算法研究[J].计算机工程与应用,2005,41(30):89-90. 被引量:9
  • 3许敏,陈前斌.静态反汇编算法研究[J].计算机与数字工程,2007,35(5):13-16. 被引量:7
  • 4王清.0day安全:软件漏洞分析技术[M].北京:电子工业出版社,2008.
  • 5Bania E Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs[EB/OL]. [2010-11-22]. http://piotrbania. corrdall/articl es/pbania-dbi-unpacking2009.pdf.
  • 6Balakrishnan G, Reps T. Analyzing Memory Accesses in x86 Executables[C]//Proc. of" 2004 International Conference on Compiler Construction. New'York, USA: [s. n.], 2004.
  • 7Roundy K A, Miller B E Hybrid Analysis and Control of Malware Binaries[EB/OL]. [2010-11,12]. ftp://ftp.cs.wisc.edu/paradyn/ papers/Roundy 10Malware.pdf.
  • 8Theiling H. Extracting Safe and Precise Control Flow from Binaries[C]//Proc. of 2000 Conference on Real-time Computing Systems and Applications. Cheju Island, South Korea: [s. n.], 2000.
  • 9Buck B, Hollingsworth J K. An API for Runtime Code Patching[J]. The International Journal of High Performance Computing Applications, 2000, 14(4): 317-329.
  • 10Christopher Kruegel,William Robertson, Fredrik Valeur. Static Disassembly of Obfuscated Binaries [ D]. California:University of California ,2004.

引证文献3

二级引证文献10

计算机工程
2010年 第7期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部