基于程序流敏感的自修改代码混淆方法  被引量:5

A Program Flow-Sensitive Self-Modifying Code Obfuscation Method

在线阅读下载全文

作  者:何炎祥[1] 陈勇[1] 吴伟[1] 陈念[1] 徐超[1] 刘健博[1] 苏雯[1] 

机构地区:[1]武汉大学计算机学院软件工程国家重点实验室,湖北武汉430072

出  处:《计算机工程与科学》2012年第1期79-85,共7页Computer Engineering & Science

摘  要:自修改代码混淆方法是一种隐藏程序重要信息的有效技术。为减少代码混淆造成的额外开销而又不影响代码混淆的质量,利用程序流敏感分析方法选择比较重要的指令进行混淆。为提高代码混淆的质量,有效地防止反汇编,提出一个二步比较混淆模型。该模型包括两个子混淆器,混淆器1采用程序流敏感分析方法获得混淆的指令并产生两个混淆代码文件和一个混淆代码映射文件。混淆器2通过比较两个混淆代码文件精确地定位混淆指令在二进制代码中的位置,然后利用混淆代码映射文件对二进制代码进行混淆,以进一步提高代码混淆的质量。通过实验分析,混淆后二进制文件的额外开销只占整个代码的3%左右,并且混淆后的反汇编代码明显异于原始的反汇编代码,甚至出现了一些无法识别的错误指令。Self-modifying code obfuscation is an effective technique to hide the important information of programs. In this paper, we focus on reducing the cost of obfuscated codes and enhancing the degree of obfuscation to use a flow-sensitive method to select the obfuscated codes that are important relatively such as control instruction and propose a two-step comparing obfuscation model that can locate the obfuscated instructions in binary codes precisely that can help change these codes to illegal codes to defense the disassembly. The model contains two parts. The first part uses the flow-sensitive analyses to get the obfuscated instructions and generate two obfuscated codes and one obfuscated code mapping file. Then, the second part compares these two obfuscated codes to generate the final obfuscated codes containing the illegal instruction codes based on the obfuscated code mapping file. Through the experiments, the obfuscated instructions are about 3% of the whole codes and the disassemble codes are much different with the source codes and even some error instructions appear.

关 键 词:程序流敏感 自修改代码 代码混淆 二进制数据定位 代码保护 

分 类 号:TP311[自动化与计算机技术—计算机软件与理论]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象