General automated shelling engine and method

An engine and component technology, applied in the field of general automation unpacking engine, can solve problems such as inability to accurately determine the type of the original binary program, inability to decompress the original binary program, and heavy operating load, etc., to achieve fast simulation execution, small load, and enhanced detection effect of ability

Inactive Publication Date: 2008-04-02
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF0 Cites 27 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At the same time, since the unpacking method of the virtual machine needs to simulate the CPU instruction set, the efficiency is very low, and the running load is relatively large when processing large batches of files.
[0005] The heuristic scanning method is a behavior detection method, which can roughly determine whether the program has been packed, but often cannot accurately determine the type of the original binary program, and cannot decompress the original binary program
Therefore, in most cases, heuristic scanning can only guess that the binary program contains malicious behavior, which has a wide range of applications, but the accuracy rate is low

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • General automated shelling engine and method
  • General automated shelling engine and method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings.

[0026] First, the general automatic unpacking engine will be initialized, and the corresponding virtual execution components, disassembly components, unpacking monitoring components and program reconstruction components will be loaded. Start the target binary packer in debug mode, and then monitor and analyze the execution of each instruction of the binary program. Obtaining the assembly instructions of the target binary program instruction flow through the disassembly component will provide code instructions that are easy to analyze. Conditions are provided for subsequent code slices by determining control flow transfer instructions in the target binary program instruction stream. The virtual execution unit slices and generates corresponding basic blocks accordi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a general automatic shelling engine and a method for computer binary shell applying program. The system consists of a disassembling unit, a virtual execution unit, a shelling monitoring unit and a program restructuring unit. The method is that: an object program is activated in a debugging mode, the disassembling unit is used for acquiring the assembler instruction of the object program, the virtual execution unit slices and generates a corresponding basic block and executes the instruction virtually, the shelling monitoring unit detects the memory writing behavior of the object program and records all memory writing regions, the shelling monitoring unit also monitors the behavior of an object program control flow jumping to a new memory writing region and accordingly judges that the shelling process ends, and the program restructuring unit is used for collecting data of all new memory writing regions and generating an original binary program through techniques such as RAM dump, input list restructuring. The invention is suitable for quick and general shelling of an unknown shell applying program and auxiliary condition code detection method without the feature of the shell applying program and with little running load.

Description

technical field [0001] The invention relates to a general automatic unpacking engine and method for packing binary programs. The invention is used for dynamic fine-grained automatic analysis of known and unknown binary packing programs, and assists professional security personnel in analyzing and detecting characteristic codes. Background technique [0002] At present, among all kinds of malicious programs circulating on the Internet, more than 90% of the surveys have adopted the method of packing to resist the detection of traditional signature scanning. Both are generated through polymorphism / deformation packing. The packer is to compress, encrypt, and anti-track the original binary program to prevent normal detection. Because signature scanning belongs to misuse detection, it has a very high accuracy rate, but because it requires a large number of samples, this method has a relatively large false negative rate, because different packers are used to detect a binary progr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/22G06F21/52
Inventor 曹跃李毅超黄克军柴方明罗尧
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap