Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Binary program analytic system based on process simulation

A binary program and analysis system technology, applied in the field of binary program analysis system, can solve problems such as undetectable, static analysis by analysts, and inability to effectively analyze code, so as to achieve the effect of ensuring analysis efficiency and improving operating efficiency

Active Publication Date: 2013-12-11
智巡密码(上海)检测技术有限公司
View PDF4 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

But the defect and deficiency of this technology compared with the present invention are: first, this technology relies on static reverse analysis, and the widespread use of current software protection technology makes analysts often unable to carry out effective static analysis, so from many current programs In particular, it is difficult to extract static analysis results from malicious programs; second, the analysis method of this technology can only detect the abnormal operation of the program and analyze possible vulnerabilities, but cannot detect the potential malicious attacks of the program, especially Various attack methods such as ROP (Return-Oriented Programming) emerge in an endless stream. This technology cannot detect the vulnerabilities in the program that can be exploited by this type of attack. Third, in the current dynamic code execution is widely used In some cases, such as Plugin, User Scripting, Just-in-time Compilation, etc., this technology cannot effectively analyze such dynamically generated or loaded code, so it further limits its Analysis range

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Binary program analytic system based on process simulation
  • Binary program analytic system based on process simulation
  • Binary program analytic system based on process simulation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0061] Use the commonly used multi-threaded network communication program curl.exe ( http: / / curl.haxx.se ) as an example to illustrate the specific implementation process.

[0062] like figure 1 As shown, it includes: simulator engine module, memory management module, process management module, system call interface, thread management module, central processing module and analysis component interface providing application program interface, wherein: the simulator engine module is respectively connected to the memory management module , process management module, system call interface and analysis component interface, respectively transmit memory access data, thread scheduling and processor access data, system call parameters and their encapsulation, simulator events and environment information, control and coordinate each module and reduce different modules The degree of coupling between them; the process management module is connected with the memory management module, the ...

Embodiment 2

[0076] like figure 2 As shown, the system of the present invention experiences processes such as loading, initialization, operation analysis, and termination during operation.

[0077] Step 1, load the PE file of the process to be analyzed and the dependent dynamic link library, and establish a complete Windows x86 virtual runtime environment;

[0078] The runtime environment includes a linear memory address space, a central processing module environment, and related operating system functions;

[0079]Step 2. Simulate and execute instructions for the process to be analyzed, use a lightweight x86 instruction set simulator to provide fine-grained runtime information, and perform subsequent analysis. The specific steps include:

[0080] 2.1 Use a heuristic recursive disassembly algorithm to try to disassemble all instructions;

[0081] 2.2 Construct a processor simulation environment, and use the disassembly information to accurately simulate the execution flow of each instru...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a binary program analytic system based on process simulation, belonging to the technical field of electronic data monitoring. The binary program analytic system comprises a simulator engine module, a memory management module, a process management module, a system call interface, a thread management module, a central processing module and an analytic component interface for providing an application program interface, wherein the simulator engine module is respectively connected with the memory management module, the progress management module, the system call interface and the analytic component interface; the progress management module is respectively connected with the memory management module, the central processing module and the system call interface; and the thread management module is respectively connected with the memory management module, the thread management module and the central processing module. The binary program analytic system does not depend on static reverse analysis carried out on a program, but adopts a completely dynamic analytic method, so that most of influences caused by a program protection technology can be avoided.

Description

technical field [0001] The invention relates to a system in the technical field of electronic data monitoring, in particular to a binary program analysis system based on process simulation. Background technique [0002] In the field of computer security, the reverse analysis of various software, especially malicious programs, is the basic work of program security analysis. Due to the lack of relevant semantic information, the reverse analysis of binary programs is often very difficult and requires a lot of manpower and material resources. Therefore, in order to assist analysts in reverse analysis, corresponding automated program analysis methods and analysis platforms have emerged as the times require. [0003] In order to realize automatic program analysis, it is necessary to monitor the instruction flow, control flow and data flow of the program in a fine-grained manner, and at the same time, it is necessary to obtain relevant information such as the processor and memory ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F21/52G06F11/36
Inventor 谷大武赵若旭刘慧张媛媛李卷孺
Owner 智巡密码(上海)检测技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com