Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Code morphing-based binary code obfuscation method

A binary code and code technology, applied in the field of computer software security, can solve problems such as poor protection effect

Inactive Publication Date: 2014-05-07
NORTHWEST UNIV
View PDF3 Cites 23 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the current obfuscation technology applied to binary code is mainly protected by waste instructions or garbage instructions, which has poor protection effect and is easy to be found and removed.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Code morphing-based binary code obfuscation method
  • Code morphing-based binary code obfuscation method
  • Code morphing-based binary code obfuscation method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0063] Such as figure 1 Shown, the binary code obfuscation method based on code distortion of the present invention, carries out according to the following steps:

[0064] Step 1, determine the deformation template library

[0065] The deformation template is a function, the input of which is the target instruction to be transformed, and the output is an instruction or instruction sequence which is functionally equivalent to the target instruction. The deformation template is composed of equivalent instruction pairs, and the equivalent instruction pair is a binary group0 ,I 1 >, where I 0 is a target instruction, I 1 refers to a target instruction or a sequence of instructions, and I 0 and I 1 Satisfied: In the case of the same input (that is, the instruction operating environment, including registers, stack space, and memory data), respectively execute I 0 and I 1 , will get the same output as figure 2 shown. Table 1 gives examples of 5 equivalent instruction pairs....

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a code morphing-based binary code obfuscation method. The method comprises the following steps: 1, determining a morphing template library; 2, detecting a PE (Portable Execute) file; 3, locating a key code segment; 4, disassembling the key code segment to obtain an assembly instruction sequence, identifying a circular structure in the code segment, and calculating the weight of each instruction in the key code segment; 5, morphing all assembly instructions in the assembly instruction sequence; 6, slicing the assembly instruction sequence and re-sequencing; 7, assembling a new assembly instruction sequence generated in the step 6, and converting into a binary code; 8, reconstructing the PE file. In the method, a computer system is used for obfuscating the executable binary code file under a windows system, so that high protection strength is achieved, and extension becomes easy.

Description

technical field [0001] The invention belongs to the field of computer software security, in particular to a method for obfuscating target binary codes in a Windows system. Background technique [0002] While the wide application of software has brought huge benefits to the society, its security issues have become increasingly prominent. Software anti-malicious reverse engineering has become an urgent problem to be solved in the industry and academia. The development of software attack technology and reverse tools has facilitated the reverse analysis of software; in addition, software often runs in a "white box attack" environment (see reference 1), and software attackers can completely control the execution process of the software and view the instructions. Execute the sequence. Therefore, given the attacker enough time, it should be possible to successfully reverse engineer the software. [0003] The amount of information a person can process within a certain period of ti...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/14
CPCG06F21/14
Inventor 王怀军房鼎益李光辉张聪许广莲董浩王瑾榕党舒凡王琳姜河何路陈晓江
Owner NORTHWEST UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com