Supercharge Your Innovation With Domain-Expert AI Agents!

A Dynamic Analysis Method for Executable Programs Missing in Dynamic Link Libraries

A technology of dynamic link library and program execution, applied in the field of network security, can solve the problems of inability to obtain program samples, destroy the integrity of program samples, etc., and achieve the effect of avoiding integrity verification

Active Publication Date: 2020-05-22
INST OF SOFTWARE - CHINESE ACAD OF SCI
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this method needs to modify the import table and PE header structure of the program sample, which destroys the integrity of the program sample. If the program sample has a self-verification function, when it detects that it has been modified, it may run abnormally or If the operation is terminated directly, the analysis platform will not be able to obtain various behaviors of the program sample during normal operation

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Dynamic Analysis Method for Executable Programs Missing in Dynamic Link Libraries

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] Working principle of the present invention:

[0026] When a DLL wants to export some functions for other modules to use, it will declare the information of these functions in its export table structure, so that external programs can find these exported functions in the DLL. There are two ways to export functions, export by function name or export by function number. When a program needs to use an external function, it will declare the name or serial number of the function to be imported in the import table structure of the PE file header, and which DLL files these functions exist in. When the Windows loader starts the program, it loads the corresponding DLL for the program into the virtual address space according to the import table of the program, and finds the real addresses of these functions from the loaded DLL according to the name or serial number of the imported function. be cited. In order for the program to start normally, the import table structure of the pr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a dynamic analysis method for a dynamic link library-missed executable program. The method comprises the steps of analyzing an import table of the executable program, and acquiring a dynamic link library imported by the import table and the information of an import function corresponding to the import table; then modifying a pre-compiled export table which exports seed DLL files of a plurality of functions so that the export table exports the import function needed by a to-be-analyzed sample program, and modifying the name of the DLL so that the name of the DLL corresponds to the name of the DLL needed by the sample program; and finally generating a program sample-dependent external dynamic link library file so as to realize dynamic analysis for the dynamic link library-missed executable program. According to the dynamic analysis method, the executable program does not need to run, the executable program is not modified, the completeness of the executable program is not destroyed; and meanwhile, the method is not only suitable for the dynamic analysis of the executable program but also suitable for the dynamic analysis of a dynamic link library file, and is especially suitable for the dynamic analysis of malicious software.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a dynamic analysis method for an executable program missing in a dynamic link library. Background technique [0002] With the continuous development of computer technology and Internet technology, every aspect of people's life is increasingly inseparable from computers and the software running on them. Malware steals personal data and business secrets, sends spam, controls users' computers, and launches denial-of-service attacks on remote servers, causing serious distress and economic losses to individuals and businesses. To evade detection, malware often hides among many harmless programs. To detect and remove malware from a large number of executable program samples, it is first necessary to obtain the basic information and program behavior of executable program samples, and extract and summarize the characteristics of malware from them. Executable progra...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 应凌云莫建平聂眉宁苏璞睿
Owner INST OF SOFTWARE - CHINESE ACAD OF SCI
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com