A control flow flattening automatic detection method and device

An automatic detection and flattening technology, which is applied in the field of code analysis, can solve the problems of not explaining how to determine the location of confusing codes and few public methods, and achieve the effect of reliable design principles, simple and effective methods, and highlighting substantive features

Active Publication Date: 2021-10-22
INSPUR SUZHOU INTELLIGENT TECH CO LTD
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] In the field of reverse engineering, it is popular to study how to generate obfuscated code, how to remove obfuscated code, and restore the original control flow. However, there are still relatively few public methods on how to detect which piece of code uses which obfuscation technology.
Existing methods discuss how to obtain real blocks, preambles, and useless blocks for obfuscated code, and do not explain how to determine the location of obfuscated code

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A control flow flattening automatic detection method and device
  • A control flow flattening automatic detection method and device
  • A control flow flattening automatic detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0060]In order to enable those skilled in the art to better understand the technical solutions in the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described The embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts shall fall within the protection scope of the present invention.

[0061] Such as figure 1 As shown, the embodiment of the present invention provides a control flow flattening automatic detection method, each basic block is a node, including the following steps:

[0062] S101: Find an intermediate dominator block used to represent node dominance relationship and hierarchical relationship;

[0063] S10...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention provides a method and device for automatic detection of control flow flattening. The method includes the following steps: searching for intermediate dominator blocks used to represent node dominance relationships and hierarchical relationships; constructing dominator trees with all the found intermediate dominator blocks as nodes ;Based on the constructed dominator tree, determine the dominator node; calculate the control flow flattening similarity of the basic block dominated by the determined dominator node, if the calculated similarity is greater than or equal to the set threshold, the code for judging the basic block is Code after control flow flattening. The method proposed in this paper is simple and effective, and can be implemented in mainstream reverse tools, helping reverse engineers quickly locate and remove control flow flattening, and restore the original control flow structure of the code.

Description

technical field [0001] The invention relates to the technical field of code analysis, in particular to a control flow flattening automatic detection method and device. Background technique [0002] Authors of commercial software and malware often use code obfuscation to protect specific blocks of code from reverse engineering the logic of the code. Generally speaking, knowing which piece of code uses obfuscation technology can be used as a starting point to conduct a more detailed and in-depth analysis of this piece of code. Control flow flattening is one of the most popular obfuscation techniques. Without changing the function of the source code, it converts the sequential control flow in the code into a jump control flow, eliminates the sequence of execution between basic blocks, and converts the basic Blocks are placed under the same hierarchy for display. [0003] In the field of reverse engineering, it is popular to study how to generate obfuscated code, how to remove...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F8/74
CPCG06F8/74
Inventor 齐增田
Owner INSPUR SUZHOU INTELLIGENT TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap