摘要
通过对软件可执行二进制码的静态反汇编结果进行分析,可以对其进行非法的修改或窃取其知识产权。为了防范这种情况,在描述静态反汇编基本算法的基础上,提出了分支函数和跳转表欺骗两种隐藏程序控制流的反静态反汇编技术。这两种技术能够隐藏程序中跳转指令的真实目标地址,并能够伪造出导致静态反汇编器出错的假目标地址,从而提高程序的反静态反汇编性能,增加软件分析的难度。
The goal of making unauthorized modifications or stealing intellectual property of software can be reached by analyzing the static disassembly result of its executable binary code. In order to avoid this kind of instance,this paper described the basic static disassembly algorithm, then proposed two anti-disassembly techniques focusing on the obfuscation of control flow,branch function and jump table spoofing. These two techniques can hide the real target addresses of jump instructions, and can fabricate target addresses which will lead to error of static disassemblers. Therefore the (program's) resistance to static disassembly will be improved, and it is more difficult to analyze the software.
出处
《计算机应用》
CSCD
北大核心
2005年第3期623-625,共3页
journal of Computer Applications
关键词
可执行程序
控制流隐藏
反静态反汇编
executable code
obfuscation of control flow
resistance to static disassembly