摘要
深入地分析了"dcc"对库函数的研究,针对运行在ARM处理器上的应用程序,对静态库函数识别提出在二进制级别上动态提取库函数特征文件的方法。该方法利用ARM处理器汇编特征提取函数模块,并在此基础上根据汇编代码的寻址方式编码特征提取模式文件并进行动态签名的生成,结合哈希算法对生成的待识别应用程序函数签名和已有签名文件进行特征匹配,识别库函数相关信息。该方案能准确的识别库函数,并有效地解决识别过程中库文件过多和匹配效率之间的矛盾。
A static library identification framework is proposed through studying library as "dcc', which dynamically extracts binary characteristic file on applications under ARM processor. This method obtains function modules using ARM assemble characteristics, on the basis ofthat, dynamic signature is generated due to pattern files through analyzing coding characteristics ofassemble addressing mode, then the function signatures are matched with signatures of function signatures in executables using hash algorithm to identify library functions. This method can recognize library correctly and solve conflict between massive library files and matching efficiency effectively.
出处
《计算机工程与设计》
CSCD
北大核心
2010年第18期3968-3971,共4页
Computer Engineering and Design
基金
国家863高技术研究发展计划基金项目(2007AA01Z483)
关键词
静态库函数识别
签名
模式
哈希
ARM
static library identification
signature
pattern
Hash
ARM