期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种基于全系统仿真和指令流分析的二进制代码分析方法 被引量:4

Approach of binary code analysis based on full-system emulation and instruction-flow analysis
下载PDF
导出
摘要 提出了一种基于全系统仿真和指令流分析的二进制代码分析方法,该方法核心思想是在一个全系统仿真虚拟机上执行二进制代码,通过截获并分析二进制代码运行时产生的指令流信息,分析程序行为特征。基于该方法,设计并实现了一个二进制代码分析系统。实验结果表明,通过该系统捕获并分析指令流,能够更为高效全面地提取出代码执行过程中产生的各类信息。对于使用抗分析技术手段的二进制代码,该分析方法很有效果。 This paper proposed an approach of binary analysis based on full-system emulation and instruction-flow analysis technology.This approach ran executable binary code on a virtual machine which used full-system emulation technology,and then captured and analyzed runtime instruction-flow information to figure out this program's feature.This paper covered design and implement of such a binary code analysis system.Experiment result illustrates that it is more efficient and general to capture,extract and analyze runtime instruction-flow information by using this system.This approach is particularly effective to analyze binary code which uses anti-analysis technology.
作者 邓超国 谷大武 李卷孺 孙明
机构地区 上海交通大学计算机科学与工程系
出处 《计算机应用研究》 CSCD 北大核心 2011年第4期1437-1441,1469,共6页 Application Research of Computers
基金 SafeNet东北亚高校合作资助项目
关键词 软件安全 二进制分析 虚拟机 仿真技术 恶意代码 software security binary analysis virtual machine emulation technology malware
分类号 TP309.5 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献13

  • 1李卷孺,谷大武,陆海宁.一种精简二进制代码的程序理解方法[J].计算机应用,2008,28(10):2608-2612. 被引量:4
  • 2Bochs: the open source [A-32 emulation project[ EB/OL]. http:// bochs, sourceforge, net/.
  • 3邓超国,谷大武,胡维奇一种基于动态指令流的恶意程序检测方法[C]//全国计算机安全学术交流会论文集,第二十五卷.合肥:中国科学技术大学出版社,20lO:173-179.
  • 4SONG D, BRUMLEY D, YIN H, et al. BitBlaze: a new approach to computer security via binary analysis [ C ]//Proc of the 4th International Conference on Information Systems Security. Berlin: Springer, 2008,1 -25.
  • 5IDIKA N, MATHUR A P. A survey of malware detection techniques[ C]//Proc of Software Engineering Research Center Conference. 2007.
  • 6段钢.加密与解密[M].3版.北京:电子工业出版社,2006 1-5.
  • 7FILIOL E. Malware pattern scanning schemes secure against black-box analysis[J]. Journal in Computer Virology,2006,2( 1 ) :35-50.
  • 8LEE B, KIM Y, KIM J. BinOb + : a framework for potent and steahhy binary obfuscation [ C ]//Proc of the 5th ACM Symposium on Information, Computer and Communications Security. New York: ACM Press, 2010:271-281.
  • 9尚涛,谷大武.软件防反汇编技术研究[J].计算机应用研究,2009,26(12):4553-4557. 被引量:7
  • 10KRUEGEL C, ROBERTSON W, VIGNA G. Detecting kernel-level rootkits through binary analysis [ C ]//Proc of the 20th Annual Computer Security Applications Conference. New York: IEEE Press, 2004:91 - 100.

二级参考文献25

  • 1吴金波,蒋烈辉.反静态反汇编技术研究[J].计算机应用,2005,25(3):623-625. 被引量:5
  • 2BENJAMIN S,DEBRAY S,GREGORY A. Disassembly of executable code revisited[ C]//Proc of the 9th Working Conference on Reverse Engineering. Washington DC:IEEE Computer Society, 2002:45.
  • 3CIFUENTES C, GOUGH K J. Decompilation of binary programs[ J]. Software-Practice and Experience,1995,25(7) :811-829.
  • 4HSIEH W C, ENGLER D, BACK G. Reverse-engineering instruction encodings [ C ]//Proc of USENIX Annual Technical Conference. Berkeley : USENIX Association,2001 : 133- 145.
  • 5CIFUENTES C, FRABOULET A. Intraprocedural static slicing of binary executables [ C ]//Proc of International Conference on Software Maintenance. Washington DC:IEEE Computer Society,1997:188.
  • 6WILLIAM F Z. Concepts and techniques in software watermarking and obfuscation [ D ]. New Zealand: The University of Auckland, 2007.
  • 7BARAK B,GOLDREICH O,IMPAGLIAZZO R, et al. On the (Im) possibility of obfuscating programs [ C ]//Proc of the 21st Annual International Cryptology Conference, California. London : Springer-Verlag, 2001:1- 18.
  • 8LINN C, DEBRAR S. Obfuscation of executable code to imporve resistance to static disassembly[ C ]//Proc of the 10th ACM Conference on Computer and Communications Security. New York : ACM Press, 2003:290- 299.
  • 9ZHANG Xue-song, HE Feng-ling, ZUO Wan-li. An inter-classes obfuscation method for Java program [ C ]//Proc of the 2nd International Conference on Information Security and Assurance. Washington DC: IEEE Computer Society, 2008:360- 365.
  • 10PIETREK M. Peering inside the PE : a tour of the Win32 portable executable file format[ CD]. [ S. l. ] :Microsoft MSDN Library, 1994.

共引文献11

同被引文献16

  • 1YIN Heng,SONG D. TEMU:binary code analysis via wholesystem layered annotative execution,UCB/EECS-2010-3[R].California:U-niversity of California,2010.
  • 2REIS C,GRIBBLE S D. Isolating Web programs in modern browser architectures[A].New York:acm Press,2009.219-232.
  • 3BELLARD F. QEMU,a fast and portable dynamic translator[OL].http://static.usenix.org/e-vents/usen-ixO5/tech/freenix/full_papers/bellard/bellard_html/,2012.
  • 4SONG D,BRUMLEY D,CABALLERO J. BitBlaze:a new approach to computer security via binary analysis[A].2008.1-25.
  • 5LUK C K,COHN R,MUTH R. Pin:building customized program analysis tools with dynamic instrumentation[A].New York:acm Press,2005.190-200.
  • 6BRUENING D L. Efficient,transparent,and comprehensive runtime code manipulation[D].Cambridge:Massachusetts Institute of Technology,2004.
  • 7NETHERCOTE N.Dynamic binary analysis and instrumentation[D]剑桥:剑桥大学,2004.
  • 8CHARNEY M. XED2 user guide[OL].http://www.cs.virginia.edu/kim/publicity/pin/docs/20751/Xed/html/main.html,2012.
  • 9谢裕敏,舒辉,陈建敏,熊小兵.MFC消息响应函数的逆向定位[J].计算机应用,2009,29(5):1393-1396. 被引量:7
  • 10许敏,赵天福.基于行为特征的恶意代码检测方法[J].网络与信息,2009,23(6):14-16. 被引量:5

引证文献4

二级引证文献4

计算机应用研究
2011年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部