摘要
重建输入表可能是逆向工程师们经常遇到的问题,但重建输入表有时既费时又费力,现在很多壳和病毒会破坏输入表,而且是各出奇招,常用的输入表修复工具根本不起作用。这时如果手工修复,重建输入表可能要花费大量的时间。针对重建输入表提出了一种新的思路和方法,实验结果表明,该方法能够动态地重建输入表,对于被破坏的输入表也具有一定的重建能力,大大缩减了重建输入表花费的时间并且可以排除部分手工修复产生的错误。
The rebuilding Import Address Table(IAT) may be a normal work for a reverse engineer,but sometimes can also be a very time-consuming and tedious process,what worse is that some Packer and virus might destroy the import address table with various special ways. The common IAT rebuilders fail to rebuild the IAT,and to rebuild it by hand would cost too much time. This paper proposes a new idea and a novel method to rebuild the IAT dynamically,and the experiment indicates that this method could rebuild the destroyed IAT,while greatly reduce the time for rebuilding the IAT and avoid some mistakes in hand-rebuilding.
出处
《信息安全与通信保密》
2011年第6期66-68,共3页
Information Security and Communications Privacy
