Surfing Code Waves - Inria - Institut national de recherche en sciences et technologies du numérique Access content directly
Reports (Research Report) Year : 2009

Surfing Code Waves

Abstract

Abstract. Runtime code protection techniques are widely used in order to delay reverse code engineering and modify binary signatures. This is a significant problem since virtually every malware sample in the wild is packed and even simple runtime code protection schemes can thwart static analysis. This paper describes a generic technique based on fine-grained trace analysis to automatically detect and classify runtime code protection techniques. This results in easier automatic analysis of the target program and in some cases, such as code packing or encryption, the protection can be fully removed. In other cases, such as code checking and code scrambling, annotations can be provided to static analysis tools to automatically spot the code responsible for the protection. This technique is architecture-independent and operating-system-independent as it uses only general properties about instruction-level memory use.
No file

Dates and versions

inria-00378667 , version 1 (25-04-2009)

Identifiers

  • HAL Id : inria-00378667 , version 1

Cite

Jean-Yves Marion, Daniel Reynaud. Surfing Code Waves. [Research Report] 2009. ⟨inria-00378667⟩
81 View
0 Download

Share

Gmail Facebook X LinkedIn More