Dynamic Binary Instrumentation for Deobfuscation and Unpacking - Inria - Institut national de recherche en sciences et technologies du numérique Access content directly
Conference Papers Year : 2009

Dynamic Binary Instrumentation for Deobfuscation and Unpacking

Daniel Reynaud
  • Function : Author
  • PersonId : 854893
Theoretical adverse computations, and safety
Jean-Yves Marion
Theoretical adverse computations, and safety

Abstract

We propose to extend the toolbox of reverse engineers beyond disassemblers, debuggers and emulators. Using dynamic binary instrumentation, it is very simple to write advanced tools such as automatic unpackers, system call tracers and deobfuscators. Based on our experiments, DBI is suitable for malware analysis. In this presentation, we will present a simple and accurate automatic unpacker integrated with IDA Pro and a Javascript deobfuscator, all written using DBI techniques.

Domains

Cryptography and Security [cs.CR]

Daniel Reynaud  : Connect in order to contact the contributor

https://inria.hal.science/inria-00431666

Submitted on : Thursday, November 12, 2009-5:15:30 PM

Last modification on : Monday, September 11, 2023-5:41:18 PM

No file

Dates and versions

inria-00431666 , version 1 (12-11-2009)

Identifiers

  • HAL Id : inria-00431666 , version 1

Cite

Daniel Reynaud, Jean-Yves Marion. Dynamic Binary Instrumentation for Deobfuscation and Unpacking. IN-DEPTH SECURITY CONFERENCE 2009 EUROPE, Nov 2009, Vienne, Austria. ⟨inria-00431666⟩

Export

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

Collections

CNRS INRIA UNIV-LORRAINE INRIA2 LORIA LORIA-FM LHS
371 View
0 Download

Share

Gmail Facebook X LinkedIn More