GPU Powered Malware

Daniel Reynaud 1
1 CARTE - Theoretical adverse computations, and safety
Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : There is an increasing interest in Graphics Processing Units for general-purpose programming, due to their processing power and massively parallel design. Therefore, most consumer graphics hardware are now fully programmable using either Nvidia's CUDA toolkit or AMD/ATI Stream SDK. This presentation will give an analysis of how the GPU can be used by malware as an anti-reverse engineering platform, with examples using the CUDA technology. With CUDA, the GPU is fully programmable in C, but the resulting device program can't be debugged because Nvidia's GPUs do not support this feature natively. As a result, a malware analyst has to use static analysis against the device code in order to understand the malware. But this task is harder with GPU code than with traditional binaries since the source of a CUDA program is compiled to undocumented microcode (and therefore unsupported by standard disassemblers such as IDA Pro). Finally, this presentation will also assess the technical feasability of an unpacker written fully in device code.
Type de document :
Communication dans un congrès
Ruxcon, Nov 2008, Sydney, Australia. 2008
Liste complète des métadonnées
Contributeur : Daniel Reynaud <>
Soumis le : mardi 21 octobre 2008 - 10:51:15
Dernière modification le : jeudi 11 janvier 2018 - 06:21:25


  • HAL Id : inria-00332539, version 1



Daniel Reynaud. GPU Powered Malware. Ruxcon, Nov 2008, Sydney, Australia. 2008. 〈inria-00332539〉



Consultations de la notice