Skip to Main content Skip to Navigation

Surfing Code Waves

Jean-Yves Marion 1 Daniel Reynaud 1
1 CARTE - Theoretical adverse computations, and safety
Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : Abstract. Runtime code protection techniques are widely used in order to delay reverse code engineering and modify binary signatures. This is a significant problem since virtually every malware sample in the wild is packed and even simple runtime code protection schemes can thwart static analysis. This paper describes a generic technique based on fine-grained trace analysis to automatically detect and classify runtime code protection techniques. This results in easier automatic analysis of the target program and in some cases, such as code packing or encryption, the protection can be fully removed. In other cases, such as code checking and code scrambling, annotations can be provided to static analysis tools to automatically spot the code responsible for the protection. This technique is architecture-independent and operating-system-independent as it uses only general properties about instruction-level memory use.
Document type :
Complete list of metadata
Contributor : Daniel Reynaud Connect in order to contact the contributor
Submitted on : Saturday, April 25, 2009 - 11:31:39 AM
Last modification on : Saturday, October 16, 2021 - 11:26:05 AM


  • HAL Id : inria-00378667, version 1



Jean-Yves Marion, Daniel Reynaud. Surfing Code Waves. [Research Report] 2009. ⟨inria-00378667⟩



Record views