Surfing Code Waves

Jean-Yves Marion 1 Daniel Reynaud 1
1 CARTE - Theoretical adverse computations, and safety
Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : Abstract. Runtime code protection techniques are widely used in order to delay reverse code engineering and modify binary signatures. This is a significant problem since virtually every malware sample in the wild is packed and even simple runtime code protection schemes can thwart static analysis. This paper describes a generic technique based on fine-grained trace analysis to automatically detect and classify runtime code protection techniques. This results in easier automatic analysis of the target program and in some cases, such as code packing or encryption, the protection can be fully removed. In other cases, such as code checking and code scrambling, annotations can be provided to static analysis tools to automatically spot the code responsible for the protection. This technique is architecture-independent and operating-system-independent as it uses only general properties about instruction-level memory use.
Type de document :
[Research Report] 2009
Liste complète des métadonnées
Contributeur : Daniel Reynaud <>
Soumis le : samedi 25 avril 2009 - 11:31:39
Dernière modification le : mardi 18 décembre 2018 - 16:48:02


  • HAL Id : inria-00378667, version 1



Jean-Yves Marion, Daniel Reynaud. Surfing Code Waves. [Research Report] 2009. 〈inria-00378667〉



Consultations de la notice