| 采用条件跳转混淆技术的恶意代码反汇编 |
| |
| 引用本文: | 戴超,庞建民,赵荣彩.采用条件跳转混淆技术的恶意代码反汇编[J].计算机工程,2008,34(8):153-155. |
| |
| 作者姓名: | 戴超 庞建民 赵荣彩 |
| |
| 作者单位: | 解放军信息工程大学信息工程学院计算机科学与技术系,郑州,450002 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划) |
| |
| 摘 要: | 恶意代码已经构成了计算机安全的主要威胁,为了避免被静态分析,恶意代码采用了各种混淆技术来自我隐藏,条件跳转混淆技术就是其中之一。该文通过研究条件跳转混淆的成因,对已有的典型反汇编算法进行了改进,其实现已被逆向分析工具Radux采用,测试验证了该方法能够有效地对采用条件跳转混淆技术的恶意代码进行正确的反汇编。
|
| 关 键 词: | 条件跳转 混淆 恶意代码 反汇编 |
| 文章编号: | 1000-3428(2008)08-0153-03 |
| 修稿时间: | 2007年4月30日 |
Disassembly of Malicious Code with Conditional Jump Obfuscation Technique |
| |
| DAI Chao,PANG Jian-min,ZHAO Rong-cai.Disassembly of Malicious Code with Conditional Jump Obfuscation Technique[J].Computer Engineering,2008,34(8):153-155. |
| |
| Authors: | DAI Chao PANG Jian-min ZHAO Rong-cai |
| |
| Affiliation: | (Dpet. of Computer Science and Technology, College of Information Engineering, PLA Information Engineering University, Zhengzhou 450002) |
| |
| Abstract: | Malicious codes have become a main threat to computer security. They take various obfuscation techniques to hide themselves in order not to be statically analyzed. Conditional jump obfuscation is one of such techniques. This paper analyzes the reason lead to the conditional jump obfuscation and modifies the disassembly algorithm in the reverse analysis tool named Radux. Relevant test shows that the method is effective to get the correct disassembly result from the malicious codes obfuscated with conditional jumps. |
| |
| Keywords: | conditional jump obfuscation malicious codes disassembly |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
