首页 | 本学科首页   官方微博 | 高级检索  
     

Handler混淆增强的虚拟机保护方法
引用本文:谢 鑫,刘粉林,芦 斌,向 飞. Handler混淆增强的虚拟机保护方法[J]. 计算机工程与应用, 2016, 52(15): 146-152
作者姓名:谢 鑫  刘粉林  芦 斌  向 飞
作者单位:1.信息工程大学,郑州 4500012.数学工程与先进计算国家重点实验室,郑州 450001
摘    要:按照一定顺序执行虚拟指令处理函数(Handler)可完成程序关键代码的保护,其为软件逆向分析者攻击的重点对象。针对“动态提取,静态分析”的Handler攻击方法,提出一种基于Handler混淆增强的虚拟机保护方法。运用等价指令替换规则生成多种等价Handler序列,对所有Handler进行变长切分和随机乱序,通过构建跳转表对乱序序列进行重组,构建随机地址数组对Handler调度地址表和执行跳转表进行隐藏。实验和分析表明:多样化Handler生成、切分和乱序增加了动态提取和分析的难度,Handler地址表和跳转表的隐藏增加了抵御静态逆向分析的难度,从而提升了虚拟机保护强度。

关 键 词:虚拟机保护  等价指令替换  切分乱序  多样化  表隐藏  

Virtual machine protection based on Handler obfuscation enhancement
XIE Xin,LIU Fenlin,LU Bin,XIANG Fei. Virtual machine protection based on Handler obfuscation enhancement[J]. Computer Engineering and Applications, 2016, 52(15): 146-152
Authors:XIE Xin  LIU Fenlin  LU Bin  XIANG Fei
Affiliation:1.Information Engineering University, Zhengzhou 450001, China2.State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China
Abstract:The combination of Handlers in virtual machine can protect key codes in the program, and these Handlers are the main target for software reverse analysts to attack. Aiming at the reduction method for dynamic extraction and static analysis of Handlers, virtual machine protection method based on Handler obfuscation is proposed. Firstly, various equivalent instruction rules are used to generate different equivalence Handlers, and then all Handlers are divided and disordered by random scrambling algorithm, and they are restructured by constructing jump table, finally random address array is used to hide the data of Handler scheduling address table and execution jump table. Experiments and analysis show that the generation, segmentation and disorder of diverse Handlers increase the difficulty of dynamic extraction and analysis, the Handler address table and a jump table hidden enhances the difficulty of static reverse analysis.
Keywords:virtual machine protection  equivalent instruction replacement  segmentation disorder  diversity  table hidden  
点击此处可从《计算机工程与应用》浏览原始摘要信息
点击此处可从《计算机工程与应用》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号