| 基于3SAT的API调用迷惑方法 |
| |
| 引用本文: | 陈亚男,王清贤,曾勇军,奚琪.基于3SAT的API调用迷惑方法[J].计算机工程,2012,38(17):119-122. |
| |
| 作者姓名: | 陈亚男 王清贤 曾勇军 奚琪 |
| |
| 作者单位: | 国家数字交换系统工程技术研究中心 |
| |
| 摘 要: | 现有的API调用迷惑技术通用性不强,且容易被静态分析方法识破。为此,提出一种二进制代码迷惑方法,利用3SAT非透明常量,将API调用的目标地址变换为间接地址,使分析API地址成为NP完全问题,从而无法通过静态分析获取API地址。实验结果表明,该方法增加了代码分析的难度,可使基于API调用的静态分析检测方法失效。
|
| 关 键 词: | API调用 静态分析 代码迷惑 3SAT问题 非透明常量 NP完全问题 |
| 收稿时间: | 2011-10-24 |
| 修稿时间: | 2011-12-20 |
API-calling Obfuscation Method Based on 3SAT |
| |
| CHEN Ya-nan,WANG Qing-xian,ZENG Yong-jun,XI Qi.API-calling Obfuscation Method Based on 3SAT[J].Computer Engineering,2012,38(17):119-122. |
| |
| Authors: | CHEN Ya-nan WANG Qing-xian ZENG Yong-jun XI Qi |
| |
| Affiliation: | (National Digital Switching System Engineering and Technological R&D Center,Zhengzhou 450002,China) |
| |
| Abstract: | There are some shortages of existing API-calling obfuscation technology in the fight against the static analysis,such as weak versatility,easy to analyze and so on.This paper proposes a binary code obfuscation method.By using opaque constants based on 3SAT,it builds obfuscation transformations that change the objective address of API-calling to indirect and ensure the address invariable,which makes analyzing API address be an Nondeterministic Polynomial(NP) complete problem,so that the address can not be obtained by static analysis.Experimental results show that the difficulty of analysis of obfuscated program is enhanced,and the method can evade the static detection method based on API-calling. |
| |
| Keywords: | API-calling static analysis code obfuscation 3SAT problem opaque constant Nondeterministic Polynomial(NP) complete problem |
| 本文献已被 CNKI 维普 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
|
