| 基于结构化函数签名的二进制补丁分析 |
| |
| 引用本文: | 曾鸣,赵荣彩,王小芹,姚京松.基于结构化函数签名的二进制补丁分析[J].计算机工程,2006,32(14):43-45. |
| |
| 作者姓名: | 曾鸣 赵荣彩 王小芹 姚京松 |
| |
| 作者单位: | 中国人民解放军信息工程大学计算机科学与技术系,郑州,450002;清华大学计算机科学与技术系,北京,100084 |
| |
| 摘 要: | 软件系统通常通过打补丁的方式来完善安全性或者补充功能。如何通过对补丁二进制代码进行逆向分析,揭示补丁前后应用程序间的差异信息,是信息安全领域的一个研究热点,在病毒变种分析、漏洞利用方面有重要意义。该文给出了一种利用结构化函数签名进行二进制补丁分析的方法,描述了其实现框架,并讨论了编译器优化策略对二进制补丁分析的影响及消除的方法。
|
| 关 键 词: | 补丁分析 逆向工程 安全漏洞 编译优化 IDA |
| 文章编号: | 1000-3428(2006)14-0043-03 |
| 收稿时间: | 10 24 2005 12:00AM |
| 修稿时间: | 2005-10-24 |
Binary Patches Analysis Based on Structural Function Signature |
| |
| ZENG Ming,ZHAO Rongcai,WANG Xiaoqin,YAO Jingsong.Binary Patches Analysis Based on Structural Function Signature[J].Computer Engineering,2006,32(14):43-45. |
| |
| Authors: | ZENG Ming ZHAO Rongcai WANG Xiaoqin YAO Jingsong |
| |
| Affiliation: | 1. Department of Computer Science & Technology, PLA Information and Engineering University, Zhengzhou 450002 ; 2. Department of Computer Science & Technology, Tsinghua University, Beijing 100084
|
| |
| Abstract: | Patches are always used to improve the security of software system or to add functions. Reverse engineering of binary code patches could disclose the programmatic changes between two executable versions, which is very useful in virus analyzing and vulnerability studying. This article gives an effective method using structural function signature to locate the difference between patched version and unpatched version of the same software. The framework to implementing the described methods is also presented. Compiler optimizing sometimes affectes patches comparing greatly, so in this article, some discussion on how to deal with this problem is made. |
| |
| Keywords: | IDA |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
|
