基于指令交换的代码混淆方法

软件程序是按一定顺序排列的指令序列，指令的排列组合构成了千变万化的程序语义.指令顺序重排通常会相应地导致程序语义的变化，通过分析相邻指令序列的相对独立性，可以在不影响程序语义的前提下交换相邻指令序列，增大指令距离，改变程序特征，在一定程度上增加逆向分析代价.通过改进程序的形式化定义论证相邻指令交换的充分条件，采用模拟退火算法实现随机化的指令乱序混淆方法，并将指令乱序方法与虚拟机代码保护技术融合，实现基于指令乱序的虚拟机代码保护系统IS-VMP，使用加密算法实例进行系统测试，验证了指令乱序混淆算法的可行性与有效性.

Code Obfuscation Based on Instructions Swapping

The program is a sequence of instructions in a certain order, and the permutation and combinations of instructions constitute the ever-changing program semantics. Although reordering instructions usually changes the program semantics, it is possible to swap adjacent instruction sequences without changing the program semantics via analyzing the relative independence of adjacent instruction sequences. Instructions swapping increases the distance of instructions and change characteristics of the program, which raises the cost of reverse analysis to a certain extent. Sufficient conditions of instructions swapping are proven by the improvement of the formal definition of the program, upon which the randomize method of instructions reordering based on simulated annealing is proposed in the study. Furthermore, a prototype of IS-VMP (virtual machine protection system based on instructions reordering) is implemented. In addition, the experiments are carried out with a set of encryption algorithms. Experiment results show that instruction reordering is effective and applicable for anti-reversing.