Dynamo: a transparent dynamic optimization system
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Pin: building customized program analysis tools with dynamic instrumentation
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
BIRD: Binary Interpretation using Runtime Disassembly
Proceedings of the International Symposium on Code Generation and Optimization
QEMU, a fast and portable dynamic translator
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Using Entropy Analysis to Find Encrypted and Packed Malware
IEEE Security and Privacy
Classification of malware using structured control flow
AusPDC '10 Proceedings of the Eighth Australasian Symposium on Parallel and Distributed Computing - Volume 107
Hi-index | 0.00 |
Many modern software security techniques require transformation of executable binaries to add security features. Such transformation heavily depends on the correct and effecient disassembly. However, an increasing number of application binaries are packed before being distributed in the commercial world. Packed binaries are a special type of self-modifying code, which existing binary disassembly tools do not support very well, especially when automatic instrumentation is needed. This paper describes the design, implementation and evaluation of an efficient and automatic binary instrumentation tool for packed Win32/X86 binaries called Uncover. Uncover features two novel techniques: statically distinct packed binaries by entropy computation to minimize run-time disassembly overhead, and accurate tracking of binary unpacking process during runtime. These two techniques make it possible to disassemble Win32/X86 packed binaries as if they were never packed.