Manufacturing cheap, resilient, and stealthy opaque constructs
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Dynamic analysis for reverse engineering and program understanding
ACM SIGAPP Applied Computing Review
Breaking Abstractions and Unstructuring Data Structures
ICCL '98 Proceedings of the 1998 International Conference on Computer Languages
Obfuscation of executable code to improve resistance to static disassembly
Proceedings of the 10th ACM conference on Computer and communications security
Learning to detect malicious executables in the wild
Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
Reversing: The Hacker's Guide to Reverse Engineering
Reversing: The Hacker's Guide to Reverse Engineering
Static Analyzer of Vicious Executables (SAVE)
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Pattern Recognition, Third Edition
Pattern Recognition, Third Edition
Valgrind: a framework for heavyweight dynamic binary instrumentation
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Static analysis of executables to detect malicious patterns
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Static disassembly of obfuscated binaries
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Automating mimicry attacks using static binary analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
mhz: anatomy of a micro-benchmark
ATEC '98 Proceedings of the annual conference on USENIX Annual Technical Conference
Software Protection through Anti-Debugging
IEEE Security and Privacy
Deobfuscator: An Automated Approach to the Identification and Removal of Code Obfuscation
WCRE '07 Proceedings of the 14th Working Conference on Reverse Engineering
Binary obfuscation using signals
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Linear obfuscation to combat symbolic execution
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
| Hi-index | 0.00 |
Reverse engineering is the process of discovering a high-level structure and its semantics from a lower-level structure. In order to prevent malicious use of reverse engineering against binaries, various techniques have been developed called binary obfuscation. Obfuscated binary is a transformed binary which retains original binary's executing behavior while its outer representation obstructs the reverse engineering. In this paper we propose three novel approaches to improve the binary obfuscation. First we propose a generalized binary obfuscation algorithm that covers any specific or whole part of a binary code by using confusing code and redirecting control-flow using exceptions. Second, we employ a data-mining method to make our obfuscated binary look like a normal binary. And third, we address the issue that the previous techniques could not be applied to Windows binaries by designing a new exception hooking mechanism in Windows. Experimental results show that our obfuscated binary can hide 60--90% of the original instructions from reverse engineering tools, while its execution slows down a little, and moreover the obfuscated binary's stealth can be guaranteed.