A tentative approach to constructing tamper-resistant software
NSPW '97 Proceedings of the 1997 workshop on New security paradigms
Tamper Resistant Software: An Implementation
Proceedings of the First International Workshop on Information Hiding
Robust Object Watermarking: Application to Code
IH '99 Proceedings of the Third International Workshop on Information Hiding
Dynamic Self-Checking Techniques for Improved Tamper Resistance
DRM '01 Revised Papers from the ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management
Protecting Software Code by Guards
DRM '01 Revised Papers from the ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management
Disassembly of Executable Code Revisited
WCRE '02 Proceedings of the Ninth Working Conference on Reverse Engineering (WCRE'02)
Obfuscation of design intent in object-oriented applications
Proceedings of the 3rd ACM workshop on Digital rights management
Obfuscation of executable code to improve resistance to static disassembly
Proceedings of the 10th ACM conference on Computer and communications security
Exploiting Self-Modification Mechanism for Program Protection
COMPSAC '03 Proceedings of the 27th Annual International Conference on Computer Software and Applications
A Generic Attack on Checksumming-Based Software Tamper Resistance
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
On obfuscating point functions
Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
Hardware-Assisted Circumvention of Self-Hashing Software Tamper Resistance
IEEE Transactions on Dependable and Secure Computing
Proceedings of the 12th ACM conference on Computer and communications security
Strengthening Software Self-Checksumming via Self-Modifying Code
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Static analysis of executables to detect malicious patterns
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Static disassembly of obfuscated binaries
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Tamper resistant software by integrity-based encryption
PDCAT'04 Proceedings of the 5th international conference on Parallel and Distributed Computing: applications and Technologies
| Hi-index | 0.00 |
Self-modifying codes (SMC) refer to programs that intentionally modify themselves at runtime, causing the runtime code to differ from the static binary representation of the code before execution. Hence SMC is an effective method to obstruct software disassembling. This paper presents a method which circumvents the SMC protection, thus improving the performance of disassembling. By disabling the write privilege to the code section, an access violation exception occurs when an SMC attempts to execute. Intercepting this exception allows the attacker to determine and thus compromise the SMC and generate equivalent static code. Our experiments demonstrate that it is viable and efficient.