Operating system protection through program evolution
Computers and Security
Obfuscation of executable code to improve resistance to static disassembly
Proceedings of the 10th ACM conference on Computer and communications security
Static disassembly of obfuscated binaries
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Software code obfuscation by hiding control flow information in stack
WIFS '11 Proceedings of the 2011 IEEE International Workshop on Information Forensics and Security
Hi-index | 0.00 |
Disassemblers generally assume that assembly language instructions do not overlap, therefore, an obvious obfuscation against such disassemblers is to overlap instructions. This is difficult to implement, however, as the number of instructions existing in a program which can be overlapped are typically very few. We propose a modification of instruction overlapping which instead embeds the hexadecimal representation of an instruction in the memory offset and immediate operand of an inserted instruction. We implement a obfuscator which is capable of embedding a limited number of instructions and find that it is able to hide 23% of an X86 assembly program's total instructions on average. This is significantly higher than results reported by past works using standard instruction overlapping obfuscations which were only able to hide 1% of instructions.