binOb+: A Framework for Potent and Stealthy Binary Obfuscation
Reverse engineering is the process of discovering a high-level structure and its semantics from a lower-level structure. In order to prevent malicious use of reverse engineering against binaries, various techniques have been developed called bi nary obfuscation. Obfuscated binary is a transformed binary which retains original binarys executing behavior while its outer representation obstructs the reverse engineering. In this paper we propose three novel approaches to improve the binary obfuscation. First we propose a generalized binary obfuscation algorithm that covers any specific or whole part of a binary code by using confusing code and redirecting control-flow using exceptions. Second, we employ a data mining method to make our obfuscated binary look like a normal binary. And third, we address the issue that the previous techniques could not be applied to Windows bi naries by designing a new exception hooking mechanism in Windows. Experimental results show that our obfuscated binary can hide 60-90% of the original instructions from re verse engineering tools, while its execution slows down a little, and moreover the obfuscated binarys stealth can be guaranteed.
Binary obfuscation reverse engineering exception handling Windows SEH stealth
Byoungyoung Lee Yuna Kim Jong Kim
Department of Computer Science and Engineering Pohang University of Science and Technology (POSTECH)Hyoja-dong, Nam-gu, Pohang, Republic of Korea
国际会议
北京
英文
271-281
2010-04-13(万方平台首次上网日期,不代表论文的发表时间)