Institutional Repository
| efficient and automatic instrumentation for packed binaries | |
| Wu Yanjun; Chiuch Tzi-cker; Zhao Chen | |
| 2009 | |
| 会议名称 | 3rd International Conference on Information Security and Assurance |
| 会议录名称 | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
| 会议日期 | JUN 25-27, |
| 会议地点 | Seoul, SOUTH KOREA |
| 出版地 | HEIDELBERGER PLATZ 3, D-14197 BERLIN, GERMANY |
| 出版者 | ADVANCES IN INFORMATION SECURITY AND ASSURANCE |
| ISSN | 0302-9743 |
| ISBN | 978-3-642-02616-4 |
| 部门归属 | Wu, Yanjun; Zhao, Chen Chinese Acad Sci, Inst Software, Beijing, Peoples R China. |
| 摘要 | Many modern software security techniques require transformation of executable binaries to add security features. Such transformation heavily depends on the correct and effecient disassembly. However, an increasing number of application binaries are packed before being distributed in the commercial world. Packed binaries are a special type of self-modifying code, which existing binary disassembly tools do not support very well, especially when automatic instrumentation is needed. This paper describes the design, implementation and evaluation of an efficient and automatic binary instrumentation tool for packed Win32/X86 binaries called Uncover. Uncover features two novel techniques: statically distinct packed binaries by entropy computation to minimize run-time disassembly overhead, and accurate tracking of binary unpacking process during runtime. These two techniques make it possible to disassemble Win32/X86 packed binaries as if they were never packed. |
| 内容类型 | 会议论文 |
| URI标识 | http://ir.iscas.ac.cn/handle/311060/8354 |
| 专题 | 基础软件国家工程研究中心 |
| 推荐引用方式 GB/T 7714 | Wu Yanjun,Chiuch Tzi-cker,Zhao Chen. efficient and automatic instrumentation for packed binaries[C]. HEIDELBERGER PLATZ 3, D-14197 BERLIN, GERMANY:ADVANCES IN INFORMATION SECURITY AND ASSURANCE,2009. |
| 条目包含的文件 | ||||||
| 文件名称/大小 | 文献类型 | 版本类型 | 开放类型 | 使用许可 | ||
| efficient and automa(364KB) | 开放获取 | -- | 请求全文 | |||
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论