Proceedings of the 10th ACM Conference on Computer and Communications Security 2003
DOI: 10.1145/948109.948149
|View full text |Cite
|
Sign up to set email alerts
|

Obfuscation of executable code to improve resistance to static disassembly

Abstract: A great deal of software is distributed in the form of executable code. The ability to reverse engineer such executables can create opportunities for theft of intellectual property via software piracy, as well as security breaches by allowing attackers to discover vulnerabilities in an application. The process of reverse engineering an executable program typically begins with disassembly, which translates machine code to assembly code. This is then followed by various decompilation steps that aim to recover hi… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
4
1

Citation Types

0
126
0
2

Year Published

2005
2005
2019
2019

Publication Types

Select...
4
3

Relationship

0
7

Authors

Journals

citations
Cited by 330 publications
(133 citation statements)
references
References 26 publications
0
126
0
2
Order By: Relevance
“…Linn et al designed an obfuscation to thwart linear sweep and recursive traversal static disassembly algorithms [23], which introduced junk instructions, jump tables, and opaque predicates to disrupt the static disassembly process. Ledoux et al proposed an instruction embedding method to improve instruction overlapping obfuscation [24].…”
Section: Related Workmentioning
confidence: 99%
“…Linn et al designed an obfuscation to thwart linear sweep and recursive traversal static disassembly algorithms [23], which introduced junk instructions, jump tables, and opaque predicates to disrupt the static disassembly process. Ledoux et al proposed an instruction embedding method to improve instruction overlapping obfuscation [24].…”
Section: Related Workmentioning
confidence: 99%
“…In [13], Linn and Debray introduced novel obfuscation techniques that exploit the fact that the Intel x86 instruction set architecture contains variable length instructions that can start at arbitrary memory address. By inserting padding bytes at locations that cannot be reached during run-time, disassemblers can be confused to misinterpret large parts of the binary.…”
Section: Robust Disassembly Of Obfuscated Binariesmentioning
confidence: 99%
“…Linn and Debray's approach [13] to confuse disassemblers are based on two main techniques. First, junk bytes are inserted at locations that are not reachable at run-time.…”
Section: Robust Disassembly Of Obfuscated Binariesmentioning
confidence: 99%
See 2 more Smart Citations