Proceedings of the 10th ACM Conference on Computer and Communication Security - CCS '03 2003
DOI: 10.1145/948148.948149
|View full text |Cite
|
Sign up to set email alerts
|

Obfuscation of executable code to improve resistance to static disassembly

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
194
0
7

Year Published

2005
2005
2013
2013

Publication Types

Select...
6
3

Relationship

0
9

Authors

Journals

citations
Cited by 264 publications
(201 citation statements)
references
References 0 publications
0
194
0
7
Order By: Relevance
“…Note that the techniques presented here are rather trivial, compared to elaborate binary code obfuscation methods [30][31][32], but powerful enough to illustrate the limitations of detection methods based on static analysis. Advanced techniques for complicating static analysis have also been extensively used for tamper-resistant software and for preventing the reverse engineering of executables, as a defense against software piracy [33][34][35].…”
Section: Static Analysis Resistant Polymorphic Shellcodementioning
confidence: 99%
“…Note that the techniques presented here are rather trivial, compared to elaborate binary code obfuscation methods [30][31][32], but powerful enough to illustrate the limitations of detection methods based on static analysis. Advanced techniques for complicating static analysis have also been extensively used for tamper-resistant software and for preventing the reverse engineering of executables, as a defense against software piracy [33][34][35].…”
Section: Static Analysis Resistant Polymorphic Shellcodementioning
confidence: 99%
“…In the context of disassembly, obfuscation refers to transformations of the binary such that the parsing of instructions becomes difficult. In [9], Linn and Debray introduced novel obfuscation techniques that exploit the fact that the Intel x86 instruction set architecture contains variable length instructions that can start at arbitrary memory address. By inserting padding bytes at locations that cannot be reached during run-time, disassemblers can be confused to misinterpret large parts of the binary.…”
Section: Static Analysis Techniquesmentioning
confidence: 99%
“…These techniques usually do not require disassembling binary code. This is appealing, since malicious coders can employ a number of techniques to thwart disassembly [14]. However, they are susceptible to certain types of obfuscation such as the substitution of semantically equivalent instruction sequences.…”
Section: Related Workmentioning
confidence: 99%