计算机工程2012,Vol.38Issue(17):119-122,4.DOI:10.3969/j.issn.1000-3428.2012.17.033
基于3SAT的API调用迷惑方法
API-calling Obfuscation Method Based on 3SAT
陈亚男 1王清贤 1曾勇军 1奚琪1
作者信息
- 1. 国家数字交换系统工程技术研究中心,郑州450002
- 折叠
摘要
Abstract
There are some shortages of existing API-calling obfuscation technology in the fight against the static analysis, such as weak versatility, easy to analyze and so on. This paper proposes a binary code obfuscation method. By using opaque constants based on 3SAT, it builds obfuscation transformations that change the objective address of API-calling to indirect and ensure the address invariable, which makes analyzing API address be an Nondeterministic Polynomial(NP) complete problem, so that the address can not be obtained by static analysis. Experimental results show that the difficulty of analysis of obfuscated program is enhanced, and the method can evade the static detection method based on API-calling.
关键词
API调用/静态分析/代码迷惑/3SAT问题/非透明常量/NP完全问题Key words
API-calling/ static analysis/ code obfuscation/ 3SAT problem/ opaque constant/ Nondeterministic PolynomiaI(NP) complete problem分类
信息技术与安全科学引用本文复制引用
陈亚男,王清贤,曾勇军,奚琪..基于3SAT的API调用迷惑方法[J].计算机工程,2012,38(17):119-122,4.
