计算机工程与应用2016,Vol.52Issue(15):146-152,7.DOI:10.3778/j.issn.1002-8331.1410-0299
Handler混淆增强的虚拟机保护方法
Virtual machine protection based on Handler obfuscation enhancement
摘要
Abstract
The combination of Handlers in virtual machine can protect key codes in the program, and these Handlers are the main target for software reverse analysts to attack. Aiming at the reduction method for dynamic extraction and static analysis of Handlers, virtual machine protection method based on Handler obfuscation is proposed. Firstly, various equiva-lent instruction rules are used to generate different equivalence Handlers, and then all Handlers are divided and disordered by random scrambling algorithm, and they are restructured by constructing jump table, finally random address array is used to hide the data of Handler scheduling address table and execution jump table. Experiments and analysis show that the generation, segmentation and disorder of diverse Handlers increase the difficulty of dynamic extraction and analysis, the Handler address table and a jump table hidden enhances the difficulty of static reverse analysis.关键词
虚拟机保护/等价指令替换/切分乱序/多样化/表隐藏Key words
virtual machine protection/equivalent instruction replacement/segmentation disorder/diversity/table hidden分类
计算机与自动化引用本文复制引用
谢鑫,刘粉林,芦斌,向飞..Handler混淆增强的虚拟机保护方法[J].计算机工程与应用,2016,52(15):146-152,7.基金项目
国家自然科学基金(No.61379151,No.61274189,No.61302159,No.61401512);河南省杰出青年基金(No.14410051001)。 ()
