reconstructing a packed dll binary for static analysis
文献类型:会议论文
| 作者 | Wang Xianggen ; Feng Dengguo ; Su Purui |
| 出版日期 | 2009 |
| 会议名称 | 5th International Conference on Information Security Practice and Experience, ISPEC 2009 |
| 会议日期 | April 13, |
| 会议地点 | Xian, China |
| 关键词 | Computer crime Embedded systems Security of data Security systems Static analysis |
| 英文摘要 | DLLs (Dynamic Link Libraries) are usually protected by various anti-reversing engineering techniques. One technique commonly used is code packing as packed DLLs hinder static code analysis such as disassembly. In this paper, we propose a technique to reconstruct a binary file for static analysis by loading a DLL and triggering and monitoring the execution of the entry-point function and exported functions of packed DLLs. By monitoring all memory operations and control transfer instructions, our approach extracts the original hidden code which is written into the memory at run-time and constructs a binary based on the original DLL, the codes extracted and the records of control transfers. To demonstrate its effectiveness, we implemented our prototype ReconPD based on QEMU. The experiments show that ReconPD is able to analyze the packed DLLs, yet practical in terms of performance. Moreover, the reconstructed binary files can be successfully analyzed by static analysis tools, such as IDA Pro. © 2009 Springer Berlin Heidelberg. |
| 会议主办者 | Xidian University |
| 会议录 | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
 |
| 会议录出版地 | Germany |
| ISSN号 | 3029743 |
| ISBN号 | 3642008429 |
| 源URL | [http://124.16.136.157/handle/311060/8538]  |
| 专题 | 软件研究所_信息安全国家重点实验室_会议论文 |
| 推荐引用方式 GB/T 7714 | Wang Xianggen,Feng Dengguo,Su Purui. reconstructing a packed dll binary for static analysis[C]. 见:5th International Conference on Information Security Practice and Experience, ISPEC 2009. Xian, China. April 13,. |
入库方式: OAI收割
来源:软件研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。