For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
Research on General DEA Model Based on the Grey Linear Programming
p.828
230MHz Wireless Communication Network Architecture and Design of Power Consumption Information Collection System Based on WiMAX
p.835
A Gossip-Based AOA Distributed Localization Algorithm for Wireless Sensor Networks
p.841
A New Approach for Task Allocation in Complex Network
p.847
A New Disassembly Approach for Binary Code Using Dynamic Multiple-Path Exploration and Static Disassembly
p.852
A Novel Approach for RFID Data Cleansing Based on Bayesian Inference
p.856
A Scalable Data Platform for Cloud Computing Systems
p.860
A WCET Test Method Based on Associative Process Communication
p.865
Algorithm for Wireless Sensor Network Data Fusion Based on Radial Basis Function Neural Networks
p.873

A New Disassembly Approach for Binary Code Using Dynamic Multiple-Path Exploration and Static Disassembly

Article Preview

Abstract:

We present a new approach for disassembling executables with self-modifying code. Self-modifying code is very common in malware. Conventional static or dynamic approaches cannot handle self-modifying code very well. We combine static and dynamic analysis to fight against self-modifying code with the multiple-path exploration technique. The evaluation results indicate that our approach works well in disassembling executables with self-modifying code with high precision and code coverage compared with the state-of-art disassembler.

You might also be interested in these eBooks
Applied Decisions in Area of Mechanical Engineering and Industrial Manufacturing View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volume 577)

Pages:

852-855

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.577.852

Citation:

Cite this paper

Online since:

July 2014

Authors:

Jing Qiu*, Xiao Hong Su, Pei Jun Ma

Keywords:

Disassembly Code, Dynamic Analysis, Instruction Trace, Reverse Engineering, Self-Modifying Code

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2014 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

* - Corresponding Author

References

[1] C. Kruegel, W.K. Robertson and F. Valeur, in: Static Disassembly of Obfuscated Binaries. USENIX security Symposium. 13 (2004), pp.18-18.

Google Scholar

[2] D. Rescue: IDA Pro Disassembler. http: /www. datarescue. com/idabase.

Google Scholar

[3] B. Schwarz, S. Debray and G. Andrews: Disassembly of executable code revisited. Reverse Engineering, Proceedings. Ninth Working Conference on. IEEE, (2002), pp.45-54.

DOI: 10.1109/wcre.2002.1173063

Google Scholar

[4] S. Nanda, W. Li and L.C. Lam, in: Binary interpretation using runtime disassembly. Proceedings of the International Symposium on Code Generation and Optimization. IEEE Computer Society, (2006), pp.358-370.

DOI: 10.1109/cgo.2006.6

Google Scholar

[5] C, Linn and S. Debray, in: Obfuscation of executable code to improve resistance to static disassembly. Proceedings of the 10th ACM conference on Computer and communications security. ACM, ( 2003), pp.290-299.

DOI: 10.1145/948109.948149

Google Scholar

[6] Luk, Chi-Keung. Pin: building customized program analysis tools with dynamic instrumentation. " ACM Sigplan Notices 40. 6 (2005), pp.190-200.

DOI: 10.1145/1064978.1065034

Google Scholar

[7] X. Liang, F. Sun, and Z. Su, in: Constructing precise control flow graphs from binaries., University of California, Davis, Tech. Rep (2009).

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.