Sciweavers

USS
2004

Static Disassembly of Obfuscated Binaries

14 years 28 days ago
Static Disassembly of Obfuscated Binaries
Disassembly is the process of recovering a symbolic representation of a program's machine code instructions from its binary representation. Recently, a number of techniques have been proposed that attempt to foil the disassembly process. These techniques are very effective against state-of-the-art disassemblers, preventing a substantial fraction of a binary program from being disassembled correctly. This could allow an attacker to hide malicious code from static analysis tools that depend on correct disassembler output (such as virus scanners). The paper presents novel binary analysis techniques that substantially improve the success of the disassembly process when confronted with obfuscated binaries. Based on control flow graph information and statistical methods, a large fraction of the program's instructions can be correctly identified. An evaluation of the accuracy and the performance of our tool is provided, along with a comparison to several state-of-the-art disassembl...
Christopher Krügel, William K. Robertson, Fre
Added 31 Oct 2010
Updated 31 Oct 2010
Type Conference
Year 2004
Where USS
Authors Christopher Krügel, William K. Robertson, Fredrik Valeur, Giovanni Vigna
Comments (0)