基于程序流敏感的自修改代码混淆方法

J4 ›› 2012, Vol. 34 ›› Issue (1): 79-85.

基于程序流敏感的自修改代码混淆方法

何炎祥，陈勇，吴伟，陈念，徐超，刘健博，苏雯

(武汉大学计算机学院软件工程国家重点实验室，湖北武汉 430072)

收稿日期:2010-05-20 修回日期:2010-10-26 出版日期:2012-01-25 发布日期:2012-01-25

A Program FlowSensitive SelfModifying Code Obfuscation Method

HE Yanxiang,CHEN Yong,WU Wei,CHEN Nian,XU Chao,LIU Jianbo,SU Wen

(State Key Lab of Software Engineering,
School of Computer Science,Wuhan University,Wuhan 430072,China)

Received:2010-05-20 Revised:2010-10-26 Online:2012-01-25 Published:2012-01-25

摘要/Abstract

摘要：

自修改代码混淆方法是一种隐藏程序重要信息的有效技术。为减少代码混淆造成的额外开销而又不影响代码混淆的质量，利用程序流敏感分析方法选择比较重要的指令进行混淆。为提高代码混淆的质量，有效地防止反汇编，提出一个二步比较混淆模型。该模型包括两个子混淆器，混淆器1采用程序流敏感分析方法获得混淆的指令并产生两个混淆代码文件和一个混淆代码映射文件。混淆器2通过比较两个混淆代码文件精确地定位混淆指令在二进制代码中的位置，然后利用混淆代码映射文件对二进制代码进行混淆，以进一步提高代码混淆的质量。通过实验分析，混淆后二进制文件的额外开销只占整个代码的3%左右，并且混淆后的反汇编代码明显异于原始的反汇编代码，甚至出现了一些无法识别的错误指令。

关键词: 程序流敏感, 自修改代码, 代码混淆, 二进制数据定位, 代码保护

Abstract:

Selfmodifying code obfuscation is an effective technique to hide the important information of programs. In this paper, we focus on reducing the cost of obfuscated codes and enhancing the degree of obfuscation to use a flowsensitive method to select the obfuscated codes that are important relatively such as control instruction and propose a twostep comparing obfuscation model that can locate the obfuscated instructions in binary codes precisely that can help change these codes to illegal codes to defense the disassembly. The model contains two parts. The first part uses the flowsensitive analyses to get the obfuscated instructions and generate two obfuscated codes and one obfuscated code mapping file. Then, the second part compares these two obfuscated codes to generate the final obfuscated codes containing the illegal instruction codes based on the obfuscated code mapping file. Through the experiments, the obfuscated instructions are about 3% of the whole codes and the disassemble codes are much different with the source codes and even some error instructions appear.

Key words: program flowsensitive;selfmodifying codes;code obfuscation;binary codes location;code protection

何炎祥，陈勇，吴伟，陈念，徐超，刘健博，苏雯. 基于程序流敏感的自修改代码混淆方法[J]. J4, 2012, 34(1): 79-85.

HE Yanxiang,CHEN Yong,WU Wei,CHEN Nian,XU Chao,LIU Jianbo,SU Wen. A Program FlowSensitive SelfModifying Code Obfuscation Method[J]. J4, 2012, 34(1): 79-85.

参考文献［15］

［1］	Van Oorschot P C. Revisiting Software Protection［C］∥Proc of the 6th International Information Security Conference (ISC’03), 2006:113.
［2］	Collberg C,Nagra J. Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection［M］. San Francisco: No Starch Press,2002.
［3］	Tamperproofing for Program Protection［M］.AddisonWesley Professional, 2009.
［4］	Debray S,Evans W. ProfileGuided Code Compression［C］∥Proc of the ACM SIGPLAN Conference on Programming Language Design and Implementation, 2002:95105.
［5］	Linn C,Debray S. Obfuscation of Executable Code to Improve Resistance to Static Disassembly［C］∥Proc of the 10th ACM Conference on Computer and Communications Security, 2003:290299.
［6］	Lin H, Mo Xuansheng, Gao Ying. Based on RSA and SelfModifying Mechanism of Software Protection［C］∥Proc of the 2010 International Symposium on Parallel and Distributed Processing with Applications,2010:474477.
［7］	Ansel J, Marchenki P,Erlingsson U,et al. LanguageIndependent Sandboxing of JustinTime Compilation and SelfModifying Code［C］∥Proc of the 32nd ACM SIGPLIN Conference on Programming Language Design and Implemention,2011:355366.
［8］	Collberg C, Thomborson C.Watermarking,TamperProofing, and ObfuscationTools for Software Protection［J］. IEEE Transactions on Software Engineering, 2002,28(6):735746.
［9］	Cappaert J, Preneel B, Anckaert B, et al. Towards Tamper Resistant Code Encryption: Practice and Experience［J］.LNCS, 2008j,4991:86100.
［10］	Kanzaki Y, Monden A,Nakamura M,et al. Exploiting SelfModification Mechanism for Program Protection［C］∥Proc of the 27th Annual Computer Software and Applications Conference,2003:170179.
［11］	Aho A V, Sethi R,Ullman J D. Compilers: Principles, Techniques and Tools［M］. AddisonWesley,2007.
［12］	Kanzaki Y, Monden A, Nakamura M,et al. Program Camouflage: A Systematic Instruction Hiding Method for Protecting Secrets［C］∥Proc of World Congress on Science,Engineering and Technology,2009:557563.
［13］	Kanzaki Y,Monden A. A Software Protection Method Based on TimeSensitive Code and SelfModification Mechanism［C］∥Proc of IASTED’10,2010:325331.
［14］	Madou M, Anckaert B,Moseley P,et al. Software Protection Through Dynamic Code Mutation［C］∥Proc of the International Workshop on Information Security Applications, 2006:194206.
［15］	Anckaert B, Madou M,de Bosschere K. A Model for Selfmodifying Code［C］∥Proc of the 8th International Conference on Information Hiding,2007:232248.