Generic Detection and Annotations of the Statically Linked Code

Ďurfina, Lukáš; Kolář, Dušan

doi:10.15546/aeei-2013-0049

Cited by 2 publications

(2 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…On average, ASMBoom outperforms other decompilers. It demonstrates that graph isomorphism based intrinsic function reduction technique is more efficient than the F.L.I.R.T method which is used in Hex-Rays decompiler and the method used in RD [31]. Hex-Rays sometimes misinterpret some intrinsic function like code segment as intrinsic function, especially on the memset intrinsic function.…”

Section: Discussionmentioning

confidence: 99%

Subgraph Isomorphism Based Intrinsic Function Reduction in Decompilation

Liu¹,

Zhao²,

Zhang³

et al. 2016

JSEA

View full text Add to dashboard Cite

Program comprehension is one of the most important applications in decompilation. The more abstract the decompilation result the better it is understood. Intrinsic function is introduced by a compiler to reduce the overhead of a function call and is inlined in the code where it is called. When analyzing the decompiled code with lots of inlined intrinsic functions, reverse engineers may be confused by these detailed and repeated operations and lose the goal. In this paper, we propose a method based graph isomorphism to detect intrinsic function on the CFG (Control Flow Graph) of the target function first. Then we identify the boundary of the intrinsic function, determine the parameter and return value and reduce the intrinsic function to a single function call in the disassembled program. Experimental results show that our method is more efficient at reducing intrinsic functions than the state-of-art decompilers such as Hex-Rays, REC and RD (Retargetable Decompiler).

show abstract

Section: Discussionmentioning

confidence: 99%

Subgraph Isomorphism Based Intrinsic Function Reduction in Decompilation

Liu¹,

Zhao²,

Zhang³

et al. 2016

JSEA

View full text Add to dashboard Cite

show abstract

“…Deadcode insertion is done by inserting a block of code that will never be reached so that it will never be executed but will increase the code size and the analysis time [5]. Code transposition, which is included in layout obfuscation, is done by changing the identifier, changing the format, or deleting comments [6]. String encryption is done by hiding strings that are considered to contain sensitive information using symmetric encryption algorithms such as DES, AES, or XOR [5].…”

Section: Introductionmentioning

confidence: 99%

C Source code Obfuscation using Hash Function and Encryption Algorithm

Tambunan,

Rokhman

2023

Indonesian J. Comput. Cybern. Syst.

View full text Add to dashboard Cite

Obfuscation is a technique for transforming program code into a different form that is more difficult to understand. Several obfuscation methods are used to obfuscate source code, including dead code insertion, code transposition, and string encryption. In this research, the development of an obfuscator that can work on C language source code uses the code transposition method, namely randomizing the arrangement of lines of code with a hash function and then using the DES encryption algorithm to hide the parameters of the hash function so that it is increasingly difficult to find the original format. This obfuscator is specifically used to maintain the security of source code in C language from plagiarism and piracy. In order to evaluate this obfuscator, nine respondents who understand the C programming language were asked to deobfuscate the obfuscated source code manually. Then the percentage of correctness and the average time needed to perform the manual deobfuscation are observed. The evaluation results show that the obfuscator effectively maintains security and complicates the source code analysis.

show abstract

Generic Detection and Annotations of the Statically Linked Code

Cited by 2 publications

References 1 publication

Subgraph Isomorphism Based Intrinsic Function Reduction in Decompilation

Subgraph Isomorphism Based Intrinsic Function Reduction in Decompilation

C Source code Obfuscation using Hash Function and Encryption Algorithm

Contact Info

Product

Resources

About