作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2011, Vol. 37 ›› Issue (16): 36-38. doi: 10.3969/j.issn.1000-3428.2011.16.012

• 软件技术与数据库 • 上一篇    下一篇

基于模糊匹配的专用库函数识别技术

吴 滨 1,蒋烈辉 1,舒 辉 1,方 霞 2   

  1. (1. 解放军信息工程大学信息工程学院,郑州 450002;2. 海军航空工程学院,山东 烟台 264001)
  • 收稿日期:2011-01-25 出版日期:2011-08-20 发布日期:2011-08-20
  • 作者简介:吴 滨(1987-),男,硕士研究生,主研方向:软件逆向工程;蒋烈辉,教授、博士生导师;舒 辉,副教授、博士;方 霞, 硕士

Specific Library Function Identification Technology Based on Vague Matching

WU Bin 1, JIANG Lie-hui 1, SHU Hui 1, FANG Xia 2   

  1. (1. Institute of Information Engineering, PLA Information Engineering University, Zhengzhou 450002, China;2. Navy Aeronautical Engineering Academy, Yantai 264001, China)
  • Received:2011-01-25 Online:2011-08-20 Published:2011-08-20

摘要: 针对传统库函数识别方法无法有效识别专用库函数的问题,提出基于模糊匹配的专用库函数识别技术。在库文件快速识别与鉴定技术(FLIRT)的函数签名机制的基础上做出改进,提取目标文件的有效函数集并利用专用库函数特征库进行模糊匹配,确定需要加载的库签名,加载签名完成精确匹配。实验结果证明,该技术在专用库函数的识别方面效果较好。

关键词: 专用库函数, 库文件快速识别与鉴定技术, 模糊匹配, 函数签名, 有效函数集

Abstract: Aiming at the problem that traditional library function identification technology can not recognize specific library function effectively, this paper proposes a specific library function identification technology based on vague matching. The technique improves the function signature mechanism produced by Fast Library Identification and Recognition Technology(FLIRT), extracts a valid function congregation from the target file and does vague matching using professional library function feature database. Vague matching determines the signature to be loaded, loads the signature and fulfils the accurate matching. Experimental results show that the method does well at specific library function identification.

Key words: specific library function, Fast Library Identification and Recognition Technology(FLIRT), va gue matching, function signature, valid function congregation

中图分类号: