作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2012, Vol. 38 ›› Issue (17): 119-122. doi: 10.3969/j.issn.1000-3428.2012.17.033

• 安全技术 • 上一篇    下一篇

基于3SAT的API调用迷惑方法

陈亚男,王清贤,曾勇军,奚 琪   

  1. (国家数字交换系统工程技术研究中心,郑州 450002)
  • 收稿日期:2011-10-24 修回日期:2011-12-20 出版日期:2012-09-05 发布日期:2012-09-03
  • 作者简介:陈亚男(1987-),女,硕士研究生,主研方向:信息安全;王清贤,教授;曾勇军,讲师、硕士;奚 琪,博士研究生

API-calling Obfuscation Method Based on 3SAT

CHEN Ya-nan, WANG Qing-xian, ZENG Yong-jun, XI Qi   

  1. (National Digital Switching System Engineering and Technological R&D Center, Zhengzhou 450002, China)
  • Received:2011-10-24 Revised:2011-12-20 Online:2012-09-05 Published:2012-09-03

摘要: 现有的API调用迷惑技术通用性不强,且容易被静态分析方法识破。为此,提出一种二进制代码迷惑方法,利用3SAT非透明常量,将API调用的目标地址变换为间接地址,使分析API地址成为NP完全问题,从而无法通过静态分析获取API地址。实验结果表明,该方法增加了代码分析的难度,可使基于API调用的静态分析检测方法失效。

关键词: API调用, 静态分析, 代码迷惑, 3SAT问题, 非透明常量, NP完全问题

Abstract: There are some shortages of existing API-calling obfuscation technology in the fight against the static analysis, such as weak versatility, easy to analyze and so on. This paper proposes a binary code obfuscation method. By using opaque constants based on 3SAT, it builds obfuscation transformations that change the objective address of API-calling to indirect and ensure the address invariable, which makes analyzing API address be an Nondeterministic Polynomial(NP) complete problem, so that the address can not be obtained by static analysis. Experimental results show that the difficulty of analysis of obfuscated program is enhanced, and the method can evade the static detection method based on API-calling.

Key words: API-calling, static analysis, code obfuscation, 3SAT problem, opaque constant, Nondeterministic Polynomial(NP) complete problem

中图分类号: