摘要： 恶意程序往往使用各种混淆手段来阻碍静态反汇编，call指令后插入数据便是常用的一种，对该方式的混淆进行研究，提出一种有效的识别call指令后混淆数据的方法。该方法基于改进的递归分析反汇编算法，分两阶段对混淆进行处理。经测试验证，该方法可有效地对此种混淆做出判断，提高反汇编的准确性。

关键词: 静态反汇编, 代码混淆, 恶意代码

Abstract: A number of obfuscation techniques are used to foil the static disassembly process by malware, in which embedding obfuscated data after call instruction is the most common style. This paper presents a detection arithmetic that can abstract the obfuscated data accurately after the call instruction. Based on improved recursive traversal disassembly arithmetic, this method can handle this style of obsfuscation in two phases. A test report is provided to prove the effect of this arithmetic.

Key words: static disassembly, code obfuscation, malicious code

中图分类号: 

• TP393.08