Abstract: Malicious codes have become a main threat to computer security. They take various obfuscation techniques to hide themselves in order not to be statically analyzed. Conditional jump obfuscation is one of such techniques. This paper analyzes the reason lead to the conditional jump obfuscation and modifies the disassembly algorithm in the reverse analysis tool named Radux. Relevant test shows that the method is effective to get the correct disassembly result from the malicious codes obfuscated with conditional jumps.

Key words: conditional jump, obfuscation, malicious codes, disassembly

摘要： 恶意代码已经构成了计算机安全的主要威胁，为了避免被静态分析，恶意代码采用了各种混淆技术来自我隐藏，条件跳转混淆技术就是其中之一。该文通过研究条件跳转混淆的成因，对已有的典型反汇编算法进行了改进，其实现已被逆向分析工具Radux采用，测试验证了该方法能够有效地对采用条件跳转混淆技术的恶意代码进行正确的反汇编。

关键词: 条件跳转, 混淆, 恶意代码, 反汇编

CLC Number: 

• TP309