论文部分内容阅读
恶意程序常常使用一些多态或变形技术来抵制逆向工程和一些反病毒软件。然而,近年来基于结构体信息的恶意软件签名技术使得传统的多态或变形技术逐渐失效。本文,我们从目标可执行文件的入手,从二进制的角度分析出其中的数据结构并对这些数据结构进行随机化。我们的这个工具简单灵活,甚至可以作为恶意程序的一部分来工作。实验结果表明,该工具仅需要很少的额外性能损耗即能获得显著的数据结构多样性。“,”Metamorphism and polymorphism are often applied on some malwares to protect their programs against reverse engineering or detected by some anti virus products. However, data structure information based malware signatures invalidate traditional metamorphic technologies. In this paper, we propose a metamorphism tool, which obfuscates data structure in binary code level. This obfuscation technology is more flexible compared to the previous randomizations. Preliminary experimental results show that our tool could obfuscate data structure remarkably with little performance overhead.