Title :
A Method and Implementation of Control Flow Obfuscation Using SEH
Author :
Xinlei Yao ; Jianmin Pang ; Yichi Zhang ; Yong Yu ; Jianping Lu
Author_Institution :
Nat. Digital Switching Syst. Eng. & Technol. R&D Center, Zhengzhou, China
Abstract :
Control flow obfuscation is an important way of software copyright protection, the main purpose is to make the static analysis tools produce wrong control flow graph, and then prevent malicious use of reverse engineering against software. In this paper we ropose an approach to implement control flow obfuscation using Windows structured exception handling mechanism. Programs are obfuscated by replacing branch instructions with exception code and inserting fake branch instruction after the exception code. Furthermore, exception code random technology is used to improve the resilience of the obfuscated code. Experimental results show that disassemble tools fail to identify 56.7% control flow of the obfuscated code, and have a misunderstanding of 40% control flow. The increase in program size and execute time of the obfuscated code is also modest.
Keywords :
copyright; exception handling; flow graphs; program assemblers; program diagnostics; reverse engineering; user interfaces; SEH; Windows operating system; branch instructions; disassemble tools; exception code random technology; obfuscated code control flow; obfuscated code execution time; obfuscated code resilience; reverse engineering; software copyright protection; static analysis tools; structured exception handling mechanism; wrong control flow graph; Context; Engines; Instruction sets; Prototypes; Registers; Resilience; Security; callback function; control flow obfuscation; polymorphism; structured exception handling;
Conference_Titel :
Multimedia Information Networking and Security (MINES), 2012 Fourth International Conference on
Conference_Location :
Nanjing
Print_ISBN :
978-1-4673-3093-0
DOI :
10.1109/MINES.2012.25
