• DocumentCode
    728941
  • Title

    Obfuscating Windows DLLs

  • Author

    Abrath, Bert ; Coppens, Bart ; Volckaert, Stijn ; De Sutter, Bjorn

  • Author_Institution
    Dept. of Electron. & Inf. Syst., Ghent Univ., Ghent, Belgium
  • fYear
    2015
  • fDate
    19-19 May 2015
  • Firstpage
    24
  • Lastpage
    30
  • Abstract
    We present two techniques to obfuscate the interfaces between application binaries and Windows system DLLs (dynamic-link libraries). The first technique obfuscates the related symbol information in the binary to prevent static analyses from identifying the invoked library functions. The second technique combines static linking with code obfuscation to avoid the external interface altogether, thus preventing dynamic attacks as well. This is done while still maintaining compatibility with multiple Windows versions, through run-time adaptation of the application. As the first concrete result of this ongoing research, we demonstrate and evaluate the techniques using a proof-of-concept tool applied to a simple test program.
  • Keywords
    program testing; security of data; software libraries; user interfaces; Windows system DLL; code obfuscation; dynamic attacks prevention; dynamic-link libraries; program testing; proof-of-concept tool; static analysis; Joining processes; Kernel; Libraries; Linux; Prototypes; Transforms; Windows; binary rewriting; obfuscation; static linking;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Software Protection (SPRO), 2015 IEEE/ACM 1st International Workshop on
  • Conference_Location
    Florence
  • Type

    conf

  • DOI
    10.1109/SPRO.2015.13
  • Filename
    7174807
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=728941