关键词: 可执行程序, 控制流隐藏, 反静态反汇编

Abstract:

The goal of making unauthorized modifications or stealing intellectual property of software can be reached by analyzing the static disassembly result of its executable binary code. In order to avoid this kind of instance,this paper described the basic static disassembly algorithm, then proposed two anti-disassembly techniques focusing on the obfuscation of control flow,branch function and jump table spoofing. These two techniques can hide the real target addresses of jump instructions, and can fabricate target addresses which will lead to error of static disassemblers. Therefore the (program’s) resistance to static disassembly will be improved, and it is more difficult to analyze the software.

Key words:  executable code, obfuscation of control flow, resistance to static disassembly