Abstract
Self-modifying code is notoriously hard to understand and therefore very well suited to hide program internals. In this paper we introduce a program representation for this type of code: the state-enhanced control flow graph. It is shown how this program representation can be constructed, how it can be linearized into a binary program, and how it can be used to generate, analyze and transform self-modifying code.
The authors would like to thank the Institute for the Promotion of Innovation by Science and Technology in Flanders (IWT) and the Fund for Scientific Research Flanders (FWO) for their financial support. This research is also partially supported by Ghent University and by the HiPEAC network.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aucsmith, D.: Tamper resistant software: an implementation. In: Anderson, R. (ed.) Information Hiding. LNCS, vol. 1174, pp. 317–333. Springer, Heidelberg (1996)
Christodorescu, M., Jha, S.: Static analysis of executables to detect malicious patterns. In: Proceedings of the 12th USENIX Security Symposium, pp. 169–186. USENIX Association (2003)
Cifuentes, C., Gough, K.: Decompilation of binary programs. Software - Practice & Experience 25(7), 811–829 (1995)
Collberg, C., Thomborson, C.: Watermarking, tamper-proofing, and obfuscation - tools for software protection. IEEE Transactions on Software Engineering 28(8), 735–746 (2002)
Collberg, C., Thomborson, C., Low, D.: Manufacturing cheap, resilient, and stealthy opaque constructs. In: Proc. of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pp. 184–196 (1998)
Debray, S., Evans, W.: Profile-guided code compression. In: Proc. of the ACM SIGPLAN Conference on Programming language design and implementation (2002)
Dehnert, J., Grant, B., Banning, J., Johnson, R., Kistler, T., Klaiber, A., Mattson, J.: The transmeta code morphing software: Using speculation, recovery, and adaptive retranslation to address real-life challenges (2003)
Dux, B., Iyer, A., Debray, S., Forrester, D., Kobourov, S.: Visualizing the behavior of dynamically modifiable code. In: Proc. of the 13th International Workshop on Program Comprehension, pp. 337–340 (2005)
Ebcioglu, K., Altman, E., Gschwind, M., Sathaye, S.: Dynamic binary translation and optimization. IEEE Transactions on Computers 50(6), 529–548 (2001)
Kanzaki, Y., Monden, A., Nakamura, M., Matsumoto, K.: Exploiting self-modification mechanism for program protection. In: Proc. of the 27th Annual International Computer Software and Applications Conference, pp. 170–181 (2003)
Kruegel, C., Robertson, W., Valeur, F., Vigna, G.: Static disassembly of obfuscated binaries. In: Proc. of the 13the USENIX Security Symposium (2004)
The Leprosy-B virus (1990), http://familycode.atspace.com/lep.txt
Linn, C., Debray, S.: Obfuscation of executable code to improve resistance to static disassembly. In: Proc. 10th. ACM Conference on Computer and Communications Security (CCS), pp. 290–299 (2003)
Madou, M., Anckaert, B., Moseley, P., Debray, S., De Sutter, B., De Bosschere, K.: Software protection through dynamic code mutation. In: Song, J., Kwon, T., Yung, M. (eds.) WISA 2005. LNCS, vol. 3786, pp. 194–206. Springer, Heidelberg (2006)
Maebe, J., Ronsse, M., De Bosschere, K.: DIOTA: Dynamic Instrumentation, Optimization and Transformation of Applications. In: Proc. Int. Conf. on Parallel Architectures and Compilation Techniques (2002)
Muchnick, S.: Advanced Compiler Design and Implementation. Morgan Kaufmann Publischers Inc., San Francisco (1997)
Naumovich, G., Memon, N.: Preventing piracy, reverse engineering, and tampering. Computer 36(7), 64–71 (2003)
Pike, R., Locanthi, B., Reiser, J.: Hardware/software tradeoffs for bitmap graphics on the blit. Software - Practice & Experience 15(2), 131–151 (1985)
Szor, P.: The Art of Computer Virus Research and Defense. Addison-Wesley, London, UK (2005)
Szor, P., Ferrie, P.: Hunting for metamorphic (2001)
van Oorschot, P.C.: Revisiting software protection. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 1–13. Springer, Heidelberg (2003)
Zuse, K.: Einführung in die allgemeine dyadik (1937)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Anckaert, B., Madou, M., De Bosschere, K. (2007). A Model for Self-Modifying Code. In: Camenisch, J.L., Collberg, C.S., Johnson, N.F., Sallee, P. (eds) Information Hiding. IH 2006. Lecture Notes in Computer Science, vol 4437. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74124-4_16
Download citation
DOI: https://doi.org/10.1007/978-3-540-74124-4_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74123-7
Online ISBN: 978-3-540-74124-4
eBook Packages: Computer ScienceComputer Science (R0)