skip to main content
10.1145/3338503.3357718acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
keynote

Modern Static Analysis of Obfuscated Code

Published: 15 November 2019 Publication History

Abstract

Static analysis tools have improved significantly in recent years with advances in intermediate representations, symbolic execution, constraint solving, control flow recovery, and static data flow analysis. Scripting of static analysis has improved at an even faster pace, with new APIs allowing easy access to extend or modify the building blocks that static analysis tools are built upon.
One of code obfuscation's common goals is to make it more difficult for a reverse engineer to analyze or understand the code. With today's more powerful static analysis tools, what code obfuscation techniques are still effective against static reverse engineering, and which are now easy to remove?
This talk first explores how modern static analysis tools analyze binary code. An overview of how these tools recover a program's control flow from a binary is presented, as well as a look at the analysis features that are available to scripts built upon them.
Various obfuscation techniques are then discussed to explore the impact of modern static analysis tools on them. Such impacts include,
obfuscation techniques that have been defeated by modern tools;
scripting features that have made some obfuscation techniques easier to remove;
obfuscation techniques that are still difficult for static analysis to resolve;
code patterns that remain difficult to analyze, even with an expert reverse engineer interacting with the tool.

Cited By

View all
  • (2024)Monotonicity and the Precision of Program AnalysisProceedings of the ACM on Programming Languages10.1145/36328978:POPL(1629-1662)Online publication date: 5-Jan-2024
  • (2024)Detecting Standard Library Functions in Obfuscated CodeIntelligent Systems and Applications10.1007/978-3-031-47724-9_11(151-168)Online publication date: 19-Apr-2024

Index Terms

  1. Modern Static Analysis of Obfuscated Code

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    SPRO'19: Proceedings of the 3rd ACM Workshop on Software Protection
    November 2019
    87 pages
    ISBN:9781450368353
    DOI:10.1145/3338503
    Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 15 November 2019

    Check for updates

    Author Tags

    1. code obfuscation
    2. reverse engineering
    3. software protection
    4. static analysis

    Qualifiers

    • Keynote

    Conference

    CCS '19
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 8 of 14 submissions, 57%

    Upcoming Conference

    CCS '25

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)23
    • Downloads (Last 6 weeks)1
    Reflects downloads up to 14 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)Monotonicity and the Precision of Program AnalysisProceedings of the ACM on Programming Languages10.1145/36328978:POPL(1629-1662)Online publication date: 5-Jan-2024
    • (2024)Detecting Standard Library Functions in Obfuscated CodeIntelligent Systems and Applications10.1007/978-3-031-47724-9_11(151-168)Online publication date: 19-Apr-2024

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media