52ky 发表于 2021-6-11 12:47:07

Applied Binary Code Obfuscation

Applied Binary Code Obfuscation,应用二进制代码Applied Binary Code Obfuscation介绍
混淆代码是难以(但并非不可能)阅读和理解的代码。有时,出于安全原因,企业开发人员、程序员和恶意软件编码人员会故意混淆他们的软件,以试图延迟逆向工程或混淆防病毒引擎识别恶意行为。如今,混淆通常应用于面向对象的跨平台编程语言,如 Java、.NET(C#、VB)、Perl、Ruby、Python 和 PHP。那是因为他们的代码可以很容易地反编译和检查,使他们容易受到逆向工程的攻击。另一方面,混淆二进制代码不像加密对象或函数名称那么容易,就像在上面提到的编程语言中所做的那样。在这种情况下,代码会通过使用各种转换来改变,例如自修改代码、堆栈操作甚至拆分简单数学函数的因子。此外,二进制混淆还用于击败自动网络流量分析器,例如入侵检测和防御系统。换句话说,二进制代码混淆是一种改变原始代码结构并保持其原始功能的技术。在本文的下几页中,我们将探讨二进制代码混淆的理论和实践,以及一些可以使用的各种技术。混淆

(Applied Binary CodeApplied Binary Code Obfuscation
Introduction
An obfuscated code is the one that is hard (but not impossible) to read and understand. Sometimes corporate developers, programmers and malware coders for security reasons, intentionally obfuscate their software in an attempt to delay reverse engineering or confuse antivirus engines from identifying malicious behaviors. Nowadays, obfuscation is often applied to object oriented cross-platform programming languages like Java, .NET (C#, VB), Perl, Ruby, Python and PHP. That is because their code can be easily decompiled and examined making them vulnerable to reverse engineering. On the other hand, obfuscating binary code is not as easy as encrypting object or function names as it is done in programming languages mentioned above. In this case, the code is altered by using a variety of transformations, for instance self modifying code, stack operations or even splitting the factors of simple mathematical functions. Moreover, binary obfuscation is also used to defeat automated network traffic analyzers such like Intrusion Detection and Prevention Systems. In other words, binary code obfuscation is the technique of altering the original code structure and maintaining its original functionality. In the next pages of this paper we will explore the theory and practice of binary code obfuscation as well as a number of various techniques that can be used.Obfuscation)



页: [1]
查看完整版本: Applied Binary Code Obfuscation