| The advance of reverse engineering improves software analysis on one side, and on the other side, malicious reverse analysis threatens software security greatly. To resolve more and more software security problems, some laws about knowledge property and software security have been drawn and carried out, and on the other hand, software developers find out many different methods to protect software, prevent them from malicious analysis. In this paper, an object code obfuscation method is provided to defend static analysis, and an object code obfuscator on Windows platform is developed and implemented.This paper begins with some common software protection methods, introduces a new and young software protection method which is code obfuscation. Code obfuscation is a very young software protection technique and grows with JAVA's spreading. Object code obfuscation is the emphasis of this article, and it is different from source code obfuscation and middle code obfuscation. This paper introduces reverse engineering and reverse-analysis techniques firstly, and then introduces the concept of object code obfuscation, classification of object code obfuscation, and introduced current various object code obfuscation with many instances. According to a factor that reverse static analysis is based on control flow information, in this paper three obfuscation technologies are put forward which are control flow information hiding technology, code section divided encryption technology and enhanced random junk instruction insertion technology.Control flow information hiding technology begins with a factor that static analysis depends on control transfer information in object code, modifies sub-function direct call instructions to indirect call instructions, so the destination address of modified call instructions can only be decided when running and the control flow information of object code can be hidden from static analysis. Code section divided encryption technology can divide code section of object code file into pieces and encrypt them randomly. Enhanced random junk instruction insertion technology is different from traditional junk instruction insertion which mainly inserts junk instruction after unconditional jump instructions. This enhanced technology can construct dummy branches and insert random junk instructions after conditional instructions through applying opaque predicates. Furthermore, on account of that control flow information hiding technology and enhanced random junk instructions insertion technology are based on instructions flow, so this paper also designs and implements a static disassembly engine which is based on control flow. At the last of this paper, some experimental results show that this obfuscator can obstruct static analysis to a certain extent. |
PDF Full Text Request