| The development of Software Reverse Engineering brings the improvement of program analysis. Program analysis help programmers understanding construction of software, checking loopholes of software and analyzing detail of software. As one coin has two sides, Software Reverse Engineering brings convenience and hidden danger. By using excellent program analysis technology, one can easily gain almost every information he want from the software, including algorithm and idea in the software. Even worse, attackers can use the loopholes of software to harm the benefit of software writers and software clients. As the best solution, code confuse technique has been used widely. In the sphere of software protection, code confuse technique prevents special software from being analyzed by increasing cost of program analysis.The thesis bases on code confuse technique of source code, and refers to code confuse of platform-agnostic language. This article proposes confusing technology on common object file after analyzing the characteristics of COFF file and PE file on Windows platform. Now let’s lists the main research work as follows:Firstly, the thesis studies the character of COFF file: first, the COFF file has simple structure, and is easy to analysis; second, the COFF file will delete some of its compile information when linked to executable process; third, the COFF file uses relative address to compute address, this makes the code confuse technique more flexible. After all, this article lists the main work of this research, such as which disassembling algorithm to choose, how to extract the key information from COFF file and how to design final targets.Secondly, the thesis presents four main code confusing technology: normal instruction expanding, random compiling of system application program interface, encryption and decryption of strings and tortuosity of control instruction. Four technologies provide software protection by distorting core code, misleading analysis, encrypting key strings, disorganizing instruction control flow. At the same time, these four technologies can work together to enhance the effect of code confusing.Thirdly, the thesis realizes a prototype system basing on the research above. By measurement of some samples, this article confirms the effects of the research above. After that, the experiment offers test report on function and property of this code confusing technology.At last, the thesis summarizes the work above, and looks into the further research by using improved method. |
PDF Full Text Request