Research And Implementation Of The Code Obfuscation Technology Based On Binary Executable Program

It is a great challenge for protection of software intellectual property rights with the development of the disassemble and software reverse engineering skill, which play an important role in performing effectually analysis to executable, and are great methods to binary transformation, program optimization and software system security, although. The program developers have found out lots of methods for software protection to prevent further money losses by software pirate, but they must think over the cost of etch method.Code obfuscation is a new software protection technique and can block disassemble and reverse engineering by changing the form of code structure and control flow using obfuscation transformation rules.In this paper, the executable oriented code obfuscation technology has been studied with the purpose of increasing cost of static analysis of program such as disassemble and malicious reverse engineering in order to protect software intellectual property rights. The main work of this paper is as following:1. Software reverse engineering and protection methods are introduced including binary analysis technology as a base of executable program analysis. The definition and classification of code obfuscation and metrics of obfuscation transformation are expounded in detail.2. Three obfuscation transformation methods based on PE executable are proposed. The first one, hiding the instruction call and ret of sub-procedure, can hide the sub-procedure by cunningly aligning the target address of instruction call and ret. The second one, obfuscating the branch instruction, is a good method for complicating the program control flow. And the third one, function based obfuscation, can prevent the program from being attacked using memory-copy analysis by encrypted code in the unit of procedure so that there is not plain data in memory image in the whole process of running.3. The principle, base knowledge and implementation of the three methods are expounded in detail. The obfuscated degree and it's formal definition proposed to picture the level of sub-procedure be obfuscated in function call tree. The pseudocode of the function based obfuscation as a perfect method is particularized.4. A framework of code obfuscation based on executable named PEobf is designed and implemented, it's compositions and modules are introduced and it's function of each module is expounded in detail.5. The experiment in PEobf is performed, including the view of running PEobf and the step of obfuscation a program using the three code obfuscation transformation methods proposed in this paper. At last, the results of the experiment are analyzed and the correctness of those methods is demonstrated.