| Along with the development of computer security technology, comparison technology of executable files continues to be applied to more fields such as software copyright protection, system patch analysis, computer viruses and vulnerability research. Because we can’t easily get the source code, it’s difficult to achieve comparison with them. So we have to explore the distinguishment between the files by means of binary files direct comparison technology.Now comparison technology of binary file is achieved by the comparison of structural directed graph. Firstly we transform binary codes into assembly code by disassembly techniques, then we convert the assembly code into a function call diagram which contains instruction basic blocks, thereby we can compare files in the logical structure level avoiding complexity of assembly instructions comparison. But at this stage, the method is not yet perfect, there are still many problems such as low accuracy and efficiency.On this basis, the paper analyses how to improve the comparison method, and puts forward a new execution process. The result obtained in the experiment is better and can meet technology needs. The innovation of this paper is to propose instruction merging optimisation algorithm dealing with the basic block instruction rearrangement problem. The essence of the algorithm is checking the number of characters in the the basic block instruction mnemonic, and recording the result as a string sequence. This sequence wouldn’t change with adjustment of instructions order, so we could easily solve the instruction rearrangement problem. |
PDF Full Text Request