The Research Of The Intermediate Code Obfuscation Techniques Based On Microsoft COFF Platform

The constant development of the disassembly and decompilation reverse technology, had a significant impact on the analysis of the binary code. To a certain extent solved the system vulnerabilities search, code optimization, and many other problems. But the rapid development of reverse technology also brought the negative side, namely global software piracy rate increased year by year. As the most direct and most effective measures to combat software piracy-software protection techniques have also made great progress. In the research field of software protection, the code obfuscation technique can effectively improve the difficulty of reverse analysis without changing the running behavior of the protection program, thus this technology study in recent years have aroused attention.This paper, based on the present study of source code and object code obfuscation techniques as the research foundation, from the lack of the both, puts forward a kind of new code obfuscation techniques based on Microsoft COFF(Common Object File Format) platform. Main research work are as follows:Firstly, intermediate code obfuscation techniques mainly divided into the disassembly, obfuscation, code generation, three stages. In the disassembly stage, this paper proposed the disassembly algorithm for obj file (intermediate code under Microsoft platform). The algorithm can extract the maximum code and data from the obj files, as well as backfill the symbols in the symbol table based on the relocation address, ultimately generate the grammar correct assembly code which can be compiled correctly.Secondly, for the second phase of the intermediate code obfuscation, this paper proposed three specific intermediate code confusion algorithm, including sensitive instructions hiding algorithm, the equivalent junk code sequence generation algorithm and control flow obfuscation algorithm. The three algorithms respectively from three different aspects:hiding sensitive instructions, diluting the core code, disrupting the control flow to provide protection. Between can be any combination with each other at the same time, and also can specify the number of iterations to freely control the obfuscation strength.Thirdly, on the basis of the above research work, this paper implemented the intermediate code obfuscation system based on Microsoft COFF platform. The system integrates the obj disassembly module, the intermediate code obfuscation module, the assembly module, can handle single or multiple obj files for the disassembly, obfuscation, and eventually generates the executable programs that are resistant to reverse analysis.Then, aiming at intermediate code obfuscation system’s functionality and performance of two aspects were tested and analyzed. Test is divided into two main parts, the first part is obj disassembler test, the second part is code obfuscation algorithms test.Finally, the research work is summarized, aiming at the shortcomings of the current research results, presents a improved and new research goal in the future.