Design And Implementation Of Binary Code Aided Analysis And Management Platform

As network security issues continue to deteriorate,the battle between reverse analysts and malware has intensified.At present,reverse workers are still an important way to maintain network security by analyzing software source code to crack malware.By disassembling malware,the reverse analyst analyzes the internal architecture and workings of malware to find ways to prevent it from working and spreading.This mode of work controls the negative effects of malware.Conventional reverse analysis methods have high requirements for the professional level of the staff,and it takes a lot of time and effort,so the speed of reverse analysis often cannot keep up with the speed of software update.Faced with the endless development of malware,how to quickly and accurately analyze new malware and find a cracking method is the goal that reverse analysts strive to pursue.Malware is constantly being upgraded to improve basic functions and evade detection tools.There are a lot of similarities between the upgraded version and the old version of the software.The main function is mostly upgraded on the old version.A small number of changes will not change the main function and overall structure of the function.If the functions are compared through disassembled software,find similar functions in the two versions of the software,and apply the analysis results of the old version to the new version by the reverse analyst,which will greatly reduce the repetitive tasks of the staff and improve the work efficiency.Analyze in the early stages of malware upgrades and effectively control the malware before it causes a wide range of serious consequences.The main goal of the binary code-assisted analysis and management platform is to help users quickly find the code segment of the software to be analyzed and help the reverse personnel to perform software-assisted analysis.The system is designed based on the B/S architecture,and the user can access the system through a web browser on the networked computer.The system provides users with a variety of contrast algorithms that help analysts quickly find changes and new code segments.For the comparison results,the graphical analysis methods such as incremental analysis and difference analysis are used to display,and the functions of uploading,migrating and downloading the comparison results are provided for the user.According to the existing results,the appropriate annotation information is generated for the software to be analyzed,and the analysis results are reused.Provide API traces and function track call information for users to help reverse analysts quickly grasp the call relationships within the software.Through the above functions,the platform helps users quickly understand the software to be analyzed and handles a lot of repeated analysis work for the reverse staff.