|
Mathematical Backgrounds of Computer Security
Using x86 mode switching for program code protection
R. K. Lebedev Novosibirsk State University, Novosibirsk, Russia
Abstract:
A novel program code obfuscation approach involving the x86 mode switching is proposed in the paper. The details and existing applications of x86 mode switching are reviewed, as well as the possible consequences of using this switching to the reverse engineering tools. Based on this approach, a few specific methods are proposed and evaluated against the most popular reverse engineering tools of various purposes, including disassemblers, decompilers, binary instrumentation and symbolic execution tools. A method of seamless integration of these machine code level obfuscations to the C, C++ and possibly other compilers is also proposed.
Keywords:
code protection, reverse engineering, obfuscation, x86 mode switching, disassembly, decompilation, symbolic execution.
Citation:
R. K. Lebedev, “Using x86 mode switching for program code protection”, Prikl. Diskr. Mat., 2023, no. 61, 104–120
Linking options:
https://www.mathnet.ru/eng/pdm814 https://www.mathnet.ru/eng/pdm/y2023/i3/p104
|
|