Prikladnaya Diskretnaya Matematika. Supplement
RUS  ENG    JOURNALS   PEOPLE   ORGANISATIONS   CONFERENCES   SEMINARS   VIDEO LIBRARY   PACKAGE AMSBIB  
General information
Latest issue
Archive

Search papers
Search references

RSS
Latest issue
Current issues
Archive issues
What is RSS



Prikl. Diskr. Mat. Suppl.:
Year:
Volume:
Issue:
Page:
Find






Personal entry:
Login:
Password:
Save password
Enter
Forgotten password?
Register


Prikladnaya Diskretnaya Matematika. Supplement, 2021, Issue 14, Pages 134–138
DOI: https://doi.org/10.17223/2226308X/14/29
(Mi pdma548)
 

This article is cited in 2 scientific papers (total in 2 papers)

Mathematical Foundations of Computer Security

Control Flow Flattening deobfuscation using symbolic execution

V. V. Lebedev

Tomsk State University
Full-text PDF (572 kB) Citations (2)
References:
Abstract: Control Flow Flattening obfuscation method replaces jumps in program code (both conditional and unconditional) with a jump to a dispatcher block, which determines the real control flow. It complicates reverse engineering of the program, because researcher can't easily say which block of code will be executed after another one. In the paper, we propose the algorithm which recovers the original control flow for given obfuscated program. This algorithm is based on symbolic execution, which helps us to find all possible triples $(a_i, x_i, b_i)$, where $a_i$ is the address from which the dispatcher was reached, $x_i$ is the value of the control register at which the jump to address $b_i$ occurs. Then the set of triples is converted to the set of patches to the original program. In comparison with other algorithms, this algorithm doesn't imply any restrictions on the structure of obfuscated functions, but also doesn't affect anything except the control flow.
Keywords: reverse engineering, symbolic execution, obfuscation, control flow flattening.
Document Type: Article
UDC: 004.021
Language: Russian
Citation: V. V. Lebedev, “Control Flow Flattening deobfuscation using symbolic execution”, Prikl. Diskr. Mat. Suppl., 2021, no. 14, 134–138
Citation in format AMSBIB
\Bibitem{Leb21}
\by V.~V.~Lebedev
\paper Control Flow Flattening deobfuscation using symbolic execution
\jour Prikl. Diskr. Mat. Suppl.
\yr 2021
\issue 14
\pages 134--138
\mathnet{http://mi.mathnet.ru/pdma548}
\crossref{https://doi.org/10.17223/2226308X/14/29}
Linking options:
  • https://www.mathnet.ru/eng/pdma548
  • https://www.mathnet.ru/eng/pdma/y2021/i14/p134
  • This publication is cited in the following 2 articles:
    Citing articles in Google Scholar: Russian citations, English citations
    Related articles in Google Scholar: Russian articles, English articles
    Prikladnaya Diskretnaya Matematika. Supplement
    Statistics & downloads:
    Abstract page:374
    Full-text PDF :162
    References:51
     
      Contact us:
     Terms of Use  Registration to the website  Logotypes © Steklov Mathematical Institute RAS, 2024