R. K. Lebedev, V. E. Sitnov, “Using ELF relocations for executable encryption”, Prikl. Diskr. Mat. Suppl., 2024, no. 17, 131

Prikladnaya Diskretnaya Matematika. Supplement

RUS ENG

JOURNALS PEOPLE ORGANISATIONS CONFERENCES SEMINARS VIDEO LIBRARY PACKAGE AMSBIB

JavaScript is disabled in your browser. Please switch it on to enable full functionality of the website

	General information
	Latest issue
	Archive

	Search papers
	Search references

	RSS
	Latest issue
	Current issues
	Archive issues
	What is RSS

Prikl. Diskr. Mat. Suppl.:
Year:
Volume:
Issue:
Page:
	Find

Personal entry:
Login:
Password:
	Save password
	Enter
	Forgotten password?
	Register

Prikladnaya Diskretnaya Matematika. Supplement, 2024, Issue 17, Pages 131–134
DOI: https://doi.org/10.17223/2226308X/17/33 (Mi pdma663)

Mathematical Foundations of Computer Science and Computer Security

Using ELF relocations for executable encryption

R. K. Lebedev, V. E. Sitnov

Novosibirsk State University

Full-text PDF (408 kB)

References:

PDF

HTML

DOI: https://doi.org/10.17223/2226308X/17/33

Abstract: A new approach to hiding the code of Linux executable files using a relocation table is proposed, which allows you to create a crypter without embedding the decryption code in the executable file. Various applications of this approach are evaluated and the respective crypter prototypes are implemented. The dangers of this approach for the reverse engineering tools IDA, Ghidra, angr, as well as for antivirus software are assessed.

Keywords: packer, crypter, malware, relocation table, ELF.

Document Type: Article

UDC: 004.056.5

Language: Russian

Citation: R. K. Lebedev, V. E. Sitnov, “Using ELF relocations for executable encryption”, Prikl. Diskr. Mat. Suppl., 2024, no. 17, 131–134

Citation in format AMSBIB

\Bibitem{LebSit24}

\by R.~K.~Lebedev, V.~E.~Sitnov

\paper Using ELF relocations for executable encryption

\jour Prikl. Diskr. Mat. Suppl.

\yr 2024

\issue 17

\pages 131--134

\mathnet{http://mi.mathnet.ru/pdma663}

\crossref{https://doi.org/10.17223/2226308X/17/33}

Linking options:

https://www.mathnet.ru/eng/pdma663

https://www.mathnet.ru/eng/pdma/y2024/i17/p131

Citing articles in Google Scholar: Russian citations, English citations
Related articles in Google Scholar: Russian articles, English articles

Prikladnaya Diskretnaya Matematika. Supplement

Что такое QR-код?

Registration to the website

Logotypes