摘要
为研究不同加壳软件加壳后对程序逆向分析的难易度,首先在加壳前对目标程序进行了反编译,然后用加壳软件Themida、ASPack、PECompact分别对目标程序进行了加壳和反编译,在此基础上,又进行了多层加壳及其反编译。结果显示:(1)这4种加壳软件在阻止反编译方面的难度并不高;(2)不同分支的加壳软件在性能的差异上越来越小,其加壳的基本方法为ITA加密和代码处理。
The decompilating for the object-oriented program was generated first in order to investigate the difficulties of the reverse analysis for the object program protected by different encryption shells. Then encryptions with Themida, ASPack, and PECompact were proposed as well as the relevant decompilations. Based on these tests, the multi-encryptions and the deeompilations were tried. The results show that (1)The Themida is to obstruct the decompilator's work by revising the orienginal code to make errors, while the ASPack, UPX and PECompact are to delay the decompilating time with lots of the junk instruction and junk skips, and (2) The differences between the two kinds of encryption shell software become smaller and smaller, and the basic methods are the IAT(import address table) and the codes processing.
出处
《实验技术与管理》
CAS
北大核心
2009年第6期94-96,100,共4页
Experimental Technology and Management
关键词
加壳
逆向分析
难度
加壳软件
encryption shell
reverse analysis
difficulty
software protected with encryption shell
