WEKO3
アイテム
An Implementation of a Generic Unpacking Method on Bochs Emulator
https://ipsj.ixsq.nii.ac.jp/records/74878
https://ipsj.ixsq.nii.ac.jp/records/74878b30f0748-ac5e-4750-9a6f-a12ac3ce0dce
名前 / ファイル | ライセンス | アクション |
---|---|---|
![]() |
Copyright (c) 2009 by the Information Processing Society of Japan
|
|
オープンアクセス |
Item type | Symposium(1) | |||||||
---|---|---|---|---|---|---|---|---|
公開日 | 2009-10-19 | |||||||
タイトル | ||||||||
タイトル | An Implementation of a Generic Unpacking Method on Bochs Emulator | |||||||
タイトル | ||||||||
言語 | en | |||||||
タイトル | An Implementation of a Generic Unpacking Method on BochsEmulator | |||||||
言語 | ||||||||
言語 | eng | |||||||
キーワード | ||||||||
主題Scheme | Other | |||||||
主題 | セキュリティ実装 | |||||||
資源タイプ | ||||||||
資源タイプ識別子 | http://purl.org/coar/resource_type/c_5794 | |||||||
資源タイプ | conference paper | |||||||
著者所属 | ||||||||
National Institute of Information and Communications Technology | ||||||||
著者所属 | ||||||||
National Institute of Information and Communications Technology | ||||||||
著者所属 | ||||||||
National Institute of Information and Communications Technology | ||||||||
著者所属 | ||||||||
National Institute of Information and Communications Technology | ||||||||
著者所属 | ||||||||
National Institute of Information and Communications Technology | ||||||||
著者所属(英) | ||||||||
en | ||||||||
National Institute of Information and Communications Technology | ||||||||
著者所属(英) | ||||||||
en | ||||||||
National Institute of Information and Communications Technology | ||||||||
著者所属(英) | ||||||||
en | ||||||||
National Institute of Information and Communications Technology | ||||||||
著者所属(英) | ||||||||
en | ||||||||
National Institute of Information and Communications Technology | ||||||||
著者所属(英) | ||||||||
en | ||||||||
National Institute of Information and Communications Technology | ||||||||
著者名 |
HyungChanKim
× HyungChanKim
|
|||||||
著者名(英) |
Hyung, ChanKim
× Hyung, ChanKim
|
|||||||
論文抄録 | ||||||||
内容記述タイプ | Other | |||||||
内容記述 | In these days, it is very prevalent to discover many packed malwares caught inany malware collecting systems including honeypots. Thus, the initial step for usual malwareanalysis involves unpacking binary samples. In this paper, we present a yet another methodof generic binary unpacking. A typical packed binary includes stub code that takes chargeof unrolling packed data at the early stage of program execution thereby realizing originalexecution context. Our approach is basically to measure code revelation/concealment based onbyte state model that reflects the behavior of such stub code. We also describe a proof-of-conceptimplementation based on Bochs x86 system emulator. | |||||||
論文抄録(英) | ||||||||
内容記述タイプ | Other | |||||||
内容記述 | In these days, it is very prevalent to discover many packed malwares caught inany malware collecting systems including honeypots. Thus, the initial step for usual malwareanalysis involves unpacking binary samples. In this paper, we present a yet another methodof generic binary unpacking. A typical packed binary includes stub code that takes chargeof unrolling packed data at the early stage of program execution thereby realizing originalexecution context. Our approach is basically to measure code revelation/concealment based onbyte state model that reflects the behavior of such stub code. We also describe a proof-of-conceptimplementation based on Bochs x86 system emulator. | |||||||
書誌情報 |
コンピュータセキュリティシンポジウム2009 (CSS2009) 論文集 巻 2009, p. 1-6, 発行日 2011-10-12 |
|||||||
出版者 | ||||||||
言語 | ja | |||||||
出版者 | 情報処理学会 |