Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Abstract
The number of viruses and malware has grown dramatically over the last few years, and this number is expected to grow in
all likelihood. Due to the increasing amount of malicious software circulated over the Internet, it is almost impossible to
reverse engineering all binary executable software line by line as it is very challenging and time consuming. In order to
provide immediate security solutions and reduce the amount of time on understanding malicious portion consisted in
viruses, Trojans and other general security flow, a comprehensive design of visual debugger is introduced in this paper. The
research involves with the reverse engineering of binary executable by transforming a stream of bytes that constitutes the
program into a corresponding sequence of machine instructions. Both static and dynamic debugger will be developed and
interacted with a graph visualization system to visualize the parse instructions of a targeted executable file in execution
flow graph. With the intention of improving the effectiveness, graph visualization is developed to accelerate the analysis
progress. We reconstruct the targeted programs control flow and broke it into smaller regions. Fragment of malicious
instructions can be easily determined via the control flow graph information.
2 Methodology
4 Results
3 Results
5 Discussion
The approach of identifying malicious programs instruction in fraction code greatly
simplified and speeded the analysis process.
The analysis tool allows tracing process to be done either through forward or
backward approach thereby providing comprehensive binary analysis tools.
The analysis tool able to pin-point the original entry point (OEP) of a packed
malicious executable program quickly.
6 Conclusion
Contact details :
Chan Lee Yee and Mahamod Ismail
E-mail : chanleeyee@f13-labs.net
mahamod@eng.ukm.my
Dept. of Electrical, Electronics & System Engineering
Faculty of Engineering & Built Environment
Universiti Kebangsaan Malaysia
43600 UKM Bangi Selangor MALAYSIA
(Project Grant: UKM-OUP-2012-182)