Publication detail

Generic detection of register realignment

ĎURFINA, L. KOLÁŘ, D.

Original Title

Generic detection of register realignment

Type

article in a collection out of WoS and Scopus

Language

English

Original Abstract

The register realignment is a method of binary obfuscation and it is used by malware writers. The paper introduces the method how register realignment can be recognized by analysis based on the scattered context grammars. Such an analysis includes exploration of bytes affected by realignment, finding new valid values for them, building the scattered context grammar and parse an obfuscated code by this grammar. The created grammar has LL property - an ability for parsing by this type of grammar.

Keywords

Formal languages, scattered context grammars, register realignment

Authors

ĎURFINA, L.; KOLÁŘ, D.

RIV year

2011

Released

21. 9. 2011

Publisher

American Institute of Physics

Location

Kassandra, Halkidiki

ISBN

978-0-7354-0956-9

Book

AIP Conference Proceedings

ISBN

1551-7616

Periodical

AIP Conference Proceedings

Year of study

1389

Number

1

State

United States of America

Pages from

806

Pages to

809

Pages count

4

URL

http://link.aip.org/link/apcpcs/v1389/i1/p806/pdf

BibTex

@inproceedings{BUT76294,
  author="Lukáš {Ďurfina} and Dušan {Kolář}",
  title="Generic detection of register realignment",
  booktitle="AIP Conference Proceedings",
  year="2011",
  journal="AIP Conference Proceedings",
  volume="1389",
  number="1",
  pages="806--809",
  publisher="American Institute of Physics",
  address="Kassandra, Halkidiki",
  isbn="978-0-7354-0956-9",
  issn="1551-7616",
  url="http://link.aip.org/link/apcpcs/v1389/i1/p806/pdf"
}