Advanced search
1 file | 157.79 KB Add to list
Author
Organization
Project
Abstract
We present two techniques to obfuscate the interfaces between application binaries and Windows system DLLs (dynamic-link libraries). The first technique obfuscates the related symbol information in the binary to prevent static analyses from identifying the invoked library functions. The second technique combines static linking with code obfuscation to avoid the external interface altogether, thus preventing dynamic attacks as well. This is done while still maintaining compatibility with multiple Windows versions, through run-time adaptation of the application. As the first concrete result of this ongoing research, we demonstrate and evaluate the techniques using a proof-of concept tool applied to a simple test program.
Keywords
Windows, Obfuscation, Software Protection, Binary rewriting

Downloads

  • (...).pdf
    • full text
    • |
    • UGent only
    • |
    • PDF
    • |
    • 157.79 KB

Citation

Please use this url to cite or link to this publication:

MLA
Abrath, Bert et al. “Obfuscating Windows DLLs.” 2015 IEEE/ACM 1ST INTERNATIONAL WORKSHOP ON SOFTWARE PROTECTION (SPRO). IEEE, 2015. 24–30. Print.
APA
Abrath, B., Coppens, B., Volckaert, S., & De Sutter, B. (2015). Obfuscating windows DLLs. 2015 IEEE/ACM 1ST INTERNATIONAL WORKSHOP ON SOFTWARE PROTECTION (SPRO) (pp. 24–30). Presented at the IEEE/ACM 1st International Workshop on Software Protection (SPRO), IEEE.
Chicago author-date
Abrath, Bert, Bart Coppens, Stijn Volckaert, and Bjorn De Sutter. 2015. “Obfuscating Windows DLLs.” In 2015 IEEE/ACM 1ST INTERNATIONAL WORKSHOP ON SOFTWARE PROTECTION (SPRO), 24–30. IEEE.
Chicago author-date (all authors)
Abrath, Bert, Bart Coppens, Stijn Volckaert, and Bjorn De Sutter. 2015. “Obfuscating Windows DLLs.” In 2015 IEEE/ACM 1ST INTERNATIONAL WORKSHOP ON SOFTWARE PROTECTION (SPRO), 24–30. IEEE.
Vancouver
1.
Abrath B, Coppens B, Volckaert S, De Sutter B. Obfuscating windows DLLs. 2015 IEEE/ACM 1ST INTERNATIONAL WORKSHOP ON SOFTWARE PROTECTION (SPRO). IEEE; 2015. p. 24–30.
IEEE
[1]
B. Abrath, B. Coppens, S. Volckaert, and B. De Sutter, “Obfuscating windows DLLs,” in 2015 IEEE/ACM 1ST INTERNATIONAL WORKSHOP ON SOFTWARE PROTECTION (SPRO), Florence, ITALY, 2015, pp. 24–30.
@inproceedings{5969965,
  abstract     = {We present two techniques to obfuscate the interfaces between application binaries and Windows system DLLs (dynamic-link libraries). The first technique obfuscates the related symbol information in the binary to prevent static analyses from identifying the invoked library functions. The second technique combines static linking with code obfuscation to avoid the external interface altogether, thus preventing dynamic attacks as well. This is done while still maintaining compatibility with multiple Windows versions, through run-time adaptation of the application. As the first concrete result of this ongoing research, we demonstrate and evaluate the techniques using a proof-of concept tool applied to a simple test program.},
  author       = {Abrath, Bert and Coppens, Bart and Volckaert, Stijn and De Sutter, Bjorn},
  booktitle    = {2015 IEEE/ACM 1ST INTERNATIONAL WORKSHOP ON SOFTWARE PROTECTION (SPRO)},
  isbn         = {978-1-4673-7094-3},
  keywords     = {Windows,Obfuscation,Software Protection,Binary rewriting},
  language     = {eng},
  location     = {Florence, ITALY},
  pages        = {24--30},
  publisher    = {IEEE},
  title        = {Obfuscating windows DLLs},
  url          = {http://dx.doi.org/10.1109/SPRO.2015.13},
  year         = {2015},
}

Altmetric
View in Altmetric
Web of Science
Times cited: