Conference paper

ĎURFINA Lukáš and KOLÁŘ Dušan. Generic detection of register realignment. In: AIP Conference Proceedings. Kassandra, Halkidiki: American Institute of Physics, 2011, pp. 806-809. ISBN 978-0-7354-0956-9. ISSN 1551-7616.
Publication language:english
Original title:Generic detection of register realignment
Title (cs):Generická detekce prehodení registrů
Pages:806-809
Proceedings:AIP Conference Proceedings
Conference:9th International Conference of Numerical Analysis and Applied Mathematics
Place:Kassandra, Halkidiki, GR
Year:2011
ISBN:978-0-7354-0956-9
Journal:AIP Conference Proceedings, Vol. 1389, No. 1, US
ISSN:1551-7616
Publisher:American Institute of Physics
URL:http://link.aip.org/link/apcpcs/v1389/i1/p806/pdf [PDF]
Keywords
Formal languages, scattered context grammars, register realignment
Annotation
The register realignment is a method of binary obfuscation and it is used by malware writers. The paper introduces the method how register realignment can be recognized by analysis based on the scattered context grammars. Such an analysis
includes exploration of bytes affected by realignment, finding new valid values for them, building the scattered context grammar and parse an obfuscated code by this grammar. The created grammar has LL property - an ability for parsing by this type of grammar.
BibTeX:
@INPROCEEDINGS{
   author = {Luk{\'{a}}{\v{s}} {\v{D}}urfina and Du{\v{s}}an
	Kol{\'{a}}{\v{r}}},
   title = {Generic detection of register realignment},
   pages = {806--809},
   booktitle = {AIP Conference Proceedings},
   journal = {AIP Conference Proceedings},
   volume = {1389},
   number = {1},
   year = {2011},
   location = {Kassandra, Halkidiki, GR},
   publisher = {American Institute of Physics},
   ISBN = {978-0-7354-0956-9},
   ISSN = {1551-7616},
   language = {english},
   url = {http://www.fit.vutbr.cz/research/view_pub.php.en.iso-8859-2?id=9514}
}

Your IPv4 address: 107.20.115.174
Switch to IPv6 connection

DNSSEC [dnssec]