Code Disassembly Techniques - PowerPoint PPT Presentation

1 / 10

About This Presentation

Title:

Code Disassembly Techniques

Description:

Disassembly can be visualized as the reversal of the above process. Techniques. Static Techniques ... Challenges to Code Disassembly. Data type information ... – PowerPoint PPT presentation

Number of Views:87

Avg rating:3.0/5.0

Slides: 11

Provided by: julius3

Category:

Tags: code | disassembly | techniques

Transcript and Presenter's Notes

Title: Code Disassembly Techniques

1
Code Disassembly Techniques

Julius Quiaot
Himanshu Ranavat
CMPE296T November 26, 2007

2
Agenda

Overview and Definitions
Techniques
Tools
Challenges to Code Disassembly
Applications
Prevention

3
Overview and Definitions

Assembler converts assembly language into binary
equivalent code called machine instruction.
Linker combines all object files to produce an
executable.
Loader loads the executable in memory for
execution. Loaders are typically part of an OS.

4
Assembler, Linker and Loader
Disassembly can be visualized as the reversal of
the above process
5
Techniques

Static Techniques
Linear Sweep
Recursive Traversal
Example

6
Techniques (Contd)

Dynamic Techniques
Complements static techniques
Binary Interpretation using Runtime Disassembly
Disassembly Tools
IDAPro
Sourcer

7
Challenges to Code Disassembly

Data type information
Identification of Instruction and Data Sections
Platform Differences

8
Applications

Legitimate
Education
Code Optimization
Legacy Applications
Bug and Security Holes
Illegitimate
Security Circumvention

9
Prevention

Code Obfuscation
Rendering code unreadable and unintelligible
Rename variables and methods
Junk Bytes
Partial instructions to confuse disassemblers
Fake Jump Tables
Disrupt recursive traversal

10
Questions?

Write a Comment

User Comments (0)

About PowerShow.com

Recommended Relevance Latest Highest Rated Most Viewed

Sort by:

Related More from user

CrystalGraphics Presentations

World's Best PowerPoint Templates PowerPoint PPT Presentation

World's Best PowerPoint Templates - CrystalGraphics offers more PowerPoint templates than anyone else in the world, with over 4 million to choose from. Winner of the Standing Ovation Award for “Best PowerPoint Templates” from Presentations Magazine. They'll give your presentations a professional, memorable appearance - the kind of sophisticated look that today's audiences expect. Boasting an impressive range of designs, they will support your presentations with inspiring background photos or videos that support your themes, set the right mood, enhance your credibility and inspire your audiences.

CrystalGraphics 3D Character Slides for PowerPoint PowerPoint PPT Presentation

CrystalGraphics 3D Character Slides for PowerPoint - CrystalGraphics 3D Character Slides for PowerPoint

Chart and Diagram Slides for PowerPoint PowerPoint PPT Presentation

Chart and Diagram Slides for PowerPoint - Beautifully designed chart and diagram s for PowerPoint with visually stunning graphics and animation effects. Our new CrystalGraphics Chart and Diagram Slides for PowerPoint is a collection of over 1000 impressively designed data-driven chart and editable diagram s guaranteed to impress any audience. They are all artistically enhanced with visually stunning color, shadow and lighting effects. Many of them are also animated. And they’re ready for you to use in your PowerPoint presentations the moment you need them. – PowerPoint PPT presentation

Related Presentations

Anti-Reversing Techniques PowerPoint PPT Presentation

Anti-Reversing Techniques - Here, we focus on machine code. Previously, looked at Java anti-reversing ... Confuses linear sweep, but not recursive. Anti-Reversing 46. Confusing a Disassembler ... | PowerPoint PPT presentation | free to view

Anti-Reversing Techniques PowerPoint PPT Presentation

Anti-Reversing Techniques - Anti-Reversing Here, we focus on machine code Previously, looked at Java anti-reversing We consider 4 general ideas Eliminate/obfuscate symbolic info Obfuscation ... | PowerPoint PPT presentation | free to view

Software%20Reverse%20Engineering%20(SRE) PowerPoint PPT Presentation

Software%20Reverse%20Engineering%20(SRE) - In general, it is not possible to re-assemble disassembly into working exe. Debugger ... Encryption prevents disassembly. But need decrypted code to decrypt the code! ... | PowerPoint PPT presentation | free to view

IDA and obfuscated code PowerPoint PPT Presentation

IDA and obfuscated code - Do not use the standard debugger interface (CreateProcess/WaitForDebugEvent)? Inject a debugger DLL into the process and communicate with it (the must-have ... | PowerPoint PPT presentation | free to view

Advanced RealTime Shader Techniques PowerPoint PPT Presentation

Advanced RealTime Shader Techniques - Advanced Real-Time Shader Techniques Siggraph 2003, San Diego, CA. Overview ... Problems that RenderMonkey solves for you. Real-time shader creation using ... | PowerPoint PPT presentation | free to view

Malicious Software and Security Programming Lecture 6 PowerPoint PPT Presentation

Malicious Software and Security Programming Lecture 6 - Stealth is simply a set of techniques viruses can use in ... Anti-disassembly. Selective reproducing ... Anti-disassembly. Make making sense of code ... | PowerPoint PPT presentation | free to view

Code Compaction of an Operating System Kernel PowerPoint PPT Presentation

Code Compaction of an Operating System Kernel - Code Compaction of an Operating System Kernel. Haifeng He, John Trimble, Somu ... Can disregard aspects of assembly code that are irrelevant to the analysis ... | PowerPoint PPT presentation | free to view

Advanced Techniques in Reverse Engineering PowerPoint PPT Presentation

Advanced Techniques in Reverse Engineering - Solution Graph coloring. Using IDA, collect all function addresses of the module ... Graph coloring ... We can now automatically color these functions in the ... | PowerPoint PPT presentation | free to view

Gaurav S' Kc, Angelos D' Keromytis PowerPoint PPT Presentation

Gaurav S' Kc, Angelos D' Keromytis - Morris '88, Code Red II '01, Nimda '01, Slapper '02, Blaster '03, MS ... Use program disassembly information and ... boundaries from disassembly information ... | PowerPoint PPT presentation | free to view

Finding Diversity in Remote Code Injection Exploits PowerPoint PPT Presentation

Finding Diversity in Remote Code Injection Exploits - Finding Diversity in Remote Code Injection Exploits University of California, San Diego Justin Ma, Stefan Savage, Geoffrey M. Voelker and Microsoft Research | PowerPoint PPT presentation | free to view

Binary Interpretation using Runtime Disassembly PowerPoint PPT Presentation

Binary Interpretation using Runtime Disassembly - ... an unconditional branch: jmp, call, ret. Confidence Scores. Function Prolog: 8 ... Bytes after a ret: 0. Declare a block of bytes as an instruction-sequence if ... | PowerPoint PPT presentation | free to view

ModelBased Reflection and SelfAdaptation PowerPoint PPT Presentation

ModelBased Reflection and SelfAdaptation - Physical Device Disassembly ... Disassembly Assembly ... Since assembly is similar to disassembly, REM selects Proactive Model Transfer. ... | PowerPoint PPT presentation | free to view

CSC 325 Advanced Programming Techniques PowerPoint PPT Presentation

CSC 325 Advanced Programming Techniques - Assemblies Slide # Assemblies. Mikhail Brikman. ... - displays the MSIL Assembler results in the command line window. ildasm. SharedDemo.dll / output:SharedDemo.il | PowerPoint PPT presentation | free to view

Debugging with the TotalView Source Code Debugger PowerPoint PPT Presentation

Debugging with the TotalView Source Code Debugger - Linux x86, x86-64, ia64, Power. Mac Power and Intel. Solaris Sparc and AMD64. AIX, Tru64, IRIX, HP-UX ia64. Cray X1, XT3, XT4, IBM BGL, BGP, SiCortex ... | PowerPoint PPT presentation | free to view

RealTime Shader Techniques Using RenderMonkeyTM PowerPoint PPT Presentation

RealTime Shader Techniques Using RenderMonkeyTM - Problems that RenderMonkey solves for you. Shader creation using RenderMonkey development ... RenderMonkey Addresses the Needs of Real-Time Effect Developers ... | PowerPoint PPT presentation | free to view

Code Obfuscation PowerPoint PPT Presentation

Code Obfuscation - Available obfuscating tools work in the same way as compiler optimizers ... Mainly based on target information that we want to modify/obfuscate ... Obfuscated code: ... | PowerPoint PPT presentation | free to view

Diversity Algorithms for Worrisome Software and Networks DAWSON PowerPoint PPT Presentation

Diversity Algorithms for Worrisome Software and Networks DAWSON - bin/sh', '/etc/passwd' Pointer to injected code. Pointer to existing code ... Code Red Worm. 01001000. 00070000. heap .text. 00000000. 77E80000. kernel32.dll ... | PowerPoint PPT presentation | free to view

Partial Automation of an Integration Reverse Engineering Environment of Binary Code PowerPoint PPT Presentation

Partial Automation of an Integration Reverse Engineering Environment of Binary Code - Idiom analyzer. Control flow graph generator. UBM/UDM. Loader ... An idiom is a sequence o instructions that has a special meaning that can't be ... | PowerPoint PPT presentation | free to view

Collection of general data mining briefings PowerPoint PPT Presentation

Collection of general data mining briefings - Intrusion detection and Malicious code detection (worms and virus) ... Is it possible to consider higher-level source codes for malicious code detection? ... | PowerPoint PPT presentation | free to view

Statistical Binary Parsing PowerPoint PPT Presentation

Statistical Binary Parsing - ... Machine Learning to Extract Code from Uncooperative Programs ... Statistical Binary Parsing: Using Machine Learning to Extract Code from Uncooperative Binaries ... | PowerPoint PPT presentation | free to view

Reversing Blind. A study of the Quake 4 engine without any code basis. PowerPoint PPT Presentation

Reversing Blind. A study of the Quake 4 engine without any code basis. - Anti-cheats know what people will try to do, and they will try their best to ... 10/21/05 (3 days after the official game release, that's a new record for me) ... | PowerPoint PPT presentation | free to view

Collection of general data mining briefings PowerPoint PPT Presentation

Collection of general data mining briefings - Data Mining for Malicious Code Detection and Security Applications. Prof. Bhavani Thuraisingham ... Detect Malicious code by program slicing. requires analysis. 27 ... | PowerPoint PPT presentation | free to view

Two ways a locksmith can make a key from a lock PowerPoint PPT Presentation

Two ways a locksmith can make a key from a lock - Discover how AV Locksmiths in Adelaide expertly crafts new keys from locks without the original, using methods like lock disassembly and impressioning for all your locksmith needs. | PowerPoint PPT presentation | free to view

Java security model PowerPoint PPT Presentation

Java security model - We will not look at Java as a programming language as that is ... Firewalling ... but some methods of protecting against mobile code state using firewalling. ... | PowerPoint PPT presentation | free to view

CGO 2006: The Fourth International Symposium on Code Generation and Optimization New York, March 26-29, 2006 PowerPoint PPT Presentation

CGO 2006: The Fourth International Symposium on Code Generation and Optimization New York, March 26-29, 2006 - Derek Bruening, Vladimir Kiriansky, Tim Garnett, Sanjeev Banerji (Determina ... Jianhui Li, Qi Zhang, Shu Xu, Bo Huang (Intel China Software Center), Optimizing ... | PowerPoint PPT presentation | free to view

Vitaly Shmatikov PowerPoint PPT Presentation

Vitaly Shmatikov - ... source code (which deliberately contains some useless junk) and recompile itself ... Virus changes junk in its source and recompiles itself ... | PowerPoint PPT presentation | free to view

There PowerPoint PPT Presentation

There - There s Plenty of Room at the Bottom: Analyzing and Verifying Machine Code T. Reps,1,2 J. Lim,1 A. Thakur,1 G. Balakrishnan,3 and A. Lal4 1Univ. of Wisconsin 3NEC ... | PowerPoint PPT presentation | free to view