Title :
Obfuscating Windows DLLs
Author :
Abrath, Bert ; Coppens, Bart ; Volckaert, Stijn ; De Sutter, Bjorn
Author_Institution :
Dept. of Electron. & Inf. Syst., Ghent Univ., Ghent, Belgium
Abstract :
We present two techniques to obfuscate the interfaces between application binaries and Windows system DLLs (dynamic-link libraries). The first technique obfuscates the related symbol information in the binary to prevent static analyses from identifying the invoked library functions. The second technique combines static linking with code obfuscation to avoid the external interface altogether, thus preventing dynamic attacks as well. This is done while still maintaining compatibility with multiple Windows versions, through run-time adaptation of the application. As the first concrete result of this ongoing research, we demonstrate and evaluate the techniques using a proof-of-concept tool applied to a simple test program.
Keywords :
program testing; security of data; software libraries; user interfaces; Windows system DLL; code obfuscation; dynamic attacks prevention; dynamic-link libraries; program testing; proof-of-concept tool; static analysis; Joining processes; Kernel; Libraries; Linux; Prototypes; Transforms; Windows; binary rewriting; obfuscation; static linking;
Conference_Titel :
Software Protection (SPRO), 2015 IEEE/ACM 1st International Workshop on
Conference_Location :
Florence
DOI :
10.1109/SPRO.2015.13
