Title :
Research and Implementation of Compression Shell Unpacking Technology for PE File
Author :
Lu, Li ; Qiuju, Liu ; Tingrong, Xu
Author_Institution :
Sch. of Comput. Sci. & Technol., Soochow Univ., Suzhou, China
Abstract :
Packing portable executable (PE) file is an effective mean to protect software, but malware authors can also use packing to conceal their malicious executable string data and code. These methods make it difficult to analyze them in detail for virus analyst and software security researcher. They have to unpack the malware first. This paper illustrated the general unpacking methods and principles, using the notepad program in windows as an instance. Firstly analyzed the PE file structure and the principle of packing, and then expounded the steps of unpacking, finally, from the compression shell´s point of view, focused on the principles and methods of unpacking technology.
Keywords :
data compression; file organisation; invasive software; PE file structure; compression shell unpacking technology; malware authors; notepad program; packing portable executable file; software protection; software security; virus analyst; Application software; Computer science; Cryptography; Data mining; Data security; Information technology; Protection; Space technology; Statistics; PE; Packing; Unpacking; shell;
Conference_Titel :
Information Technology and Applications, 2009. IFITA '09. International Forum on
Conference_Location :
Chengdu
Print_ISBN :
978-0-7695-3600-2
DOI :
10.1109/IFITA.2009.545
