Click to open the HelpDesk interface
AECE - Front page banner

Menu:


FACTS & FIGURES

JCR Impact Factor: 0.650
JCR 5-Year IF: 0.639
Issues per year: 4
Current issue: May 2019
Next issue: Aug 2019
Avg review time: 81 days


PUBLISHER

Stefan cel Mare
University of Suceava
Faculty of Electrical Engineering and
Computer Science
13, Universitatii Street
Suceava - 720229
ROMANIA

Print ISSN: 1582-7445
Online ISSN: 1844-7600
WorldCat: 643243560
doi: 10.4316/AECE


TRAFFIC STATS

2,303,366 unique visits
600,690 downloads
Since November 1, 2009



Robots online now
BINGbot


SJR SCImago RANK

SCImago Journal & Country Rank




TEXT LINKS

Anycast DNS Hosting
MOST RECENT ISSUES

 Volume 19 (2019)
 
     »   Issue 2 / 2019
 
     »   Issue 1 / 2019
 
 
 Volume 18 (2018)
 
     »   Issue 4 / 2018
 
     »   Issue 3 / 2018
 
     »   Issue 2 / 2018
 
     »   Issue 1 / 2018
 
 
 Volume 17 (2017)
 
     »   Issue 4 / 2017
 
     »   Issue 3 / 2017
 
     »   Issue 2 / 2017
 
     »   Issue 1 / 2017
 
 
 Volume 16 (2016)
 
     »   Issue 4 / 2016
 
     »   Issue 3 / 2016
 
     »   Issue 2 / 2016
 
     »   Issue 1 / 2016
 
 
  View all issues  








LATEST NEWS

2019-Jun-20
Clarivate Analytics published the InCites Journal Citations Report for 2018. The JCR Impact Factor of Advances in Electrical and Computer Engineering is 0.650, and the JCR 5-Year Impact Factor is 0.639.

2018-May-31
Starting today, the minimum number a pages for a paper is 8, so all submitted papers should have 8, 10 or 12 pages. No exceptions will be accepted.

2018-Jun-27
Clarivate Analytics published the InCites Journal Citations Report for 2017. The JCR Impact Factor of Advances in Electrical and Computer Engineering is 0.699, and the JCR 5-Year Impact Factor is 0.674.

2017-Jun-14
Thomson Reuters published the Journal Citations Report for 2016. The JCR Impact Factor of Advances in Electrical and Computer Engineering is 0.595, and the JCR 5-Year Impact Factor is 0.661.

Read More »


    
 

  2/2019 - 3

Automatic Detection and Bypassing of Anti-Debugging Techniques for Microsoft Windows Environments

PARK, J., JANG, Y.-H., HONG, S., PARK, Y. See more information about PARK, Y. on SCOPUS See more information about PARK, Y. on SCOPUS See more information about PARK, Y. on Web of Science
 
Click to see author's profile in See more information about the author on SCOPUS SCOPUS, See more information about the author on IEEE Xplore IEEE Xplore, See more information about the author on Web of Science Web of Science

Download PDF pdficon (1,313 KB) | Citation | Downloads: 170 | Views: 162

Author keywords
computer hacking, computer security, debugging, reverse engineering, software protection

References keywords
anti(10), link(9), software(7), malware(7), debugging(7), security(6), binary(5), analysis(5), ollydbg(4), code(4)
Blue keywords are present in both the references section and the paper title.

About this article
Date of Publication: 2019-05-31
Volume 19, Issue 2, Year 2019, On page(s): 23 - 28
ISSN: 1582-7445, e-ISSN: 1844-7600
Digital Object Identifier: 10.4316/AECE.2019.02003
Web of Science Accession Number: 000475806300003
SCOPUS ID: 85066320679

Abstract
Quick view
Full text preview
In spite of recent remarkable advances in binary code analysis, adversaries are still using diverse anti-reversing techniques for obfuscating code and making analysis difficult. Unlike most of the previous work that relies on debugger-plugins for neutralizing anti-debugging techniques, we focus on the Pin, which is one of the most widely used DBI (Dynamic Binary Instrumentation) tools in 80x86 environments. In this paper, we present an automatic anti-debugging detection/bypassing scheme using the Pin. In order to evaluate the effectiveness of our algorithm, we conducted experiments on 17 most widely used (commercial) protectors, which results in bypassing all anti-debugging techniques automatically. Particularly, our experiment includes Safengine, which is one of the most complex commercial protectors and, to the best of our knowledge, it has not been successfully analyzed by academic researchers up to now. Also, experimental results show that the proposed scheme performs better than the most recent work, Apate.


References | Cited By  «-- Click to see who has cited this paper

[1] W. Yan, Z. Zhang, N. Ansari, "Revealing packed malware," IEEE Security and Privacy, Vol. 6, No. 5, pp. 65-69, 2008.
[CrossRef] [Web of Science Times Cited 35] [SCOPUS Times Cited 59]


[2] D. Devi, S. Nandi, "Detection of packed malware," in Proc. of the First International Conference on Security of Internet of Things, pp. 22-26, 2012.
[CrossRef] [SCOPUS Times Cited 4]


[3] G. N. Barbosa, R. R. Branco, "Prevalent characteristics in modern malware," in Proc. of Black Hat'2014, USA, 2014.

[4] Orleans Technology, "Themida: advanced windows software protection system," [Online] Available: Temporary on-line reference link removed - see the PDF document

[5] VMSoft. "VMProtect software: VMProtect virtualizes code," [Online] Available: Temporary on-line reference link removed - see the PDF document

[6] Safengine, "Safengine protector," [Online] Available: Temporary on-line reference link removed - see the PDF document

[7] StrongOd, StrongOD 0.4.8.892 - Make your OllyDbg Strong, [Online] Available: Temporary on-line reference link removed - see the PDF document

[8] OllyAdvanced, OllyAdvanced - OllyDbg plugin for a number of advancements and anti-debug features, [Online] Available: Temporary on-line reference link removed - see the PDF document

[9] H. Shi, J. Mirkovic, "Hiding debuggers from malware with Apate," in Proc. of ACM SAC'2017, pp. 495-508, 2017.
[CrossRef] [SCOPUS Times Cited 2]


[10] C. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Raddi, K. Hazelwood, "Pin: building customized program analysis tools with dynamic instrumentation," in Proc. of the 2005 ACM SIGPLAN Conference on PLDI, pp. 190-200, 2005.
[CrossRef] [Web of Science Times Cited 719] [SCOPUS Times Cited 774]


[11] S. Bardin, R. David, J. Marion, "Backward-Bounded DSE: Targeting Infeasibility Questions on Obfuscated Codes," in Proc. of 2017 IEEE Symposium on Security and Privacy, pp 633-651, 2017.
[CrossRef] [Web of Science Times Cited 5] [SCOPUS Times Cited 5]


[12] T. Blazytko, M. Contag, C. Aschermann, T. Holz, "Syntia: Synthesizing the Semantics of Obfuscated Code," in Proc. of USENIX Security Symposium 2017, pp. 643-659, 2017.

[13] R. David, S. Bardin, T. D. Ta, J. Feist, L. Mounier, M. L. Potet, J. Y. Marion. "BINSEC/SE: A Dynamic Symbolic Execution Toolkit for Binary-level Analysis," In Proc. of 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER) 2016, pp. 653-656, 2016.
[CrossRef] [Web of Science Times Cited 8]


[14] X. Meng, B. P. Miller. "Binary code is not easy," in Proc. of the 25th International Symposium on Software Testing and Analysis, pp. 24-35, 2016.
[CrossRef] [SCOPUS Times Cited 17]


[15] S. Eschweiler, K. Yakdan, E. Gerhards-Padilla, "discovRE: Efficient Cross-Architecture Identification of Bugs in Binary Code," in Proc. of The Network and Distributed System Security Symposium (NDSS 2016), 2016.
[CrossRef]


[16] J. Pewny, B. Garmany, R. Gawlik, C. Rossow, T. Holz. "Cross-Architecture Bug Search in Binary Executables," in Proc. of the 2015 IEEE Symposium on Security and Privacy 2015, pp. 709-724, 2015.
[CrossRef] [Web of Science Times Cited 25] [SCOPUS Times Cited 49]


[17] J. Lee, H. Chang, S. Cho, S. Kim, Y. Park, W. Choi, "Integration of Software Protection Mechanisms against Reverse Engineering Attacks," Journal of Information, Vol. 15. No. 4, pp. 1569-1578, 2012.

[18] X. Chen, J. Andersen, Z. M. Mao, M. Bailey, J. Nazario, "Towards an Understanding of Anti-virtualization and Anti-debugging Behavior in Modern Malware," in Proc. of IEEE Conference on Dependable Systems and Networks (DSN 2008), pp. 177-186, 2008.
[CrossRef] [SCOPUS Times Cited 144]


[19] J. Tully, "Introduction into Windows anti-debugging," [Online] Available: Temporary on-line reference link removed - see the PDF document

[20] P. Ferrie, "The ultimate anti-debugging reference," [Online] Available: Temporary on-line reference link removed - see the PDF document

[21] T. Shields, "Anti-debugging - a developers view," 2011.

[22] A. J. Smith, R. F. Mills, A. R. Bryant, G. L. Peterson, M. R. Grimaila, "REDIR: Automated static detection of obfuscated anti-debugging techniques," in Proc. of 2014 International Conference on Collaboration Technologies and Systems 2014, pp. 173-180, 2014.
[CrossRef] [SCOPUS Times Cited 2]


[23] D. Brumley, I. Jager, T. Avgerinos, E. J. Schwartz, "BAP: A Binary Analysis Platform," in Proc. of International Conference on Computer Aided Verification 2011, pp. 463-469, 2011.
[CrossRef] [SCOPUS Times Cited 127]


[24] P. Chen, C. Huygens, L. Desmet, W. Joosen, "Advanced or not? A comparative study of the use of anti-debugging and anti-VM techniques in generic and targeted malware," in Proc. of IFIPSEC'2016 Conference, pp. 323-336, 2016.
[CrossRef] [Web of Science Times Cited 6] [SCOPUS Times Cited 12]


[25] K. Yoshizaki, T. Yamauchi, "Malware Detection Method Focusing on Anti-debugging Functions," in Proc. of Computing and Networking (CANDAR) 2014, pp. 563-566, 2014.
[CrossRef] [Web of Science Times Cited 1] [SCOPUS Times Cited 1]


[26] V. Oduguwa, A. Tiwari, R. Roy, "Evolutionary computing in manufacturing industry: an overview of recent applications," Applied Soft Computing, vol. 5, no. 3, pp. 281-299, 2005.
[CrossRef] [Web of Science Times Cited 77] [SCOPUS Times Cited 98]


[27] C. Pozna, F. Troester, R. E. Precup, J. Tar, S. Preitl, "On the design of an obstacle avoiding trajectory: method and simulation," Mathematics and Computers in Simulation, vol. 79, no. 7, pp. 2211-2226, 2009.
[CrossRef] [Web of Science Times Cited 38] [SCOPUS Times Cited 57]


[28] J. Saadat, P. Moallem, H. Koofigar, "Training echo state neural network using harmony search algorithm," International Journal of Artificial Intelligence, vol. 15, no. 1, pp. 163-179, 2017.

[29] S. Vrkalovic, E. Lunca, I. Borlea, "Model-free sliding mode and fuzzy controllers for reverse osmosis desalination plants, International Journal of Artificial Intelligence," vol. 16, no. 2, pp. 208-222, 2018.

[30] Obsidium Software. "Obsidium Software Protection System," [Online] Available: Temporary on-line reference link removed - see the PDF document

[31] OllyDbg. "OllyDbg v1.10: 32-bit assembler level analyzing debugger for Microsoft Windows," [Online] Available: Temporary on-line reference link removed - see the PDF document



References Weight

Web of Science® Citations for all references: 914 TCR
SCOPUS® Citations for all references: 1,351 TCR

Web of Science® Average Citations per reference: 29 ACR
SCOPUS® Average Citations per reference: 42 ACR

TCR = Total Citations for References / ACR = Average Citations per Reference

We introduced in 2010 - for the first time in scientific publishing, the term "References Weight", as a quantitative indication of the quality ... Read more

Citations for references updated on 2019-08-18 05:33 in 115 seconds.




Note1: Web of Science® is a registered trademark of Clarivate Analytics.
Note2: SCOPUS® is a registered trademark of Elsevier B.V.
Disclaimer: All queries to the respective databases were made by using the DOI record of every reference (where available). Due to technical problems beyond our control, the information is not always accurate. Please use the CrossRef link to visit the respective publisher site.

Copyright ©2001-2019
Faculty of Electrical Engineering and Computer Science
Stefan cel Mare University of Suceava, Romania


All rights reserved: Advances in Electrical and Computer Engineering is a registered trademark of the Stefan cel Mare University of Suceava. No part of this publication may be reproduced, stored in a retrieval system, photocopied, recorded or archived, without the written permission from the Editor. When authors submit their papers for publication, they agree that the copyright for their article be transferred to the Faculty of Electrical Engineering and Computer Science, Stefan cel Mare University of Suceava, Romania, if and only if the articles are accepted for publication. The copyright covers the exclusive rights to reproduce and distribute the article, including reprints and translations.

Permission for other use: The copyright owner's consent does not extend to copying for general distribution, for promotion, for creating new works, or for resale. Specific written permission must be obtained from the Editor for such copying. Direct linking to files hosted on this website is strictly prohibited.

Disclaimer: Whilst every effort is made by the publishers and editorial board to see that no inaccurate or misleading data, opinions or statements appear in this journal, they wish to make it clear that all information and opinions formulated in the articles, as well as linguistic accuracy, are the sole responsibility of the author.




Website loading speed and performance optimization powered by: