一种检测可移植可执行文件指定大小的代码洞的分析工具

2022 International Conference on Theoretical and Applied Computer Science and Engineering (ICTASCE) Pub Date : 2022-09-29 DOI:10.1109/ICTACSE50438.2022.10009843

Güney Uğurlu, K. Açıcı

{"title":"一种检测可移植可执行文件指定大小的代码洞的分析工具","authors":"Güney Uğurlu, K. Açıcı","doi":"10.1109/ICTACSE50438.2022.10009843","DOIUrl":null,"url":null,"abstract":"Code caves represent sequential null bytes in portable executable files and are particularly used in reverse engineering. With the help of code caves, the execution flow of the program can be changed, and different codes can be injected into the compiled programs. In the sections in the PE files, it is determined manually whether there is a code cave suitable for the size of the code to be injected. This paper presents the analysis tool named CodeCaveFinder. It finds in detail whether the code caves of the user desired size are in the sections of the PE file. As a result of tests, it has been proven that CodeCaveFinder gives accurate and reliable results.","PeriodicalId":301767,"journal":{"name":"2022 International Conference on Theoretical and Applied Computer Science and Engineering (ICTASCE)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"An Analysis Tool that Detects The Code Caves in Specified Sizes for Portable Executable Files\",\"authors\":\"Güney Uğurlu, K. Açıcı\",\"doi\":\"10.1109/ICTACSE50438.2022.10009843\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Code caves represent sequential null bytes in portable executable files and are particularly used in reverse engineering. With the help of code caves, the execution flow of the program can be changed, and different codes can be injected into the compiled programs. In the sections in the PE files, it is determined manually whether there is a code cave suitable for the size of the code to be injected. This paper presents the analysis tool named CodeCaveFinder. It finds in detail whether the code caves of the user desired size are in the sections of the PE file. As a result of tests, it has been proven that CodeCaveFinder gives accurate and reliable results.\",\"PeriodicalId\":301767,\"journal\":{\"name\":\"2022 International Conference on Theoretical and Applied Computer Science and Engineering (ICTASCE)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-09-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 International Conference on Theoretical and Applied Computer Science and Engineering (ICTASCE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICTACSE50438.2022.10009843\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 International Conference on Theoretical and Applied Computer Science and Engineering (ICTASCE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICTACSE50438.2022.10009843","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

代码洞表示可移植可执行文件中的连续空字节，特别用于逆向工程。在代码洞的帮助下，可以改变程序的执行流程，并在编译后的程序中注入不同的代码。在PE文件的部分中，手动确定是否存在适合要注入的代码大小的代码洞。本文介绍了一个名为CodeCaveFinder的分析工具。它详细查找用户所需大小的代码洞是否位于PE文件的各节中。经过测试，已证明CodeCaveFinder能够提供准确可靠的结果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

An Analysis Tool that Detects The Code Caves in Specified Sizes for Portable Executable Files

Code caves represent sequential null bytes in portable executable files and are particularly used in reverse engineering. With the help of code caves, the execution flow of the program can be changed, and different codes can be injected into the compiled programs. In the sections in the PE files, it is determined manually whether there is a code cave suitable for the size of the code to be injected. This paper presents the analysis tool named CodeCaveFinder. It finds in detail whether the code caves of the user desired size are in the sections of the PE file. As a result of tests, it has been proven that CodeCaveFinder gives accurate and reliable results.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2022 International Conference on Theoretical and Applied Computer Science and Engineering (ICTASCE)

自引率

0.00%

发文量