TWI494751B - 自動化解碼攜帶式可執行檔之系統、方法及其電腦程式產品 - Google Patents

自動化解碼攜帶式可執行檔之系統、方法及其電腦程式產品 Download PDF

Info

Publication number
TWI494751B
TWI494751B TW099125055A TW99125055A TWI494751B TW I494751 B TWI494751 B TW I494751B TW 099125055 A TW099125055 A TW 099125055A TW 99125055 A TW99125055 A TW 99125055A TW I494751 B TWI494751 B TW I494751B
Authority
TW
Taiwan
Prior art keywords
executable file
portable executable
encoded
memory
software module
Prior art date
Application number
TW099125055A
Other languages
English (en)
Chinese (zh)
Other versions
TW201128385A (en
Inventor
Tomislav Pericin
Original Assignee
Reversinglabs Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Reversinglabs Corp filed Critical Reversinglabs Corp
Publication of TW201128385A publication Critical patent/TW201128385A/zh
Application granted granted Critical
Publication of TWI494751B publication Critical patent/TWI494751B/zh

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/74Reverse engineering; Extracting design information from source code
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0706Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
    • G06F11/0715Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment in a system implementing multitasking
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0706Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
    • G06F11/0721Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment within a central processing unit [CPU]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0751Error or fault detection not based on redundancy
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0793Remedial or corrective actions
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Prevention of errors by analysis, debugging or testing of software
    • G06F11/362Debugging of software
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Stored Programmes (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Devices For Executing Special Programs (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
  • Input Circuits Of Receivers And Coupling Of Receivers And Audio Equipment (AREA)
TW099125055A 2009-07-29 2010-07-29 自動化解碼攜帶式可執行檔之系統、方法及其電腦程式產品 TWI494751B (zh)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US22949709P 2009-07-29 2009-07-29

Publications (2)

Publication Number Publication Date
TW201128385A TW201128385A (en) 2011-08-16
TWI494751B true TWI494751B (zh) 2015-08-01

Family

ID=43033144

Family Applications (3)

Application Number Title Priority Date Filing Date
TW099125055A TWI494751B (zh) 2009-07-29 2010-07-29 自動化解碼攜帶式可執行檔之系統、方法及其電腦程式產品
TW099125053A TW201128383A (en) 2009-07-29 2010-07-29 Portable executable file analysis
TW099125054A TWI482013B (zh) 2009-07-29 2010-07-29 修復攜帶式可執行檔之系統、方法及其電腦程式產品

Family Applications After (2)

Application Number Title Priority Date Filing Date
TW099125053A TW201128383A (en) 2009-07-29 2010-07-29 Portable executable file analysis
TW099125054A TWI482013B (zh) 2009-07-29 2010-07-29 修復攜帶式可執行檔之系統、方法及其電腦程式產品

Country Status (10)

Country Link
US (5) US9361173B2 (enExample)
EP (3) EP2460075B1 (enExample)
CA (3) CA2806367C (enExample)
ES (3) ES2660538T3 (enExample)
HR (3) HRP20171470T1 (enExample)
HU (2) HUE038791T2 (enExample)
NO (2) NO2460075T3 (enExample)
PT (3) PT2460075T (enExample)
TW (3) TWI494751B (enExample)
WO (3) WO2011014620A1 (enExample)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9858072B2 (en) 2009-07-29 2018-01-02 Reversinglabs Corporation Portable executable file analysis

Families Citing this family (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8607094B2 (en) * 2009-09-29 2013-12-10 Hyundai Motor Company Operational system test method
EP2499565B1 (en) * 2009-11-13 2019-01-09 Ab Initio Technology LLC Managing record format information
US8756695B1 (en) * 2010-10-26 2014-06-17 Emc Corporation Analysis of binary code
US9158605B2 (en) * 2010-12-01 2015-10-13 Microsoft Technology Licensing, Llc Method, system and device for validating repair files and repairing corrupt software
US9019850B2 (en) * 2011-04-11 2015-04-28 Qualcomm Incorporated CSI reporting for multiple carriers with different system configurations
US9009678B2 (en) * 2011-06-28 2015-04-14 International Business Machines Corporation Software debugging with execution match determinations
CN102507682B (zh) * 2011-10-27 2013-09-18 浙江大学 一种基于银/纳米银的溶解硫化氢探测电极的制备方法
US9047293B2 (en) 2012-07-25 2015-06-02 Aviv Grafi Computer file format conversion for neutralization of attacks
CN103632088A (zh) * 2012-08-28 2014-03-12 阿里巴巴集团控股有限公司 一种木马检测方法及装置
CN103077029B (zh) * 2012-12-28 2016-07-13 北京神州绿盟信息安全科技股份有限公司 一种导入表的修复方法及装置
CN103019739B (zh) * 2012-12-28 2015-07-29 北京神州绿盟信息安全科技股份有限公司 重定位表的修复方法、程序脱壳方法及相关装置
US9841959B2 (en) * 2015-02-02 2017-12-12 Google Llc Fine-grained demand driven IPO infrastructure
US9742796B1 (en) 2015-09-18 2017-08-22 Palo Alto Networks, Inc. Automatic repair of corrupt files for a detonation engine
US10032914B2 (en) * 2015-10-20 2018-07-24 Taiwan Semiconductor Manufacturing Co., Ltd. Semiconductor device and manufacturing method thereof
RU2606559C1 (ru) * 2015-10-22 2017-01-10 Акционерное общество "Лаборатория Касперского" Система и способ оптимизации антивирусной проверки файлов
US9858424B1 (en) 2017-01-05 2018-01-02 Votiro Cybersec Ltd. System and method for protecting systems from active content
CN108614680A (zh) * 2016-12-14 2018-10-02 中国航空工业集团公司西安航空计算技术研究所 一种信息查询命令程序的自动生成方法和系统
US10013557B1 (en) 2017-01-05 2018-07-03 Votiro Cybersec Ltd. System and method for disarming malicious code
US10331890B2 (en) 2017-03-20 2019-06-25 Votiro Cybersec Ltd. Disarming malware in protected content
US10331889B2 (en) 2017-01-05 2019-06-25 Votiro Cybersec Ltd. Providing a fastlane for disarming malicious content in received input content
CN111796850B (zh) * 2020-07-20 2021-05-11 上海航天电子通讯设备研究所 一种卫星载荷软件在轨维护设备及方法
US12399961B2 (en) * 2020-10-09 2025-08-26 Nippon Telegraph And Telephone Corporation Program protection apparatus, program protection method, and program protection program
CN115145571B (zh) * 2021-03-31 2024-11-08 武汉斗鱼鱼乐网络科技有限公司 在程序核心代码中隐藏系统函数调用的方法、装置和介质

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998033106A1 (en) * 1997-01-29 1998-07-30 Shopnow.Com, Inc. Method and system for injecting new code into existing application code
US5892904A (en) * 1996-12-06 1999-04-06 Microsoft Corporation Code certification for network transmission
US5953534A (en) * 1997-12-23 1999-09-14 University Of Washington Environment manipulation for executing modified executable and dynamically-loaded library files
US5983366A (en) * 1997-03-19 1999-11-09 Optimay Corporation Data processing system having monitoring of software activity
TW446872B (en) * 1999-08-26 2001-07-21 Mitac Int Corp Detection method of boot-up virus
TW451125B (en) * 1999-11-06 2001-08-21 Mitac Int Corp Tracking and inspecting method for files infected with computer virus
US7058928B2 (en) * 1999-12-23 2006-06-06 Identify Software Ltd. System and method for conditional tracing of computer programs

Family Cites Families (52)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4533997A (en) 1972-08-25 1985-08-06 Westinghouse Electric Corp. Computer monitored or controlled system which may be modified and de-bugged on-line by one not skilled in computer programming
US3987420A (en) 1973-12-28 1976-10-19 Ing. C. Olivetti & C., S.P.A. Electronic computer with equipment for debugging operative programs
US5892900A (en) 1996-08-30 1999-04-06 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US5812848A (en) * 1995-08-23 1998-09-22 Symantec Corporation Subclassing system for computer that operates with portable-executable (PE) modules
US6367012B1 (en) * 1996-12-06 2002-04-02 Microsoft Corporation Embedding certifications in executable files for network transmission
US6026235A (en) 1997-05-20 2000-02-15 Inprise Corporation System and methods for monitoring functions in natively compiled software programs
US6202199B1 (en) * 1997-07-31 2001-03-13 Mutek Solutions, Ltd. System and method for remotely analyzing the execution of computer programs
US5983348A (en) * 1997-09-10 1999-11-09 Trend Micro Incorporated Computer network malicious code scanner
US6802006B1 (en) * 1999-01-15 2004-10-05 Macrovision Corporation System and method of verifying the authenticity of dynamically connectable executable images
US6640317B1 (en) 2000-04-20 2003-10-28 International Business Machines Corporation Mechanism for automated generic application damage detection and repair in strongly encapsulated application
US7146531B2 (en) * 2000-12-28 2006-12-05 Landesk Software Limited Repairing applications
US20040010703A1 (en) 2001-08-01 2004-01-15 Networks Associates Technology, Inc. Persistent storage access system and method for a wireless malware scan engine
US6792543B2 (en) 2001-08-01 2004-09-14 Networks Associates Technology, Inc. Virus scanning on thin client devices using programmable assembly language
US7043596B2 (en) * 2001-08-17 2006-05-09 Sun Microsystems, Inc. Method and apparatus for simulation processor
US20030070087A1 (en) * 2001-10-05 2003-04-10 Dmitry Gryaznov System and method for automatic updating of multiple anti-virus programs
TWI310919B (en) 2002-01-11 2009-06-11 Sap Ag Context-aware and real-time item tracking system architecture and scenariors
US7181603B2 (en) * 2002-03-12 2007-02-20 Intel Corporation Method of secure function loading
US7818657B1 (en) * 2002-04-01 2010-10-19 Fannie Mae Electronic document for mortgage transactions
US7174320B2 (en) * 2002-04-04 2007-02-06 Intel Corporation Method of providing adaptive security
US7367056B1 (en) * 2002-06-04 2008-04-29 Symantec Corporation Countering malicious code infections to computer files that have been infected more than once
GB2389432B (en) * 2002-06-07 2005-09-07 Advanced Risc Mach Ltd Instruction tracing in data processing systems
US7478431B1 (en) * 2002-08-02 2009-01-13 Symantec Corporation Heuristic detection of computer viruses
US7076774B2 (en) * 2002-09-10 2006-07-11 Microsoft Corporation Infrastructure for generating a downloadable, secure runtime binary image for a secondary processor
US8219801B2 (en) 2003-03-10 2012-07-10 International Business Machines Corporation Method of authenticating digitally encoded products without private key sharing
US7123141B2 (en) * 2003-08-20 2006-10-17 Contestabile Robert A Electronic monitoring systems and methods
WO2005024630A1 (ja) * 2003-09-04 2005-03-17 Science Park Corporation 不正コード実行の防止方法および防止プログラム
US7549148B2 (en) * 2003-12-16 2009-06-16 Microsoft Corporation Self-describing software image update components
US7620990B2 (en) * 2004-01-30 2009-11-17 Microsoft Corporation System and method for unpacking packed executables for malware evaluation
US7523343B2 (en) 2004-04-30 2009-04-21 Microsoft Corporation Real-time file system repairs
US7349931B2 (en) * 2005-04-14 2008-03-25 Webroot Software, Inc. System and method for scanning obfuscated files for pestware
US8606950B2 (en) * 2005-06-08 2013-12-10 Logitech Europe S.A. System and method for transparently processing multimedia data
CN101228509B (zh) 2005-07-27 2010-05-26 松下电器产业株式会社 生成执行二进制图像的装置及方法
US8161548B1 (en) 2005-08-15 2012-04-17 Trend Micro, Inc. Malware detection using pattern classification
US7725737B2 (en) * 2005-10-14 2010-05-25 Check Point Software Technologies, Inc. System and methodology providing secure workspace environment
US7546412B2 (en) * 2005-12-02 2009-06-09 International Business Machines Corporation Apparatus, system, and method for global metadata copy repair
US8479174B2 (en) * 2006-04-05 2013-07-02 Prevx Limited Method, computer program and computer for analyzing an executable computer file
US7594136B2 (en) * 2006-04-19 2009-09-22 Microsoft Corporation Paging-triggered corrupted file recovery
US7814544B1 (en) * 2006-06-22 2010-10-12 Symantec Corporation API-profile guided unpacking
US20080101381A1 (en) 2006-10-25 2008-05-01 Mediatek Inc. Address resolution protocol (arp) cache management methods and devices
US7797743B2 (en) * 2007-02-26 2010-09-14 Microsoft Corporation File conversion in restricted process
US8346051B2 (en) 2007-06-01 2013-01-01 Panasonic Corporation Recording apparatus and recording method
US20090013405A1 (en) * 2007-07-06 2009-01-08 Messagelabs Limited Heuristic detection of malicious code
US8769268B2 (en) * 2007-07-20 2014-07-01 Check Point Software Technologies, Inc. System and methods providing secure workspace sessions
US8037536B2 (en) * 2007-11-14 2011-10-11 Bank Of America Corporation Risk scoring system for the prevention of malware
KR100942795B1 (ko) * 2007-11-21 2010-02-18 한국전자통신연구원 악성프로그램 탐지장치 및 그 방법
US8627302B2 (en) * 2007-11-27 2014-01-07 Oracle America, Inc. Sampling based runtime optimizer for efficient debugging of applications
US7996904B1 (en) * 2007-12-19 2011-08-09 Symantec Corporation Automated unpacking of executables packed by multiple layers of arbitrary packers
US8782615B2 (en) * 2008-04-14 2014-07-15 Mcafee, Inc. System, method, and computer program product for simulating at least one of a virtual environment and a debugging environment to prevent unwanted code from executing
US8073840B2 (en) * 2008-06-17 2011-12-06 Attivio, Inc. Querying joined data within a search engine index
NO2460075T3 (enExample) * 2009-07-29 2018-04-21
US8510615B2 (en) * 2009-10-22 2013-08-13 Xerox Corporation Virtual repair of digital media
US9349103B2 (en) 2012-01-09 2016-05-24 DecisionQ Corporation Application of machine learned Bayesian networks to detection of anomalies in complex systems

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5892904A (en) * 1996-12-06 1999-04-06 Microsoft Corporation Code certification for network transmission
WO1998033106A1 (en) * 1997-01-29 1998-07-30 Shopnow.Com, Inc. Method and system for injecting new code into existing application code
US5983366A (en) * 1997-03-19 1999-11-09 Optimay Corporation Data processing system having monitoring of software activity
US5953534A (en) * 1997-12-23 1999-09-14 University Of Washington Environment manipulation for executing modified executable and dynamically-loaded library files
TW446872B (en) * 1999-08-26 2001-07-21 Mitac Int Corp Detection method of boot-up virus
TW451125B (en) * 1999-11-06 2001-08-21 Mitac Int Corp Tracking and inspecting method for files infected with computer virus
US7058928B2 (en) * 1999-12-23 2006-06-06 Identify Software Ltd. System and method for conditional tracing of computer programs

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9858072B2 (en) 2009-07-29 2018-01-02 Reversinglabs Corporation Portable executable file analysis
US10261783B2 (en) 2009-07-29 2019-04-16 Reversing Labs Holding Gmbh Automated unpacking of portable executable files

Also Published As

Publication number Publication date
CA2806367A1 (en) 2011-02-03
CA2806370C (en) 2019-07-09
WO2011014623A1 (en) 2011-02-03
TW201128384A (en) 2011-08-16
ES2660538T3 (es) 2018-03-22
EP2460113B1 (en) 2017-07-05
US20110035731A1 (en) 2011-02-10
US9858072B2 (en) 2018-01-02
ES2667024T3 (es) 2018-05-09
HUE038328T2 (hu) 2018-10-29
HUE038791T2 (hu) 2018-11-28
HRP20180689T1 (hr) 2018-06-15
EP2460076B1 (en) 2018-02-07
US8826071B2 (en) 2014-09-02
HRP20171470T1 (hr) 2017-12-29
TWI482013B (zh) 2015-04-21
US9361173B2 (en) 2016-06-07
NO2460075T3 (enExample) 2018-04-21
CA2806367C (en) 2019-03-12
EP2460075A1 (en) 2012-06-06
US9389947B2 (en) 2016-07-12
NO2460076T3 (enExample) 2018-07-07
WO2011014625A1 (en) 2011-02-03
WO2011014620A1 (en) 2011-02-03
PT2460113T (pt) 2017-10-13
ES2644856T3 (es) 2017-11-30
TW201128385A (en) 2011-08-16
US20110066651A1 (en) 2011-03-17
EP2460113A1 (en) 2012-06-06
EP2460075B1 (en) 2017-11-22
CA2806368C (en) 2019-04-30
CA2806368A1 (en) 2011-02-03
US20110029805A1 (en) 2011-02-03
CA2806370A1 (en) 2011-02-03
US10261783B2 (en) 2019-04-16
PT2460075T (pt) 2018-02-26
US20160253253A1 (en) 2016-09-01
HRP20180306T1 (hr) 2018-03-23
PT2460076T (pt) 2018-05-09
US20160291973A1 (en) 2016-10-06
EP2460076A1 (en) 2012-06-06
TW201128383A (en) 2011-08-16

Similar Documents

Publication Publication Date Title
TWI494751B (zh) 自動化解碼攜帶式可執行檔之系統、方法及其電腦程式產品
US8301942B2 (en) Managing possibly logically bad blocks in storage devices
Ling et al. Giantsan: Efficient memory sanitization with segment folding
CN107229867A (zh) 内核漏洞挖掘方法、装置、计算设备及计算机存储介质
CN111061591B (zh) 基于存储器完整性检查控制器实现数据完整性检查的系统和方法
US10229070B2 (en) Computer-implemented method and a system for encoding a heap application memory state using shadow memory
US20220308991A1 (en) Test processing method and information processing apparatus
CN117234967A (zh) 数据处理方法、装置、存储节点及存储介质
CN114547559A (zh) 符号混淆方法、装置、介质和计算设备
CN120144256B (zh) 只读代码的补丁修复方法、装置、及存储介质
CN111984940B (zh) So文件的加固方法、装置、电子设备和存储介质
CN105487981A (zh) 一种加壳软件转存文件的转换方法、装置和系统