Journal in Computer Virology

, Volume 5, Issue 2, pp 119–149

Semi-automatic binary protection tampering

  • Yoann Guillot
  • Alexandre Gazet
Original Paper

DOI: 10.1007/s11416-009-0118-4

Cite this article as:
Guillot, Y. & Gazet, A. J Comput Virol (2009) 5: 119. doi:10.1007/s11416-009-0118-4

Abstract

Both on malicious binaries and commercial software like video games, the complexity of software protections, which aim at slowing reverse-engineering, is constantly growing. Analyzing those protections and eventually circumventing them, require more and more elaborated tools. Through two examples, we illustrate some particularly interesting protection families and try to show their limits and how to remove them to recover a binary which is close to the original code. Each of our approaches is based on the use of the binary manipulation framework Metasm.

Copyright information

© Springer-Verlag France 2009

Authors and Affiliations

  • Yoann Guillot
    • 1
  • Alexandre Gazet
    • 1
  1. 1.Sogeti, ESECParisFrance

Personalised recommendations