In order to prevent analysis by static and dynamic disassembly techniques, instruction level code obfuscation is performed to induce misalignment and mistaken analysis by disassemblers. Misalignment is induced by including a bypass which leads, during execution, to a legitimate location. During analysis, however, bogus data may be analyzed by the disassembler due to the bypass. Run-time modifications may also be included in code. Code is changed to an invalid state, and instructions inserted into the code which will return the code to a valid state during execution. During analysis, these invalid states may be analyzed by the disassembler as invalid instructions. Induced misalignments and run-time modifications can be chained together to produce sequences of code that will always produce invalid disassembly output from common disassemblers.

 
Web www.patentalert.com

< Method and system for morphing honeypot

> Reducing latency, when accessing task priority levels

~ 00437