This report addresses de-obfuscation on programs. The targeted
obfuscation scheme is the control flow flattening, which is an obfuscation
method focusing on hiding the control flow of a program. This scheme
introduces a special block named dispatcher into the program. The
control flow of the program is reconstructed to be directed back to the
dispatcher whenever the execution of a basic block ends. By doing
this, in the flattened program, each basic block could be recognized as
a precursor or a successor of any other basic blocks. While the real
control flow of the program is merely disclosed during the execution of
the program.
This report aims to remove the dispatcher added in the flattened
program and rebuild the control flow of its original program. To achieve
the targets, this report presents a de-obfuscation model based on the
Control Flow Graph of an obfuscated program. The de-flattening model
makes use of both static analysis and dynamic analysis.
more here...........http://www.diva-portal.org/smash/get/diva2:762870/FULLTEXT01.pdf
obfuscation scheme is the control flow flattening, which is an obfuscation
method focusing on hiding the control flow of a program. This scheme
introduces a special block named dispatcher into the program. The
control flow of the program is reconstructed to be directed back to the
dispatcher whenever the execution of a basic block ends. By doing
this, in the flattened program, each basic block could be recognized as
a precursor or a successor of any other basic blocks. While the real
control flow of the program is merely disclosed during the execution of
the program.
This report aims to remove the dispatcher added in the flattened
program and rebuild the control flow of its original program. To achieve
the targets, this report presents a de-obfuscation model based on the
Control Flow Graph of an obfuscated program. The de-flattening model
makes use of both static analysis and dynamic analysis.
more here...........http://www.diva-portal.org/smash/get/diva2:762870/FULLTEXT01.pdf