Abstract
We present a new approach for disassembling executables with self-modifying code. Self-modifying code is very common in malware. Conventional static or dynamic approaches cannot handle self-modifying code very well. We combine static and dynamic analysis to fight against self-modifying code with the multiple-path exploration technique. The evaluation results indicate that our approach works well in disassembling executables with self-modifying code with high precision and code coverage compared with the state-of-art disassembler.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have