Abstract
PE (portable executable) file has the characteristics of diversity, uncertainty of file size, complexity of file structure, and singleness of file format, which make it easy to be a carrier of information hiding, especially for that of large hiding capacity. This paper proposes an information-hiding algorithm based on PE file function migration, which utilizes disassembly engine to disassemble code section of PE file, processes function recognition, and shifts the whole codes of system or user-defined functions to the last section of PE file. Then it hides information in the original code space. The hidden information is combined with the main functions of the PE file, and the hidden information is coupled with the key codes of the program, which further enhances the concealment performance and anti-attack capability of the system.
Highlights
Portable executable (PE) file is a standard format for executable file in Windows environment, which is one of the most important software formats in the Internet
Using the services provided by the www.virscan.org website, the hidden PE file upload server will be hidden for virus scanning, the results show that the file is normal
6 Conclusion and future work In this paper, a large-capacity information hiding algorithm based on function migration is presented
Summary
PE file is a standard format for executable file in Windows environment, which is one of the most important software formats in the Internet. Combining hidden information with program instruction code can effectively improve the concealment of information hiding algorithm based on executable file. The PE-based information-hiding algorithms are divided into the following three categories: One is the information hiding method based on the PE file redundant space [1–20]. The second is the information hiding method based on PE file data resources [21–23], the third is the information-hiding method based on PE file import table [24–28]. The existing PE file hiding algorithms mainly exist the following shortcomings: First, the redundant space of PE files is open to people familiar with the PE file format, and there are powerful PE file analysis tools on the market, such as Stud_ PE and PE Explorer Lord PE. Because of the use of the redundant space inherent in PE files for information hiding, security is not good. The third is the structure of the PE file is transparent; the use of
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
