IEICE Transactions on Information and Systems
Online ISSN : 1745-1361
Print ISSN : 0916-8532
Regular Section
Tracing Stored Program Counter to Detect Polymorphic Shellcode
Daewon KIMIkkyun KIMJintae OHJongsoo JANG
Author information
Keywords: network, security, shellcode, polymorphism
JOURNAL FREE ACCESS

2008 Volume E91.D Issue 8 Pages 2192-2195

Details
Download PDF (660K)
Download citation RIS

(compatible with EndNote, Reference Manager, ProCite, RefWorks)

BIB TEX

(compatible with BibDesk, LaTeX)

Text
How to download citation
Contact us
Abstract

The shellcode use of the polymorphic form has become active as the de facto method for avoiding signature based network security system. We present a new static analysis method for detecting the decryption routine of the polymorphic shellcode. This method traces the processes by which the decryption routine stores the current program counter in a stack, moves the value between registers and uses the value in order to make the address of the encrypted code accessible. Most of decryption routines have the feature which they use the program counter stored on a stack as the address for accessing the memory that the encrypted code is positioned.

Content from these authors
© 2008 The Institute of Electronics, Information and Communication Engineers
Previous article Next article
Favorites & Alerts

Recently viewed articles
Announcements from publisher
  • Readers can also download the PDF from https://search.ieice.org/iss/
  • PayPerView service
  • Please contact trans-d [a] ieice.org, if you want to unlock PDF security.
Share this page
feedback
 Top