PE file similarity comparison method based on derived function
The invention relates to a PE file similarity comparison method based on an export function, and belongs to the technical field of software binary code traceability analysis. According to the comparison method, PE file similarity comparison and similarity calculation are completed through PE file an...
Gespeichert in:
| Hauptverfasser: | , , , , , |
|---|---|
| Format: | Patent |
| Sprache: | chi ; eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | The invention relates to a PE file similarity comparison method based on an export function, and belongs to the technical field of software binary code traceability analysis. According to the comparison method, PE file similarity comparison and similarity calculation are completed through PE file analysis, extraction and comparison of PE file'export functions'. The method mainly provides technical means for traceability of PE format binary files such as an executable program, a dynamic link library and an ActiveX control in a Windows operating system, and has good robustness and relatively high accuracy and usability.
本发明涉及一种基于导出函数的PE文件相似性比对方法,属于软件二进制代码溯源分析技术领域。该比对方法通过PE文件解析,提取并比对PE文件"导出函数",完成了PE文件相似性比对和相似度计算。该方法主要是为Windows操作系统下可执行程序、动态链接库、ActiveX控件等PE格式二进制文件溯源提供技术手段,具有良好的鲁棒性、较高的准确性和可用性。 |
|---|