Systems and methods for distinguishing code of a program obfuscated within a packed program

Systems and methods for distinguishing code of a program obfuscated within a packed program

A computer-implemented method for distinguishing code of a program obfuscated within a packed program may include (1) retrieving memory of the packed program that includes the code of the obfuscated program in an unobfuscated state and unpacking code that unpacks the code of the obfuscated program w...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: BHATKAR SANDEEP
Format: Patent
Sprache:eng
Schlagworte:
ALARM SYSTEMS
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
ORDER TELEGRAPHS
PHYSICS
SIGNALLING
SIGNALLING OR CALLING SYSTEMS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator BHATKAR SANDEEP
description A computer-implemented method for distinguishing code of a program obfuscated within a packed program may include (1) retrieving memory of the packed program that includes the code of the obfuscated program in an unobfuscated state and unpacking code that unpacks the code of the obfuscated program when the packed program is executed, (2) identifying an import address table within the memory of the packed program, (3) determining that the import address table is an import address table of the code of the obfuscated program, (4) determining that a region of code within the memory of the packed program may be the code of the obfuscated program by determining that the region of code uses the import address table, and (5) performing a security operation on the region of code. Various other methods, systems, and computer-readable media are also disclosed.
format Patent
fullrecord <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US9208314B1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US9208314B1</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US9208314B13</originalsourceid><addsrcrecordid>eNqNyjEOwjAMheEsDAi4gy-ARCkDrEUg9sLEUJnEaSNoXMWuELcnSD0A06-n983Nvf6IUi-A0UFP2rET8JzABdEQ2zFIlwOWHQF7QBgStwl74IcfxaKSg3fQjH4f2mfeE1mamceX0GrqwsD5dD1e1jRwQ5IxRdLmVh-2m31Z7Kqi_IN8AQX0OzQ</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>Systems and methods for distinguishing code of a program obfuscated within a packed program</title><source>esp@cenet</source><creator>BHATKAR SANDEEP</creator><creatorcontrib>BHATKAR SANDEEP</creatorcontrib><description>A computer-implemented method for distinguishing code of a program obfuscated within a packed program may include (1) retrieving memory of the packed program that includes the code of the obfuscated program in an unobfuscated state and unpacking code that unpacks the code of the obfuscated program when the packed program is executed, (2) identifying an import address table within the memory of the packed program, (3) determining that the import address table is an import address table of the code of the obfuscated program, (4) determining that a region of code within the memory of the packed program may be the code of the obfuscated program by determining that the region of code uses the import address table, and (5) performing a security operation on the region of code. Various other methods, systems, and computer-readable media are also disclosed.</description><language>eng</language><subject>ALARM SYSTEMS ; CALCULATING ; COMPUTING ; COUNTING ; ELECTRIC DIGITAL DATA PROCESSING ; ORDER TELEGRAPHS ; PHYSICS ; SIGNALLING ; SIGNALLING OR CALLING SYSTEMS</subject><creationdate>2015</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20151208&amp;DB=EPODOC&amp;CC=US&amp;NR=9208314B1$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,780,885,25562,76317</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20151208&amp;DB=EPODOC&amp;CC=US&amp;NR=9208314B1$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>BHATKAR SANDEEP</creatorcontrib><title>Systems and methods for distinguishing code of a program obfuscated within a packed program</title><description>A computer-implemented method for distinguishing code of a program obfuscated within a packed program may include (1) retrieving memory of the packed program that includes the code of the obfuscated program in an unobfuscated state and unpacking code that unpacks the code of the obfuscated program when the packed program is executed, (2) identifying an import address table within the memory of the packed program, (3) determining that the import address table is an import address table of the code of the obfuscated program, (4) determining that a region of code within the memory of the packed program may be the code of the obfuscated program by determining that the region of code uses the import address table, and (5) performing a security operation on the region of code. Various other methods, systems, and computer-readable media are also disclosed.</description><subject>ALARM SYSTEMS</subject><subject>CALCULATING</subject><subject>COMPUTING</subject><subject>COUNTING</subject><subject>ELECTRIC DIGITAL DATA PROCESSING</subject><subject>ORDER TELEGRAPHS</subject><subject>PHYSICS</subject><subject>SIGNALLING</subject><subject>SIGNALLING OR CALLING SYSTEMS</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2015</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNqNyjEOwjAMheEsDAi4gy-ARCkDrEUg9sLEUJnEaSNoXMWuELcnSD0A06-n983Nvf6IUi-A0UFP2rET8JzABdEQ2zFIlwOWHQF7QBgStwl74IcfxaKSg3fQjH4f2mfeE1mamceX0GrqwsD5dD1e1jRwQ5IxRdLmVh-2m31Z7Kqi_IN8AQX0OzQ</recordid><startdate>20151208</startdate><enddate>20151208</enddate><creator>BHATKAR SANDEEP</creator><scope>EVB</scope></search><sort><creationdate>20151208</creationdate><title>Systems and methods for distinguishing code of a program obfuscated within a packed program</title><author>BHATKAR SANDEEP</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US9208314B13</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2015</creationdate><topic>ALARM SYSTEMS</topic><topic>CALCULATING</topic><topic>COMPUTING</topic><topic>COUNTING</topic><topic>ELECTRIC DIGITAL DATA PROCESSING</topic><topic>ORDER TELEGRAPHS</topic><topic>PHYSICS</topic><topic>SIGNALLING</topic><topic>SIGNALLING OR CALLING SYSTEMS</topic><toplevel>online_resources</toplevel><creatorcontrib>BHATKAR SANDEEP</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>BHATKAR SANDEEP</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>Systems and methods for distinguishing code of a program obfuscated within a packed program</title><date>2015-12-08</date><risdate>2015</risdate><abstract>A computer-implemented method for distinguishing code of a program obfuscated within a packed program may include (1) retrieving memory of the packed program that includes the code of the obfuscated program in an unobfuscated state and unpacking code that unpacks the code of the obfuscated program when the packed program is executed, (2) identifying an import address table within the memory of the packed program, (3) determining that the import address table is an import address table of the code of the obfuscated program, (4) determining that a region of code within the memory of the packed program may be the code of the obfuscated program by determining that the region of code uses the import address table, and (5) performing a security operation on the region of code. Various other methods, systems, and computer-readable media are also disclosed.</abstract><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier
ispartof
issn
language eng
recordid cdi_epo_espacenet_US9208314B1
source esp@cenet
subjects ALARM SYSTEMS
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
ORDER TELEGRAPHS
PHYSICS
SIGNALLING
SIGNALLING OR CALLING SYSTEMS
title Systems and methods for distinguishing code of a program obfuscated within a packed program
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-14T09%3A04%3A55IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=BHATKAR%20SANDEEP&rft.date=2015-12-08&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS9208314B1%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true