Themida TIGER 시리즈 가상 머신의 가상 명령어 추출 방안 연구

Vol. 34, No. 6, pp. 1297-1306, 12월. 2024
10.13089/JKIISC.2024.34.6.1297, Full Text:
Keywords: Themida, Code virtualization, De-virtualization, Unpacking
Abstract

Obfuscation is used to prevent the exposure of a software's algorithm. Although obfuscation employs various protection techniques, code virtualization, which creates a virtual CPU to interpret and execute arbitrary bytecode, makes analysis even more difficult. This paper examines the operational structure of VM TIGER series in Themida, a commercial obfuscation tool that supports code virtualization and has not yet had a method for extracting original instructions publicly disclosed. It also describes a method to extract instructions that serve as original instructions using taint analysis.

Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
이재휘, "A Study on Virtual Instruction Extraction Approaches for Themida VM TIGER," Journal of The Korea Institute of Information Security and Cryptology, vol. 34, no. 6, pp. 1297-1306, 2024. DOI: 10.13089/JKIISC.2024.34.6.1297.

[ACM Style]
이재휘. 2024. A Study on Virtual Instruction Extraction Approaches for Themida VM TIGER. Journal of The Korea Institute of Information Security and Cryptology, 34, 6, (2024), 1297-1306. DOI: 10.13089/JKIISC.2024.34.6.1297.