Improvements on Hiding x86-64 Instructions by Interleaving

Authors

  • William Mahoney University of Nebraska at Omaha
  • Todd McDonald University of South Alabama
  • George Grispos University of Nebraska at Omaha
  • Sayonnha Mandal University of Nebraska at Omaha

DOI:

https://doi.org/10.34190/iccws.18.1.987

Abstract

This paper presents the results of a new method for interleaving CPU instructions in x86-64 machine code, such that one can hide executable code within other valid instructions. The aim is to make it more difficult to reverse-engineer software at a machine code level – to obfuscate instructions. A result is a hidden execution path within a visible main instruction path. While previous methods for this instruction obfuscation exist, we present a new method which builds upon past work, and which allows a greater flexibility in the selection of main instruction path instructions. The result of this new approach is to provide a methodology for instruction concealment which is free of restrictions present in prior work.  

Author Biographies

Todd McDonald, University of South Alabama

Professor

Computer Science Department

George Grispos, University of Nebraska at Omaha

Assistant Professor

School of Interdisciplinary Informatics

Sayonnha Mandal, University of Nebraska at Omaha

Lecturer

School of Interdisciplinary Informatics

Downloads

Published

2023-02-28