9 ANTI-DISASSEMBLY
Because disassemblers break down binary files into assembly code based on their own (often very complex) algorithms, there’s some room for error. Malware authors are aware of this vulnerability and can actively exploit it. They may also attempt to obfuscate the malware’s control flow or string and API function call references, making the code especially difficult to navigate statically. These are examples of anti-disassembly techniques, or ways in which malware complicates the process of reverse engineering code with a disassembler. In this chapter, we’ll look at these tactics in depth and what malware analysts can do ...
Get Evasive Malware now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
