Reverse Code Engineering - State of the Art and Countermeasures

摘要

Reverse Code Engineering (RCE) is, loosely speaking, the process of analyzing a piece of code in order to understand it. RCE is often used to analyze proprietary, binary programs, and in the last few years this research area has evolved a lot. In this article, we survey and structure the area of reverse code engineering. We focus on different techniques to recover both the control and data flow of a given binary program, for which no source code is available. Furthermore, we also discuss analysis techniques for malicious software (short: malware), which is commonly protected to resist analysis. We present the current state of the art of such protection techniques, while dividing them into active and passive measures. Our survey focusses on reverse engineering of binary native code for the Intel/AMD x86 architecture, and we thus disregard analysis of byte-code like Java or .NET. Nevertheless, most of the techniques presented in this article can be transferred to other architectures and operating system as well.