PROCESS WRAPPING METHOD FOR EVADING ANTI-ANALYSIS OF NATIVE CODES, RECORDING MEDIUM AND DEVICE FOR PERFORMING THE METHOD

摘要

A process wrapping method for bypassing native code analysis prevention includes: receiving an execution command to be executed in an application from an Android framework when the application is started; extracting metadata about strings and methods from the compiled OAT file using the oatdump tool existing inside the Android framework; determining whether analysis prevention technology is applied by comparing the information of the DB based on the transmitted execution command and the extracted metadata; modifying the execution command based on the determined information when the analysis prevention technology is applied; and transmitting the modified execution command back to the Android framework. Accordingly, it is possible to provide an environment in which malicious applications to which analysis prevention technologies are applied can be easily analyzed.