This commit is contained in:
Jean-Marie Mineau
parent
e9bc1572e9
commit
ed8bbd12e5
GPG key ID:
B66AEEDA9B645AD2
8 changed files with 85 additions and 24 deletions
|
|
@ -83,8 +83,7 @@ Reflection is another common obfuscation technique against static analysis.
|
|||
Instead of directly invoking methods, the generic `Method.invoke()` #API is used, and the method is retrieved from its name in the form of a character string.
|
||||
Finding the value of this string can be quite difficult to determine statically, so it is once again an issue more suitable for dynamic analysis.
|
||||
When encountering a complex case of reflection (#ie using ciphered strings) or code loading, a reverse engineer will switch to dynamic analysis to collect the relevant data (the name of the methods called or the code that was loaded), then switch back to static analysis.
|
||||
This is doable for a manual analysis; unfortunately, the more automated tools that would require that runtime information to perform an accurate analysis may not have a way to access this new data.
|
||||
This led us to our last problem statement:
|
||||
This is doable for a manual analysis; unfortunately, the more complex tools that would require that runtime information to perform an accurate analysis may not have a way to access this new data.
|
||||
][
|
||||
|
||||
Peu developpé.
|
||||
|
|
@ -95,6 +94,8 @@ This led us to our last problem statement:
|
|||
|
||||
TODO: trouver un example simple a formuler
|
||||
]
|
||||
Some contribution made the results they computed available to other tools by modifying the application (intrumenting) in a way that reflect those results.
|
||||
This led us to our last problem statement:
|
||||
#highlight-block(breakable: false)[
|
||||
*Pb3*: #pb3-text
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue