A great deal of software is distributed in the form of executable code. The ability to reverse engineer such executables can create opportunities for theft of intellectual property via software piracy, as well as security breaches by allowing attackers to discover vulnerabilities in an application. The process of reverse engineering an executable program typically begins with disassembly, which translates machine code to assembly code. This is then followed by various decompilation steps that aim to recover higher-level abstractions from the assembly code. Most of the work to date on code obfuscation has focused on disrupting or confusing the decompilation phase. This paper, by contrast, focuses on the initial disassembly phase. Our goal is to disrupt the static disassembly process so as to make programs harder to disassemble correctly. We describe two widely used static disassembly algorithms, and discuss techniques to thwart each of them. Experimental results indicate that significant portions of executables that have been obfuscated using our techniques are disassembled incorrectly, thereby showing the efficacy of our methods.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	David Aucsmith, Tamper Resistant Software: An Implementation, Proceedings of the First International Workshop on Information Hiding, p.317-333, May 30-June 01, 1996
	2	Robert L. Bernstein, Producing good code for the case statement, Software—Practice & Experience, v.15 n.10, p.1021-1024, Oct. 1985  [doi>10.1002/spe.4380151009]
	3	W. Cho, I. Lee, and S. Park. Againt intelligent tampering: Software tamper resistance by extended control flow obfuscation. In Proc. World Multiconference on Systems, Cybernetics, and Informatics. International Institute of Informatics and Systematics, 2001.
	4	Cristina Cifuentes , K. John Gough, Decompilation of binary programs, Software—Practice & Experience, v.25 n.7, p.811-829, July 1995  [doi>10.1002/spe.4380250706]
	5	Cristina Cifuentes , Mike Van Emmerik, UQBT: Adaptable Binary Translation at Low Cost, Computer, v.33 n.3, p.60-66, March 2000  [doi>10.1109/2.825697]
	6	Cristina Cifuentes , Mike Van Emmerik, Recovery of jump table case statements from binary code, Science of Computer Programming, v.40 n.2-3, p.171-188, July 2001  [doi>10.1016/S0167-6423(01)00014-4]
	7	F. B. Cohen. Operating system protection through program evolution, 1992. http://all.net/books/IP/evolve.html.
	8	Robert S. Cohn , David W. Goodwin , P. Geoffrey Lowney, Optimizing alpha executables on Windows NT with spike, Digital Technical Journal, v.9 n.4, p.3-20, April 1998
	9	Christian Collberg , Clark Thomborson, Software watermarking: models and dynamic embeddings, Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.311-324, January 20-22, 1999, San Antonio, Texas, United States  [doi>10.1145/292540.292569]
	10	C. Collberg and C. Thomborson. Watermarking, tamper-proofing, and obfuscation -- tools for software protecti on. Technical Report TR00-03, The Department of Computer Science, University of Arizona, February 2000.
	11	Christian Collberg , Clark Thomborson , Douglas Low, Breaking Abstractions and Unstructuring Data Structures, Proceedings of the 1998 International Conference on Computer Languages, p.28, May 14-16, 1998
	12	Christian Collberg , Clark Thomborson , Douglas Low, Manufacturing cheap, resilient, and stealthy opaque constructs, Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.184-196, January 19-21, 1998, San Diego, California, United States  [doi>10.1145/268946.268962]
	13	DataRescue sa/nv, Liege, Belgium. IDA Pro. http://www.datarescue.com/idabase/.
	14	Michael L. Fredman , János Komlós , Endre Szemerédi, Storing a Sparse Table with 0(1) Worst Case Access Time, Journal of the ACM (JACM), v.31 n.3, p.538-544, July 1984  [doi>10.1145/828.1884]
	15	John R. Levine, Linkers and Loaders, Morgan Kaufmann Publishers Inc., San Francisco, CA, 1999
	16	David Lie Chandramohan Thekkath , Mark Mitchell , Patrick Lincoln , Dan Boneh , John Mitchell , Mark Horowitz, Architectural support for copy and tamper resistant software, Proceedings of the ninth international conference on Architectural support for programming languages and operating systems, p.168-177, November 2000, Cambridge, Massachusetts, United States
	17	K. Mehlhorn , A. Tsakalidis, Data structures, Handbook of theoretical computer science (vol. A): algorithms and complexity, MIT Press, Cambridge, MA, 1991
	18	Robert Muth , Saumya K. Debray , Scott Watterson , Koen De Bosschere, Alto: a link-time optimizer for the Compaq alpha, Software—Practice & Experience, v.31 n.1, p.67-101, Jan. 2001  [doi>10.1002/1097-024X(200101)31:1<67::AID-SPE357>3.0.CO;2-A]
	19	Objdump. GNU Manuals Online. GNU Project---Free Software Foundation. http://www.gnu.org/manual/binutils-2.10.1/html_chapter/binutils_4.html.
	20	T. Ogiso, Y. Sakabe, M. Soshi, and A. Miyaji. Software obfuscation on a theoretical basis and its implementation. IEEE Trans. Fundamentals, E86-A(1), January 2003.
	21	B. Schwarz, S. K. Debray, and G. R. Andrews. Plto: A link-time optimizer for the Intel IA-32 architecture. In Proc. 2001 Workshop on Binary Translation (WBT-2001), 2001.
	22	B. Schwarz , S. Debray , G. Andrews, Disassembly of Executable Code Revisited, Proceedings of the Ninth Working Conference on Reverse Engineering (WCRE'02), p.45, October 29-November 01, 2002
	23	Richard L. Sites , Anton Chernoff , Matthew B. Kirk , Maurice P. Marks , Scott G. Robinson, Binary translation, Communications of the ACM, v.36 n.2, p.69-81, Feb. 1993  [doi>10.1145/151220.151227]
	24	A. Srivastava and D. W. Wall. A practical system for intermodule code optimization at link-time. Journal of Programming Languages, 1(1):1--18, March 1993.
	25	H. Theiling, Extracting safe and precise control flow from binaries, Proceedings of the Seventh International Conference on Real-Time Systems and Applications (RTCSA'00), p.23, December 12-14, 2000
	26	Chenxi Wang , Jonathan Hill , John C. Knight , Jack W. Davidson, Protection of Software-Based Survivability Mechanisms, Proceedings of the 2001 International Conference on Dependable Systems and Networks (formerly: FTCS), p.193-202, July 01-04, 2001
	27	Chenxi Wang , Jonathan Hill , John Knight , Jack Davidson, Software Tamper Resistance: Obstructing Static Analysis of Programs, University of Virginia, Charlottesville, VA, 2000
	28	G. Wroblewski. General Method of Program Code Obfuscation. PhD thesis, Wroclaw University of Technology, Institute of Engineering Cybernetics, 2002.