Invention Grant
- Patent Title: Process wrapping method for evading anti-analysis of native codes, recording medium and device for performing the method
-
Application No.: US17287056Application Date: 2021-01-28
-
Publication No.: US11886589B2Publication Date: 2024-01-30
- Inventor: Jeong Hyun Yi , Yong Gu Shin
- Applicant: Foundation of Soongsil University-Industry Cooperation
- Applicant Address: KR Seoul
- Assignee: FOUNDATION OF SOONGSIL UNIVERSITY-INDUSTRY COOPERATION
- Current Assignee: FOUNDATION OF SOONGSIL UNIVERSITY-INDUSTRY COOPERATION
- Current Assignee Address: KR Seoul
- Agency: Stein IP, LLC
- Priority: KR 20200161386 2020.11.26
- International Application: PCT/KR2021/001131 2021.01.28
- International Announcement: WO2022/114391A 2022.06.02
- Date entered country: 2021-04-20
- Main IPC: G06F21/56
- IPC: G06F21/56 ; G06F8/41 ; G06F21/54 ; G06F21/57
Abstract:
A process wrapping method for bypassing native code anti-analysis includes receiving an execution instruction intended to run in an application from an Android framework when the application starts, extracting metadata of string and method from a compiled OAT file using an oatdump tool in the Android framework, determining if anti-analysis techniques are applied by comparing with information of a database (DB) based on the transmitted execution instruction and the extracted metadata, modifying the execution instruction based on the determined information when the anti-analysis technique is applied, and sending the modified execution instruction back to the Android framework. Accordingly, it is possible to provide an environment in which malicious applications to which anti-analysis techniques are applied can be easily analyzed.
Public/Granted literature
Information query
