Random table and hash coding-based binary code obfuscation against stack trace analysis

Random table and hash coding-based binary code obfuscation against stack trace analysis

For access to this article, please select a purchase option:

Buy article PDF
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Code obfuscation is intended to thwart reverse engineering by making programmes hard to understand. Call chains collected by stack tracing can be used to understand the behaviour of programmes. To hinder reverse analysis of stack tracing, a binary code obfuscation method based on random obfuscated table and hash coding is proposed. Random obfuscated table is used to map call addresses while call and ret instructions are executing. Hash coding and random value can be used to encode and decode the data of stack frames in the run-time programmes. Experiment and analysis show that the obfuscation can effectively impede stack trace analysis and increase the cost of reverse analysis for programmes.


    1. 1)
    2. 2)
    3. 3)
      • 3. Collberg, C.S., Thomborson, C., Low, D.: ‘A taxonomy of obfuscating transformations’. Techical Report, 148, Department of Computer Science, University of Auckland, Auckland, New Zealand, 1997.
    4. 4)
      • 4. Zhu, W., Thomborson, C.D., Wang, F.Y.: ‘Obfuscate arrays by homomorphic functions’. Proc. IEEE Int. Conf. on Granular Computing, 2006, pp. 770773.
    5. 5)
    6. 6)
      • 6. Drape, S., Thomborson, C., Majumdar, A.: ‘Specifying imperative data obfuscations’. Proc. Tenth Int. Conf. on Information Security, 2007 (LNCS, 4779), pp. 299314.
    7. 7)
      • 7. Xin, Z., Chen, H., Han, H., et al: ‘Misleading malware similarities analysis by automatic data structure obfuscation’. Proc. 13th Int. Conf. on Information Security, 2010 (LNCS, 6531), pp. 181195.
    8. 8)
      • 8. Collberg, C., Thomborson, C., Low, D.: ‘Manufacturing cheap, resilient, and stealthy opaque constructs’. Proc. 25th SIGPLAN-SIGACT Symp. on Principles of Programming Languages, 1998, pp. 184196.
    9. 9)
      • 9. Majumdar, A., Thomborson, C.: ‘Manufacturing opaque predicates in distributed systems for code obfuscation’. Proc. 29th Int. Conf. on Australasian Computer Science, 2006, vol. 48, pp. 187196.
    10. 10)
      • 10. Wang, C., Hill, J., Knight, J., et al: ‘Software tamper resistance: obstructing static analysis of programs’. Technical Report, 12, Department of Computer Science, University of Virginia, 2000.
    11. 11)
      • 11. Ogiso, T., Sakabe, Y., Soshi, M., et al: ‘Software obfuscation on a theoretical basis and its implementation’, IEICE Trans. Fundam. Electron., 2003, 86, (1), pp. 176186.
    12. 12)
      • 12. Toyofuku, T., Tabata, T., Sakurai, K.: ‘Program obfuscation scheme using random numbers to complicate control flow’. Proc. Embedded and Ubiquitous Computing Workshops, 2005 (LNCS, 3823), pp. 916925.
    13. 13)
      • 13. Popov, I.V., Debray, S.K., Andrews, G.R.: ‘Binary obfuscation using signals’. Proc. 16th USENIX Security Symp., 2007, pp. 275290.
    14. 14)
    15. 15)
    16. 16)
      • 16. Kanzaki, Y., Monden, A., Nakamura, M., et al: ‘Exploiting self-modification mechanism for program protection’. Proc. 27th Int. Conf. on Computer Software and Applications, 2003, pp. 170179.
    17. 17)
    18. 18)
    19. 19)
      • 19. Xu, W., Zhang, F., Zhu, S.: ‘The power of obfuscation techniques in malicious JavaScript code: a measurement study’. Proc. Seventh IEEE Int. Conf. on Malicious and Unwanted Software, 2012, pp. 916.
    20. 20)
      • 20. Linn, C., Debray, S.: ‘Obfuscation of executable code to improve resistance to static disassembly’. Proc. Tenth Int. Conf. on Computer and Communications Security, 2003, pp. 290299.
    21. 21)
      • 21. LeDoux, C., Sharkey, M., Primeaux, B., et al: ‘Instruction embedding for improved obfuscation’. Proc. 50th Annual Southeast Regional Conf., 2012, pp. 130135.
    22. 22)
      • 22. Batchelder, M., Hendren, L.: ‘Obfuscation Java: the most pain for the least gain’. Proc. Int. Conf. on Compiler Construction, 2007 (LNCS, 4420), pp. 96110.
    23. 23)
      • 23. Anckaert, B., Jakubowski, M., Venkatesan, R., et al: ‘Run-time randomization to mitigate tampering’. Advances in Information and Computer Security, 2007 (LNCS, 4752), pp. 153168.
    24. 24)
    25. 25)
    26. 26)
      • 26. Wang, Z., Jia, C., Liu, M., et al: ‘Branch obfuscation using code mobility and signal’. Proc. IEEE 36th Int. Conf. on Computer Software and Applications Workshops, 2012, pp. 553558.
    27. 27)
      • 27. Schrittwieser, S., Katzenbeisser, S.: ‘Code obfuscation against static and dynamic reverse engineering’. Information Hiding, 2011 (LNCS, 6958), pp. 270284.
    28. 28)
      • 28. Stephen, C., Andrei, H., Stefan, B., et al: ‘Thwarting cache side-channel attacks through dynamic software diversity’. Proc. Symp. on Network and Distributed System Security, 2015, pp. 114.
    29. 29)
      • 29. Richard, W., Vishwath, M., Kevin, W.H., et al: ‘Binary stirring: self-randomizing instruction addresses of legacy x86 binary code’. ACM Conf. on Computer and Communication Security, 2012, pp. 157168.
    30. 30)
      • 30. Zhang, M.W., Sekar, R.: ‘Control flow integrity for COTS binaries’. Proc. the 22nd USENIX Conf. on Security, 2013, pp. 337352.
    31. 31)
    32. 32)
    33. 33)
      • 33. Horne, B., Matheson, L., Sheehan, C., et al: ‘Dynamic self-checking techniques for improved tamper resistance’. Security and Privacy in Digital Rights Management, 2002 (LNCS, 2320), pp. 141159.
    34. 34)
      • 34. Skape: ‘Reducing the effective entropy of GS cookies’ (Uninformed, 2007). Available at, accessed March 2015.
    35. 35)
      • 35. Masaki Suenaga: ‘A museum of API obfuscation on win32’ (Symantec, 2009). Available at, accessed March 2015.

Related content

This is a required field
Please enter a valid email address