摘要
定位程序中各种关键函数的位置是软件逆向分析的一个重要工作。针对封装技术的不同设计特点采用不同的逆向分析方法,通过分析MFC程序的消息处理机制,提出了一种针对MFC程序消息处理函数地址的快速定位技术。最后,对该定位技术进行实例测试,结果表明,该技术能快速准确定位出MFC的目标函数,有效提高了程序逆向分析效率。
It is important to locate all kinds of key-functions in the program in software reverse analysis. Instructed by the idea that using different converse analysis technique for different encapsulated technology, the theory and implementation of message process mechanism of MFC programs were analyzed, and speedy search and location for all kinds of message- processing functions of MFC were realized. From the result in actual tests, this method can speedily search and locate the functions, and raise the efficiency of reverse analysis.
出处
《计算机应用》
CSCD
北大核心
2009年第5期1393-1396,1400,共5页
journal of Computer Applications
关键词
微软基础类库
逆向分析
函数定位
消息处理
Microsoft Fundation Class (MFC)
reverse analysis
locate function
message process