A code protection method against function call analysis in P2P network

Abstract

The P2P network has the characteristics of opening and sharing, and a large number of managing and controlling software are deployed on the distributed network nodes. Hence, it is a significant problem to protect software on these untrusted nodes from being maliciously reversed and tampered, and eventually guarantee the P2P network security. Function calls are often the important targets of reverse analysis, which can reveal the software structure and functionality and contribute to malicious attacks. Attackers can identify function calls and execution paths through static code analysis, and can also obtain function call sequences and determine function call relations through dynamic stack backtracking analysis. In terms of these problems, this paper proposes a code protection method against function call analysis. In the static aspect, the techniques such as function address mapping and instruction overlap are employed to hide the function execution paths. In the dynamic aspect, the techniques such as stack frame migration are used to protect the function call sequences and relations from stack backtracking. The method is evaluated in terms of validity, space overhead and time overhead respectively. The experimental results indicate that the method can effectively resist some specific static and dynamic reverse analysis of function calls, and has good space and time overhead performances.