• Title/Summary/Keyword: 상용 컴퓨터코드

Search Result 28, Processing Time 0.023 seconds

Improved Original Entry Point Detection Method Based on PinDemonium (PinDemonium 기반 Original Entry Point 탐지 방법 개선)

  • Kim, Gyeong Min;Park, Yong Su
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.7 no.6
    • /
    • pp.155-164
    • /
    • 2018
  • Many malicious programs have been compressed or encrypted using various commercial packers to prevent reverse engineering, So malicious code analysts must decompress or decrypt them first. The OEP (Original Entry Point) is the address of the first instruction executed after returning the encrypted or compressed executable file back to the original binary state. Several unpackers, including PinDemonium, execute the packed file and keep tracks of the addresses until the OEP appears and find the OEP among the addresses. However, instead of finding exact one OEP, unpackers provide a relatively large set of OEP candidates and sometimes OEP is missing among candidates. In other words, existing unpackers have difficulty in finding the correct OEP. We have developed new tool which provides fewer OEP candidate sets by adding two methods based on the property of the OEP. In this paper, we propose two methods to provide fewer OEP candidate sets by using the property that the function call sequence and parameters are same between packed program and original program. First way is based on a function call. Programs written in the C/C++ language are compiled to translate languages into binary code. Compiler-specific system functions are added to the compiled program. After examining these functions, we have added a method that we suggest to PinDemonium to detect the unpacking work by matching the patterns of system functions that are called in packed programs and unpacked programs. Second way is based on parameters. The parameters include not only the user-entered inputs, but also the system inputs. We have added a method that we suggest to PinDemonium to find the OEP using the system parameters of a particular function in stack memory. OEP detection experiments were performed on sample programs packed by 16 commercial packers. We can reduce the OEP candidate by more than 40% on average compared to PinDemonium except 2 commercial packers which are can not be executed due to the anti-debugging technique.

Evaluation of Micro-defects and Air Tightness of Al Die-casting by Impregnation of Organic Solvent (유기용제 함침법을 통한 알루미늄 다이캐스팅의 미세결함 및 기밀성 평가)

  • Lee, Jin-Wook;Cho, Chang-hyun;Kim, Sung-Gye;Ko, Young-Gun;Kim, Dong-Ju
    • Journal of Korea Foundry Society
    • /
    • v.42 no.4
    • /
    • pp.218-225
    • /
    • 2022
  • For hydrogen-vehicle applications (air pressure control valve housing, APCVH), an investigation was conducted to determine how micro-defects in a high- pressure die-casted Al alloy (industrial code: ALDC12) could be controlled by means of a post-treatment using an organic-based impregnation solution in order to improve the air- tightness of the die-casted Al sample. Two different impregnation solutions were proposed and its test results were compared to a imported product from Japan with respect to the processing variables used. A structural investigation of the components under study was conducted by means of computer tomography and 3D X-ray micro-CT. These observations revealed that the use of the impregnation treatment to seal micro-defects led to highly significant and beneficial changes which were attributed mainly to interconnections among inherent micro-pores. A leak test after impregnation revealed that the performance improvement rate of the die-casted Al sample was ~70% for INNO-01. Therefore, the developed impregnation solutions offer an effective strategy to control the micro-defects found in various vehicle parts via die-casting.

Analysis of Anti-Reversing Functionalities of VMProtect and Bypass Method Using Pin (VMProtect의 역공학 방해 기능 분석 및 Pin을 이용한 우회 방안)

  • Park, Seongwoo;Park, Yongsu
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.10 no.11
    • /
    • pp.297-304
    • /
    • 2021
  • Commercial obfuscation tools (protectors) aim to create difficulties in analyzing the operation process of software by applying obfuscation techniques and Anti-reversing techniques that delay and interrupt the analysis of programs in software reverse engineering process. In particular, in case of virtualization detection and anti-debugging functions, the analysis tool exits the normal execution flow and terminates the program. In this paper, we analyze Anti-reversing techniques of executables with Debugger Detection and Viralization Tools Detection options through VMProtect 3.5.0, one of the commercial obfuscation tools (protector), and address bypass methods using Pin. In addition, we predicted the location of the applied obfuscation technique by finding out a specific program termination routine through API analysis since there is a problem that the program is terminated by the Anti-VM technology and the Anti-DBI technology and drew up the algorithm flowchart for bypassing the Anti-reversing techniques. Considering compatibility problems and changes in techniques from differences in versions of the software used in experiment, it was confirmed that the bypass was successful by writing the pin automation bypass code in the latest version of the software (VMProtect, Windows, Pin) and conducting the experiment. By improving the proposed analysis method, it is possible to analyze the Anti-reversing method of the obfuscation tool for which the method is not presented so far and find a bypass method.

Development of an MCNP-Based Cone-Beam CT Simulator (MCNP 기반의 CBCT 전산모사 시스템 개발)

  • Lim, Chang-Hwy;Cho, Min-Kook;Han, Jong-Chul;Youn, Han-Bean;Yun, Seung-Man;Cheong, Min-Ho;Kim, Ho-Kyung
    • Journal of the Korean Society for Nondestructive Testing
    • /
    • v.29 no.4
    • /
    • pp.351-359
    • /
    • 2009
  • We have developed a computer simulator fur cone-beam computed tomography (CBCT) based on the commercial Monte Carlo code, MCNP. All the functions to generate input files, run MCNP, convert output files to image data, reconstruct tomographs were realized in graphical user-interface form. The performance of the simulator was demonstrated by comparing with the experimental data. Although some discrepancies were observed due to the ignorance of the detailed physics in the simulation, such as scattered X-rays and noise in image sensors, the overall tendency was well agreed between the measured and simulated data. The developed simulator will be very useful for understanding the operation and the better design of CT systems.

Porting gcc Based eCos OS and PROFINET Communication Stack to IAR (gcc 기반 eCos 운영체제 및 PROFINET 통신 스택의 IAR 포팅 방법)

  • Jin Ho Kim
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.12 no.4
    • /
    • pp.127-134
    • /
    • 2023
  • This paper describes how to port the eCos operating system and PROFINET communication stack developed based on gcc to the IAR compiler. The eCos operating system provides basic functions such as multi-thread, TCP/IP, and device driver for PROFINET operation, so there is no need to change it when developing PROFINET applications. Therefore, in this study, we reuse an eCos library built with gcc and it link with PROFINET communication stack that are ported to IAR complier. Due to the different of the gcc and IAR linker, symbol definitions and address of the constructors should be changed using the external tool that generates symbol definitions and address of the constructors from MAP file. In order to verify the proposed method, it was confirmed that the actual I/O was operating normally through PROFINET IRT communication by connecting to the Siemens PLC. IAR compiler has better performance in both the compile time and the size of the generated binary. The proposed method in this study is expected to help port various open sources as well as eCos and PROFINET communication stacks to other compilers.

Comparative Study of Approximate Optimization Techniques in CAE-Based Structural Design (구조 최적설계를 위한 다양한 근사 최적화기법의 적용 및 비교에 관한 연구)

  • Song, Chang-Yong;Lee, Jong-Soo
    • Transactions of the Korean Society of Mechanical Engineers A
    • /
    • v.34 no.11
    • /
    • pp.1603-1611
    • /
    • 2010
  • The comparative study of regression-model-based approximate optimization techniques used in the strength design of an automotive knuckle component that will be under bump and brake loading conditions is carried out. The design problem is formulated such that the cross-sectional sizing variables are determined by minimizing the weight of the knuckle component that is subjected to stresses, deformations, and vibration frequency constraints. The techniques used in the comparative study are sequential approximate optimization (SAO), sequential two-point diagonal quadratic approximate optimization (STDQAO), and approximate optimization based on enhanced moving least squares method (MLSM), such as CF (constraint feasible)-MLSM and Post-MLSM. Commercial process integration and design optimization (PIDO) tools are utilized for the application of SAO and STDQAO. The enhanced MLSM-based approximate optimization techniques are newly developed to ensure constraint feasibility. The results of the approximate optimization techniques are compared with those of actual non-approximate optimization to evaluate their numerical performances.

Prestack Depth Migration for Gas Hydrate Seismic Data of the East Sea (동해 가스 하이드레이트 탄성파자료의 중합전 심도 구조보정)

  • Jang, Seong-Hyung;Suh, Sang-Yong;Go, Gin-Seok
    • Economic and Environmental Geology
    • /
    • v.39 no.6 s.181
    • /
    • pp.711-717
    • /
    • 2006
  • In order to study gas hydrate, potential future energy resources, Korea Institute of Geoscience and Mineral Resources has conducted seismic reflection survey in the East Sea since 1997. one of evidence for presence of gas hydrate in seismic reflection data is a bottom simulating reflector (BSR). The BSR occurs at the interface between overlaying higher velocity, hydrate-bearing sediment and underlying lower velocity, free gas-bearing sediment. That is often characterized by large reflection coefficient and reflection polarity reverse to that of seafloor reflection. In order to apply depth migration to seismic reflection data. we need high performance computers and a parallelizing technique because of huge data volume and computation. Phase shift plus interpolation (PSPI) is a useful method for migration due to less computing time and computational efficiency. PSPI is intrinsically parallelizing characteristic in the frequency domain. We conducted conventional data processing for the gas hydrate data of the Ease Sea and then applied prestack depth migration using message-passing-interface PSPI (MPI_PSPI) that was parallelized by MPI local-area-multi-computer (MPI_LAM). Velocity model was made using the stack velocities after we had picked horizons on the stack image with in-house processing tool, Geobit. We could find the BSRs on the migrated stack section were about at SP 3555-4162 and two way travel time around 2,950 ms in time domain. In depth domain such BSRs appear at 6-17 km distance and 2.1 km depth from the seafloor. Since energy concentrated subsurface was well imaged we have to choose acquisition parameters suited for transmitting seismic energy to target area.

Benchmark Results of a Monte Carlo Treatment Planning system (몬데카를로 기반 치료계획시스템의 성능평가)

  • Cho, Byung-Chul
    • Progress in Medical Physics
    • /
    • v.13 no.3
    • /
    • pp.149-155
    • /
    • 2002
  • Recent advances in radiation transport algorithms, computer hardware performance, and parallel computing make the clinical use of Monte Carlo based dose calculations possible. To compare the speed and accuracies of dose calculations between different developed codes, a benchmark tests were proposed at the XIIth ICCR (International Conference on the use of Computers in Radiation Therapy, Heidelberg, Germany 2000). A Monte Carlo treatment planning comprised of 28 various Intel Pentium CPUs was implemented for routine clinical use. The purpose of this study was to evaluate the performance of our system using the above benchmark tests. The benchmark procedures are comprised of three parts. a) speed of photon beams dose calculation inside a given phantom of 30.5 cm$\times$39.5 cm $\times$ 30 cm deep and filled with 5 ㎣ voxels within 2% statistical uncertainty. b) speed of electron beams dose calculation inside the same phantom as that of the photon beams. c) accuracy of photon and electron beam calculation inside heterogeneous slab phantom compared with the reference results of EGS4/PRESTA calculation. As results of the speed benchmark tests, it took 5.5 minutes to achieve less than 2% statistical uncertainty for 18 MV photon beams. Though the net calculation for electron beams was an order of faster than the photon beam, the overall calculation time was similar to that of photon beam case due to the overhead time to maintain parallel processing. Since our Monte Carlo code is EGSnrc, which is an improved version of EGS4, the accuracy tests of our system showed, as expected, very good agreement with the reference data. In conclusion, our Monte Carlo treatment planning system shows clinically meaningful results. Though other more efficient codes are developed such like MCDOSE and VMC++, BEAMnrc based on EGSnrc code system may be used for routine clinical Monte Carlo treatment planning in conjunction with clustering technique.

  • PDF