earticle

한국어

Jump displacement is regarded as part of instruction displacement, which can be used for code diversification and code randomization. In this paper, we implement jump displacement technique on benign PE (Portable Executable) files through IDA Pro 7.0 in Windows systems. We then evaluate the performance of Jump displacement technique. More specifically, we implement jump displacement technique on 30 benign PE files and perform evaluation of them through IDA Pro 7.0. Our evaluation results demonstrate that jump displacement can cause an increase in the number of anti-virus engines misclassifying benign PE files as malware. Moreover, we discern that the larger number of machine codes affected by jump displacement technique in benign PE files can lead to the higher chance that IDA Pro 7.0 fails to disassemble correctly benign PE files, leading to malfunction of benign PE files.