Добірка наукової літератури з теми "Executabel file formats"

The very first step of each tool such as linker, disassembler, or debugger is parsing of an input executable or object file. These files are stored in one of the existing object file formats (OFF). Retargetable tools are not limited to any particular target platform and they have to deal with handling of several OFFs. Handling of these formats is similar to parsing of computer languages - both of them have a predefined structure and a list of allowed constructions. However, OFF constructions are heavily mutually interconnected and they create context-sensitive units. In present, there is no generic system, which can be used for OFF description and its effective parsing. In this paper, we propose a formal language that can be used for OFF description. Furthermore, we present a design of a context parser of this language that is based on the formal models. The major advance of this solution is an ability to describe context-sensitive properties on the level of the language itself. This concept is planned to be used in the existing retargetable decompiler developed within the Lissom project. In this project, the language and its parser will be used for an object file parsing and its automatic conversion into the internal uniform file format. It is important to say that the concept of this parser can be utilized within other programming languages.

This paper discusses the Trojan horse detection methods by analysis on Portable Executable File Format through which we can get much useful information. In order to deal with the information extracted from Portable Executable file, our methods constructed a decision tree based on C5.0 decision tree algorithm. Our approach can be divided into two steps. Firstly, we extracted some features from Portable Executable file by a portable executable attribute filter. Secondly, we handled the features extracted and then construct a classifier to identify the Trojan horse. The original in this paper is the application of a more effective algorithm C5.0 to construct the decision tree.

The safety problem with information circulating in corporate informationcomputer nets is urgent under conditions of presentday information society. The authors have developed a generalized functional model of the process of controlled access differentiation. At the same time come forward users identified by accounts as access subjects in the model and files of documentation formats are objects. Rules for the differentiation of a subject access to objects are specified as a matrix of powers taking into account marks of confidentiality. A distinguishing feature consists in that a container storing data is protected on basis of the method of indistinguishable obfuscation. The model developed allows storing data in a uniformed kind and ensuring a single method for an access to them. For safe storing is used a format of the protected container where information is stored in an obfuscated form. A container represents an executable file having a number of preset properties and functions allowing unambiguously the user identification, differentiation of an access to data (rights: to read, write, and assignation), assurance of the security for a confidence of the document implemented. The container format ensures its safe storing and transmission through a network.

The Bioconductor Gateway on the F1000Research platform is a channel for peer-reviewed and citable publication of end-to-end data analysis workflows rooted in the Bioconductor ecosystem. In addition to the largely static journal publication, it is hoped that authors will also deposit their workflows as executable documents on Bioconductor, where the benefits of regular code testing and easy updating can be realized. Ideally these two endpoints would be met from a single source document. However, so far this has not been easy, due to lack of a technical solution that meets both the requirements of the F1000Research article submission format and the executable documents on Bioconductor. Submission to the platform requires a LaTeX file, which many authors traditionally have produced by writing an Rnw document for Sweave or knitr. On the other hand, to produce the HTML rendering of the document hosted by Bioconductor, the most straightforward starting point is the R Markdown format. Tools such as pandoc enable conversion between many formats, but typically a high degree of manual intervention used to be required to satisfactorily handle aspects such as floating figures, cross-references, literature references, and author affiliations. The BiocWorkflowTools package aims to solve this problem by enabling authors to work with R Markdown right up until the moment they wish to submit to the platform.

Macro based Malware has taken a great rise is these recent years, Attackers are now using this malware for hacking purposes. This virus is embedded inside the macro of a word document and can be used to infect the victim’s machine. These infected files are usually sent through emails and all antivirus software are unable to detect the virus due to the format of the file. Due to the format being a rich text file and not an executable file, the infected file is able to bypass all security. Hence it is necessary to develop a detection system for such attacks to help reduce the threat. Technical research is carried out to identify the tools and techniques essential in the completion of this system. Research on methodology is done to finalise which development cycle will be used and how functions will be carried out at each phase of the development cycle. This paper outlines the problems that people face once they are attacked through macro malwares and the way it can be mitigated. Lastly, all information necessary to start the implementation has been gathered and analysed

As interest in Internet of Things environments rapidly increases throughout the IT convergence field, compatibility with mobile devices must be provided to enable personalized services. The security of mobile platforms and applications is critical because security vulnerabilities of mobile devices can be spread to all things in these environments. Android, the leading open mobile platform, has long used the Dalvik virtual machine as its runtime system. However, it has recently been completely replaced by a new runtime system, namely Android Runtime (ART). The change from Android’s Dalvik to ART means that the existing Dalvik bytecode-based application execution structure has been changed to a machine code-based application execution structure. Consequently, a detailed understanding of ART, such as new file formats and execution switching methods between codes, is required from the viewpoint of application security. In this paper, we demonstrate that an existing Dalvik-based application vulnerability can be exploited as-is in ART. This is because existing Dalvik executable files coexist in the ART executable file, and these Dalvik bytecodes and compiled machine codes have one-to-one mapping relationships. We then propose an ART-based application protection scheme to secure this by dynamically eliminating the one-to-one mapping. In addition, the proposed scheme is implemented to evaluate its reverse engineering resistance and performance through experiments.

The method of basic static analysis of harmful software is considered, which is based on searching and analyzing the term in files that are built using the PE (Portable Executable) format. The method of basic static analysis of malicious software is considered, which is based on the analysis of headers of executable files, and dynamic libraries, which are built using the PE format. An extended static analysis method is considered, which, in addition to analyzing the term and file headers, uses disassembly of executable files and dynamic libraries and further analysis of the resulting assembler text. In order to penetrate the operating system, cybercriminals use specialized software and network attacks. Moreover, a network attack does not have to be massive and widespread. To penetrate a particular operating system, for example, you can take advantage of vulnerabilities in both the operating system itself and the software that is installed on such an operating system. Moreover, successful attacks of this type are often made quiet and unobtrusive. To prevent hacker attacks that are accompanied by hidden software installation and to minimize harm from such attacks, it is necessary to apply adequate countermeasures in a timely manner. One of the most widespread and easy methods of fighting hackers is the timely updating of software, virus databases, installation and configuration of a firewall. Everything related to software updates is a reaction to threats that have already been identified. Therefore, the software update does not provide protection against the threats just identified. That is why the signatures of virus databases are created as a result of the analysis of the detected virus programs. Antivirus software also uses program behavior analysis to enhance the detection of malware. But even in this case, it is necessary to analyze the disassembled text of malicious software to identify new types of abnormal activity. Therefore, the analysis of malicious software is an urgent task and determines the direction of the study.

The process of detecting malicious code by anti-virus systems is considered. The main part of this process is the procedure for analyzing a file or process. Artificial neural networks based on the adaptive-resonance theory are proposed to use as a method of analysis. The graph2vec vectorization algorithm is used to represent the analyzed program codes in numerical format. Despite the fact that the use of this vectorization method ignores the semantic relationships between the sequence of executable commands, it allows to reduce the analysis time without significant loss of accuracy. The use of an artificial neural network ART-2m with a hierarchical memory structure made it possible to reduce the classification time for a malicious file. Reducing the classification time allows to set more memory levels and increase the similarity parameter, which leads to an improved classification quality. Experiments show that with this approach to detecting malicious software, similar files can be recognized by both size and behavior.

Malware has become one of the most serious threats to computer information system and the current malware detection technology still has very significant limitations. In this paper, we proposed a malware detection approach by mining format information of PE (portable executable) files. Based on in-depth analysis of the static format information of the PE files, we extracted 197 features from format information of PE files and applied feature selection methods to reduce the dimensionality of the features and achieve acceptable high performance. When the selected features were trained using classification algorithms, the results of our experiments indicate that the accuracy of the top classification algorithm is 99.1% and the value of the AUC is 0.998. We designed three experiments to evaluate the performance of our detection scheme and the ability of detecting unknown and new malware. Although the experimental results of identifying new malware are not perfect, our method is still able to identify 97.6% of new malware with 1.3% false positive rates.

This is the world’s first tutorial article on Python Packaging for beginners and practitioners for translational medicine or medicine in general. This tutorial will allow researchers to demonstrate and showcase their tools on PyPI packages around the world. Nowadays, for translational medicine, researchers need to deal with big data. This paper describes how to build an executable Python Package Index (PyPI) code and package. PyPI is a repository of software for the Python programming language with 5,019,737 files and 544,359 users (programmers) as of 19 October 2021. First, programmers must understand how to scrape a dataset over the Internet; second, they must read the dataset file in csv format; third, build a program to compute the target values; fourth, convert the Python program to the PyPI package.; and fifth, upload the PyPI package. This paper depicts a covidlag executable package as an example for calculating the accurate case fatality rate (CFR) and the lag time from infection to death. You can install the covidlag by pip terminal command and test it. This paper also introduces deathdaily and scorecovid packages on PyPI Stats, which can inform how many users have downloaded the specified PyPI package. The usefulness and applicability of a developed tool can be verified by PyPI Stats with the number of downloaded users.

L'importance des systèmes informatiques dans les sociétés modernes ne cesse de croître, tout comme les dommages causés par les logiciels malveillants. L'industrie de la sécurité et les auteurs de logiciels malveillants se sont engagés dans une course aux armements, dans laquelle les premiers créent de meilleurs systèmes de détection tandis que les seconds tentent de les contourner. En fait, toute hypothèse erronée (aussi subtile soit-elle) dans la conception d'un outil anti-malware peut créer de nouvelles voies pour échapper à la détection. Cette thèse se concentre sur deux aspects souvent négligés des techniques modernes d'analyse des logiciels malveillants : l'utilisation d'informations au niveau de l'API pour coder le comportement malveillant et la réimplémentation des routines d'analyse des formats de fichiers exécutables dans les outils orientés sécurité. Nous montrons qu'il est possible de tirer parti de ces pratiques à grande échelle et de manière automatisée. En outre, nous étudions la possibilité de résoudre ces problèmes à la racine, en mesurant les difficultés que les architectes anti-malware peuvent rencontrer et en proposant des stratégies pour les résoudre
As the importance of computer systems in modern-day societies grows, so does the damage that malicious software causes. The security industry and malware authors engaged in an arms race, in which the first creates better detection systems while the second try to evade them. In fact, any wrong assumption (no matter how subtle) in the design of an anti-malware tool may create new avenues for evading detection. This thesis focuses on two often overlooked aspects of modern malware analysis techniques: the use of API-level information to encode malicious behavior and the reimplementation of parsing routines for executable file formats in security-oriented tools. We show that taking advantage of these practices is possible on a large and automated scale. Moreover, we study the feasibility of fixing these problems at their roots, measuring the difficulties that anti-malware architects may encounter and providing strategies to solve them

Abstract Change impact analysis techniques determine the components affected by a change to a software system, and are used as part of many program analysis techniques and tools, e.g., in regression test selection, build systems, and compilers. The correctness of such analyses usually depends both on domain-specific properties and change impact analysis, and is rarely established formally, which is detrimental to trustworthiness. We present a formalization of change impact analysis with machine-checked proofs of correctness in the Coq proof assistant. Our formal model factors out domain-specific concerns and captures system components and their interrelations in terms of dependency graphs. Using compositionality, we also capture hierarchical impact analysis formally for the first time, which, e.g., can capture when impacted files are used to locate impacted tests inside those files. We refined our verified impact analysis for performance, extracted it to efficient executable OCaml code, and integrated it with a regression test selection tool, one regression proof selection tool, and one build system, replacing their existing impact analyses. We then evaluated the resulting toolchains on several open source projects, and our results show that the toolchains run with only small differences compared to the original running time. We believe our formalization can provide a basis for formally proving domain-specific techniques using change impact analysis correct, and our verified code can be integrated with additional tools to increase their reliability.

Abstract The completion of wells using solids-laden fluids can impair the reservoir production and also damage the functioning of downhole completion tools, therefore completing wells with clear-brine fluids is the preferred alternative. Clear brines are typically halide or formate salt solutions in water, but they, too, have shortcomings. At lower temperatures or increased pressures, the salts in these fluids can crystallize causing potential well control concerns and/or costly operational disruptions. Completion of high-pressure wells, with densities above approximately 14.3 lb/gal for calcium bromide or 13.1 lb/gal for potassium formate, has historically required the use of brines containing zinc bromide or cesium formate to minimize formation damage, yet, in addition to their merits,both fluids have inherent liabilities. Zinc-based fluids, for example, are restricted and classified as priority pollutants due to their potential harmful effects on the environment, and the low pH(acidity) of zinc-based halides increases the potential for corrosion of metal components and risk to personnel safety. With cesium formate fluids, their limited production may restrict supply and lead to higher cost in high-volume deepwater applications. Moreover, when used as a packer fluid, literature (Javora 2003) suggests that formates may cause hydrogen-induced cracking (HIC), especially in the presence of carbon dioxide (CO2) that could lead to failure of production tubing. An offshore operator required a priority-pollutant-free completion fluid for a subsea development,whose produced fluids (oil and water) are combined and processed with that from several other fields at a shared production facility. Associated produced water separated from the crude is dischargedoverboard and must be free of priority pollutants; detection of any such pollutants would requireextensive processing or, in the worst case, result in shutting down production from all the fields and the facility. This paper describes the development and successful field applications of a novel family of completion fluids, created to address the deficits of conventional high-density clear brines. The new fluids extend the conditions for onset of crystallization to a higher density range and meet environmental concerns, as they are formulated with sustainably sourced materials. The novel high-density,non-zinc, solids-free completion fluid (HDNZ) meets the challenges and requirements of ultra-deepwater environments for fluid densities between 14.4 and 15.3 lb/gal. An overview of the extensive laboratory test data needed to develop the fluid and verify its viability as a completion brine and packer fluid is described. The paper outlines the design criteria and qualification testing performedto ensure that the technical challenges were addressed for this challenging deepwater project. The laboratory data include testing of pressurized crystallization temperatures (PCTs), stress corrosion cracking (SCC), elastomer compatibility, formation regain permeability, long-term stability, and compatibility with multiple fluid types (mud, control line, spacer, frac fluids, sour gases and chemical additives). The discussion on fluid usage will encompass details of the plant trial to validate the performance of the fluid and case history detailing the operational implementation in the first five ultra-deepwater well completions in the GOM. Additionally, engineering these fluids led to the development of a new method to measure brine crystallization temperature at elevated pressures, as there currently is no industry standard for such measurement in downhole conditions. The new method is accurate, repeatable, and executable in rig-site laboratories.

Abstract Aiming to make the well planning process leaner and agile focusing on duration reduction without compromising quality of deliverables, automation opportunities have been identified within the multi-discipline iterations. The two key criteria considered for the selection of the automation project were: Minimum deployment effort and Maximum value added in efficiency. The initial project objective was to calculate formation tops for a well engineer without requiring the intervention of a geoscientist using commercial software. The methodology utilized is the following: 1. Inputs: Well trajectory and Surfaces. 2. Process: The algorithm finds intersections between surfaces and well trajectory. Surfaces and trajectory are represented as a set of XYZ points. To find the intersection, the software iterates through each point of the trajectory from the top, comparing the depth of the projection to the target surface. The projected depth to the surface is found by 2D interpolation of the surface. Once the trajectory point becomes deeper than the surface projection, the intersection is estimated using geometrical considerations of similar triangles. 3. Deliverables: Estimated formation tops for the given trajectory. 4. Results: Simple in-house developed software enhanced well planning workflow in an Offshore Green Field. The software converted to single executable file and can be run on any device without the open-source software installed. Very accurate results achieved with proposed algorithm with a negligible difference of 0.5 feet with the geoscience traditional software. Well planning duration reduced from average 1 week to 1 or 2 days. The workload for well engineers and the asset team has been dramatically reduced. Reduction of the number of commercial geoscience software licenses required. Way forward: A test with a slightly modified code was used to generate formation tops for more than 400 well in a Long-Term Field Development Plan project for a Brown Field during feasibility study. Upscale to all the Fields within the organization. Improve User Interface for better adoption. Include more formats for both, trajectories, and surfaces. Reduce computing time. This project represents the first initiative in the organization aiming to automate the well planning process. Overall, it represents the beginning of a journey where multiple opportunities for automation can be achieved using an open-source coding software that allows any engineer with little to no experience coding to being able to generate solutions to address daily challenges.