An iterative method and device for detecting an approximate area occupied by computer code of a core of an operating system in a memory, the area including one or more ranges. The method includes: detecting at least one target address in the memory; determining a first area delimited by two of these target addresses; disassembling these areas at least into a part determined during the previous iteration; detecting target addresses pointed to in the disassembled areas; and searching for an additional memory range starting after the second target address obtained on the last iteration and including only computer code.

A method of determining a severity score is disclosed. The method includes receiving a binary; using the binary, determining a plurality of vulnerability parameters; and generating a report based on the plurality of vulnerability parameters.

A method of determining a severity score is disclosed. The method includes receiving a binary; using the binary, determining a plurality of vulnerability parameters; and generating a report based on the plurality of vulnerability parameters.

An application construction method and apparatus, an electronic device and a storage medium are provided, which are related to the field of artificial intelligence. The application construction method includes: acquiring a service orchestration file of an application; and determining an execution program of the application based on the service orchestration file, wherein the service orchestration file includes at least one of the following contents corresponding to at least one task obtained by disassembling the application: information relating to a format of data transferred between tasks; information relating to syntax transformation of the data transferred between the tasks; information relating to logical processing between the tasks; and information relating to a model that is to be used by the task.

The disclosure invention provides a method for executing a program compiled for a source architecture on a machine having a different target architecture, a non-transitory computer readable medium configured to store instructions for performing such a method, and a system for performing such a method.

The disclosure invention provides a method for executing a program compiled for a source architecture on a machine having a different target architecture, a non-transitory computer readable medium configured to store instructions for performing such a method, and a system for performing such a method.

A process wrapping method for bypassing native code anti-analysis includes receiving an execution instruction intended to run in an application from an Android framework when the application starts, extracting metadata of string and method from a compiled OAT file using an oatdump tool in the Android framework, determining if anti-analysis techniques are applied by comparing with information of a database (DB) based on the transmitted execution instruction and the extracted metadata, modifying the execution instruction based on the determined information when the anti-analysis technique is applied, and sending the modified execution instruction back to the Android framework. Accordingly, it is possible to provide an environment in which malicious applications to which anti-analysis techniques are applied can be easily analyzed.

An obfuscated identifier detection method based on natural language processing includes: converting an input obfuscated apk to smali code level, inspecting an obfuscated string in identifiers of the smali code acquired from a smali code converter, extracting information necessary for deobfuscation and frequency of the identifiers when there is the obfuscated string, storing frequency, type and name information of identifiers calculated from information extracted from an unobfuscated apk, and acquiring and deobfuscating an identifier type name having a most similar frequency in an identifier name database (DB) using information extracted from an obfuscated information extractor. Accordingly, it is possible to reduce delay in analysis and achieve faster analysis by automatically renaming the code that is difficult to understand due to identifier conversion obfuscation.

The present invention performs high-throughput disassembly for executable code comprising a plurality of instructions. An input of the executable code is received. Exhaustive disassembly is performed on the executable code to produce a set of exhaustively disassembled instructions. An instruction flow graph is constructed from the exhaustively disassembled instructions. Instruction embedding is performed on the exhaustively disassembled instructions to construct embeddings.

The present invention performs high-throughput disassembly for executable code comprising a plurality of instructions. An input of the executable code is received. Exhaustive disassembly is performed on the executable code to produce a set of exhaustively disassembled instructions. An instruction flow graph is constructed from the exhaustively disassembled instructions. Instruction embedding is performed on the exhaustively disassembled instructions to construct embeddings.