Robert Freeman IBM
download slides (PDF)
Over time, code obfuscation techniques have become increasingly esoteric. Early forms of binary code obfuscation consisted of self-modifying code and junk bytes between instructions. With the advent of executable wrappers, even compression and encryption are reasonably thought of in terms of obfuscation. Later, 'stolen bytes' were cutting edge. This technique involves setting up an exception handler or secondary debugging process to perform actions at points in execution where code has been yanked. Still, the older techniques were put to good use. Now, Virtual CPU envelopes are at the bleeding edge of malware-wrapping technology and are typically difficult to build as well as unwrap.