• The Journal of Engineering Geology
• /
• v.19 no.4
• /
• pp.433-439
• /
• 2009

The compressed packer device is designed to improve the underground contamination prevention facilities of ground water wells. As for the device, the installation is simple because of the safety lock device and the compression of the casing are simple the installation is simple. There is no leakage of ground water because the pressure resistance with $4.5\;kg/cm^2$ makes it equipped with the watertightness The single casing is installed and the reaming for grouting is possible with 300 mm excavation so that installation cost can be saved. Silicon rubber is used for the compressed packer so that the extension rate is 590%. In terms of environmental pollution, it is an environmental friendly product which does not contain harmful ingredients such as Pb, Cd, and phenol. below the standard or undetectable level Furthermore, the installation costs are 35 to 62% or lower than the conventional grouting construction method and are 87% or lower than the expansion packer construction method, the new environmental technology No.47 Also, the device is designed to meet the relevant regulations such as Rules on Preserving the Ground Water Quality, The Standard on Jeju Island Ground Water Development and Facility Installation and Management, and The Plan and Guideline on Operating and Managing the Small-Scale Tap Water Facilities of Ministry of Environment and Ministry of Food, Agriculture, Forestry and Fisheries.

• The Journal of Engineering Geology
• /
• v.20 no.1
• /
• pp.25-33
• /
• 2010

Most of contaminated groundwater in the study area was contaminated by $NO_3-N$ due to inflow of contaminated shallow surface groundwater inflow into groundwater well. Poor grouting and teared screen have increased contaminated shallow surface groundwater inflow into groundwater well. Contaminated shallow surface groundwater was inflowed into groundwater well throughout faults, joints and fracture zone of ESE-WNW, NNW, NW-SE and NS direction. The objective of this paper is to evaluate an improvement of water quality for contaminated groundwater by $NO_3-N$ using compression packer. For this study groundwater samples collected from 46 groundwater wells were analyzed to clarify $NO_3-N$ contents. Groundwater wells over 10 mg/L in $NO_3-N$ content is 9 wells showing 20% among total samples. $NO_3-N$ contents after compression packer installation showed 26~81% low value compared with before compression packer.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.04a
• /
• pp.642-645
• /
• 2012

최근 악성코드들은 패킹을 하여 분석을 어렵게 한다. 패킹이란, 프로그램을 압축하거나 암호화를 해서 원래 의미를 알 수 없게 하는 과정을 뜻한다. 주로 압축을 해서 악성코드의 크기를 줄이거나, 분석시간을 지연시키기 위해 사용된다. 따라서 악성코드의 행동을 분석하고 시그니처를 생성하기 위해서는 언패킹이 필요하다. 하지만 계속해서 새로운 패커가 개발되고 다중 패킹된 악성코드들이 등장을 하면서, 언패킹을 수동으로 하거나 전용 언패커를 만드는 것은 무의미해졌다. 따라서, 본 논문에서는 범용적인 임포트 테이블 기반의 언패킹 알고리즘을 제안한다.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.6
• /
• pp.155-164
• /
• 2018

Many malicious programs have been compressed or encrypted using various commercial packers to prevent reverse engineering, So malicious code analysts must decompress or decrypt them first. The OEP (Original Entry Point) is the address of the first instruction executed after returning the encrypted or compressed executable file back to the original binary state. Several unpackers, including PinDemonium, execute the packed file and keep tracks of the addresses until the OEP appears and find the OEP among the addresses. However, instead of finding exact one OEP, unpackers provide a relatively large set of OEP candidates and sometimes OEP is missing among candidates. In other words, existing unpackers have difficulty in finding the correct OEP. We have developed new tool which provides fewer OEP candidate sets by adding two methods based on the property of the OEP. In this paper, we propose two methods to provide fewer OEP candidate sets by using the property that the function call sequence and parameters are same between packed program and original program. First way is based on a function call. Programs written in the C/C++ language are compiled to translate languages into binary code. Compiler-specific system functions are added to the compiled program. After examining these functions, we have added a method that we suggest to PinDemonium to detect the unpacking work by matching the patterns of system functions that are called in packed programs and unpacked programs. Second way is based on parameters. The parameters include not only the user-entered inputs, but also the system inputs. We have added a method that we suggest to PinDemonium to find the OEP using the system parameters of a particular function in stack memory. OEP detection experiments were performed on sample programs packed by 16 commercial packers. We can reduce the OEP candidate by more than 40% on average compared to PinDemonium except 2 commercial packers which are can not be executed due to the anti-debugging technique.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1271-1280
• /
• 2017

The android packer service using runtime execution compression technology switches to the original application using DexClassLoader. However the API interface of the DexClassLoader receives the path of the loaded DEX(Dalvik EXcutable) and the path of the compiled file. So there is a problem that the original file is exposed to the file system. Therefore, it is not safe to use the API for the packer service. In this paper, we solve this problem by changing the compile and load flow of the DexClassLoader API. Due to this changed execution flow, the complied file can be encrypted and stored in the file system or only in the memory and it can be decrypted or substituted at the time of subsequent loading to enable the original application conversion. we expected that the stability of the packer will increase beacause the proposed method does not expose the original file to the file system.