Sort:
Regular Paper Issue
WOWAF: Enhanced Dynamic Binary Analysis Framework Targeting Windows-on-Windows 64-Bit Environments
Journal of Computer Science and Technology 2026, 41(2): 825-842
Published: 31 March 2026
Abstract Collect

Dynamic binary program analysis plays a crucial role in software vulnerability discovery and malicious code analysis. While 64-bit computing environments have become prevalent, numerous applications still utilize their 32-bit counterparts due to factors such as compatibility considerations, including both regular software and malware. Traditional dynamic analysis frameworks are not optimized for the analysis of 32-bit and mixed-mode programs. As a result, they often encounter issues such as anomalies and performance problems when applied to specific application analysis. To address these issues, this paper proposes WOWAF, an enhanced dynamic binary analysis framework tailored for Windows-on-Windows 64-bit (WOW64) environments that enables efficient fine-grained analysis of target applications. The framework is implemented on the built-in emulator in 64-bit Windows operating systems, facilitating effective and stable analysis of both pure 32-bit programs and mixed applications. By leveraging kernel features, the framework facilitates dynamic instrumentation of target programs, while incorporating a novel shadow memory allocation management scheme to minimize impact on program execution, and demonstrates its good deployment feasibility. The effectiveness of WOWAF is validated through comprehensive evaluations of diverse applications in real-world environments, such as exploit programs and evasive malware samples. Additionally, systematic benchmark experiments further demonstrate its strong analytical performance.

Regular Paper Issue
HI-SM3: High-Performance Implementation of SM3 Hash Function on Heterogeneous GPUs
Journal of Computer Science and Technology 2025, 40(6): 1546-1562
Published: 01 November 2025
Abstract Collect

Hash functions are essential in cryptographic primitives such as digital signatures, key exchanges, and blockchain technology. SM3, built upon the Merkle-Damgard structure, is a crucial element in Chinese commercial cryptographic schemes. Optimizing hash function performance is crucial given the growth of Internet of Things (IoT) devices and the rapid evolution of blockchain technology. In this paper, we introduce a high-performance implementation framework for accelerating the SM3 cryptography hash function, short for HI-SM3, using heterogeneous GPU (graphics processing unit) parallel computing devices. HI-SM3 enhances the implementation of hash functions across four dimensions: parallelism, register utilization, memory access, and instruction efficiency, resulting in significant performance gains across various GPU platforms. Leveraging the NVIDIA RTX 4090 GPU, HI-SM3 achieves a remarkable peak performance of 454.74 GB/s, surpassing OpenSSL on a high-end server CPU (E5-2699V3) with 16 cores by over 150 times. On the Hygon DCU accelerator, a Chinese domestic graphics card, it achieves 113.77 GB/s. Furthermore, compared with the fastest known GPU-based SM3 implementation, HI-SM3 on the same GPU platform exhibits a 3.12x performance improvement. Even on embedded GPUs consuming less than 40W, HI-SM3 attains a throughput of 5.90 GB/s, which is twice as high as that of a server-level CPU. In summary, HI-SM3 provides a significant performance advantage, positioning it as a compelling solution for accelerating hash operations.

Regular Paper Issue
AB-DHD: An Attention Mechanism and Bi-Directional Gated Recurrent Unit Based Model for Dynamic Link Library Hijacking Vulnerability Discovery
Journal of Computer Science and Technology 2025, 40(3): 887-903
Published: 30 April 2025
Abstract Collect

With the rapid development of operating systems, attacks on system vulnerabilities are increasing. Dynamic link library (DLL) hijacking is prevalent in installers on freeware platforms and is highly susceptible to exploitation by malware attackers. However, existing studies are based solely on the load paths of DLLs, ignoring the attributes of installers and invocation modes, resulting in low accuracy and weak generality of vulnerability detection. In this paper, we propose a novel model, AB-DHD, which is based on an attention mechanism and a bi-directional gated recurrent unit (BiGRU) neural network for DLL hijacking vulnerability discovery. While BiGRU is an enhancement of GRU and has been widely applied in sequence data processing, a double-layer BiGRU network is introduced to analyze the internal features of installers with DLL hijacking vulnerabilities. Additionally, an attention mechanism is incorporated to dynamically adjust feature weights, significantly enhancing the ability of our model to detect vulnerabilities in new installers. A comprehensive “List of Easily Hijacked DLLs” is developed to serve a reference for future studies. We construct an EXEFul dataset and a DLLVul dataset, using data from two publicly available authoritative vulnerability databases, Common Vulnerabilities & Exposures (CVE) and China National Vulnerability Database (CNVD), and mainstream installer distribution platforms. Experimental results show that our model outperforms popular automated tools like Rattler and DLLHSC, achieving an accuracy of 97.79% and a recall of 94.72%. Moreover, 17 previously unknown vulnerabilities have been identified, and corresponding vulnerability certifications have been assigned.

Total 3