Abstract: Identification of information about functions forms the base of static binary analysis and malicious code detection.A heuristic approach to detect metamorphic virus is to examine the calls a binary makes to the operating system.To avoid this，malicious code programmers hide the information about functions using a variety of obfuscations，including substitution of call with another equivalent instruction sequences，changing the normal form of parameters passing and returning process.These obfuscation methods introduce much difficulty for reverse code analysis.To deal with the problem，this article presents a static method which can detect obfuscated function calls in a binary efficiently.

摘要： 函数调用相关信息识别是二进制代码静态分析的基础，也是恶意代码分析的重要线索。二进制代码混淆技术通过对函数调用指令call、参数传递过程和调用返回过程的混淆来隐藏代码中函数的信息。这大大增加了程序逆向分析的难度，此技术被广泛应用在变形和多态病毒中，使其逃脱杀毒软件的查杀。论文给出了一种静态分析方法，引入了抽象栈图的概念，给出了其构造算法，利用它能够有效识别出代码中对函数调用的混淆。