CN106326744A - Method and device for judging confused file - Google Patents
Method and device for judging confused file Download PDFInfo
- Publication number
- CN106326744A CN106326744A CN201610688203.3A CN201610688203A CN106326744A CN 106326744 A CN106326744 A CN 106326744A CN 201610688203 A CN201610688203 A CN 201610688203A CN 106326744 A CN106326744 A CN 106326744A
- Authority
- CN
- China
- Prior art keywords
- file
- class name
- judgement
- obscured
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Stored Programmes (AREA)
Abstract
The invention relates to a method and device for judging a confused file. The method comprises the following steps of obtaining a portable executable file list; loading each portable executable file in the file list; obtaining a program set corresponding to each file; obtaining the class name corresponding to the program set; detecting whether the class name includes preset special characters or not; if the class name includes the preset special characters, marking the corresponding file into the confused file. The method and the device provided by the invention have the advantages that the class name of the file to be detected is obtained; whether the class name includes the preset special character or not is detected; whether the file to be detected is confused or not is automatically judged; the relaying on the manual judgment is not needed.
Description
Technical field
The present invention relates to file detection field, particularly relate to the method and apparatus that file is obscured in a kind of judgement.
Background technology
The executable file of transplantation can be easy to do by decompiling, after file reverse compiling it can be seen that the source of file
Code, causes source code to leak.So, in order to protect source code not obtained by other people, engineers and technicians generally use and obscure
File is obscured by instrument.Before software is issued, third party's instrument is used to carry out decompiling, after needing human eye to check decompiling
Source code judges, intercepts those not through the file obscured.
Summary of the invention
Based on this, it is necessary to the problem checking the source code after decompiling for human eye, it is provided that file is obscured in a kind of judgement
Method and apparatus.
The method of file is obscured in a kind of judgement, including: obtain the executable listed files of transplantation;Load described file row
The executable file of each transplantation in table, it is thus achieved that the procedure set that each file is corresponding;Obtain the class name that described procedure set is corresponding;Inspection
Survey whether described class name comprises default spcial character, if described class name includes the spcial character preset, by corresponding literary composition
Part is labeled as being confused.
The device of file is obscured in a kind of judgement, including: file acquisition module, load-on module, class name acquisition module and inspection
Survey module;Described file acquisition module, is used for obtaining the executable listed files of transplantation;Described load-on module, loads described
The executable file of each transplantation in listed files, it is thus achieved that the procedure set that each file is corresponding;Described class name acquisition module, is used for
Obtain the class name that described procedure set is corresponding;Described detection module, for detect described class name whether comprise default special
Character, if described class name includes the spcial character preset, by corresponding file mark for be confused, if described class name is not
Including the spcial character preset, by corresponding file mark for not to be confused.
The present invention, by obtaining the class name of file to be detected, detects whether described class name character string comprises default spy
Different character, whether automatic decision file to be detected is confused, it is not necessary to rely on artificial judgment.
Accompanying drawing explanation
Fig. 1 is the indicative flowchart that the method for file is obscured in a kind of judgement of an embodiment;
Fig. 2 is the indicative flowchart that the method for file is obscured in a kind of judgement of another embodiment;
Fig. 3 is the indicative flowchart that the method for file is obscured in a kind of judgement of another embodiment;
Fig. 4 is the schematic diagram that the device of file is obscured in a kind of judgement of an embodiment.
Detailed description of the invention
In order to further illustrate the technological means and the effect of acquirement that the present invention taked, below in conjunction with the accompanying drawings and preferably
Embodiment, to technical scheme, carries out clear and complete description.
Fig. 1 is the indicative flowchart that the method for file is obscured in a kind of judgement of an embodiment.
As it is shown in figure 1, a kind of method that file is obscured in judgement, including:
S101, obtains the executable listed files of transplantation.
As a preferred embodiment, it is the program literary composition in Microsoft's Windows operating system that transplantation can perform (PE) file
Part;The file format of the PE file obtained meets the host program collection of CLI standard, including dll and the exe form of part.
S102, loads the executable file of each transplantation in described listed files, it is thus achieved that the procedure set that each file is corresponding.
S103, obtains the class name that described procedure set is corresponding.
As a preferred embodiment, described class name is the class name in actual code and type name etc..Such as, procedure set generation
Defined in Ma:
public class BusinessModule
{
......
}
The class name then got is exactly BusinessModule.
S104, detects whether described class name comprises default spcial character, if described class name include presetting special
Character, by corresponding file mark for be confused.
As a preferred embodiment, also wrap after detecting the step whether described class name comprises default spcial character
Include: if described class name does not includes the spcial character preset, by corresponding file mark for not to be confused.
The present embodiment, by obtaining the class name of file to be detected, detects whether described class name comprises default special word
Symbol, whether automatic decision file to be detected is confused, it is not necessary to rely on artificial judgment.
Fig. 2 is the indicative flowchart that the method for file is obscured in a kind of judgement of another embodiment.
As in figure 2 it is shown, a kind of method that file is obscured in judgement, including:
S201, selects a catalogue to be detected or file, filters described catalogue or file, obtains transplantation executable
Listed files.
As a preferred embodiment, automatically to described catalogue or file filter, filter out except the file of dll and exe suffix,
Retain the file of dll and the exe suffix of the host program collection meeting CLI standard.
S202, loads the executable file of each transplantation in described listed files, it is thus achieved that the procedure set that each file is corresponding.
As a preferred embodiment, automatically load the file retained in described listed files, it is thus achieved that the journey that each file is corresponding
Sequence collection.
S203, obtains the class name that described procedure set is corresponding.
As a preferred embodiment, automatically obtain the class name that each file routine collection is corresponding.
S204, detects whether described class name comprises default spcial character;If so, step S206 is performed, if it is not, perform
Step S205.
As a preferred embodiment, can detect and whether class name character string includes Unicode unprintable character,
Unicode unprintable character includes: u0000~u001F, u007F and u0080~u009F etc..
S205, by corresponding file mark for not to be confused.
As a preferred embodiment, if described class name does not includes the spcial character preset, by corresponding file mark it is
It is not confused.
S206, by corresponding file mark for be confused.
As a preferred embodiment, if described class name includes the spcial character preset, it is by corresponding file mark
It is confused.
S207, shows labelling result.
The present embodiment, by selecting a catalogue to be detected or file, obtains the class name of file to be detected, detects institute
Stating whether class name comprises default spcial character, whether automatic decision file to be detected is confused, it is not necessary to manually check source
Code.
Fig. 3 is the indicative flowchart that the method for file is obscured in a kind of judgement of another embodiment.
As it is shown on figure 3, a kind of method that file is obscured in judgement, including:
S301, selects a catalogue to be detected or file.
S302, filters described catalogue or file, obtains the listed files of entitled dll and exe of suffix.
As a preferred embodiment, automatically to described catalogue or file filter, filter out except the file of dll and exe suffix,
Retain the file of dll and the exe suffix of the host program collection meeting CLI standard.
S303, it is judged that whether described listed files is empty, if listed files is not empty, performs step S304, if file row
Table is empty, labelling result is shown.
As a preferred embodiment, display result includes which file has been confused and which file is not confused.
S304, takes out a file from described listed files.
S305, loads described file acquisition procedure set.
S306, obtains the class name that described procedure set is corresponding.
S308, it is judged that whether described class name comprises default spcial character, if described class name does not comprise default spy
Different character, performs step S303, if described class name comprises default spcial character, performs step S309.
S309, by corresponding file mark for be confused, returns and performs step S303.
As a preferred embodiment, if described class name comprises default spcial character, it is by corresponding file mark
It is confused.
The present embodiment is successively read the file of entitled dll and exe of suffix under a catalogue, automatically obtains file to be detected
Class name, detects whether described class name comprises default spcial character, can simultaneously all under one catalogue of automatic decision
Whether file is confused.
Fig. 4 is the schematic diagram that the device of file is obscured in a kind of judgement of another embodiment.
As shown in Figure 4, the device of file is obscured in a kind of judgement, including: file acquisition module 101, load-on module 102, class
Name acquiring module 103 and detection module 104;Described file acquisition module 101, is used for obtaining transplantation executable file row
Table;Described load-on module 102, loads the executable file of each transplantation in described listed files, it is thus achieved that the journey that each file is corresponding
Sequence collection;Described class name acquisition module 103, for obtaining the corresponding class name of described procedure set, if described class name is not wrapped
Include default spcial character, by corresponding file mark for not to be confused;Described detection module 104, is used for detecting described class
Whether title comprises default spcial character, if described class name includes the spcial character preset, by corresponding file mark is
It is confused.
As a preferred embodiment, described judgement is obscured the device of file and is also included selecting module;Described selection module, uses
In selecting a catalogue to be checked or file.
As a preferred embodiment, described judgement is obscured the device of file and is also included filtering module;Described filtering module, uses
In filtering described catalogue or file, obtain the executable listed files of transplantation.
As a preferred embodiment, described judgement is obscured the device of file and is also included display module;Described display module, uses
In labelling result is shown.
As a preferred embodiment, in the listed files that described file acquisition module obtains, the form of file meets CLI mark
Accurate host program collection.
As a preferred embodiment, Developmental Engineer can select when carrying out file and obscuring to use Unicode to beat
Lettering symbol is obscured, and Test Engineer send the installation kit of survey taking, and after being installed, uses described judgement to obscure file
Device selects the installation directory of installation kit, and described device can screen the file under catalogue, filters out except the literary composition of dll and exe suffix
Part, then travels through this list to be verified, each file is loaded and is obtained its procedure set, and obtain the class name that procedure set is corresponding
Claim;If it find that the class name of file includes Unicode unprintable character, such as u0001, u0002, with regard to labelling this document
Being confused, otherwise labelling this document is not confused.
File under the present embodiment automatic screening catalogue, filters out except the file of dll and exe suffix, obtains the literary composition retained
The class name that part is corresponding, and detect whether described class name character string comprises default spcial character, carry out automatic decision to be detected
Whether file is confused, it is not necessary to rely on artificial.
Each technical characteristic of embodiment described above can combine arbitrarily, for making description succinct, not to above-mentioned reality
The all possible combination of each technical characteristic executed in example is all described, but, as long as the combination of these technical characteristics is not deposited
In contradiction, all it is considered to be the scope that this specification is recorded.
Embodiment described above only have expressed the several embodiments of the present invention, and it describes more concrete and detailed, but also
Can not therefore be construed as limiting the scope of the patent.It should be pointed out that, come for those of ordinary skill in the art
Saying, without departing from the inventive concept of the premise, it is also possible to make some deformation and improvement, these broadly fall into the protection of the present invention
Scope.Therefore, the protection domain of patent of the present invention should be as the criterion with claims.
Claims (10)
1. the method that file is obscured in a judgement, it is characterised in that including:
Obtain the executable listed files of transplantation;
Load the executable file of each transplantation in described listed files, it is thus achieved that the procedure set that each file is corresponding;
Obtain the class name that described procedure set is corresponding;
Detect whether described class name comprises default spcial character, if described class name includes the spcial character preset, by right
The file mark answered is for be confused.
The method of file is obscured in judgement the most according to claim 1, it is characterised in that obtain the executable file of transplantation
Step before include:
Select catalogue to be detected or file, filter described catalogue or file, obtain the executable listed files of transplantation.
The method of file is obscured in judgement the most according to claim 1 and 2, it is characterised in that the transplantation of acquisition can perform
Listed files in the form of file meet the host program collection of CLI standard.
The method of file is obscured in judgement the most according to claim 1, it is characterised in that detect whether described class name comprises
Also include after the step of the spcial character preset:
If described class name does not includes the spcial character preset, by corresponding file mark for not to be confused.
The method of file is obscured in judgement the most according to claim 1, it is characterised in that if what described class name included presetting
Spcial character, is to include after the step being confused by corresponding file mark:
Labelling result is shown.
6. the device of file is obscured in a judgement, it is characterised in that including: file acquisition module, load-on module, class name obtain
Module and detection module;
Described file acquisition module, is used for obtaining the executable listed files of transplantation;
Described load-on module, loads the executable file of each transplantation in described listed files, it is thus achieved that the program that each file is corresponding
Collection;
Described class name acquisition module, for obtaining the class name that described procedure set is corresponding;
Described detection module, for detecting whether described class name comprises default spcial character, if described class name includes pre-
If spcial character, by corresponding file mark for be confused;If described class name does not includes the spcial character preset, by right
The file mark answered is not for be confused.
The device of file is obscured in judgement the most according to claim 6, it is characterised in that also include select module:
Described selection module, for selecting catalogue to be checked or file.
8. obscure the device of file according to the judgement described in claim 6 or 7, it is characterised in that described file acquisition module obtains
In the listed files taken, the form of file meets the host program collection of CLI standard.
The device of file is obscured in judgement the most according to claim 6, it is characterised in that also include filtering module:
Described filtering module, is used for filtering described catalogue or file, obtains the executable listed files of transplantation.
The device of file is obscured in judgement the most according to claim 6, it is characterised in that also include display module:
Described display module, for showing labelling result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610688203.3A CN106326744B (en) | 2016-08-18 | 2016-08-18 | A kind of method and apparatus for judging to obscure file |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610688203.3A CN106326744B (en) | 2016-08-18 | 2016-08-18 | A kind of method and apparatus for judging to obscure file |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106326744A true CN106326744A (en) | 2017-01-11 |
| CN106326744B CN106326744B (en) | 2019-05-07 |
Family
ID=57743300
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610688203.3A Active CN106326744B (en) | 2016-08-18 | 2016-08-18 | A kind of method and apparatus for judging to obscure file |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106326744B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107967415A (en) * | 2017-12-11 | 2018-04-27 | 北京奇虎科技有限公司 | Resource obscures guard method, system and terminal installation |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2000072112A2 (en) * | 1999-05-12 | 2000-11-30 | Fraunhofer Crcg, Inc. | Obfuscation of executable code |
| CN103377326A (en) * | 2012-04-13 | 2013-10-30 | 腾讯科技(北京)有限公司 | Confusion encrypting method and device for dynamic webpage program codes |
| CN104484607A (en) * | 2014-12-16 | 2015-04-01 | 上海交通大学 | Universal method and universal system for performing safety testing on Android application programs |
| CN105809034A (en) * | 2016-03-07 | 2016-07-27 | 成都驭奔科技有限公司 | Malicious software identification method |
-
2016
- 2016-08-18 CN CN201610688203.3A patent/CN106326744B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2000072112A2 (en) * | 1999-05-12 | 2000-11-30 | Fraunhofer Crcg, Inc. | Obfuscation of executable code |
| CN103377326A (en) * | 2012-04-13 | 2013-10-30 | 腾讯科技(北京)有限公司 | Confusion encrypting method and device for dynamic webpage program codes |
| CN104484607A (en) * | 2014-12-16 | 2015-04-01 | 上海交通大学 | Universal method and universal system for performing safety testing on Android application programs |
| CN105809034A (en) * | 2016-03-07 | 2016-07-27 | 成都驭奔科技有限公司 | Malicious software identification method |
Non-Patent Citations (3)
| Title |
|---|
| RULON147: ""Proguard使用最新,最全教程,亲自试验"", 《HTTPS://BLOG.CSDN.NET/RULON147/ARTICLE/DETAILS/42550901》 * |
| 孟姗姗: ""移动智能终端的软件保护研究"", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 马开睿: ""基于Android的应用软件逆向分析及安全保护"", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107967415A (en) * | 2017-12-11 | 2018-04-27 | 北京奇虎科技有限公司 | Resource obscures guard method, system and terminal installation |
| CN107967415B (en) * | 2017-12-11 | 2021-09-17 | 北京奇虎科技有限公司 | Resource confusion protection method, system and terminal device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106326744B (en) | 2019-05-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104573525B (en) | A kind of specific information service software leak repair system based on white list | |
| CN102243699B (en) | Malicious code detection method and system | |
| CN104050417B (en) | A kind of method and device detected in mobile terminal to application state | |
| CN103632100B (en) | A kind of website vulnerability detection method and device | |
| CN106548076A (en) | Method and apparatus of the detection using bug code | |
| CN104050409B (en) | A kind of method identifying tied software and device thereof | |
| CN107346284B (en) | Application program detection method and detection device | |
| CN103002342B (en) | Television camera means of defence and system | |
| CN103294951B (en) | A kind of malicious code sample extracting method based on document type bug and system | |
| CN103853663B (en) | Applied program testing method and system | |
| CN110321669A (en) | Method, apparatus, equipment and the storage medium that application program is signed again | |
| CN107704238A (en) | A kind of method and device packed to project | |
| CN103902440A (en) | Method and device for detecting characters in application program | |
| CN106650428A (en) | Method and device for optimizing application codes | |
| CN106326744A (en) | Method and device for judging confused file | |
| CN106201602A (en) | A kind of tag providing method, acquisition methods, server and electronic equipment | |
| CN104484278A (en) | Static state code defect testing method and device | |
| CN104036193B (en) | Local cross-domain vulnerability detection method and device for application program | |
| CN103914212B (en) | A kind of terminal device and its application configuration method | |
| KR101481910B1 (en) | Apparatus and method for monitoring suspicious information in web page | |
| WO2014010847A1 (en) | Apparatus and method for diagnosing malicious applications | |
| CN107343103A (en) | Control method and control device of application permission and mobile terminal | |
| CN105809040A (en) | Method and apparatus for detecting application privacy security information | |
| CN110348226B (en) | Engineering file scanning method and device, electronic equipment and storage medium | |
| KR20110100923A (en) | Malware detecting apparatus and its method, recording medium having computer program recorded |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |