CN108021790A - Document protection method, device, computing device and computer-readable storage medium - Google Patents

Document protection method, device, computing device and computer-readable storage medium Download PDF

Info

Publication number
CN108021790A
CN108021790A CN201711455906.2A CN201711455906A CN108021790A CN 108021790 A CN108021790 A CN 108021790A CN 201711455906 A CN201711455906 A CN 201711455906A CN 108021790 A CN108021790 A CN 108021790A
Authority
CN
China
Prior art keywords
instruction
abstract syntax
syntax tree
pending
processing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711455906.2A
Other languages
Chinese (zh)
Other versions
CN108021790B (en
Inventor
汪德嘉
华保健
邵根波
赵迪
刘庆川
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
JIANGSU PAY EGIS TECHNOLOGY Co.,Ltd.
JIANGSU TONGFUDUN INFORMATION SECURITY TECHNOLOGY Co.,Ltd.
Original Assignee
Jiangsu Pay Shield Information Safe Technology Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Pay Shield Information Safe Technology Ltd filed Critical Jiangsu Pay Shield Information Safe Technology Ltd
Priority to CN201711455906.2A priority Critical patent/CN108021790B/en
Publication of CN108021790A publication Critical patent/CN108021790A/en
Application granted granted Critical
Publication of CN108021790B publication Critical patent/CN108021790B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software

Abstract

The invention discloses a kind of document protection method, device, computing device and computer-readable storage medium, wherein, document protection method includes:Generation and corresponding first abstract syntax tree of instruction to be protected in original program file;Instruction pending at least one in the first abstract syntax tree is hidden processing, obtains hiding the second abstract syntax tree after processing;Repair process is carried out to the corresponding header file of the second abstract syntax tree, obtains the 3rd abstract syntax tree after repair process;Generation and the 3rd corresponding program file of abstract syntax tree.The technical solution generates and the corresponding abstract syntax tree of instruction to be protected; and processing is hidden to the pending instruction in abstract syntax tree; decompiling difficulty is added, effectively prevents the instruction in program file from maliciously being obtained by other people, has ensured the safety of program file.

Description

Document protection method, device, computing device and computer-readable storage medium
Technical field
The present invention relates to Internet technical field, and in particular to a kind of document protection method, device, computing device and calculating Machine storage medium.
Background technology
With science and technology continuous development, using intelligent terminal user's explosion type increase, many be installed on intelligent terminal On application program little by little become user's indispensable part in daily life.Thus, how to ensure that user is made The greatest problem that application security faces when becoming using application program.In the prior art, generally can be by right The mode that application program is reinforced realizes the protection to application program in intelligent terminal, in this way can be certain Prevent the code of application program from being analyzed by decompiling in degree, ensure the safety of application program.Specifically, can be to program file Original code be hidden processing, such as processing can be hidden to original code all in program file.But when right , it is necessary to be previously obtained the original code of the program file when original code of program file is hidden processing, if hiding processing is Carried out by other people, be then directly exposed to other people equivalent to by the original code of program file, there will be very big for this Security risk;In addition, the mode for being hidden processing to the original code of program file in the prior art is relatively simple, it is easy to It is cracked.Therefore, file protected mode of the prior art there is crack difficulty is low, easily analyzed by decompiling the problem of.
The content of the invention
In view of the above problems, it is proposed that the present invention overcomes the above problem in order to provide one kind or solves at least in part State document protection method, device, computing device and the computer-readable storage medium of problem.
According to an aspect of the invention, there is provided a kind of document protection method, this method include:
Generation and corresponding first abstract syntax tree of instruction to be protected in original program file;
Instruction pending at least one in the first abstract syntax tree is hidden processing, obtains hiding the after processing Two abstract syntax tree;
Repair process is carried out to the corresponding header file of the second abstract syntax tree, obtains the 3rd abstract syntax after repair process Tree;
Generation and the 3rd corresponding program file of abstract syntax tree.
According to another aspect of the present invention, there is provided a kind of file protection device, the device include:
First generation module, for generating and corresponding first abstract syntax tree of instruction to be protected in original program file;
First processing module, for being hidden processing to the pending instruction of at least one in the first abstract syntax tree, Obtain hiding the second abstract syntax tree after processing;
Header file repair module, for carrying out repair process to the corresponding header file of the second abstract syntax tree, is repaired The 3rd abstract syntax tree after processing;
Second generation module, for generating and the 3rd corresponding program file of abstract syntax tree.
According to another aspect of the invention, there is provided a kind of computing device, including:Processor, memory, communication interface and Communication bus, processor, memory and communication interface complete mutual communication by communication bus;
Memory is used to store an at least executable instruction, and executable instruction makes processor perform above-mentioned document protection method Corresponding operation.
In accordance with a further aspect of the present invention, there is provided a kind of computer-readable storage medium, is stored with least one in storage medium Executable instruction, executable instruction make processor perform such as the corresponding operation of above-mentioned document protection method.
The technical solution provided according to the present invention, generation and instruction corresponding first to be protected in original program file are abstract Syntax tree, then instruction pending at least one in the first abstract syntax tree are hidden processing, obtain after hiding processing The second abstract syntax tree, then to the corresponding header file of the second abstract syntax tree carry out repair process, after obtaining repair process The 3rd abstract syntax tree, generation with the 3rd corresponding program file of abstract syntax tree.Technical solution energy provided by the invention Enough generations and the corresponding abstract syntax tree of instruction to be protected in original program file, and to the pending instruction in abstract syntax tree Processing is hidden, the program file after being handled adds decompiling difficulty, effectively prevents the instruction in program file Maliciously obtained by other people, ensured the safety of program file.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention, And can be practiced according to the content of specification, and in order to allow above and other objects of the present invention, feature and advantage can Become apparent, below especially exemplified by the embodiment of the present invention.
Brief description of the drawings
By reading the detailed description of hereafter preferred embodiment, it is various other the advantages of and benefit it is common for this area Technical staff will be clear understanding.Attached drawing is only used for showing the purpose of preferred embodiment, and is not considered as to the present invention Limitation.And in whole attached drawing, identical component is denoted by the same reference numerals.In the accompanying drawings:
Fig. 1 shows the flow diagram of document protection method embodiment one provided by the invention;
Fig. 2 shows the flow diagram of document protection method embodiment two provided by the invention;
Fig. 3 shows the structure diagram of file protection device embodiment one provided by the invention;
Fig. 4 shows the structure diagram of file protection device embodiment two provided by the invention;
Fig. 5 shows the structure diagram of computing device embodiment provided by the invention.
Embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although the disclosure is shown in attached drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here Limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure Completely it is communicated to those skilled in the art.
The present invention can protect the program file in application program, and program file is executable file, its type Can be so files, Linux platform executable file, ios platforms executable file, osx platforms executable file, Android platform Executable file etc., this is not limited by the present invention.
Fig. 1 shows the flow diagram of document protection method embodiment one provided by the invention, as shown in Figure 1, the party Method includes the following steps:
Step S100, generation and corresponding first abstract syntax tree of instruction to be protected in original program file.
Wherein, original program file refers to original program file in application program, includes in the original program file a plurality of Instruction, is maliciously obtained by other people, it is necessary to be protected to the part or all of instruction in original program file in order to prevent.In this hair Instruction to be protected is needed to be known as instruction to be protected in the bright middle file by original program.In the step s 100, can be to original program file File content carries out dissection process, generation and the corresponding abstract syntax tree of instruction to be protected in original program file.The abstract language Method tree is the tree-shaped form of expression of the abstract syntax structure of instruction to be protected.It is " abstract " why to claim grammer, is because taking out As the grammer in syntax tree can't show each details for occurring in true grammer, each node on abstract syntax tree Represent a kind of structure.
For the ease of being distinguished to the abstract syntax tree in different disposal stage, in the present invention, will be generated and original Instruction to be protected is corresponding in program file, is known as the first abstract syntax tree without hiding the abstract syntax tree of processing, and Hereinafter, the abstract syntax tree after hiding environment is known as the second abstract syntax tree, after repair process will be carried out to header file Obtained abstract syntax tree is known as the 3rd abstract syntax tree.
Step S101, instruction pending at least one in the first abstract syntax tree are hidden processing, are hidden The second abstract syntax tree after processing.
Wherein, the instruction in the first abstract syntax tree is corresponding first with the instruction to be protected in original program file The instruction to be protected in instruction and original program file in abstract syntax tree is represented essentially by the different forms of expression Identical command content.In order to be distinguished with the instruction to be protected in original program file, in the present invention, by the first abstract language The instruction for being hidden processing is needed to be known as the pending instruction in the first abstract syntax tree in method tree.
In step S101, instruction pending at least one in the first abstract syntax tree is hidden processing, obtains Hide the second abstract syntax tree after processing.Wherein, those skilled in the art can be according to being actually needed from the first abstract syntax tree Middle selection one or more needs to be hidden the pending instruction of processing, can also be treated to all in the first abstract syntax tree Process instruction is all hidden processing, does not limit herein.
Step S102, carries out repair process to the corresponding header file of the second abstract syntax tree, obtains the after repair process Three abstract syntax tree.
Application program can be successfully run for the ease of user, at least one in the first abstract syntax tree is waited to locate After reason instruction is hidden processing, it is also necessary to carry out repair process to the corresponding header file of the second abstract syntax tree, repaired The 3rd abstract syntax tree after processing.Specifically, new loaded segment can be added in the corresponding header file of the second abstract syntax tree, To repair header file.
Step S103, generation and the 3rd corresponding program file of abstract syntax tree.
Specifically, after the 3rd abstract syntax tree after having obtained repair process, the 3rd after repair process can be taken out As syntax tree is compiled processing, so as to generate and the 3rd corresponding program file of abstract syntax tree.Wherein, it is abstract with the 3rd The corresponding program file of syntax tree can be binary file.Due to being with the 3rd corresponding program file of abstract syntax tree According to after hiding processing the 3rd abstract syntax tree generate, therefore generated with the 3rd corresponding program of abstract syntax tree File cracks difficulty with higher, when other people carry out decompiling processing to the program file, it is necessary to repeatedly identify covert Reason, adds decompiling difficulty, has effectively ensured the safety of program file.
According to document protection method provided in this embodiment, generation and instruction to be protected in original program file corresponding the One abstract syntax tree, then instruction pending at least one in the first abstract syntax tree are hidden processing, are hidden The second abstract syntax tree after processing, then carries out repair process to the corresponding header file of the second abstract syntax tree, is repaired The 3rd abstract syntax tree after processing, generation and the 3rd corresponding program file of abstract syntax tree.Technology provided by the invention Scheme can be generated instructs corresponding abstract syntax tree with to be protected in original program file, and to waiting to locate in abstract syntax tree Reason instruction is hidden processing, and the program file after being handled, adds decompiling difficulty, effectively prevent in program file Instruction maliciously obtained by other people, ensured the safety of program file.
Fig. 2 shows the flow diagram of document protection method embodiment two provided by the invention, as shown in Fig. 2, the party Method includes the following steps:
Step S200, carries out decompiling processing to the instruction to be protected in original program file, obtains decompiling result.
Specifically, decompiling processing is carried out to the instruction to be protected in original program file using decompiling instrument, obtained Decompiling result.Those skilled in the art can select decompiling instrument according to being actually needed, and not limit herein.
Step S201, according to decompiling as a result, generation and corresponding first abstract syntax tree of instruction to be protected.
, can be according to decompiling as a result, generating the abstract syntax structure of instruction to be protected after decompiling result has been obtained The tree-shaped form of expression, i.e. generation and corresponding first abstract syntax tree of instruction to be protected.
Step S202, determines to obtain at least one pending instruction from the first abstract syntax tree.
Wherein, the first abstract syntax tree includes a plurality of instruction, can be according to instruction type or random function etc. from first At least one pending instruction is determined in instruction in abstract syntax tree.It is understood that also can be by the first abstract syntax All instructions are all determined as pending instruction in tree.
Step S203, is converted to the control transfer instruction of preset number by least one pending instruction and filling instructs.
Those skilled in the art can set preset number, control transfer instruction and filling instruction according to being actually needed Put, do not limit herein.Specifically, control transfer instruction can be that call is instructed, and filling instruction can be that nop is instructed or do not changed The instruction of running environment.
In one embodiment, each at least one pending instruction in the first abstract syntax tree can be waited to locate Manage instruction and be converted into a call instruction and a plurality of nop instructions, or be converted into a call instruction and do not change operation with a plurality of The instruction of environment.
In another embodiment, when pending instruction is a plurality of, a plurality of pending instruction can also be drawn according to default Divide the pending instruction of each group that regular partition obtains to carry out conversion process, for the pending instruction of one of which, one group is waited to locate Reason instruction is converted to a plurality of control transfer instruction and a plurality of filling instruction.Wherein, those skilled in the art can be according to actual needs Default division rule is configured, is not limited herein.For example, default division rule can be every n bars it is pending instruct into Row division, n are fixed present count or random number.Assuming that the pending instruction of one of which includes 3 pending instructions, this 3 Pending instruction is respectively pending instruction 1, pending instruction 2 and pending instruction 3, then can turn the pending instruction of this group It is changed to nop1 instructions, nop2 instructions, call1 instructions, nop3 instructions, nop4 instructions, nop5 instructions, call2 instructions, nop6 refers to Make, nop7 instruction and call3 instruction, wherein, by it is pending instruction 1 be converted to nop1 instruction, nop2 instruction and call1 refer to Order, is converted to nop3 instructions, nop4 instructions, nop5 instructions and call2 by pending instruction 2 and instructs, by pending 3 turns of instruction Nop6 instructions, nop7 instructions and call3 instructions are changed into.
Step S204, the predetermined position at least one pending instruction being arranged in the first abstract syntax tree, obtains The first abstract syntax tree after setting processing.
In order to which user can successfully run application program, at least one pending instruction is being converted into preset number After control transfer instruction and filling instruction, it is also necessary to which at least one pending instruction is arranged in the first abstract syntax tree Predetermined position.Wherein, predeterminated position can be the ending of the first abstract tree, or one in the first abstract syntax tree A little useless slotted sections, such as it is used for the part of debugger information in the instruction write.Taken out using predeterminated position as first As tree ending exemplified by, pending instruction is arranged on ending in the first abstract syntax tree in step S204.
Step S205, the operand using the corresponding physical address of predeterminated position as the control transfer instruction being converted to, Obtain hiding the second abstract syntax tree after processing.
After the predetermined position that at least one pending instruction is arranged in the first abstract syntax tree, it is also necessary to really Surely the operand for the control transfer instruction being converted to, so as to obtain hiding the second abstract syntax tree after processing.Assuming that it will treat Process instruction 1 is converted to nop1 instructions, nop2 instructions and call1 instructions, and pending instruction 1 is arranged on the first abstract language At position 1 in method tree, then the operand for instructing 1 corresponding physical address of position as call1.Similarly, for by one The pending instruction of group is converted to multiple control transfer instructions and the situation of multiple filling instructions, using above-mentioned the same manner by this group The corresponding physical address for setting position of the pending instruction of each in pending instruction is as corresponding with the pending instruction The control transfer instruction being converted to operand.Illustrated by taking the example lifted in step S203 as an example, will wait to locate The operand that the physical address of the corresponding setting position of reason instruction 1 is instructed as call1, by 2 corresponding settings of pending instruction The operand that the physical address of position is instructed as call2, using it is pending instruction 3 it is corresponding set positions physical address as The operand of call3 instructions.
Step S206, determines the physical address of at least one pending instruction, and by the thing of at least one pending instruction Address is managed as target virtual address.
After the predetermined position that at least one pending instruction is arranged in the first abstract syntax tree, it is also necessary to really The physical address of fixed at least one pending instruction, and using the physical address of at least one pending instruction as target virtual earth Location.
Step S207, the loaded targets virtual address in the corresponding header file of the second abstract syntax tree, after obtaining repair process The 3rd abstract syntax tree.
After target virtual address is determined, the loaded targets virtual address in the corresponding header file of the second abstract syntax tree, It is achieved thereby that the reparation to the corresponding header file of the second abstract syntax tree, so as to the target virtual address loaded according to header file Pending instruction is quickly found, so that after treating process instruction and being hidden processing, does not influence user to application program Normal use.
Step S208, preserves the running environment of at least one pending instruction in the 3rd abstract syntax tree, is preserved The 3rd abstract syntax tree after environment.
In order to increase decompiling difficulty, after step S207, at least one in the 3rd abstract syntax tree can also be treated Process instruction carries out obscuring processing.In order to which the running environment for enabling to obscure before and after the processing is consistent, to the 3rd abstract language At least one pending instruction in method tree obscure before processing, it is necessary to preserve at least one in the 3rd abstract syntax tree The running environment of pending instruction.Specifically, it may be determined that where at least one pending instruction in the 3rd abstract syntax tree Register, then the variate-value in save register, sets for example, the variate-value in register can be saved in the calculating such as computer In standby memory.
Step S209, instruction pending at least one in the 3rd abstract syntax tree are carried out obscuring processing, obscured The 3rd abstract syntax tree after processing.
Specifically, it pending to each at least one pending instruction in the 3rd abstract syntax tree can instruct and add Add and obscure instruction, to change the variate-value in corresponding with pending instruction variate-value and/or register, obtain after obscuring processing The 3rd abstract syntax tree.
In one embodiment, it is pending to each at least one pending instruction in the 3rd abstract syntax tree Instruction is obscured in instruction addition, due to obscuring the addition of instruction so that corresponding with pending instruction in same instruction processing logic Variate-value change, so as to play the role of obscuring, to confuse program code breaker.For example, instruction 1 and instruction 2 are located In same instruction processing logic, wherein, instruction 1 is pending instruction, then in this embodiment it is possible to first preserve instruction 1 Running environment, and which register is determine instruction 1 use, and preserves and includes at least in register used in instruction 1 Variate-value, in the case of variate-value in having preserved above-mentioned register, obscures instruction to the variable addition in actual registers, After instruction is obscured in addition, recover the running environment of instruction 1, even if above-mentioned obscuring instruction to obscure program so as to ensure to the addition of After code breaker, any change does not occur yet for the variate-value in instruction 2, so as to play the role of obscuring.Wherein, in the present invention In, instruction processing logic will be known as into realized logic by a plurality of instructing combination with default incidence relation.Specifically, Obscure the instruction that instruction can be pair corresponding with pending instruction variate-value progress calculation process, above-mentioned calculation process include but It is not limited to:Arithmetical operation (such as plus, subtract, multiplication and division etc.), shift operation and XOR operation etc..
In another embodiment, treated for each at least one pending instruction in the 3rd abstract syntax tree Process instruction, obscures instruction for the pending instruction addition.Can be to other in addition to register corresponding to pending instruction Register carries out corresponding environment and preserves processing and environment restoration processing, after environment preservation processing is carried out, to except pending Outside register corresponding to instruction other registers addition obscures instruction, with change remove register corresponding to pending instruction it Variate-value in other outer registers.Such as:Instruction 1 and instruction 2 are in same instruction processing logic, wherein, instruction 1 For pending instruction, then in this embodiment it is possible to the running environment of instruction 1 is first preserved, and which determine instruction 1 uses A register, preserves the variate-value included at least in register used in instruction 1, the variate-value in above-mentioned register has been preserved In the case of, the variate-value in other registers in addition to instruction 1 corresponds to register is preserved, and to the change in other registers Instruction is obscured in amount addition, after instruction is obscured in addition, recovers the change in other registers in addition to instruction 1 corresponds to register Value, and recover the running environment of instruction 1, even if so that ensure to the addition of it is above-mentioned obscure instruction obscure program code breaker it Afterwards, any change does not occur yet for the variate-value in instruction 2, so as to play the role of obscuring.Specifically, obscuring instruction can be The instruction of calculation process is carried out to the variate-value in other registers, above-mentioned calculation process includes but not limited to:Arithmetical operation (example Such as add, subtract, multiplication and division), shift operation and XOR operation etc..
To each it is pending instruction all carry out it is above-mentioned obscure processing after, according to obscure processing after pending instruction Obtain obscuring the 3rd abstract syntax tree after processing.
In addition, in order to increase decompiling difficulty, after step S209, this method may also include:For the 3rd abstract language The pending instruction of each at least one pending instruction in method tree, generation and the corresponding private key of pending instruction with And the encrypted code with private key maps mutually;Using private key and encrypted code, treat process instruction and be encrypted, obtain and treat Process instruction it is corresponding instruction encrypted cipher text the step of.
Specifically, for each at least one pending instruction it is pending instruction all generate corresponding private key and With the encrypted code of private key maps mutually.Wherein, the private key generated can be the encryption keys such as random number, those skilled in the art Private key can be configured according to being actually needed, do not limited herein.Alternatively, for different pending instructions, generated Private key and encrypted code can be different so that contribute to increase decompiling difficulty.For example, for pending instruction 1, it is raw Into be respectively private key 1 and encrypted code with 1 corresponding private key of pending instruction and with the encrypted code of private key maps mutually 1;For pending instruction 2, the encrypted code point with 2 corresponding private keys of pending instruction and with private key maps mutually of generation Not Wei private key 2 and encrypted code 2, wherein, private key 1 is different from private key 2, and encrypted code 1 is also different from encrypted code 2.
Corresponding private key and encryption generation are all utilized for the pending instruction of each at least one pending instruction Code, is encrypted the pending instruction, so as to obtain and the pending corresponding instruction encrypted cipher text of instruction.Specifically Ground, private key can be inputted to in the encrypted code of private key maps mutually, then treating process instruction again and is encrypted, obtain With the pending corresponding instruction encrypted cipher text of instruction.In the present invention, by private key by after pending instruction and encryption Instruction encrypted cipher text it is corresponding.For example, the private key and encrypted code that are generated for pending instruction 1 are distinguished private key 1 and are added Close code 1, the private key generated for pending instruction 2 and encrypted code difference private key 2 and encrypted code 2, then utilize private Key 1 and encrypted code 1, treat process instruction 1 and are encrypted, and obtain close with the corresponding instruction encryption of pending instruction 1 Text 1;Using private key 2 and encrypted code 2, treat process instruction 2 and be encrypted, obtain corresponding with pending instruction 2 Instruct encrypted cipher text 2.
Further, after above-mentioned encryption is carried out, application program can be successfully run for the ease of user, can pin To the pending instruction of each at least one pending instruction, generate public key corresponding with private key and set each other off with public key The decrypted code penetrated, wherein, public key and decrypted code are used to instruction encrypted cipher text be decrypted, in this case, , can there are multiple public keys and decrypted code since the pending instruction of each all has corresponding public key and decrypted code The speed of service of application program can be had some impact on, but just because of there are multiple public keys and decrypted code, it is necessary to Multiple decryption processing is carried out, therefore effectively increases decompiling difficulty.
In a kind of optional embodiment, public key and decrypted code can also be according to all private key and encrypted code Generation, in this case, only need a decrypted code.
Specifically, obtained code after being handled using public key decrypted code, carries out instruction encrypted cipher text Decryption processing obtains the instruction of plaintext version, thereby may be ensured that user can successfully run application program, does not influence user Normal use application program.
Step S210, recovers the running environment of at least one pending instruction in the 3rd abstract syntax tree, is restored The 3rd abstract syntax tree after environment.
In order to which the running environment for enabling to obscure before and after the processing is consistent, can successfully be run using journey easy to user Sequence, in step S210, can recover the register where at least one pending instruction, so that the variate-value in register can By using, be changed, it is achieved thereby that to the extensive of the running environment of at least one pending instruction in the 3rd abstract syntax tree It is multiple.
Step S211, generation and the 3rd corresponding program file of abstract syntax tree.
Specifically, processing can be compiled to the 3rd abstract syntax tree after recovery environment, is abstracted so as to generate with the 3rd The corresponding program file of syntax tree.Since the program file is according to hiding, obscure, the 3rd abstract syntax after encryption Tree generation, therefore the program file cracks difficulty with higher, when other people carry out decompiling processing to the program file, Need repeatedly identification to hide processing and obscure processing and carry out multiple decryption processing, substantially increase decompiling difficulty, have The safety of program file is ensured to effect.
Step S212, the execution logic pair with the control transfer instruction in the 3rd corresponding program file of abstract syntax tree Carry out repair process.
Since with the 3rd corresponding program file of abstract syntax tree, compared with original program file, content is changed (such as code length changes), causes and the control transfer instruction in the 3rd corresponding program file of abstract syntax tree Logic is performed to be changed, wherein, control transfer instruction includes but not limited to:Jcc instruction, jmp instruction, ret instruction and Call instructions etc., therefore, it is necessary to the execution pair with the control transfer instruction in the 3rd corresponding program file of abstract syntax tree Logic carries out repair process.
Specifically, detection in the 3rd corresponding program file of abstract syntax tree with whether there is control transfer instruction.If Detection is obtained with control transfer instruction is not present in the 3rd corresponding program file of abstract syntax tree, then can not be to performing logic Carry out repair process.If detection obtain with the 3rd corresponding program file of abstract syntax tree there are control transfer instruction, Pair analyzed with the control transfer instruction in the 3rd corresponding program file of abstract syntax tree, obtain control transfer instruction Address itself and with corresponding jump address of control transfer instruction itself, and jump address itself is determined to shift in order to control and is referred to Target virtual address is made, then calculates the offset between control transfer instruction target virtual address and address of control transfer instruction itself Amount, wherein, the difference which can in order to control between transfer instruction target virtual address and address of control transfer instruction itself, Then the operand using offset as control transfer instruction, so as to complete the reparation of the execution logic to control transfer instruction Processing.
To be as jmp instructions with the control transfer instruction in the presence of the 3rd corresponding program file of abstract syntax tree Example, it is assumed that by being 10 to itself address of the jmp instruction analysis, jmp instructions, jmp instructions redirect ground in itself Location is 30, i.e., its control transfer instruction target virtual address be 30, then the jmp instruction control transfer instruction target virtual address and Offset between address of control transfer instruction itself is 20, therefore the operand that 20 are instructed as the jmp, so as to complete Repair process to the executions logic of jmp instructions so that the jmp is instructed and can jumped according to original execution logic Turn.
Alternatively, the present invention is when treating process instruction and carrying out obscuring processing, can also in the 3rd abstract syntax tree extremely The pending instruction addition control transfer instruction of each in a few pending instruction.Pass through added control transfer to refer to Order, plays the role of obscuring.Specifically, can be that one or more control transfer instruction is added in pending instruction, wherein, added Control transfer instruction can be jmp instructions, call instructions etc., those skilled in the art can be according to being actually needed to being added Control transfer instruction is configured, and is not limited herein.In one embodiment, by being shifted for pending instruction addition control Instruction, may be such that and redirected in same instruction processing logic;In another embodiment, by being added for pending instruction Control transfer instruction, may be such that and redirected in different instruction handles logic, so as to play the role of obscuring, increase decompiling Difficulty.
Document protection method provided in an embodiment of the present invention, can generate corresponding with instruction to be protected in original program file Abstract syntax tree, and to the pending instruction in abstract syntax tree be hidden processing and obscure processing, alternatively, can also be right Pending instruction is encrypted, therefore when other people carry out decompiling processing to the program file after processing, it is necessary to repeatedly Identification hides processing and obscures processing and carry out multiple decryption processing, substantially increases decompiling difficulty, effectively prevents Instruction in program file is maliciously obtained by other people, has ensured the safety of program file;In addition, after the technical solution is also to processing Program file in the execution logic of control transfer instruction carry out repair process, be effectively guaranteed control before and after the processing and turn The execution logic for moving instruction is constant.
Fig. 3 shows the structure diagram of file protection device embodiment one provided by the invention, as shown in figure 3, the device Including:First generation module 310, first processing module 320,330 and second generation module 340 of header file repair module.
First generation module 310 is used for:Generation and corresponding first abstract syntax of instruction to be protected in original program file Tree.
First processing module 320 is used for:Instruction pending at least one in the first abstract syntax tree is hidden place Reason, obtains hiding the second abstract syntax tree after processing.
Header file repair module 330 is used for:Repair process is carried out to the corresponding header file of the second abstract syntax tree, is repaiied The 3rd abstract syntax tree after multiple processing.
Second generation module 340 is used for:Generation and the 3rd corresponding program file of abstract syntax tree.
According to file protection device provided in this embodiment, the generation of the first generation module and finger to be protected in original program file Make corresponding first abstract syntax tree, first processing module is pending at least one in the first abstract syntax tree instruct into Row hides processing, obtains hiding the second abstract syntax tree after processing, header file repair module corresponds to the second abstract syntax tree Header file carry out repair process, obtain the 3rd abstract syntax tree after repair process, the generation of the second generation module is taken out with the 3rd As the corresponding program file of syntax tree.Technical solution provided by the invention can generate and instruction to be protected in original program file Corresponding abstract syntax tree, and processing is hidden to the pending instruction in abstract syntax tree, the program after being handled File, adds decompiling difficulty, effectively prevents the instruction in program file from maliciously being obtained by other people, has ensured program file Safety.
Fig. 4 shows the structure diagram of file protection device embodiment two provided by the invention, as shown in figure 4, the device Including:First generation module 410, determining module 420, first processing module 430, header file repair module 440, environment preserve mould Block 450, Second processing module 460, environment restoration module 470, the second generation module 480 and logic repair module 490.
First generation module 410 is used for:Decompiling processing is carried out to the instruction to be protected in original program file, it is counter to be compiled Translate result;According to decompiling as a result, generation and corresponding first abstract syntax tree of instruction to be protected.
Determining module 420 is used for:Determine to obtain at least one pending instruction from the first abstract syntax tree.
First processing module 430 is used for:At least one pending instruction is converted to the control transfer instruction of preset number Instructed with filling;The predetermined position at least one pending instruction being arranged in the first abstract syntax tree, obtains at setting The first abstract syntax tree after reason;Operation using the corresponding physical address of predeterminated position as the control transfer instruction being converted to Number, obtains hiding the second abstract syntax tree after processing.Wherein, control transfer instruction can be that call is instructed.
Header file repair module 440 is used for:Determine the physical address of at least one pending instruction, and at least one is treated The physical address of process instruction is as target virtual address;The loaded targets virtual earth in the corresponding header file of the second abstract syntax tree Location, obtains the 3rd abstract syntax tree after repair process.
Environment preserving module 450 is used for:Preserve the operation ring of at least one pending instruction in the 3rd abstract syntax tree Border, obtains the 3rd abstract syntax tree after Conservation environment.Specifically, environment preserving module 450 determines at least one pending finger Register where making;Variate-value in save register, obtains the second abstract syntax tree after Conservation environment.
Second processing module 460 is used for:Instruction pending at least one in the 3rd abstract syntax tree carries out obscuring place Reason, obtains obscuring the 3rd abstract syntax tree after processing.
Alternatively, Second processing module 460 is used for:To at least one pending instruction in the 3rd abstract syntax tree Instruction is obscured in the pending instruction addition of each, to change the change in corresponding with pending instruction variate-value and/or register Value;And/or to the pending instruction addition control of each at least one pending instruction in the 3rd abstract syntax tree Transfer instruction.
In order to increase decompiling difficulty, Second processing module 460 is further adapted for:For in the 3rd abstract syntax tree extremely The pending instruction of each in a few pending instruction, generation with it is pending instruct corresponding private key and with private key phase The encrypted code of mapping;Using private key and encrypted code, treat process instruction and be encrypted, obtain and pending instruction phase Corresponding instruction encrypted cipher text.
After above-mentioned encryption is carried out, application program, Second processing module can be successfully run for the ease of user 460 are further used for:Generation and the corresponding public key of private key and the decrypted code with public key maps mutually, wherein, public key is conciliate Close code is used to instruction encrypted cipher text be decrypted.
Environment restoration module 470 is used for:Recover the operation ring of at least one pending instruction in the 3rd abstract syntax tree Border, the 3rd abstract syntax tree after the environment that is restored.
Second generation module 480 is used for:Generation and the 3rd corresponding program file of abstract syntax tree.
Logic repair module 490 is used for:Pair with the 3rd corresponding program file of abstract syntax tree control transfer refer to The execution logic of order carries out repair process.
Specifically, logic repair module 490 is further used for:Detection and the 3rd corresponding program file of abstract syntax tree In whether there is control transfer instruction;If so, then pair shifted with the control in the 3rd corresponding program file of abstract syntax tree Instruction analyzed, obtain control transfer instruction address itself and with corresponding jump address of control transfer instruction itself, And jump address itself is determined as control transfer instruction target virtual address;Calculate control transfer instruction target virtual address and control Offset between address of transfer instruction itself;Operand using offset as control transfer instruction.
The file protection device provided according to embodiments of the present invention, can generate and instruction phase to be protected in original program file Corresponding abstract syntax tree, and processing is hidden to the pending instruction in abstract syntax tree and obscures processing, alternatively, also Process instruction can be treated to be encrypted, thus when other people to after processing program file carry out decompiling processing when, it is necessary to Repeatedly identification hides processing and obscures processing and carry out multiple decryption processing, substantially increases decompiling difficulty, effectively Prevent the instruction in program file from maliciously being obtained by other people, ensure the safety of program file;In addition, the technical solution is also to place The execution logic of the control transfer instruction in program file after reason carries out repair process, is effectively guaranteed control before and after the processing The execution logic of transfer instruction processed is constant.
Present invention also offers a kind of nonvolatile computer storage media, computer-readable storage medium is stored with least one can Execute instruction, the executable instruction can perform the document protection method in above-mentioned any means embodiment.
Fig. 5 shows the structure diagram of computing device embodiment provided by the invention, and the specific embodiment of the invention is not Specific implementation to computing device limits.
As shown in figure 5, the computing device can include:Processor (processor) 502, communication interface (Communications Interface) 504, memory (memory) 506 and communication bus 508.
Wherein:
Processor 502, communication interface 504 and memory 506 complete mutual communication by communication bus 508.
Communication interface 504, for communicating with the network element of miscellaneous equipment such as client or other servers etc..
Processor 502, for executive program 510, can specifically perform the correlation in above-mentioned document protection method embodiment Step.
Specifically, program 510 can include program code, which includes computer-managed instruction.
Processor 502 is probably central processor CPU, or specific integrated circuit ASIC (Application Specific Integrated Circuit), or be arranged to implement the embodiment of the present invention one or more integrate electricity Road.The one or more processors that computing device includes, can be same type of processors, such as one or more CPU;Also may be used To be different types of processor, such as one or more CPU and one or more ASIC.
Memory 506, for storing program 510.Memory 506 may include high-speed RAM memory, it is also possible to further include Nonvolatile memory (non-volatile memory), for example, at least a magnetic disk storage.
Program 510 specifically can be used for so that processor 502 performs the file protection side in above-mentioned any means embodiment Method.The specific implementation of each step may refer to right in corresponding steps and the unit in above-mentioned file the protection implement example in program 510 The description answered, this will not be repeated here.It is apparent to those skilled in the art that for convenience and simplicity of description, on The equipment of description and the specific work process of module are stated, may be referred to the corresponding process description in preceding method embodiment, herein Repeat no more.
Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein. Various general-purpose systems can also be used together with teaching based on this.As described above, required by constructing this kind of system Structure be obvious.In addition, the present invention is not also directed to any certain programmed language.It should be understood that it can utilize various Programming language realizes the content of invention described herein, and the description done above to language-specific is to disclose this hair Bright preferred forms.
In the specification that this place provides, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the present invention Example can be put into practice in the case of these no details.In some instances, known method, structure is not been shown in detail And technology, so as not to obscure the understanding of this description.
Similarly, it will be appreciated that in order to simplify the disclosure and help to understand one or more of each inventive aspect, Above in the description to the exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:I.e. required guarantor The application claims of shield features more more than the feature being expressly recited in each claim.It is more precisely, such as following Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore, Thus the claims for following embodiment are expressly incorporated in the embodiment, wherein each claim is in itself Separate embodiments all as the present invention.
Those skilled in the art, which are appreciated that, to carry out adaptively the module in the equipment in embodiment Change and they are arranged in one or more equipment different from the embodiment.Can be the module or list in embodiment Member or component be combined into a module or unit or component, and can be divided into addition multiple submodule or subelement or Sub-component.In addition at least some in such feature and/or process or unit exclude each other, it can use any Combination is disclosed to all features disclosed in this specification (including adjoint claim, summary and attached drawing) and so to appoint Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (including adjoint power Profit requires, summary and attached drawing) disclosed in each feature can be by providing the alternative features of identical, equivalent or similar purpose come generation Replace.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments In included some features rather than further feature, but the combination of the feature of different embodiments means in of the invention Within the scope of and form different embodiments.For example, in the following claims, embodiment claimed is appointed One of meaning mode can use in any combination.
It should be noted that the present invention will be described rather than limits the invention for above-described embodiment, and ability Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims, Any reference symbol between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not Element or step listed in the claims.Word "a" or "an" before element does not exclude the presence of multiple such Element.The present invention can be by means of including the hardware of some different elements and being come by means of properly programmed computer real It is existing.In if the unit claim of equipment for drying is listed, several in these devices can be by same hardware branch To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame Claim.
The invention discloses:A1. a kind of document protection method, it is characterised in that including:
Generation and corresponding first abstract syntax tree of instruction to be protected in original program file;
Instruction pending at least one in first abstract syntax tree is hidden processing, obtains after hiding processing The second abstract syntax tree;
Repair process is carried out to the corresponding header file of second abstract syntax tree, the after repair process the 3rd is obtained and is abstracted Syntax tree;
Generation and the corresponding program file of the 3rd abstract syntax tree.
A2. the document protection method according to A1, it is characterised in that the generation and finger to be protected in original program file Corresponding first abstract syntax tree is made to further comprise:
Decompiling processing is carried out to the instruction to be protected in the original program file, obtains decompiling result;
According to the decompiling as a result, generation and corresponding first abstract syntax tree of instruction to be protected.
A3. the document protection method according to A1, it is characterised in that it is described in first abstract syntax tree extremely A few pending instruction is hidden processing, and the second abstract syntax tree for obtaining hiding after handling further comprises:
Described at least one pending instruction is converted into the control transfer instruction of preset number and filling instructs;
The predetermined position described at least one pending instruction being arranged in first abstract syntax tree, is set Put the first abstract syntax tree after processing;
Operand using the corresponding physical address of the predeterminated position as the control transfer instruction being converted to, obtains hidden The second abstract syntax tree after the processing of Tibetan.
A4. the document protection method according to A3, it is characterised in that described corresponding to second abstract syntax tree Header file carries out repair process, obtains the 3rd abstract syntax tree after repair process and further comprises:
Determine the physical address of described at least one pending instruction, and by the physics of described at least one pending instruction Address is as target virtual address;
The target virtual address is loaded in the corresponding header file of second abstract syntax tree, after obtaining repair process 3rd abstract syntax tree.
A5. according to A1-A4 any one of them document protection methods, it is characterised in that to second abstract syntax Set corresponding header file and carry out repair process, after obtaining the 3rd abstract syntax tree after repair process, the method further includes:
The running environment of at least one pending instruction in the 3rd abstract syntax tree is preserved, after obtaining Conservation environment The 3rd abstract syntax tree;
Instruction pending at least one in the 3rd abstract syntax tree carries out obscuring processing, obtains after obscuring processing The 3rd abstract syntax tree;
Recover the running environment of at least one pending instruction in the 3rd abstract syntax tree, be restored after environment The 3rd abstract syntax tree.
A6. the document protection method according to A5, it is characterised in that described to preserve in the 3rd abstract syntax tree The running environment of at least one pending instruction further comprises:
Determine the register where at least one pending instruction in the 3rd abstract syntax tree;
Preserve the variate-value in the register.
A7. the document protection method according to A6, it is characterised in that it is described in the 3rd abstract syntax tree extremely A few pending instruction, which carries out obscuring processing, to be further comprised:
Instruction addition pending to each at least one pending instruction in the 3rd abstract syntax tree is mixed Confuse instruction, to change and the variate-value in the corresponding variate-value of the pending instruction and/or the register;And/or
Instruction addition control pending to each at least one pending instruction in the 3rd abstract syntax tree Transfer instruction processed.
A8. the document protection method according to A5, it is characterised in that in the 3rd abstract syntax tree at least One pending instruction carries out obscuring processing, obtains after obscuring the 3rd abstract syntax tree after handling, the method further includes:
For the pending instruction of each at least one pending instruction in the 3rd abstract syntax tree, generation Encrypted code with the corresponding private key of the pending instruction and with the private key maps mutually;Using the private key with it is described Encrypted code, is encrypted the pending instruction, obtains close with the pending corresponding instruction encryption of instruction Text.
A9. the document protection method according to A8, it is characterised in that opposite with the pending instruction in the generation The private key answered and with after the encrypted code of the private key maps mutually, the method further includes:
Generation and the corresponding public key of the private key and the decrypted code with the public key maps mutually, wherein, the public affairs Key and the decrypted code are used to described instruction encrypted cipher text be decrypted.
A10. according to A1-A4 any one of them document protection methods, it is characterised in that abstract with the described 3rd in generation After the corresponding program file of syntax tree, the method is further included:
Pair carried out with the execution logic of the control transfer instruction in the corresponding program file of the 3rd abstract syntax tree Repair process.
A11. the document protection method according to A10, it is characterised in that described pair with the 3rd abstract syntax tree phase The execution logic of control transfer instruction in corresponding program file carries out repair process and further comprises:
Detection in the corresponding program file of the 3rd abstract syntax tree with whether there is control transfer instruction;
If so, then pair divide with the control transfer instruction in the corresponding program file of the 3rd abstract syntax tree Analysis, obtain the control transfer instruction address itself and with corresponding jump address of the control transfer instruction itself, and Itself jump address is determined as control transfer instruction target virtual address;
Calculate the offset between the control transfer instruction target virtual address and address of the control transfer instruction itself Amount;
Operand using the offset as the control transfer instruction.
The invention also discloses:B12. a kind of file protection device, it is characterised in that including:
First generation module, for generating and corresponding first abstract syntax tree of instruction to be protected in original program file;
First processing module, for being hidden place to the pending instruction of at least one in first abstract syntax tree Reason, obtains hiding the second abstract syntax tree after processing;
Header file repair module, for carrying out repair process to the corresponding header file of second abstract syntax tree, obtains The 3rd abstract syntax tree after repair process;
Second generation module, for generating and the corresponding program file of the 3rd abstract syntax tree.
B13. the file protection device according to B12, it is characterised in that first generation module is further used for:
Decompiling processing is carried out to the instruction to be protected in the original program file, obtains decompiling result;
According to the decompiling as a result, generation and corresponding first abstract syntax tree of instruction to be protected.
B14. the file protection device according to B12, it is characterised in that the first processing module is further used for:
Described at least one pending instruction is converted into the control transfer instruction of preset number and filling instructs;
The predetermined position described at least one pending instruction being arranged in first abstract syntax tree, is set Put the first abstract syntax tree after processing;
Operand using the corresponding physical address of the predeterminated position as the control transfer instruction being converted to, obtains hidden The second abstract syntax tree after the processing of Tibetan.
B15. the file protection device according to B14, it is characterised in that the header file repair module is further used In:
Determine the physical address of described at least one pending instruction, and by the physics of described at least one pending instruction Address is as target virtual address;
The target virtual address is loaded in the corresponding header file of second abstract syntax tree, after obtaining repair process 3rd abstract syntax tree.
B16. according to B12-B15 any one of them file protection devices, it is characterised in that described device further includes:
Environment preserving module, for preserving the operation ring of at least one pending instruction in the 3rd abstract syntax tree Border, obtains the 3rd abstract syntax tree after Conservation environment;
Second processing module, for carrying out obscuring place to the pending instruction of at least one in the 3rd abstract syntax tree Reason, obtains obscuring the 3rd abstract syntax tree after processing;
Environment restoration module, for recovering the operation ring of at least one pending instruction in the 3rd abstract syntax tree Border, the 3rd abstract syntax tree after the environment that is restored.
B17. the file protection device according to B16, it is characterised in that the environment preserving module is further used for:
Determine the register where at least one pending instruction in the 3rd abstract syntax tree;
Preserve the variate-value in the register.
B18. the file protection device according to B17, it is characterised in that the Second processing module is further adapted for:
Instruction addition pending to each at least one pending instruction in the 3rd abstract syntax tree is mixed Confuse instruction, to change and the variate-value in the corresponding variate-value of the pending instruction and/or the register;And/or
Instruction addition control pending to each at least one pending instruction in the 3rd abstract syntax tree Transfer instruction processed.
B19. the file protection device according to B16, it is characterised in that the Second processing module is further adapted for:
For the pending instruction of each at least one pending instruction in the 3rd abstract syntax tree, generation Encrypted code with the corresponding private key of the pending instruction and with the private key maps mutually;Using the private key with it is described Encrypted code, is encrypted the pending instruction, obtains close with the pending corresponding instruction encryption of instruction Text.
B20. the file protection device according to B19, it is characterised in that the Second processing module is further used for:
Generation and the corresponding public key of the private key and the decrypted code with the public key maps mutually, wherein, the public affairs Key and the decrypted code are used to described instruction encrypted cipher text be decrypted.
B21. according to B12-B15 any one of them file protection devices, it is characterised in that described device further includes:Patrol Volume repair module, is patrolled for Dui with the execution of the control transfer instruction in the corresponding program file of the 3rd abstract syntax tree Collect and carry out repair process.
B22. the file protection device according to B21, it is characterised in that the logic repair module is further used for:
Detection in the corresponding program file of the 3rd abstract syntax tree with whether there is control transfer instruction;
If so, then pair divide with the control transfer instruction in the corresponding program file of the 3rd abstract syntax tree Analysis, obtain the control transfer instruction address itself and with corresponding jump address of the control transfer instruction itself, and Itself jump address is determined as control transfer instruction target virtual address;
Calculate the offset between the control transfer instruction target virtual address and address of the control transfer instruction itself Amount;
Operand using the offset as the control transfer instruction.
The invention also discloses:C23. a kind of computing device, including:Processor, memory, communication interface and communication are total Line, the processor, the memory and the communication interface complete mutual communication by the communication bus;
The memory is used to store an at least executable instruction, and the executable instruction makes the processor perform such as The corresponding operation of document protection method any one of A1-A11.
The invention also discloses:D24. a kind of computer-readable storage medium, being stored with least one in the storage medium can hold Row instruction, the document protection method that the executable instruction makes the processor perform as any one of A1-A11 are corresponding Operation.

Claims (10)

  1. A kind of 1. document protection method, it is characterised in that including:
    Generation and corresponding first abstract syntax tree of instruction to be protected in original program file;
    Instruction pending at least one in first abstract syntax tree is hidden processing, obtains hiding the after processing Two abstract syntax tree;
    Repair process is carried out to the corresponding header file of second abstract syntax tree, obtains the 3rd abstract syntax after repair process Tree;
    Generation and the corresponding program file of the 3rd abstract syntax tree.
  2. 2. document protection method according to claim 1, it is characterised in that it is described generation with it is to be protected in original program file Corresponding first abstract syntax tree is instructed to further comprise:
    Decompiling processing is carried out to the instruction to be protected in the original program file, obtains decompiling result;
    According to the decompiling as a result, generation and corresponding first abstract syntax tree of instruction to be protected.
  3. 3. document protection method according to claim 1, it is characterised in that described in first abstract syntax tree At least one pending instruction is hidden processing, and the second abstract syntax tree for obtaining hiding after handling further comprises:
    Described at least one pending instruction is converted into the control transfer instruction of preset number and filling instructs;
    The predetermined position described at least one pending instruction being arranged in first abstract syntax tree, obtains at setting The first abstract syntax tree after reason;
    Using the corresponding physical address of the predeterminated position as the operand for the control transfer instruction being converted to, covert is obtained The second abstract syntax tree after reason.
  4. 4. document protection method according to claim 3, it is characterised in that described to be corresponded to second abstract syntax tree Header file carry out repair process, obtain the 3rd abstract syntax tree after repair process and further comprise:
    Determine the physical address of described at least one pending instruction, and by the physical address of described at least one pending instruction As target virtual address;
    The target virtual address is loaded in the corresponding header file of second abstract syntax tree, obtains the 3rd after repair process Abstract syntax tree.
  5. 5. according to claim 1-4 any one of them document protection methods, it is characterised in that to second abstract syntax Set corresponding header file and carry out repair process, after obtaining the 3rd abstract syntax tree after repair process, the method further includes:
    The running environment of at least one pending instruction in the 3rd abstract syntax tree is preserved, obtains after Conservation environment Three abstract syntax tree;
    Instruction pending at least one in the 3rd abstract syntax tree carries out obscuring processing, obtains obscuring the after processing Three abstract syntax tree;
    Recover the running environment of at least one pending instruction in the 3rd abstract syntax tree, after the environment that is restored Three abstract syntax tree.
  6. 6. document protection method according to claim 5, it is characterised in that described to preserve in the 3rd abstract syntax tree The running environment of at least one pending instruction further comprise:
    Determine the register where at least one pending instruction in the 3rd abstract syntax tree;
    Preserve the variate-value in the register.
  7. 7. document protection method according to claim 6, it is characterised in that described in the 3rd abstract syntax tree At least one pending instruction, which carries out obscuring processing, to be further comprised:
    Finger is obscured in instruction addition pending to each at least one pending instruction in the 3rd abstract syntax tree Order, to change and the variate-value in the corresponding variate-value of the pending instruction and/or the register;And/or
    Instruction addition control pending to each at least one pending instruction in the 3rd abstract syntax tree turns Move instruction.
  8. A kind of 8. file protection device, it is characterised in that including:
    First generation module, for generating and corresponding first abstract syntax tree of instruction to be protected in original program file;
    First processing module, for being hidden processing to the pending instruction of at least one in first abstract syntax tree, Obtain hiding the second abstract syntax tree after processing;
    Header file repair module, for carrying out repair process to the corresponding header file of second abstract syntax tree, is repaired The 3rd abstract syntax tree after processing;
    Second generation module, for generating and the corresponding program file of the 3rd abstract syntax tree.
  9. 9. a kind of computing device, including:Processor, memory, communication interface and communication bus, the processor, the storage Device and the communication interface complete mutual communication by the communication bus;
    The memory is used to store an at least executable instruction, and the executable instruction makes the processor perform right such as will Ask the corresponding operation of the document protection method any one of 1-7.
  10. 10. a kind of computer-readable storage medium, an at least executable instruction, the executable instruction are stored with the storage medium The processor is set to perform the corresponding operation of document protection method as any one of claim 1-7.
CN201711455906.2A 2017-12-28 2017-12-28 File protection method and device, computing equipment and computer storage medium Active CN108021790B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711455906.2A CN108021790B (en) 2017-12-28 2017-12-28 File protection method and device, computing equipment and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711455906.2A CN108021790B (en) 2017-12-28 2017-12-28 File protection method and device, computing equipment and computer storage medium

Publications (2)

Publication Number Publication Date
CN108021790A true CN108021790A (en) 2018-05-11
CN108021790B CN108021790B (en) 2020-09-08

Family

ID=62072163

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711455906.2A Active CN108021790B (en) 2017-12-28 2017-12-28 File protection method and device, computing equipment and computer storage medium

Country Status (1)

Country Link
CN (1) CN108021790B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109660542A (en) * 2018-12-25 2019-04-19 百度在线网络技术(北京)有限公司 Data processing method, device and terminal
CN110673852A (en) * 2019-09-20 2020-01-10 北京智游网安科技有限公司 Method, system and equipment for realizing control flow flatness based on compiler front end

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103699820A (en) * 2013-12-25 2014-04-02 北京深思数盾科技有限公司 Obfuscating method for relative jump instruction
US9241004B1 (en) * 2014-03-11 2016-01-19 Trend Micro Incorporated Alteration of web documents for protection against web-injection attacks
CN106096338A (en) * 2016-06-07 2016-11-09 西北大学 A kind of have the virtualization software guard method that data stream is obscured
CN106650340A (en) * 2016-11-16 2017-05-10 中国人民解放军国防科学技术大学 Binary software protection method by means of dynamic fine-grained code hiding and obfuscating technology

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103699820A (en) * 2013-12-25 2014-04-02 北京深思数盾科技有限公司 Obfuscating method for relative jump instruction
US9241004B1 (en) * 2014-03-11 2016-01-19 Trend Micro Incorporated Alteration of web documents for protection against web-injection attacks
CN106096338A (en) * 2016-06-07 2016-11-09 西北大学 A kind of have the virtualization software guard method that data stream is obscured
CN106650340A (en) * 2016-11-16 2017-05-10 中国人民解放军国防科学技术大学 Binary software protection method by means of dynamic fine-grained code hiding and obfuscating technology

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109660542A (en) * 2018-12-25 2019-04-19 百度在线网络技术(北京)有限公司 Data processing method, device and terminal
CN110673852A (en) * 2019-09-20 2020-01-10 北京智游网安科技有限公司 Method, system and equipment for realizing control flow flatness based on compiler front end
CN110673852B (en) * 2019-09-20 2023-06-23 北京智游网安科技有限公司 Method, system and equipment for realizing control flow flattening based on front end of compiler

Also Published As

Publication number Publication date
CN108021790B (en) 2020-09-08

Similar Documents

Publication Publication Date Title
Yu et al. Data oblivious ISA extensions for side channel-resistant and high performance computing
CN107346401B (en) Information security system for securely executing program
CN108345773A (en) Code protection method and device, electronic equipment, storage medium based on virtual machine
US8689201B2 (en) Automated diversity using return oriented programming
Andrysco et al. Towards verified, constant-time floating point operations
US10417412B2 (en) Protecting computer code against ROP attacks
CN108182358A (en) Document protection method, device, computing device and computer storage media
Angelini et al. Ropmate: Visually assisting the creation of rop-based exploits
CN108021790A (en) Document protection method, device, computing device and computer-readable storage medium
Pappas et al. Practical software diversification using in-place code randomization
Joshi et al. Impact of software obfuscation on susceptibility to return-oriented programming attacks
CN107506623A (en) Reinforcement means and device, computing device, the computer-readable storage medium of application program
Wang et al. Tdvmp: Improved virtual machine-based software protection with time diversity
Joshi et al. Trading Off a Vulnerability: Does Software Obfuscation Increase the Risk of ROP Attacks.
EP2674892A1 (en) A method, a device and a computer program support for execution of encrypted computer code
Yujia et al. A new compile-time obfuscation scheme for software protection
JP2009104589A (en) Information processor and its method, program, and recording medium
CN106921482B (en) A kind of method and system based on ARM instruction construction data encrypting and deciphering algorithm
CN108052806A (en) Document protection method, device, computing device and computer storage media
RU2715021C2 (en) Hiding program execution
Jang et al. A FPGA-Based scheme for protecting weapon system software technology
Sisejkovic et al. Processor Integrity Protection
Aburas et al. A method dependence relations guided genetic algorithm
EP3387530A2 (en) Secure computing
Ye et al. EvoIsolator: Evolving program slices for hardware isolation based security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20200724

Address after: 4f, building C2, Suzhou 2.5 Industrial Park, 88 Dongchang Road, Suzhou Industrial Park, Jiangsu Province

Applicant after: JIANGSU TONGFUDUN INFORMATION SECURITY TECHNOLOGY Co.,Ltd.

Applicant after: JIANGSU PAY EGIS TECHNOLOGY Co.,Ltd.

Address before: Suzhou City, Jiangsu province 215021 East Road, Suzhou Industrial Park, No. 88 Suzhou 2.5 Industrial Park C2 building room 3F-301

Applicant before: JIANGSU TONGFUDUN INFORMATION SECURITY TECHNOLOGY Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant