CN102004885A - Software protection method - Google Patents
Software protection method Download PDFInfo
- Publication number
- CN102004885A CN102004885A CN2010105322164A CN201010532216A CN102004885A CN 102004885 A CN102004885 A CN 102004885A CN 2010105322164 A CN2010105322164 A CN 2010105322164A CN 201010532216 A CN201010532216 A CN 201010532216A CN 102004885 A CN102004885 A CN 102004885A
- Authority
- CN
- China
- Prior art keywords
- software
- section
- timer
- former
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a software protection method which comprises the following steps of: reserving an original copy of software when the software is started; establishing a relocating information table; starting two random number generators; calculating a time length and position data by using the random number generators; judging whether a timer reaches preset time or not; and if so, disturbing code distribution according to position variation data, copying different sections of the original copy of the software to different positions, and executing the relocating operation.
Description
Technical field
The present invention relates to the software protection field, particularly relate to a kind of method by reduction recovery and code position random variation protection software.
Background technology
Along with the development of infotech, software industry more and more is subject to people's attention, and software industry is occupied very important ratio in computer industry.Generally speaking, in order to succeed in developing a system software or application software, software development manufacturer need drop into huge time and efforts, wherein often needs to employ great amount of manpower and material resources.But huge paying always do not mean huge repayment.After software development was come out, on the one hand the bootlegger can remove the safeguard measure of software easily by debugger, just can unrestrictedly freely use the function of software then.Order on the one hand, in the process of running software, some viruses can be distorted the executable instruction sequence of software, cause software function impaired or hide malicious code, user experience descends.These influence meeting and cause tremendous loss to the software developer, have hit developer's enthusiasm, have finally seriously hindered the sound development of software industry.
In order to combat copyright piracy and to resist virus, a series of Software Protection Technique has successively appearred in industry.Most representative is the authentication techniques of software.The general flow of software authentication is as shown in Figure 1: in software startup, and the authorization message that the authentication module of software can reading software, if soft ware authorization information does not match or do not exist, software will be out of service so.These authorization messages generally send to the user by software vendor, and sequence number is arranged, and digital signature is according to the forms such as authority of user profile generation.
Owing to only carry out authorization identifying in software startup, so in a single day the bootlegger skips this step authentication, the authorization message of software will thoroughly lose efficacy so.In order to overcome this defective, industry has also been invented corresponding solution.Wherein a kind of typical method is exactly the authorization message of quantitative check software in the process of running software, if find that authorization message does not match, so just stops the operation of software.Like this, though the authenticating step software startup the time skipped, software certain the time still can be out of service.Another method is exactly the diverse location insertion authentication function at software.When running to these positions, the authentication function module will be had an effect.Like this, though the authenticating step of software startup position skipped, still can Certificate Authority when running to these authentication function modules in the software running process whether legal.
More than these methods aspect software protection, brought into play very important effect.But these methods have a defective, can not resist the cracker exactly and utilize debugger that software is cracked.
In addition, along with the development of software engineering, virus technology also has very big development.Virus can colonize in software inhouse in the process of running software.Virus can not revised the file of preserving in the disk, so anti-viral software will be got nothing in the process of these executable files of scanning.In the process of running software, if be subjected to the infection of virus, and application software itself does not often possess the ability of the virus removed, so until before the application software termination, virus all can be attached among the application software.
Summary of the invention
Technical matters to be solved by this invention is a kind of method for protecting software, improves the difficulty that the cracker cracks, and the immunocompetence of software antagonism virus infections is provided simultaneously, increases the security performance of software with this, protection software developer's rights and interests.
The technical scheme of technical solution problem of the present invention is:
A kind of method for protecting software may further comprise the steps:
(1) but when executive software starts under WINDOWS, keep the original copy of a software, be used for software running process undermined recovery;
(2) set up a relocation information table, this relocation information table record former software reset the information of bit table, and, write down the instruction jump information between the different sections according to section division; Instruction jump information data item comprises sSection, dSection, sbase and dbase; Wherein sSection is former sector number, and dSection is the target area segment number, and sbase is the raw address of destination address section of the need reorientation of program, and dbase is the destination address of the need reorientation of program; This instruction jump information is added in the relocation information table; This relocation information table record former software reset the information of bit table and the code relocation information after upsetting;
(3) start tandom number generator A; Utilize tandom number generator A to calculate a time span Tlen; Start tandom number generator B, utilize tandom number generator B to calculate one group of position data positionData, positionData is (1,2,3 ..., data n) are arranged, n is the number of position in the position data, and this group position data is exactly the new location information of depositing after programmed instruction is upset;
(4) start a timer Timer, the timing length of this timer is described Tlen; Timer Timer is implemented in the upset of carrying out a programmed instruction at random a period of time Tlen;
(5) as timer Timer arrival schedule time length T len, timer Timer triggers a timed events; When timed events takes place, enter step (6);
(6) the position data positionData that produces according to step (3) copies to the position that described positionData writes down to the different sections of software original copy;
(7) the relocation information table that obtains according to step (2) is carried out the reorientation operation, transfer address as the compiler compiling is address, the plot of exehead is fbase, the plot of program actual loaded is mbase, and then the final address value of reorientation correction is address+mbase-fbase+dbase-sbase; The instruction pointer register of directed this software process; Return step (3).
Described step (1) but the original copy that keeps a software is by search WINDOWS executive software leader will " MZ " down, determine the start address of this software, read and file size, use the memcpy function to keep the original copy of a this software.
The production method of Tlen in the described step (3): tandom number generator A produces random number randomNum, selects a number m, then Tlen=random%m m=10 according to the application scenario
One group of position data positionDat in the described step (3) is (2,1,4,3,5,8,7,6).
Described step (6) if in the position distribution of the different sections of source code be (1,2,3,4), the information of positionData is (2,1,4,3), so just section 2 is copied to the position of former section 1, section 1 is copied to the position of former section 2, section 3 is copied to the position of former section 4, section 4 is copied to the position of former section 3.
The present invention compares with existing Software Protection Technique, has following advantage:
1. improved the difficulty that the bootlegger cracks from dynamic angle.Existing Software Protection Technique is based on the authorization message authentication of software, and these methods just provide from the cryptography aspect and crack difficulty, and do not consider protection software from software executable instruction aspect.And the most powerful means that in fact cracker had are the technology that crack of executable instruction aspect.The present invention is from the executable instruction aspect, and stochastic and dynamic changes the distribution of software code, makes that the position of code is unpredictable, has improved the difficulty that software cracks, and has reached the purpose of software protection;
2. the immunocompetence of software self-regeneration is provided.Software can duplicate covering to current code in one period at random in the process of operation, content after the covering is the source code of certain section of software, so even the current code person of being cracked revises, perhaps be subjected to virus infections, also can return to initial health status, thereby make software crack inefficacy, virus infections is invalid.
Description of drawings
Fig. 1 is a kind of method for protecting software process flow diagram of prior art;
Fig. 2 among the present invention is divided into software document different section synoptic diagram;
Fig. 3 is that the redirect of the different sections that write down of the present invention concerns synoptic diagram;
Fig. 4 carries out the relocation process synoptic diagram after the present invention rearranges section;
Fig. 5 increases a code segments treatment scheme synoptic diagram at former software.
Embodiment
The present invention is further illustrated below in conjunction with embodiment, but the scope of protection of present invention is not limited to the scope that embodiment represents:
Embodiment 1: be applied to the counter of existing software and crack
There is a large amount of application software on the internet now.These softwares much all are early just to develop before.Because lack protection consciousness and corresponding safety technique, these softwares are not taked enough safety practices in the process of writing, cause them well not protected.In order to add safeguard measure, can take a kind of like this measure: the source code of writing or revise and recompilate these softwares again.But because the developer, various reasons such as equipment and fund, the cost of doing like this are very huge, and therefore this scheme feasibility is not high.But on the other hand; because the protection of software relates to software developer's interests, if a software can be pirate easily, software developer's interests will be impaired so; will hit the enthusiasm of software development like this, get off for a long time and can cause serious harm software industry.
Better method for protecting software is: add safeguard measure on the basis of existing software, and need not to obtain and revise the source code of software.The present invention is applied in the existing software, can increase the software protection function, improves the difficulty that software cracks, thereby prevents that software from cracking, protection software developer's interests.
As Fig. 1-5, software immunization method of the present invention is applied to may further comprise the steps in the existing software:
(1) as shown in Figure 5, software immunization method of the present invention is written as into executable program, this executable program is defined as the software protection functional module; Increase a section of executable code at former software, the software protection functional module is saved in this section of executable code; Newly-increased for this reason section of executable code is revised in the code entrance of former software;
(2) but when executive software starts under WINDOWS, keep the original copy of a software, be used for software running process undermined recovery;
(3) set up a relocation information table, this relocation information table record former software reset the information of bit table, and, write down the instruction jump information between the different sections according to section division.The form of instruction jump information data item is: (sSection, dSection, sbase, dbase); SSection is former sector number, and dSection is the target area segment number, and sbase is the raw address of destination address section of the need reorientation of program, and dbase is the destination address of the need reorientation of program.These instruction jump information are added in the relocation information table, and this relocation information table has just write down former software and has reset the information of bit table and the relocation information after the code upset.This relocation information table has been manipulated in (8) step reorientation.
(4) start tandom number generator A; Utilize tandom number generator A to calculate a time span Tlen; The production method of Tlen is: A produces random number randomNum, selects a number m according to the application scenario, for example m=10, then Tl en=random%m; Start tandom number generator B, utilize tandom number generator B to calculate one group of position data positionData, positionData is (1,2,3 ... n) a arrangement, for example the secondary data of positionData may be (2,1,4,3,, n), this group position data is exactly the new location information of depositing after programmed instruction is upset;
(5) start a timer Timer, the timing length of this timer is Tlen; Timer can realize timing function, carries out the upset of a programmed instruction in a period of time at random;
(6) as timer Timer arrival schedule time length T len, it will trigger a timed events; When timed events takes place, enter step (7);
(7) the position data positionData that produces according to (4) copies to the different sections of software original copy the position of positionData record; If for example the position distribution of source code is (1,2,3,4), the information of positionData is (2,1,4,3), so just section 2 is copied to the position of former section 1, section 1 is copied to the position of former section 2, section 3 is copied to the position of former section 4, section 4 is copied to the position of former section 3;
(8) the relocation information table that obtains according to (3) is carried out the reorientation operation.The process of reorientation operation is such, if the transfer address of compiler compiling is address, the plot of exehead is fbase, and the plot of program actual loaded is mbase, and then the final address value of reorientation correction is address+mbase-fbase+dbase-sbase; The instruction pointer register of directed this software process; Return step (4).
Embodiment 2: be applied to prevent in the software development reverse-engineering
The present invention is a kind of software immunoprotection method.If use this method in the process of software development, it is littler so not only to implement difficulty, and the protection effect also should be able to be better.
Principle of the present invention is to change at random the distribution of protected code, realizes the protection of software code by the unpredictable scheduling of protected code.Because the code block of being dispatched is can be self-defining, so in the process of software development, just can dispose the shielded secret code of regulation.If the relocation information of these codes is considerably less, the processing in later stage will be very simple so.In addition, the code dispatching algorithm also is can be self-defining, therefore can design complexity dispatching algorithm cleverly to the greatest extent, strengthens protection intensity.At last, use the method among the present invention in software development, the insertion that can omit the defencive function code accomplishes that nature embeds.
The present invention is applied in the software development process, can increase the software protection function, improves the difficulty that software cracks, thereby prevents that software from cracking, protection software developer's interests.In software development, use the step of the method among the present invention:
(1) for the defencive function code an independently section of executable code (optional) is set; The defencive function code places the software code entrance, and software protection function so just plays a role when program begins to carry out; Also can after program run, use a thread execution defencive function code separately;
(2) but when executive software starts under WINDOWS, keep the original copy of a software, be used for software running process undermined recovery;
(3) set up a relocation information table, this relocation information table record former software reset the information of bit table, and, write down the instruction jump information between the different sections according to section division.The form of instruction jump information data item is: (sSection, dSection, sbase, dbase); SSection is former sector number, and dSection is the target area segment number, and sbase is the raw address of destination address section of the need reorientation of program, and dbase is the destination address of the need reorientation of program.These instruction jump information are added in the relocation information table, and this relocation information table has just write down former software and has reset the information of bit table and the relocation information after the code upset.This relocation information table has been manipulated in (8) step reorientation.
(4) start tandom number generator A; Utilize tandom number generator A to calculate a time span Tlen; The production method of Tlen is: A produces random number randomNum, selects a number m, for example m=10, then Tlen=random%m according to the application scenario; Start tandom number generator B, utilize tandom number generator B to calculate one group of position data positionData, positionData is (1,2,3 ... n) a arrangement, for example the secondary data of positionData may be (2,1,4,3,, n), this group position data is exactly the new location information of depositing after programmed instruction is upset;
(5) start a timer Timer, the timing length of this timer is Tlen; Timer can realize timing function, carries out the upset of a programmed instruction in a period of time at random;
(6) as timer Timer arrival schedule time length T len, it will trigger a timed events; When timed events takes place, enter step (7);
(7) the position data positionData that produces according to (4) copies to the different sections of software original copy the position of positionData record; If for example the position distribution of source code is (1,2,3,4), the information of positionData is (2,1,4,3), so just section 2 is copied to the position of former section 1, section 1 is copied to the position of former section 2, section 3 is copied to the position of former section 4, section 4 is copied to the position of former section 3;
(8) the relocation information table that obtains according to (3) is carried out the reorientation operation.The process of reorientation operation is such, if the transfer address of compiler compiling is address, the plot of exehead is fbase, and the plot of program actual loaded is mbase, and then the final address value of reorientation correction is address+mbase-fbase+dbase-sbase; The instruction pointer register of directed this software process; Return step (4).
In the operational process of reality, if program suffers virus to distort or destroy since step (7) duplicate overlapping operation, virus distort or destruction will be invalid, reach the effect of software immunity; If software meets with cracker's debugging analysis, owing to the operation of step (4)~(7), the cracker can't obtain the executable code of stable and consistent, cracks difficulty and strengthens greatly so; If the software person of being cracked stamps hot patch, owing to the overlapping operation of duplicating of step (7), cracking will be invalid, reaches the effect of software immunity.
Claims (5)
1. a method for protecting software is characterized in that, may further comprise the steps:
(1) but when executive software starts under WINDOWS, keep the original copy of a software, be used for software running process undermined recovery;
(2) set up a relocation information table, the former software of this relocation information table record resets the information of bit table, and according to section division, writes down the instruction jump information between the different sections; Instruction jump information data item comprises sSection, dSection, sbase and dbase; Wherein sSection is former sector number, and dSection is the target area segment number, and sbase is the raw address of destination address section of the need reorientation of program, and dbase is the destination address of the need reorientation of program; This instruction jump information is added in the relocation information table; The information and the code that make the former software of relocation information table record reset bit table are upset relocation information afterwards;
(3) start tandom number generator A; Utilize tandom number generator A to calculate a time span Tlen; Start tandom number generator B, utilize tandom number generator B to calculate one group of position data positionData, positionData is (1,2,3 ... n) data are arranged, and n is the number of position in the position data, and this group position data is the new location information of depositing after programmed instruction is upset;
(4) start a timer Timer, the timing length of this timer is described Tlen; Timer Timer is implemented in the upset of carrying out a programmed instruction at random a period of time Tlen;
(5) as timer Timer arrival schedule time length T len, timer Timer triggers a timed events; When timed events takes place, enter step (6);
(6) the position data positionData that produces according to step (3) copies to the position that described positionData writes down to the different sections of software original copy;
(7) the relocation information table that obtains according to step (2) is carried out the reorientation operation, if the transfer address of compiler compiling is address, the plot of exehead is fbase, the plot of program actual loaded is mbase, and then the final address value of reorientation correction is address+mbase-fbase+dbase-sbase; The instruction pointer register of directed this software process; Return step (3).
2. method for protecting software according to claim 1; it is characterized in that; described step (1) but the original copy that keeps a software is by search WINDOWS executive software leader will " MZ " down; determine the start address of this software; read and file size, use the memcpy function to keep the original copy of a this software.
3. software immunization method according to claim 1 is characterized in that, the production method of Tlen in the described step (3): tandom number generator A produces random number randomNum, selects number m, then a Tlen=random%mm=10 according to the application scenario.
4. method for protecting software according to claim 1 is characterized in that, one group of position data positionDat in the described step (3) is (2,1,4,3,5,8,7,6).
5. method for protecting software according to claim 1 is characterized in that, described step (6) if in the position distribution of the different sections of source code be (1; 2,3,4); the information of positionData is (2; 1,4,3); so just section 2 is copied to the position of former section 1; section 1 is copied to the position of former section 2, section 3 is copied to the position of former section 4, section 4 is copied to the position of former section 3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105322164A CN102004885B (en) | 2010-10-30 | 2010-10-30 | Software protection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105322164A CN102004885B (en) | 2010-10-30 | 2010-10-30 | Software protection method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102004885A true CN102004885A (en) | 2011-04-06 |
| CN102004885B CN102004885B (en) | 2013-07-03 |
Family
ID=43812240
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010105322164A Expired - Fee Related CN102004885B (en) | 2010-10-30 | 2010-10-30 | Software protection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102004885B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102799434A (en) * | 2012-07-12 | 2012-11-28 | 北京深思洛克软件技术股份有限公司 | Method for realizing automatic code transplantation by software protection device |
| CN105335670A (en) * | 2015-10-29 | 2016-02-17 | 深圳国微技术有限公司 | Real-time integrity checking method and checking circuit as well as security chip |
| CN108804880A (en) * | 2017-04-28 | 2018-11-13 | 中移(杭州)信息技术有限公司 | A kind of method for producing software and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1987886A (en) * | 2006-12-22 | 2007-06-27 | 北京飞天诚信科技有限公司 | Method and device for realizing software protection in software protector |
| US20080104704A1 (en) * | 2006-10-27 | 2008-05-01 | Ravikumar Mohandas | Security for physically unsecured software elements |
| CN101261664A (en) * | 2008-04-10 | 2008-09-10 | 北京深思洛克数据保护中心 | A method for realizing software protection based on the program code stored in the software protection device |
-
2010
- 2010-10-30 CN CN2010105322164A patent/CN102004885B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080104704A1 (en) * | 2006-10-27 | 2008-05-01 | Ravikumar Mohandas | Security for physically unsecured software elements |
| CN1987886A (en) * | 2006-12-22 | 2007-06-27 | 北京飞天诚信科技有限公司 | Method and device for realizing software protection in software protector |
| CN101261664A (en) * | 2008-04-10 | 2008-09-10 | 北京深思洛克数据保护中心 | A method for realizing software protection based on the program code stored in the software protection device |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102799434A (en) * | 2012-07-12 | 2012-11-28 | 北京深思洛克软件技术股份有限公司 | Method for realizing automatic code transplantation by software protection device |
| CN102799434B (en) * | 2012-07-12 | 2016-02-10 | 北京深思数盾科技有限公司 | A kind of method utilizing software protecting equipment to realize automatic code transplanting |
| CN105335670A (en) * | 2015-10-29 | 2016-02-17 | 深圳国微技术有限公司 | Real-time integrity checking method and checking circuit as well as security chip |
| CN108804880A (en) * | 2017-04-28 | 2018-11-13 | 中移(杭州)信息技术有限公司 | A kind of method for producing software and device |
| CN108804880B (en) * | 2017-04-28 | 2020-07-10 | 中移(杭州)信息技术有限公司 | Software generation method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102004885B (en) | 2013-07-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9064099B2 (en) | Software self-defense systems and methods | |
| CN101908119B (en) | Method and device for processing dynamic link library (DLL) file | |
| KR101961843B1 (en) | Stochastic processing | |
| CN102176224B (en) | Methods and apparatus for dealing with malware | |
| US7779478B2 (en) | System and method for distributed module authentication | |
| CN100342296C (en) | Method for realizing computer software intruder preventing edition based on confidence computation module chip | |
| US20160364707A1 (en) | Potentate: A Cryptography-Obfuscating, Self-Policing, Pervasive Distribution System For Digital Content | |
| CN102576391B (en) | Software license embedded in shell code | |
| CN101872404B (en) | Method for protecting Java software program | |
| CN1969500A (en) | Securing software | |
| US20170068804A1 (en) | Method for Protecting a Computer Program From Being Influenced, and Computer System | |
| CN109284585A (en) | A kind of script encryption method, script decryption operation method and relevant apparatus | |
| Anckaert et al. | Software piracy prevention through diversity | |
| CN102004885B (en) | Software protection method | |
| CN103116715A (en) | API (application programming interface) delay import protection method for executable files of Windows platform | |
| CN102982262B (en) | For the security mechanism of operating system developed | |
| JP2010541086A (en) | Tamper resistant technology | |
| EP1962217B1 (en) | Self-defensive protected software with suspended latent license enforcement | |
| KR20080018683A (en) | Tamper resistant method of executable program and module thereof | |
| US10789338B2 (en) | Software algorithm security | |
| Khan et al. | A Comparative Analysis of Software Protection Schemes. | |
| JP6095839B1 (en) | Security countermeasure program, file tracking method, information processing apparatus, distribution apparatus, and management apparatus | |
| CN106407754B (en) | Method and device for generating random layout program | |
| JP2021118444A (en) | Information processing device, information processing method, and program | |
| Wu et al. | Binary protection using dynamic fine-grained code hiding and obfuscation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130703 Termination date: 20201030 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |