CN102609666A - Protecting method for packing executable program - Google Patents
Protecting method for packing executable program Download PDFInfo
- Publication number
- CN102609666A CN102609666A CN2012100193236A CN201210019323A CN102609666A CN 102609666 A CN102609666 A CN 102609666A CN 2012100193236 A CN2012100193236 A CN 2012100193236A CN 201210019323 A CN201210019323 A CN 201210019323A CN 102609666 A CN102609666 A CN 102609666A
- Authority
- CN
- China
- Prior art keywords
- file
- shell
- executable program
- time
- adds
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a protecting method for packing an executable program, belonging to the technical field of computer software program protection, wherein the method comprises the following steps: firstly, adding a shell target file with fixed patches to the tail part of an executable program file so as to form a target executable program file; modifying a file head correspondingly; processing a first encryption to an executed code section; adding a key equipment drive program module to the tail part of the file which is encrypted at the first time so as to form a new target executable program file which is encrypted at the first time; constructing a shell program; processing a secondary encryption to the new target executable program file of the shell program which is encrypted at the first time; modifying the file head correspondingly; and completing a packing procedure, and storing the current shell program. According to the invention, the problems that packing-protected software is cracked by an attacker easily and distorted illegally in the prior art are effectively solved.
Description
Technical field
The invention belongs to computer software programs resist technology field, be specifically related to executable program is added the method for protecting software of shell.
Background technology
Software protection is very important link in the software development, owing to will add the steps necessary that the layer of protecting shell has almost become protection software will for the software of issue in the face of numerous conversed analysis persons' research after the software development.
Computer software product is a kind of knowledge-intensive specialities, and developing a software product needs lot of manpower and material resources, and cost is very high.Yet, software product duplicate but be suitable easily, this has just caused the spreading unchecked of wind of bootlegging, piracy software.Under these circumstances, the development person of software and dealer are not invaded in order to guard one's interest, and except adopting legal means, also must the operation technique means protect the product of oneself to be inviolable.Software cryptography is a kind of effective protected mode.Therefore, how solving the software cryptography problem is the technical matters that needs to be resolved hurrily in the industry.
Summary of the invention
The purpose of this invention is to provide a kind of executable program and add the shell guard method, solve tradition of the prior art and add software after the shell protection and be easy to that victim cracks and the problem of illegal.
The technical scheme that the present invention takes is:
A kind of executable program adds the shell guard method, may further comprise the steps,
Step 101: the afterbody that the shell file destination of accomplishing fluently patch is added to executable program file forms the target executable program file;
Step 102: the file header of said target executable program file made amendment forms amended target executable program file;
Said modification is included in said file header and adds a section order and describe said shell file destination and the key devices driver module of accomplishing fluently patch, and is modified in thread state order and the preset section that the command entry of said file header finds and orders;
Step 103: travel through said amended target executable program file; Find the run time version section; With first key said run time version section being carried out the first time encrypts; And replace the run time version section in the said amended target executable program file with encrypted result, the target executable program file after obtaining encrypting for the first time;
Step 104: the afterbody that the key devices driver module that comprises key devices driving and enciphering and deciphering algorithm is added to the run time version section of the target executable program file after encrypt the said first time forms the target executable program file after encrypt the new first time;
Step 105: make up a shell file model;
Step 106: the target executable program file according to after encrypting the said new first time makes up the formation shell with said shell file model;
Step 107: call the AES in the said key devices driver module; Utilizing second key that the target executable program file after encrypting the said new first time in the said shell is carried out the second time encrypts; Replace the target executable program file after said new first in the said shell encrypted with the target executable program file after encrypting for the second time, constitute the shell after encrypting for the second time;
Step 108: revise the content of the file header of the shell after encrypt the said second time, obtain amended shell;
Step 109: completion adds shell, preserves said amended shell.
In the above-mentioned steps 101; The process of shell file destination patch installing comprises; Said shell file destination is written into internal memory; The essential information of key devices driver module is added in the data segment of said shell file destination, first random number is added to as kind of subcode in the data segment of said shell file destination, the key devices parameter is added in the data segment of said shell file destination.
The essential information of said key devices driver module comprises driver address, driver size, and said key devices parameter comprises the polling interval of hardware ID, user cipher and the key devices of key devices.
In the above-mentioned steps 102, thread state order that the said command entry that is modified in said file header finds and preset section order are specially, and obtain the original entrance of program from said thread state order, and the original entrance of said program is write said preset section order; The entrance of said preset section order is write said thread state order.
In the above-mentioned steps 103, said first key obtains in the following manner: computing machine sends first random number to key devices, and said key devices returns first key.
In the above-mentioned steps 105; Being provided with as follows of the file header of said shell file model: the section of writing order and thread state order; Zone bit do not need to be set to the additional dynamic connector; The length of the said section order that writes is set to first length, and said first length equals the length of the target executable program file after encrypt the said new first time.
In the above-mentioned steps 106; The process that make up to form shell is: from said shell file model, extract code segment and handle, the afterbody that adds the target executable program file after encrypting the said new first time to after the processing said code segment then constitutes the code segment of said shell together; Said processing comprises; Add to second random number in the data of code segment as second key; With file to be encrypted is in the document misregistration of the target executable program file after encrypting said new first time and the data that file size adds code segment to, and data in the code segment and the space between the code are filled with random number.
Further; Said step 108 is specially; Travel through the file header of the shell after encrypt the said second time; The section of finding order is obtained the length of the target executable program file after encrypt the said second time and is designated as second length, and the length of the section order in the said shell is set to second length.
The above is encrypted for the first time with encrypting the said second time and can adopt same symmetry algorithm to encrypt, and perhaps adopts different symmetry algorithms to encrypt.
Compared with prior art; Software of the present invention adds the shell guard method has increased that the assailant cracks or the difficulty of illegal software; Even can't find real program entry point, can prevent effectively that the conversed analysis personnel from cracking and illegal the dis-assembling of software, increased the security of software.
Description of drawings
Fig. 1 is the process flow diagram that a kind of executable file adds the shell guard method;
Fig. 2 is a kind of implementation synoptic diagram of shell file destination.
Embodiment
For making the object of the invention, technical scheme and advantage clearer, will combine accompanying drawing that embodiment of the present invention is done to describe in detail further below.
The ultimate principle that a kind of executable program provided by the invention adds the shell guard method is: the run time version section to executable program file is encrypted, and encryption key obtains from key devices; Utilize random number to executable program file bulk encryption; The code segment that executable program file after the bulk encryption is mapped to shell model is constructed the shelf document structure, and assembling generates the shell side preface.
Embodiment 1
Present embodiment has been described with reference to the accompanying drawings the process of the file destination that obtains being carried out encryption.Below be described in detail with the shell guard method that adds that to be example propose the present invention of the implementation method based on the Mac.OS platform, the mentioned file of present embodiment is to occur with filename general in the apple system.
When the said file destination that obtains is the Flat formatted file, then move liposuction program lipo earlier file destination is carried out separating treatment, more isolated i386 or x64 file are carried out encryption.
Said operation lipo is specially the process that the Flat file carries out separating treatment; File header according to the Flat file is judged file type, and the said separate file of treating is separated from assigned address according to the structural information of treating separate file that comprises in the Flat file header.
Particularly, the definition of the file header of said Flat file is as follows:
Wherein, nfat_arch can represent the number of treating separate file that the Flat file comprises, and particularly, can only comprise a plurality of x64 files or only comprise a plurality of i386 files, can also comprise a plurality of x64 files and i386 file simultaneously.
Above-mentioned any file header of treating separate file defines as follows:
Wherein, when Cputype is 7 32 systems, promptly represent this and treat that separate file is the i386 file; Are 64 systems when Cputype is 16777223, promptly represent this and treat that separate file is the x64 file.
If treating separate file is that i386 file then lipo program are sent the i386 separation order and given the Flat file, the i386 executable program is separated from the Flat file; If treating separate file is that x64 file then lipo program are sent the x64 separation order and given the Flat file, the x64 executable program is separated from the Flat file.
In the present embodiment, the order of specifically using is following:
X64 separation order lipo-thin x86_64-output b a is used for the x86_64mach-o file is separated from Flat file A, saves as file c;
I386 separation order lipo-thin i386-output c a is used for the i386mach-o file is separated from Flat file A, saves as file b.
Said i386 separation order comprises the filename of the said i386 executable program that will separate and the filename of said Flat file, like above-mentioned example, representes the filename of Flat file with a, representes the filename of i386 executable program with b; Said x64 file separation order comprises the filename of the said x64 executable program that will separate and the filename of said Flat file; Like above-mentioned example, represent the filename of Flat file with a, represent the filename of x64 executable program with c.
When the said file destination that obtains is that i386 or x64 formatted file then need not to move the lipo program, can directly handle as follows said file destination.
Present embodiment is that example describes in detail with the encryption to the i386 executable program file, and as shown in Figure 1, a kind of executable program adds the shell guard method, may further comprise the steps:
Step 101: the i386 executable program file is loaded into internal memory, and the afterbody that the shell file destination of accomplishing fluently patch is added to said i386 executable program file forms the target executable program file;
Before this step, comprise process to the patch installing of said shell file destination; Specific as follows: core32 is written into internal memory with the shell file destination; The essential information of key devices driver module is added in the data segment of said shell file destination core32; First random number is added to as kind of subcode in the data segment of said shell file destination, the key devices parameter is added in the data segment of said shell file destination, obtain accomplishing fluently the shell file destination of patch.
The Core32 program is the boot of ground floor shell, uses the C language, except code segment, also has data segment.Data segment is deposited some essential informations, such as the driver of the key devices kind subcode in the skew of file the inside, the employed system function of the driver address that loads key devices, deciphering usefulness.
The data segment of core32 is specific as follows in the present embodiment:
Uint32_t_NSCreateObjectFileImageFromFile=0xff; The system API of // load driver program
Uint32_t_NSCreateObjectFileImageFromMemory=0xff; The system API of // load driver program
Uint32_t_NSLinkModule=0xff; The system API of // load driver program
Uint32_t_NSLookupSymbolInModule=0xff; The system API of // load driver program
Uint32_t_NSAddressOfSymbol=0xff; The system API of // load driver program
Uint32_t_NSUnLinkModule=0xff; The system API of // load driver program
Uint32_t_NSDestroyObjectFileImage=0xff; The system API of // load driver program
Uint32_t_puts=0xff; The API of // system
Uint32_t_exit=0xff; The API of // system
Uint32_t_bundle_addr=0xff; // driver address
Uint32_t_bundle_size=0xff; // driver size
Uint32_t_seed_code=0xff; // key seed sign indicating number
Uint32_t_text_addr=0xff; // original program code segment sector address
Uint32_t_text_size=0xff; // original program code segment length
Uint32_t_hid=0xff; The hardware ID of // key devices
Uint32_t_p1=0xff; First byte of // password
Uint32_t_p2=0xff; Second byte of // password
Uint32_t_interval=0xff; The training in rotation of // key devices at interval
The essential information of said key devices driver module comprises driver address, driver size; Said key devices parameter comprises the polling interval of hardware ID, user cipher and the key devices of key devices, and promptly the hid in the data segment representes hardware ID, and p1p2 representes user cipher, and interval representes the polling interval of key devices.
Step 102: the file header at the target executable program file adds a shell file destination and the key devices driver module that section order describes to accomplish fluently patch;
In the present embodiment, at the file header adding section order LC_SEGMENT of target executable program file, and the section of a setting name segname is _ FTSAFE.
Particularly, the section order of adding is as follows:
The section order that when file destination is the file of x64 form, adds is LC_SEGMENT64; Then the section name is specific as follows:
Step 103: the command entry of the file header of traversal target executable program file, find the section order of thread state order and section by name _ FTSAFE, obtain the original entrance of program from said thread state order, and the original entrance of the said program section of writing is ordered; The entrance of said section order is write said thread state order;
Particularly, said thread state command definition is following:
The form of thread status command thread_command and above-mentioned example are different in the practical application; In the practical application; If i386 file; Cmd is exactly a register array at the back, and we represent with uint32_t*regslots, and the entry address of the original entrance of finding is regslots [10]; If the x86_64 file, we represent with uint64_t*regslots, and the entry address of the original entrance of finding is regslots [16].
Step 104: first random number is sent to key devices to obtain first key that key devices returns;
Concrete, said first key can be a DES key.
In the present embodiment; Preferred transmission first random number that adopts is obtained first key; Except adopting random number, can also send other data to key devices and obtain first key, for example; Computing machine calculates a MD5 value according to self information, and said MD5 value is sent to key devices to obtain first key that key devices returns.
Step 105: traversal target executable program file; Find the run time version section; With said first key said run time version section being carried out the first time encrypts; And replace the run time version section in the said target executable program file with encrypted result, the target executable program file after obtaining encrypting for the first time;
Key devices drives and the key devices driver module of enciphering and deciphering algorithm adds the afterbody of the run time version section of encrypting back target executable program file the said first time to comprising, and forms the target executable program file after encrypt the new first time;
Step 106: the target executable program file after encrypting the new first time is saved in disk;
Step 107: make up a shell file model;
In the present embodiment particularly; The file header Mac-O of said shell file model is provided with as follows: write two orders section of being order and thread state order respectively; Zone bit is set to MH_NOUNDEFS; I.e. expression does not need the additional dynamic connector, and the file header that for example sets is represented as follows
mheader.magic=MH_MAGIC;
mheader.cputype=CPU_TYPE_I386;
mheader.cpusubtype=CPU_SUBTYPE_386;
mheader.filetype=MH_EXECUTE;
mheader.ncmds=2;
mheader.sizeofcmds=0x88;
mheader.flags=MH_NOUNDEFS;
Target executable program file after step 106 encrypted said new first time is loaded into internal memory; The length of obtaining the target executable program file after encrypt the said new first time is designated as first length, and the length of the order of section described in the said shell file model is set to first length.
Step 108: said shell file model is loaded into internal memory, forms shell through making up;
Building process is specially: from said shell file model, extract code segment and handle, the afterbody that adds the target executable program file after encrypting said new first time to after the processing code segment then constitutes the code segment of said shell together.
Said processing comprises; Add to second random number in the data of code segment as second key; With file to be encrypted is in the document misregistration of the target executable program file after encrypting new for the first time and the data that file size adds code segment to, and data in the code segment and the space between the code are filled with random number.
Step 109: call the AES in the key devices driver module; Utilizing second key that the target executable program file after encrypting the new first time in the said shell is carried out the second time encrypts; Target executable program file after usefulness is encrypted is for the second time replaced the target executable program file after the said new encryption first time in the said shell; Constitute the shell after encrypting for the second time; Said AES is a symmetric encipherment algorithm, can adopt and encrypt for the first time the identical DES algorithm of algorithm of employing, also can adopt the RC4 algorithm;
Step 110: revise the content of the file header of the shell after encrypt the said second time, obtain amended shell;
This step is specially; Travel through the file header of the shell after encrypt the said second time; The section of finding order is obtained the length of the target executable program file after encrypt the said second time and is designated as second length, and the length of the section order in the shell is set to second length.
Step 111: completion adds shell, and obtaining the shell file destination is amended shell.
Embodiment 2
The process of carrying out above-mentioned shell file destination comprises the steps:
Step 201: the shell file destination is loaded into internal memory, and traversal shell file destination obtains the program entry point;
Particularly, the file header of traversal shell file destination finds thread state order LC_UNIXTHREAD, the entry address that obtains program entry point.
Step 202: jump to the program entry point, carry out shell;
The execution shell is specially; Obtain second key from the code segment of shell; Utilize said second key that the shell after encrypting the second time in the shell is deciphered the target executable program file that obtains after encrypt the new first time, discharge the other guide of the code segment of said shell; Scan the run time version section of the target executable program file after encrypt the said new first time, all command frame command phases are all copied to the memory address of appointment.
Step 203: the operation dynamic linker is written into the dynamic link library that needs;
Concrete; If said dynamic linker program file is the FLAT form, then parses i386 part wherein, and the i386 file in the dynamic linker program is written into internal memory; Scan the run time version section of said i386, all command frame command phases are all copied to the memory address of appointment.
Step 204: the preset symbol of scanning on the fixed address of said dynamic link library, find said dynamic link library to be written into the virtual address of internal memory according to the address sensing of said preset symbol; Said virtual address is meant being used in the dynamic link libraries and representes that but the symbol of loading secrete key device driver module is written into the address of internal memory.
Particularly, said fixed address is 0x0x8fe00000 in the present embodiment, and said preset symbol is _ dyld_all_image_infos.
Step 205: find the symbol table of dynamic link library according to said virtual address, resolve the symbol table of said dynamic link library, find the address of expression preset function symbol;
But said preset function is meant and is used for expression loading secrete key device driver module function.
For example, the symbol of said expression preset function is following,
_NSCreateObjectFileImageFromFile
_NSCreateObjectFileImageFromMemory
_NSLinkModule
_NSLookupSymbolInModule
_NSAddressOfSymbol
_NSUnLinkModule
_NSDestroyObjectFileImage
_puts
_exit
Step 206: respective function is called in the address sensing according to said expression preset function symbol; The key devices driver module that will comprise device drives and enciphering and deciphering algorithm is written into internal memory, is connected the memory address back of the appointment at the target executable program file place after encrypt the said new first time;
Step 207: resolve said key devices driver module, find the thread state order, obtain the target program entrance; Obtain first random number that prestores in the said key devices driver module and send to key devices to obtain first key;
Step 208: jump to the run time version section of the target executable program file after encrypt said new first time according to said target program entrance, utilize said first key that said run time version section is deciphered and obtain original run time version section.
The method that the present invention proposes can also be applicable to Unix, LinuxS platform, in the practical implementation process, as long as the filename in the system of Mac described in the foregoing description is replaced and can be implemented with the file that can realize similar functions in the corresponding system.
The above; Be merely embodiment of the present invention, but protection scope of the present invention is not limited thereto, any technician who is familiar with the present technique field is in the technical scope that the present invention discloses; Can expect easily changing or replacement, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion by said protection domain with claim.
Claims (10)
1. an executable program adds the shell guard method, it is characterized in that: may further comprise the steps,
Step 101: the afterbody that the shell file destination of accomplishing fluently patch is added to executable program file forms the target executable program file;
Step 102: the file header of said target executable program file made amendment forms amended target executable program file;
Said modification is included in said file header and adds a section order and describe said shell file destination and the key devices driver module of accomplishing fluently patch, and is modified in thread state order and the preset section that the command entry of said file header finds and orders;
Step 103: travel through said amended target executable program file; Find the run time version section; With first key said run time version section being carried out the first time encrypts; And replace the run time version section in the said amended target executable program file with encrypted result, the target executable program file after obtaining encrypting for the first time;
Step 104: the afterbody that the key devices driver module that comprises key devices driving and enciphering and deciphering algorithm is added to the run time version section of the target executable program file after encrypt the said first time forms the target executable program file after encrypt the new first time;
Step 105: make up the shell file model, and said shell file model is made up the formation shell according to the target executable program file after encrypting the said new first time;
Step 106: call the AES in the said key devices driver module; Utilizing second key that the target executable program file after encrypting the said new first time in the said shell is carried out the second time encrypts; Replace the target executable program file after said new first in the said shell encrypted with the target executable program file after encrypting for the second time, constitute the shell after encrypting for the second time;
Step 107: revise the content of the file header of the shell after encrypt the said second time, obtain amended shell;
Step 108: completion adds shell, preserves said amended shell.
2. a kind of executable program according to claim 1 adds the shell guard method; It is characterized in that: the process of the said shell file destination of step 101 patch installing comprises; Said shell file destination is written into internal memory; The essential information of key devices driver module is added in the data segment of said shell file destination, first random number is added to as kind of subcode in the data segment of said shell file destination, the key devices parameter is added in the data segment of said shell file destination.
3. a kind of executable program according to claim 2 adds the shell guard method; It is characterized in that: the essential information of said key devices driver module comprises driver address, driver size, and said key devices parameter comprises the polling interval of hardware ID, user cipher and the key devices of key devices.
4. a kind of executable program according to claim 1 adds the shell guard method; It is characterized in that: thread state order that the said command entry that is modified in said file header of step 102 finds and preset section order are specially; Obtain the original entrance of program from said thread state order, and the original entrance of said program is write said preset section order; The entrance of said preset section order is write said thread state order.
5. a kind of executable program according to claim 1 adds the shell guard method, it is characterized in that: said first key of step 103 obtains in the following manner: computing machine sends first random number to key devices, and said key devices returns first key.
6. a kind of executable program according to claim 1 adds the shell guard method; It is characterized in that: being provided with as follows of the file header of the said shell file model of step 105: the section of writing order is ordered with thread state; Zone bit do not need to be set to the additional dynamic connector; The length of the said section order that writes is set to first length, and said first length equals the length of the target executable program file after encrypt the said new first time.
7. a kind of executable program according to claim 1 adds the shell guard method; It is characterized in that: the process that the said structure of step 105 forms shell is: from said shell file model, extract code segment and handle, the afterbody that adds the target executable program file after encrypting the said new first time to after the processing said code segment then constitutes the code segment of said shell together; Said processing comprises; Add to second random number in the data of code segment as second key; With file to be encrypted is in the document misregistration of the target executable program file after encrypting said new first time and the data that file size adds code segment to, and data in the code segment and the space between the code are filled with random number.
8. a kind of executable program according to claim 7 adds the shell guard method; It is characterized in that: said step 107 is specially; Travel through the file header of the shell after encrypt the said second time; The section of finding order is obtained the length of the target executable program file after encrypt the said second time and is designated as second length, and the length of the section order in the said shell is set to second length.
9. a kind of executable program according to claim 1 adds the shell guard method, it is characterized in that: encrypt the said first time and encrypt the said second time and adopt same symmetry algorithm to encrypt, perhaps adopt different symmetry algorithms to encrypt.
10. a kind of executable program according to claim 1 adds the shell guard method, it is characterized in that: said executable program file is i386 or x64 formatted file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210019323.6A CN102609666B (en) | 2012-01-20 | 2012-01-20 | Protecting method for packing executable program |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210019323.6A CN102609666B (en) | 2012-01-20 | 2012-01-20 | Protecting method for packing executable program |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102609666A true CN102609666A (en) | 2012-07-25 |
| CN102609666B CN102609666B (en) | 2014-07-30 |
Family
ID=46527026
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210019323.6A Active CN102609666B (en) | 2012-01-20 | 2012-01-20 | Protecting method for packing executable program |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102609666B (en) |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103093152A (en) * | 2013-01-10 | 2013-05-08 | 曙光信息产业(北京)有限公司 | Encryption-decryption method of executable file |
| CN103488919A (en) * | 2013-09-24 | 2014-01-01 | 北京深思数盾科技有限公司 | Protection method and device for executable programs |
| CN103530535A (en) * | 2013-10-25 | 2014-01-22 | 苏州通付盾信息技术有限公司 | Shell adding and removing method for Android platform application program protection |
| CN103530555A (en) * | 2013-10-31 | 2014-01-22 | 浙江云巢科技有限公司 | Method and device for preventing program from executing malice operation |
| CN103780700A (en) * | 2014-01-26 | 2014-05-07 | 长沙裕邦软件开发有限公司 | Application system and method for achieving compatibility and sharing among multi-source heterogeneous systems |
| CN104102860A (en) * | 2014-08-11 | 2014-10-15 | 北京奇虎科技有限公司 | Protecting method and running method and device and system for Android platform application program |
| CN104680043A (en) * | 2015-03-16 | 2015-06-03 | 北京深思数盾科技有限公司 | Method and device for protecting executable file |
| WO2015078252A1 (en) * | 2013-11-26 | 2015-06-04 | Tencent Technology (Shenzhen) Company Limited | Method and device for processing a file |
| CN105678120A (en) * | 2014-11-20 | 2016-06-15 | 中国移动通信集团公司 | Safety protection method of application programs and server |
| CN105825087A (en) * | 2016-03-16 | 2016-08-03 | 福建联迪商用设备有限公司 | ELF shared library protection method and system thereof |
| CN106775656A (en) * | 2016-11-28 | 2017-05-31 | 江西金格科技股份有限公司 | A kind of dispatching method based on many intelligent key disks |
| CN106934256A (en) * | 2015-12-29 | 2017-07-07 | 中移(杭州)信息技术有限公司 | A kind of guard method of enterprise data server and device |
| CN108011879A (en) * | 2017-11-30 | 2018-05-08 | 广州酷狗计算机科技有限公司 | File encryption, method, apparatus, equipment and the storage medium of decryption |
| CN110443051A (en) * | 2019-07-30 | 2019-11-12 | 空气动力学国家重点实验室 | A method of prevent security files in transmission on Internet |
| CN111259224A (en) * | 2020-02-20 | 2020-06-09 | 山东旗帜信息有限公司 | Data crawling method and device |
| CN111639310A (en) * | 2020-05-29 | 2020-09-08 | 河南大学 | Software cloud timed use control method and device based on specific time encryption |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020112158A1 (en) * | 2001-02-14 | 2002-08-15 | Golchikov Andrey Vladimirovich | Executable file protection |
| CN101261666A (en) * | 2008-04-10 | 2008-09-10 | 北京深思洛克数据保护中心 | A method for realizing software copyright protection based on encrypted executable program file |
| CN101419652A (en) * | 2008-08-22 | 2009-04-29 | 航天信息股份有限公司 | Software and hardware combined program protecting method |
| CN102136053A (en) * | 2011-03-14 | 2011-07-27 | 中兴通讯股份有限公司 | Method and device for protecting source code of executable file |
-
2012
- 2012-01-20 CN CN201210019323.6A patent/CN102609666B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020112158A1 (en) * | 2001-02-14 | 2002-08-15 | Golchikov Andrey Vladimirovich | Executable file protection |
| CN101261666A (en) * | 2008-04-10 | 2008-09-10 | 北京深思洛克数据保护中心 | A method for realizing software copyright protection based on encrypted executable program file |
| CN101419652A (en) * | 2008-08-22 | 2009-04-29 | 航天信息股份有限公司 | Software and hardware combined program protecting method |
| CN102136053A (en) * | 2011-03-14 | 2011-07-27 | 中兴通讯股份有限公司 | Method and device for protecting source code of executable file |
Non-Patent Citations (3)
| Title |
|---|
| TZU-YEN WANG等: "DETECTION OF PACKED EXECUTABLES USING SUPPORT VECTOR MACHINES", 《MACHINE LEARNING AND CYBERNETICS (ICMLC), 2011 INTERNATIONAL CONFERENCE ON》, 13 July 2011 (2011-07-13), pages 717 - 722 * |
| 李露等: "PE文件中脱壳技术的研究", 《计算机应用与软件》, vol. 27, no. 9, 15 September 2010 (2010-09-15), pages 279 - 282 * |
| 飞天诚信: "《软件加密原理与应用》", 30 November 2004, article "外壳", pages: 144-228 * |
Cited By (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103093152A (en) * | 2013-01-10 | 2013-05-08 | 曙光信息产业(北京)有限公司 | Encryption-decryption method of executable file |
| CN103488919A (en) * | 2013-09-24 | 2014-01-01 | 北京深思数盾科技有限公司 | Protection method and device for executable programs |
| CN103488919B (en) * | 2013-09-24 | 2017-03-29 | 北京深思数盾科技股份有限公司 | A kind of guard method of executable program and device |
| CN103530535A (en) * | 2013-10-25 | 2014-01-22 | 苏州通付盾信息技术有限公司 | Shell adding and removing method for Android platform application program protection |
| CN103530555A (en) * | 2013-10-31 | 2014-01-22 | 浙江云巢科技有限公司 | Method and device for preventing program from executing malice operation |
| WO2015078252A1 (en) * | 2013-11-26 | 2015-06-04 | Tencent Technology (Shenzhen) Company Limited | Method and device for processing a file |
| CN103780700A (en) * | 2014-01-26 | 2014-05-07 | 长沙裕邦软件开发有限公司 | Application system and method for achieving compatibility and sharing among multi-source heterogeneous systems |
| CN104102860A (en) * | 2014-08-11 | 2014-10-15 | 北京奇虎科技有限公司 | Protecting method and running method and device and system for Android platform application program |
| CN105678120A (en) * | 2014-11-20 | 2016-06-15 | 中国移动通信集团公司 | Safety protection method of application programs and server |
| CN104680043A (en) * | 2015-03-16 | 2015-06-03 | 北京深思数盾科技有限公司 | Method and device for protecting executable file |
| CN104680043B (en) * | 2015-03-16 | 2018-03-02 | 北京深思数盾科技股份有限公司 | A kind of guard method of executable file and device |
| CN106934256A (en) * | 2015-12-29 | 2017-07-07 | 中移(杭州)信息技术有限公司 | A kind of guard method of enterprise data server and device |
| CN106934256B (en) * | 2015-12-29 | 2020-03-06 | 中移(杭州)信息技术有限公司 | Protection method and device for enterprise data server |
| WO2017156962A1 (en) * | 2016-03-16 | 2017-09-21 | 福建联迪商用设备有限公司 | Elf shared library protection method and system |
| CN105825087A (en) * | 2016-03-16 | 2016-08-03 | 福建联迪商用设备有限公司 | ELF shared library protection method and system thereof |
| CN105825087B (en) * | 2016-03-16 | 2019-07-26 | 福建联迪商用设备有限公司 | The guard method of ELF shared library and its system |
| CN106775656A (en) * | 2016-11-28 | 2017-05-31 | 江西金格科技股份有限公司 | A kind of dispatching method based on many intelligent key disks |
| CN106775656B (en) * | 2016-11-28 | 2020-03-31 | 江西金格科技股份有限公司 | Scheduling method based on multiple intelligent key discs |
| CN108011879A (en) * | 2017-11-30 | 2018-05-08 | 广州酷狗计算机科技有限公司 | File encryption, method, apparatus, equipment and the storage medium of decryption |
| CN110443051A (en) * | 2019-07-30 | 2019-11-12 | 空气动力学国家重点实验室 | A method of prevent security files in transmission on Internet |
| CN110443051B (en) * | 2019-07-30 | 2022-12-27 | 空气动力学国家重点实验室 | Method for preventing confidential documents from spreading on Internet |
| CN111259224A (en) * | 2020-02-20 | 2020-06-09 | 山东旗帜信息有限公司 | Data crawling method and device |
| CN111259224B (en) * | 2020-02-20 | 2023-02-21 | 山东旗帜信息有限公司 | Data crawling method and device |
| CN111639310A (en) * | 2020-05-29 | 2020-09-08 | 河南大学 | Software cloud timed use control method and device based on specific time encryption |
| CN111639310B (en) * | 2020-05-29 | 2023-05-16 | 河南大学 | Software cloud timing use control method and device based on specific time encryption |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102609666B (en) | 2014-07-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102609666B (en) | Protecting method for packing executable program | |
| US10007808B2 (en) | Protecting application programs from malicious software or malware | |
| US10007793B2 (en) | Secure object having protected region, integrity tree, and unprotected region | |
| US8954752B2 (en) | Building and distributing secure object software | |
| Dunn et al. | Cloaking malware with the trusted platform module | |
| CN102938036B (en) | The segment of double re-encryption of Windows dynamic link library and method for secure loading | |
| US9141787B2 (en) | Interlocked binary protection using whitebox cryptography | |
| CN105683990B (en) | Method and apparatus for protecting dynamic base | |
| Boivie et al. | SecureBlue++: CPU support for secure execution | |
| CN104318135B (en) | A kind of Java code Safety actuality loading method based on credible performing environment | |
| CN107408072B (en) | Method, medium, and apparatus for randomizing instructions | |
| US9338012B1 (en) | Systems and methods for identifying code signing certificate misuse | |
| JP6580138B2 (en) | Processor, method and computer program for supporting secure objects | |
| WO2016024838A1 (en) | Method and system for providing cloud-based application security service | |
| CN103902922A (en) | Method and system for preventing file from being stolen | |
| CN104504310A (en) | Method and device for software protection based on shell technology | |
| Korkin et al. | Acceleration of statistical detection of zero-day malware in the memory dump using CUDA-enabled GPU hardware | |
| Brož et al. | Practical cryptographic data integrity protection with full disk encryption | |
| KR102017379B1 (en) | A method and apparatus for hash encryption using image vector processing | |
| US9208353B2 (en) | Malware and tamper resistant computer architecture | |
| US20150113281A1 (en) | Multiple application platform owner keys in a secure object computer system | |
| CN108667594A (en) | A kind of software program module integrality detection method based on PKI public key algorithms | |
| US20240037217A1 (en) | Digital content management through on-die cryptography and remote attestation | |
| KR101809556B1 (en) | Multiple Backup Method Using Multi-layer Algorithm | |
| Cai et al. | Research on Dynamic Safe Loading Techniques in Android Application Protection System |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |