CN102799434A - Method for realizing automatic code transplantation by software protection device - Google Patents
Method for realizing automatic code transplantation by software protection device Download PDFInfo
- Publication number
- CN102799434A CN102799434A CN2012102394047A CN201210239404A CN102799434A CN 102799434 A CN102799434 A CN 102799434A CN 2012102394047 A CN2012102394047 A CN 2012102394047A CN 201210239404 A CN201210239404 A CN 201210239404A CN 102799434 A CN102799434 A CN 102799434A
- Authority
- CN
- China
- Prior art keywords
- software
- protecting equipment
- code
- code segment
- transplanting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a method for realizing automatic code transplantation by a software protection device. The method comprises the following steps of: transplanting some assembly codes in a protection software to the software protection device through tool software in a computer; when the protected software runs the transplanted codes, transmitting the current operating environment of the computer, namely, the data of each register of a CPU (Central Processing Unit) and a section of stack, into the software protection device; running the transplanted codes by the software protection device, transmitting the final operating environment back to the computer after operation; and continuing to execute the codes down by the computer.
Description
Technical field
The present invention relates to computer safety field, particularly a kind of method for protecting software of realizing that automatic code is transplanted.
Background technology
The mode of often using code to transplant in the software protection field is protected software.Common way is that the software developer selects some protected code segments in the software, writes the inner code of software protecting equipment to realize same function according to the logic of these code segments, then protected code segment in the software is removed.When computing machine implements protected code, start software protecting equipment and transmit parameter to software protecting equipment; Carry out this section code by software protecting equipment; Return execution result after the software protecting equipment operation finishes, computing machine is then continued operation after the protection code segment then.So just, hidden the partial code logic of software, realized protection software.
Software protecting equipment is a kind of encryption device that is used to protect software that is inserted in the software and hardware combining on the computing machine.Generally comprise tens bytes and can supply read-write to the nonvolatile storage space of tens K bytes.Modern software protecting equipment is inner also integrated single-chip microcomputer, the software developer can communicate by letter with software protecting equipment through DLL, can also in software protecting equipment, move own written program.The present invention the software protecting equipment that will use be exactly its inner integrated software protecting equipment of single-chip microcomputer.
This protected mode needs software developer oneself to write the code in the software protecting equipment, and needs to revise by the source code of protection software to add the code of access software protective device.And this guard method must revise the source code of software, then can not make in this way for the software that has compiled and protect.
Summary of the invention
The object of the present invention is to provide a kind of simple mode to realize the guard method of similar above-mentioned code transplanting mode, can easily realize the code transplanting equally, and need not revise the source code and the recompility of software for the software that has compiled.The present invention through handle in computing machine, move be associated by protection software tool software cooperates with software protecting equipment that can computer instructions and accomplishes the code transplanting of being protected software automatically.
The function of said tool software comprises:
A. analyze by the assembly code of protection software, find out plurality of sections and be fit to the code segment of transplanting and copy in the said software protecting equipment.Can be divided into dual mode about analyzing by the mode of protection software assembly code:
(1) analyzes automatically by whole code segments of protection software by tool software, find out the code segment of some suitable transplanting.So-called automatic analysis is for (2) kind mode, and (2) kind mode needs manually in software, to add beginning and end mark, and tool software is confirmed the code segment that will protect according to beginning and end mark.And the automatic analysis of this kind mode is meant the quilt protection software that the direct processing of tool software has compiled, from being randomly drawed the plurality of sections code segment as protected code segment the protection software, it is extracted put into software protecting equipment.
(2) in by the source code of protection software, add some marks, for example use character string begin and end to come mark to be protected the initial sum final position of code segment, tool software is located by the protection code segment through searching these marks.
The so-called code segment that is fit to transplant is meant that the assembly instruction in this section code all is the instruction that software protecting equipment can be carried out.The instruction that so-called software protecting equipment can be carried out be meant in software protecting equipment can Simulation execution computer instruction, for example to the instruction of register manipulation, to the instruction of stack manipulation.And computer instruction that can not Simulation execution in the software protecting equipment is meant the instruction that can't simulate its implementation effect with this Limited resources of software protecting equipment, for example to the instruction of computer port operation.
B. being upset to hide logic by the code that copies away in the protection software.Can have multiplely about upsetting the mode that copies the code segment in the software protecting equipment to, for example can all fill no-operation instruction NOP or other instructions, perhaps fill with one section random number;
C. in by protection software, insert the code segment of one section access software protective device; When being jumped to the code of this section access software protective device automatically during to code segment that quilt is transplanted, make software protecting equipment begin to carry out the code of being transplanted through this section code by the protection running software.About the code segment of this section access software protective device, its major function comprises three parts:
(1) beginning to carry out when being transplanted code segment the running environment of current computer, promptly each register data and stacked data send to software protecting equipment, so that the current running environment of software protecting equipment these digital simulations of use;
(2) some resources in the access computer if desired when software protecting equipment is carried out the code that this section quilt transplants, for example internal memory or port cooperate software protecting equipment to operate by the code segment of this section access software protective device;
(3) when software protecting equipment executes the code that this section quilt transplants; Obtain software protecting equipment by the code segment of this section access software protective device and send each register data and the stacked data of returning; And use these data that computing machine corresponding each register and storehouse are set; Recover the running environment of computing machine, jump at last and transplanted code segment continuation operation afterwards.
In addition; Said software protecting equipment that can computer instructions; Wherein has the simulation register; Be used for simulating the state with the computing machine register of said software protecting equipment cooperating, said software protecting equipment also has: the I/O unit, be used for the said computing machine of said software protecting equipment simulation to said computing machine in the read-write of internal memory; And when said computing machine and said software protecting equipment switching computer running status, the status data all with said computer interactive; The instruction resolution unit, it is current just at the cpu instruction of Simulation execution to be used to resolve said software protecting equipment; Control module is used to judge said currently just whether can in said software protecting equipment, carry out at the cpu instruction of Simulation execution; Instruction execution unit is used to simulate said current just in the function of the cpu instruction of Simulation execution, changes the content of the register of simulation described in the said software protecting equipment.In addition, comprise in the said computing machine: the tool software unit, be used for the I/O module communication with said software protecting equipment, control register, internal memory or port in the said computing machine to carry out said cpu instruction; And the work of the said I/O unit matching in said engagement unit and the said software protecting equipment, realize between said software protecting equipment and the said computing machine running status alternately.According to an embodiment of the invention, its structure is as shown in Figure 3.This software protecting equipment is described in detail in the application for a patent for invention (application number is 2012100110616.8) that the applicant has submitted to, and the present invention introduces the part as description of the present invention in full with it.Because the present invention relates generally to the improvement of method, therefore particular hardware structure and the principle of work for this software protecting equipment repeats no more.
This software protection mode has realized the transplanting of software code; Hidden by the partial logic of protection software; And the input between software and the software protecting equipment is some content of registers and stacked data with output; And the variation of the initial environment of these contents when implementing this section code changes, so be difficult to guess out the logic of being transplanted code through analyzing input with the relation of output.And the whole operation process of this method for protecting software is very simple, and user's technical requirement meeting is reduced greatly.
According to the present invention, provide a kind of and cooperate the method for protecting software of realizing that automatic code is transplanted with computing machine through software protecting equipment,
Has the tool software unit in the said computing machine; Said tool software unit is used to analyze the assembly code by protection software; Find out and transplant code segment and copy in the said software protecting equipment, and said tool software unit also is used for upsetting said transplanting code segment and inserted one section fetcher code section of visiting said software protecting equipment said by protection software;
Said method comprises:
Step 1: said tool software unit is handled by protection software said;
Step 2: said computer run is during to said transplanting code segment, the content of preserving current each register;
Step 3: jump to said fetcher code section, start said software protecting equipment to carry out said transplanting code segment;
Step 4: in software protecting equipment, carry out said transplanting code segment; When said software protecting equipment began to carry out said transplanting code segment, fetcher code section described in the said computing machine began the said software protecting equipment of cycle detection and sends the message of returning.
According to an aspect of the present invention, in step 4, cooperate other resources of accomplishing the said computing machine of visit if desired, then the result is sent it back said software protecting equipment, continue detect-message then;
If the intact said transplanting code segment of said software protecting equipment executed; Then receive said software protecting equipment and send the register and the stacked data of returning by said computing machine; And said computing machine corresponding each register and storehouse being set according to said register and stacked data, environment resumes operation.
According to an aspect of the present invention, the said analysis by the mode of protection software assembly code is divided into two kinds: analyzed automatically by whole code segments of protection software by said tool software unit, find out said transplanting code segment; Perhaps in by the source code of protection software, add mark, locate said through searching said mark by the protection code segment by said tool software unit.
According to an aspect of the present invention, the assembly instruction in the said transplanting code segment all is the instruction that said software protecting equipment can be carried out.
Description of drawings
Fig. 1 is the said tool software process flow diagram when handling by protection software;
Fig. 2 is the process flow diagram of software when operation after protecting with the mode that the present invention proposes;
Fig. 3 is the software protecting equipment involved in the present invention and the structural representation of computing machine.
Embodiment
Be example and the present invention described in further detail on 32 x86 processors, the PE file of Windows protected below with reference to accompanying drawing.The computer instruction that the software protecting equipment of the ability computer instructions that uses in this example is supported is the universal instruction set of 32 x86, i.e. General Purpose Instructions.
Fig. 1 is the process flow diagram of tool software when handling by protection software that moves on the computing machine, and its step is following:
(1) beginning to carry out when being transplanted code segment each register EAX of computing machine, ECX, EDX, EBX, ESP, EBP, ESI, EDI; Status register EFLAGS and order register EIP, and the data of the current content of six segment register CS, DS, SS, ES, FS and GS and part storehouse send to software protecting equipment
(2) the cycle detection software protecting equipment sends to the message of computing machine, wants the resources such as internal memory or port of access computer if type of message is a software protecting equipment, then is responsible for accomplishing visit and operating result is sent it back software protecting equipment by this section code.Operating result is meant, if read operation then sends to software protecting equipment with the content that reads, if write operation then will write whether successfully return to software protecting equipment
(3) if being software protecting equipment, accomplished type of message transplanting the execution of code segment; Then accept above-mentioned all registers and the part stacked data that software protecting equipment is issued computing machine, and use these data that the current running status of computing machine is set by this section code.
Intact by behind the protection software according to step process shown in Figure 1, the step when computer run is transplanted code to the quilt of software is as shown in Figure 2, and concrete steps are following:
Size about the stacked data that sends to software protecting equipment can be fixed a value; The stacked data that for example sends 1K is to software protecting equipment, if software protecting equipment need have access to the storehouse outside this 1K or will visit other internal memories then can cooperate through the code segment of this section access software protective device and accomplish when carrying out the transplanting code.According to a specific embodiment of the present invention; Its mode sends to the message of computing machine for the cycle detection software protecting equipment; Want the resources such as internal memory or port of access computer if type of message is a software protecting equipment, then be responsible for accomplishing visit and operating result is sent it back software protecting equipment by this section code.Operating result is meant, if read operation then sends to software protecting equipment with the content that reads, if write operation then will write whether successfully return to software protecting equipment.
If software protecting equipment needs other resources of access computer; For example internal memory, port etc.; Then the code segment by this section access software protective device cooperates it to accomplish, and (gj specifically comprises: if read operation then is meant the data content that reads the result who is carried out by the code segment cooperation software protecting equipment of access software protective device again; Whether successfully to write if write operation then is meant) send it back software protecting equipment, continue detect-message then.Like step 205 among Fig. 2, shown in 206 and 207.
If software protecting equipment is carried out the code be over and transplant, then the receiving software protective device sends the register and the stacked data of returning, and these data are provided with computing machine corresponding each register and storehouse, and the environment that resumes operation continues to carry out downwards then.Shown in step 208 among Fig. 2 and 209.
Claims (4)
1. one kind is passed through software protecting equipment cooperates the realization automatic code to transplant with computing machine method for protecting software, it is characterized in that:
Has the tool software unit in the said computing machine; Said tool software unit is used to analyze the assembly code by protection software; Find out and transplant code segment and copy in the said software protecting equipment, and said tool software unit also is used for upsetting said transplanting code segment and inserted one section fetcher code section of visiting said software protecting equipment said by protection software;
Said method comprises:
Step 1: said tool software unit is handled by protection software said;
Step 2: said computer run is during to said transplanting code segment, the content of preserving current each register;
Step 3: jump to said fetcher code section, start said software protecting equipment to carry out said transplanting code segment;
Step 4: in software protecting equipment, carry out said transplanting code segment; When said software protecting equipment began to carry out said transplanting code segment, fetcher code section described in the said computing machine began the said software protecting equipment of cycle detection and sends the message of returning.
2. according to the method for claim 1, it is characterized in that, in step 4, cooperate other resources of accomplishing the said computing machine of visit if desired, then the result is sent it back said software protecting equipment, continue detect-message then;
If the intact said transplanting code segment of said software protecting equipment executed; Then receive said software protecting equipment and send the register and the stacked data of returning by said computing machine; And said computing machine corresponding each register and storehouse being set according to said register and stacked data, environment resumes operation.
3. according to claim 1,2 method, it is characterized in that said the analysis by the mode of protection software assembly code is divided into two kinds: analyzed automatically by whole code segments of protection software by said tool software unit, find out said transplanting code segment; Perhaps in by the source code of protection software, add mark, locate said through searching said mark by the protection code segment by said tool software unit.
4. according to the method for claim 1-3, it is characterized in that the assembly instruction in the said transplanting code segment all is the instruction that said software protecting equipment can be carried out.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210239404.7A CN102799434B (en) | 2012-07-12 | 2012-07-12 | A kind of method utilizing software protecting equipment to realize automatic code transplanting |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210239404.7A CN102799434B (en) | 2012-07-12 | 2012-07-12 | A kind of method utilizing software protecting equipment to realize automatic code transplanting |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102799434A true CN102799434A (en) | 2012-11-28 |
| CN102799434B CN102799434B (en) | 2016-02-10 |
Family
ID=47198551
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210239404.7A Active CN102799434B (en) | 2012-07-12 | 2012-07-12 | A kind of method utilizing software protecting equipment to realize automatic code transplanting |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102799434B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104077173A (en) * | 2013-03-31 | 2014-10-01 | 宋浩 | Execution method for JAVA program instruction in smart card, and smart card |
| CN104573423A (en) * | 2015-01-26 | 2015-04-29 | 无锡信捷电气股份有限公司 | PLC (programmable logic controller) software and hardware combination encipherment protection method |
| CN111610976A (en) * | 2020-04-08 | 2020-09-01 | 曙光信息产业(北京)有限公司 | Heterogeneous application transplanting method and device and computer equipment |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100461200C (en) * | 2006-12-22 | 2009-02-11 | 北京飞天诚信科技有限公司 | Method and device for realizing software protection in software protector |
| CN102004885A (en) * | 2010-10-30 | 2011-04-06 | 华南理工大学 | Software protection method |
-
2012
- 2012-07-12 CN CN201210239404.7A patent/CN102799434B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100461200C (en) * | 2006-12-22 | 2009-02-11 | 北京飞天诚信科技有限公司 | Method and device for realizing software protection in software protector |
| CN102004885A (en) * | 2010-10-30 | 2011-04-06 | 华南理工大学 | Software protection method |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104077173A (en) * | 2013-03-31 | 2014-10-01 | 宋浩 | Execution method for JAVA program instruction in smart card, and smart card |
| CN104573423A (en) * | 2015-01-26 | 2015-04-29 | 无锡信捷电气股份有限公司 | PLC (programmable logic controller) software and hardware combination encipherment protection method |
| CN104573423B (en) * | 2015-01-26 | 2017-10-31 | 无锡信捷电气股份有限公司 | A kind of PLC software and hardware combinings encryption protecting method |
| CN111610976A (en) * | 2020-04-08 | 2020-09-01 | 曙光信息产业(北京)有限公司 | Heterogeneous application transplanting method and device and computer equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102799434B (en) | 2016-02-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Yadegari et al. | A generic approach to automatic deobfuscation of executable code | |
| US10223528B2 (en) | Technologies for deterministic code flow integrity protection | |
| CN106227671B (en) | Program analysis of running performance method and device | |
| KR970703561A (en) | Object-Code Com-patible Representation of Very Long Instruction Word Programs | |
| RU2012148583A (en) | TRANSFORMATION OF CONTINUOUS TEAM SPECIFICATORS TO CONTINUOUS TEAM SPECIFICATORS | |
| CN105051680A (en) | Solution to divergent branches in a SIMD core using hardware pointers | |
| RU2012148582A (en) | TEAM FOR DOWNLOADING DATA TO THE PRESET MEMORY BORDER SPECIFIED BY THE TEAM | |
| CN104040490A (en) | An accelerated code optimizer for a multiengine microprocessor | |
| CN104040491A (en) | A microprocessor accelerated code optimizer | |
| CN104040492A (en) | Microprocessor accelerated code optimizer and dependency reordering method | |
| CN103064721A (en) | Sharing of first class objects across multiple interpreted programming languages | |
| CN104050080A (en) | Method and system for debugging linux kernel in user mode | |
| CN107577925B (en) | Based on the virtual Android application program guard method of dual ARM instruction | |
| CN104517044A (en) | Method and device for protecting binary file from being decompiled | |
| US20200143061A1 (en) | Method and apparatus for tracking location of input data that causes binary vulnerability | |
| Lian et al. | Too LeJIT to Quit: Extending JIT Spraying to ARM. | |
| CN102799434A (en) | Method for realizing automatic code transplantation by software protection device | |
| CN109313639A (en) | The system and method for query execution are carried out in DBMS | |
| Rahimian et al. | RESource: a framework for online matching of assembly with open source code | |
| CN105027089B (en) | Core functions detector | |
| CN101639791B (en) | Method for improving interruption delay of embedded type real-time operation system | |
| CN107341372B (en) | A kind of method for protecting software and device | |
| KR102462864B1 (en) | Apparatus and method for dynamic binary instrumentation using multi-core | |
| CN106407751B (en) | The method and apparatus that executable file is protected | |
| CN107291617B (en) | Vulnerability analysis method based on implicit taint propagation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: BEIJING SHENSI SHUDUN SCIENCE + TECHNOLOGY CO., LT Free format text: FORMER OWNER: BEIJING SENSELOCK SOFTWARE TECHNOLOGY CO., LTD. Effective date: 20150811 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20150811 Address after: 100872 room 1706, building 59, Zhongguancun street, Haidian District, Beijing Applicant after: BEIJING SHENSI SHUDUN TECHNOLOGY Co.,Ltd. Address before: 100084 Beijing City, Haidian District Zhongguancun Street No. 6 Building 1201 Zhucheng Applicant before: Beijing Senselock Software Technology Co.,Ltd. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee | ||
| CP03 | Change of name, title or address |
Address after: 100193 Beijing, Haidian District, East West Road, No. 10, East Hospital, building No. 5, floor 5, layer 510 Patentee after: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. Address before: 100872 room 1706, building 59, Zhongguancun street, Haidian District, Beijing Patentee before: BEIJING SHENSI SHUDUN TECHNOLOGY Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee after: Beijing Shendun Technology Co.,Ltd. Address before: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee before: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. |