Background technology
Software due to the feature of its pure digi-tal, just suffers pirate puzzlement as a kind of special product always from appearance.Pirate existence has not only caused huge loss to the software developer, has also greatly hindered the development of whole Software Industry.Therefore, nearly all software has all taked corresponding technical measures to avoid software to be cracked and piracy, is exactly the most effectively wherein hardware based software protecting equipment technology.
Hardware based software protecting equipment is a kind ofly to be connected to the hardware device on main frame by computer interface (including but not limited to parallel port or USB interface).This device interior has nonvolatile storage space can for read-write, also have the calculation processing units such as single-chip microcomputer or little processing controls chip usually.The software developer can carry out exchanges data (namely software protecting equipment being read and write) by interface function and software protecting equipment, checks whether software protecting equipment is inserted on interface; Perhaps directly be encrypted with the subsidiary instrument of software protecting equipment.Like this, the software developer can arrange the many places software locks in software, utilizes software protecting equipment to open these locks as key; If it is not corresponding not insert software protecting equipment or software protecting equipment, software can not normally be carried out.
In addition, software protecting equipment inside comprises specific function, for example a part of storage space, some cryptographic algorithms or some user-defined algorithm or function.Before software publishing; the software developer revises the software code of oneself; make software need to use some functions of software protecting equipment inside in operational process; software will move after leaving software protecting equipment like this; and software protecting equipment is larger as the difficulty that a kind of hardware device copies, thereby plays the illegal effect of propagating of piracy software that prevents.
Software protecting equipment main on Vehicles Collected from Market comprises: the Hasp HL of the Sentinel Superpro of U.S. SafeNet company, Israel Aladdin company, deep thinking Lip river, BeiJing, China grams are according to the WIBU-Key of the crack IV at protection center, German Wi-Bu company etc.All these software protecting equipments all provide built-in storage space, privately owned or disclosed cryptographic algorithm, can call these functions and check whether belong to legal in software running process.Wherein the crack IV of Beijing ShenSiLuoKe data Protection center was in listing in 2002; be characterized in adopting the basis of intelligent card chip as hardware; and support the user that the own function that defines is written to software protecting equipment inside; even can directly the partial function of software be transplanted to software protecting equipment inside completes; thereby greatly improved the difficulty of software pirate version, the technology that usually claims this function with oneself definition or the partial function of software to be transplanted to software protecting equipment inside is that code is transplanted.The Beijing ShenSiLuoKe data Protection center is the inventor's predecessor, and present corresponding website is
Http:// www.sense.com.cn/, design parameter performance and the principle of work of the crack IV type software protecting equipment of inventor's exploitation are wherein disclosed in detail.
Along with computer technology universal with use, computer software industry develops rapidly, for the various attack of software with unauthorized uses and piracy is copied the behavior of grade and got more and more, software security becomes the key that protects the intellectual property.Present computer software is issued with the binary code form basically, the assailant usually utilizes the conversed analysis technology such as static disassembly instrument or Dynamic Debugging Tool can carry out version analysis to software and cracks, by seeking software vulnerability or extract the mode such as its core algorithm, software is altered and then stolen Software Intellectual Property Rights.Software conversed analysis technology comprises for the dis-assembling technology of software and two parts of inverse compiling technique.The dis-assembling technology is executable binary machine code dis-assembling to be become the method for substantially readable assembly language program(me) code, generally comprises static disassembly technology and dynamic dis-assembling technology.Static disassembly is the disposable assembly code that all is translated as of binary code, and when adopting this technology, the size of processing the consuming time and binary file of binary file is directly proportional.Dynamically dis-assembling is to be loaded into the binary program of disassembler by analysis, catches the operation characteristic instruction, is translated into readable assembly code.Inverse compiling technique is that the further decompiling of assembly routine is readable stronger higher-level language code.Usually (divide on narrow sense, software tamper-resistance techniques is to prevent that software is maliciously tampered, if software discovery oneself is maliciously tampered, so just carries out corresponding punitive function to adopt software tamperproof technology and the anti-debugging technique of software in prior art; The anti-debugging of software is that debugging software is detected or confuses, and makes the debugging software profiling error or can not normally move.In the broadest sense, these two kinds of technology are all a kind of strick precautions for the debugging behavior, namely anti-debugging) resist various illegal uses.
Software tamperproof technology and the anti-debugging technique of software commonly used has at present: the technology such as flower instruction, Information hiding, file verification, parent process detection, mistiming.The flower instruction technique refers to, by generating special assembly code or useless byte, makes debugged program produce incorrect assembly instruction in the time of dis-assembling.Common colored instruction technique is some jump instructions, and the target location is the centre of another instruction, just can cause confusion in dis-assembling like this.The flower instruction can utilize various jmp, call, and ret, some storehouse skills, the position computing, etc.Information Hiding Techniques refers to make the customizing messages (process or data) that comprises in a module when design and determination module, for other modules that do not need these information, is transparent.The meaning of " hiding " is, effectively modularization realizes by defining one group of separate module, these independently module only exchange each other those for the necessary information of completion system function, and those self realize details and data " are hidden ".Information hiding is that modification, test and the later maintenance of software systems all brings benefit.By Information hiding, can define and implement the process details of module and the limited-access of local data structure.
Referring to Fig. 1, a kind of realization flow of present anti-debugging technique is as follows.
Protected running software is in the middle of the system of main frame.In order whether there to be the debugging behavior in detecting system, protected software can check the process that whether has the debugging behavior when beginning to start.The method of judgement debugging behavior has a variety of, and relative merits are respectively arranged.As example, adopt the mode of judgement parent process title to judge whether debugged software debugging here.Under normal circumstances, a process (referring to the executable program that moves in system) needs its parent process to start.During such as use Windows system, double-click on the table the icon (as an example, the application program here is the QQ.exe of company of Tengxun) of application program, this moment, the QQ.exe program just can start up, but did not see parent process.When in fact double-clicking QQ.exe, just notify the Explorer.exe (can be interpreted as to narrow sense windows desktop) of Windows system will start QQ.exe, the remaining work that starts QQ.exe is all completed by Explorer.exe, that in fact start QQ.exe is Explorer.exe, and this Explorer.exe that starts QQ.exe is exactly the parent process of QQ.exe.Certainly, can also start application program by other forms, such as passing through order line.That is, carry out " RUN " by the start menu of Windows, opening input frame the inside input cmd order, and clicking and determine, at this moment will start the order line program cmd.exe of Windows.Input mspaint and click carriage return inside order line, this time, the drawing board program of Windows will start.Input clac and click carriage return in input frame in like manner, the computing machine instrument of Windows also can start, and be drawing board program and the counter instrument that starts by cmd.exe this time, and their parent process is not Explorer.exe but cmd.exe at this moment.
In the time of debugged program, normally start debugged program with debugging software, method may be different with normal startup Windows program, but be all same reason.When starting debugged program by debugging software, the parent process of the program that this is debugged is not just that Explorer.exe neither cmd.exe, but debugging software.Whether the parent process that judges a program is that parent process trusty (such as Explorer.exe, cmd.exe etc.) just can judge whether a program is debugged.If judge and do not have debugging behavior (referring to that here parent process is a process trusty) in system, continue to carry out other functional modules in protected software, continue to carry out the operation of protected software; Have debugging behavior (referring to that parent process is a fly-by-night process) if judge, protected software is no longer carried out other functional modules in protected software, no longer continues to carry out the operation of protected software, withdraws from this protected software.
But these technology have just increased the complexity of deciphering person's deciphering, even if use very complicated anti-debugging code logic or use simultaneously a plurality of anti-debugging code logics, a part (such as the top logic that judges parent process of mentioning) that is also software itself due to relevant treatment logic and the code thereof of anti-debugging, therefore fully be exposed to the environment that move among the same with software, directly face deciphering person's debugging and analysis.In case after deciphering person's Correct Analysis went out the logic of anti-debugging, deciphering person will make anti-debugging code logic lose efficacy, and makes software lose the protection of anti-debugging code logic.Add anti-debugging code logic and just increased certain difficulty to deciphering person in software, also make anti-debugging code logic itself in the face of deciphering person in protection software.All problems of easy decrypted person's destruction of software itself and anti-debugging code logic thereof have been caused like this.
Summary of the invention
In view of this, the present invention is directed to existing anti-debugging technique directly in the face of this shortcoming of deciphering person, propose a kind of technical method of realizing that utilizes the anti-debugging of hardware.By anti-debugging code logic is implanted in the software protecting equipment of computer host system outside; and then prevented that anti-debugging code logic from arbitrarily instead being debugged and arbitrarily revising; thereby improved the difficulty of deciphering person's debugging software, be convenient to software and better protected.
According to an aspect of the present invention, a kind of method that protected software is debugged of preventing by software protecting equipment is provided, described software protecting equipment is the hardware device for software protection, the interface unit that comprises micro controller unit, storage unit and be used for being connected with main frame;
Described method comprises step:
Step 1: described protected software is collected the system information about operating system environment;
Step 2: the described system information that described protected software will be collected sends to described software protecting equipment;
Step 3: after described software protecting equipment receives described system information, whether have the debugging behavior in the operating system environment that utilizes described system information to judge that described protected software moves;
Step 4: if there is the debugging behavior, described software protecting equipment forbids that described protected software normally moves.
According to an aspect of the present invention, have in described software protecting equipment:
Communication module is used for communicating by letter between described software protecting equipment and main frame;
Debugging behavior judge module is used for judging whether the operating system environment that described protected software moves exists the debugging behavior;
Hardware punishment module is used for forbidding that judging when having described debugging behavior described protected software normally moves.
According to an aspect of the present invention, before step 1, start the system information collection module in described protected software;
Described system information collection module is collected described system information about operating system environment.
According to an aspect of the present invention, the communication mode of described communication module employing comprises: serial interface communication, parallel interface communication, 1394 interface communications, radio-frequency (RF) identification interface communication, wireless lan interfaces communication, USB (universal serial bus) communication, blue tooth interface communication, infrared interface communication, Wi-Fi interface communication, ISO7816 serial communication;
The judgment mode that described debugging behavior judge module adopts comprises: whether all processes of judge parent process, the decision operation API of system, judge System Privileges, just judge window title at working procedure, searching in the environment of described protected running software have debug procedures; Search port or the field of specific process; The BeingDebuged field of the PEB of all right lookup process and the DebugPort port of process execution block EPROCESS; Debugging behavior judgment mode has a lot, mentions these above being not limited to.
The hardware payment method that described hardware punishment module adopts comprises: the hardware of the locked certain hour of the hardware of described software protecting equipment, described software protecting equipment hardware fully locked, described software protecting equipment returns to random data.
Embodiment
For making purpose of the present invention, technical scheme and advantage clearer, referring to the accompanying drawing embodiment that develops simultaneously, the present invention is further elaborated.
For making purpose of the present invention, technical scheme and advantage clearer, referring to the accompanying drawing embodiment that develops simultaneously, the present invention is further elaborated.
According to a specific embodiment of the present invention; software protecting equipment in the present invention (being the secure hardware in Fig. 2) is for being used for the hardware device of software copyright protection; the interface module that comprises micro controller unit (Micro Control Unit calls MCU in the following text), storer and be used for being connected with main frame.
According to a specific embodiment of the present invention, described storer is connected with MCU, is used for the data of preserving.Described storer includes but not limited to nonvolatile memory, volatile memory.
According to a specific embodiment of the present invention, described interface module is connected with MCU, is responsible for communicating by letter between MCU and main frame.Described interface module includes but not limited to serial line interface, parallel interface, 1394 interfaces, radio-frequency (RF) identification (RFID) interface, wireless lan interfaces (IEEE802.11 interface etc.), USB (universal serial bus) (USB) interface, blue tooth interface, infrared interface, Wireless Fidelity (Wi-Fi) interface, ISO 7816 serials etc.
According to a specific embodiment of the present invention, described MCU, storer, interface module also can be integrated in same chip, provide all functions by single chip.
According to a specific embodiment of the present invention, the hardware in software protecting equipment comprises: communication module, debugging behavior judge module, hardware punishment module.As a kind of embodiment, these modules are all by software code realization, are similar to the Windows system and operate on computer hardware equally, and described a plurality of modules operate on the hardware chip of encryption lock.
Certainly, those skilled in the art is according to content disclosed and instruction, can adopt other mode (including but not limited to the form of hardware, firmware, software) to realize that these modules to complete similar function, perhaps further merge, split, make up to realize similar function these modules fully.In a word, only describe core concept of the present invention and specific embodiment at this, and do not mean that enforcement of the present invention and claimed scope only are subjected to the restriction of specific embodiment.
Wherein, described communication module is used for communicating by letter between secure hardware and main frame.Communication mode includes but not limited to serial interface communication, parallel interface communication, 1394 interface communications, radio-frequency (RF) identification (RFID) interface communication, wireless lan interfaces (IEEE802.11 interface etc.) communication, USB (universal serial bus) (USB) interface communication, blue tooth interface communication, infrared interface communication, Wireless Fidelity (Wi-Fi) interface communication, ISO7816 serial communication etc.
Debugging behavior judge module is used for judging whether the environment that protected software moves exists the debugging behavior.Judgment mode include but not limited to judge parent process method, use IsDebuggerPresent API (the Windows API of system), use CheckRemoteDebuggerPresent API (the Windows API of system), judge SeDebugPrivilege (the debug privilege attribute of system) authority, just judge window title at working procedure, whether all processes of searching in the environment of protected running software have debug procedures etc.; The judgment mode that described debugging behavior judge module adopts is all right: the DebugPort port of the BeingDebuged field of the PEB of lookup process and process execution block EPROCESS, debugging behavior judgment mode has a lot, mentions these above being not limited to.。
Hardware punishment module is used for carrying out hardware punishment when there is the debugging behavior in the environment of finding protected running software.The hardware payment method include but not limited to the locked certain hour of hardware, hardware thoroughly locked, hardware return to random data etc.
The anti-debugging of hardware proposed by the invention has essential difference with existing anti-debugging technique.At first, the logic of anti-debugging has been transferred to secure hardware (being software protecting equipment) inside from protected software itself, adopts more complicated example, in hardware to protect software, is debugged by counter to prevent it.Secondly, protected software normally moves and need to depend on secure hardware, and therefore protected software and secure hardware become the computing system of an overall operation.
According to a specific embodiment of the present invention, with reference to figure 2, the scheme of software protection process and enforcement is as follows:
At first, protected running software is in the middle of the system of main frame.According to a specific embodiment of the present invention, in order whether to have the debugging behavior in detecting system, protected the software startup thread that checks the debugging behavior, i.e. " a detecting thread " in Fig. 2.According to another embodiment of the present invention, in order whether there to be the debugging behavior in detecting system, also can start a process at protected software inhouse.The purpose of startup process or thread is the one section code that starts with protected software parallel, is used for the detecting of the behavior of debugging.
Then, this thread starts " the system information collection module " in Fig. 2.This system information collection module comes institute to carry out the real-time collecting of system information with method above-mentioned, such as use IsDebuggerPresent API (the Windows API of system) above-mentioned, use CheckRemoteDebuggerPresent API (the Windows API of system), judge SeDebugPrivilege (the debug privilege attribute of system) authority, just judge window title at working procedure, whether all processes of searching in the environment of protected running software have debug procedures etc.According to a specific embodiment of the present invention, the information of collecting includes but not limited to the returning results of above-mentioned parent process title, system API IsDebuggerPresent, system SeDebugPrivilege (the debug privilege attribute of system) authority credentials, and these information are sent to secure hardware.
The communication module of secure hardware receives these real-time information, then these information are sent to debugging behavior judge module.Debugging behavior judge module to communication module send real-time information process, judge in the environment that protected software moves whether have debugging software according to predefined decision logic.As a kind of example, can the title of parent process be judged.Such as, the title of judgement parent process is Explorer.exe or cmd.exe.In addition, can also judge the rreturn value of API.Such as, the judgement API IsDebuggerPresent of system returns to TRUE or FALSE etc.Certainly, those skilled in the art is fully clear, and decision logic can adopt a variety of modes, includes but not limited to the judgement of parent process title and to the judgement of API rreturn value.
If there is debugging software, such as the title of parent process is not trusty, not namely Explorer.exe or cmd.exe, perhaps the rreturn value of the API of system IsDebuggerPresent is TRUE, debugs so the hardware punishment module that the behavior judge module just sends to judged result secure hardware.The hardware of secure hardware punishment module starts corresponding punishment, such as the secure hardware function is complete unavailable or return to random error data etc. by communication module to protected software.At this moment protected software just can not normally move, and has reached the purpose of software protection.
If there is no debugging software, the function of secure hardware is normally carried out, thereby software function is normally carried out.
After using this anti-debugging technique, the cracker can't trace into secure hardware inside, also just can't obtain the code logic of hardware inner counter debugging, thereby has protected the security of anti-debugging code logic.Even if the cracker has acquired the anti-debugging code logic of secure hardware inside, also can't change the anti-debugging code logic of hardware, thereby reached can not revising of anti-debugging code logic, so just avoid shortcoming tracked in the anti-debugging code logic of software inhouse and that revise, strengthened the safe coefficient of software.
Below in conjunction with embodiment, technology contents of the present invention is further set forth.
Embodiment 1
Utilize software protecting equipment to be encrypted protection to the desktop annoyware that moves in main frame.Wherein the desktop annoyware is protected software, utilizes simultaneously software protecting equipment that it is protected.For a person skilled in the art, the present embodiment is only for application simplified embodiment of the present invention is described.Those skilled in the art clearly knows, actual ciphering process may than this example complexity many, but it does not break away from concretism of the present invention.
According to a specific embodiment of the present invention, only reminder time of desktop annoyware is stored in the inside of secure hardware, only have one every day 15:00 carry out regular meeting and remind, the anti-debugging code logic of using in the present embodiment is the judgement parent process.The parent process title of next Windows program of normal conditions is Explorer.exe or cmd.exe, if the debugged software startup of this program, the parent process title of this program is exactly this debugging software so, such as debugging software can adopt OllyICE.exe (this software is the very conventional debugging software that the cracker uses).
The step of specific implementation is as follows:
One, determine according to the significance level of the code logic of protected software information or protected software function or the data that protected software (being the desktop annoyware) needs protection, such as reminder time every day, reminder time etc. per month.In the present embodiment will every day 15:00 meeting remind this information to be stored in secure hardware inside, its storage format is " DAY 15:00 Meeting ".That is to say, need to remind judgement when protected software the time, its reminder time must obtain from secure hardware.
Two, protected software startup and start the detecting thread (perhaps process is referring to above describing) of debugging behavior mentioned above.The system information collection module of detecting thread obtains the parent process title of protected software, and the communication module by protected software sends to secure hardware with the parent process title.Clearly, those skilled in the art can obtain the parent process title by calling corresponding system API, is not described in detail in this.
Three, after the communication module of secure hardware receives above-mentioned data, send to debugging behavior judge module.Debugging behavior judge module begins judgement according to pre-set debugging software judgement code logic.If there is debugging software to exist in the system environments of described protected software place; and be the protected software that starts by this debugging software; the data number that sends of communication module is the title of debugging software so; such as " OllyICE.exe " rather than " Explorer.exe " or " cmd.exe "; this just illustrates this protected software just debugged, debugs so the behavior judge module judged result is sent to hardware punishment module.Hardware punishment module is punished according to predefined punishment logic; payment method can be to send misdata; such as " the DAY 15:00 Meeting " data with protected software pre-save are back into " DAY 24:00 Meeting "; although software can normally be carried out like this, function is wrong.If protected software place system environments does not have debugger; the data of the communication module of secure hardware reception are exactly so " Explorer.exe " or " cmd.exe "; debugging behavior judge module will be judged and not debug behavior like this; this result is sent to hardware punishment module, and hardware punishment module just can not start hardware punishment.
Four, protected software is not in the situation that exist debugging software or be not in debugging mode and normally propose the function request to secure hardware, and the function request is different and different according to the function of protected software.For example above-mentionedly store prompting message " DAY 15:00 Meeting " into secure hardware inside.When protected software goes for storage " DAY 15:00 Meeting " data, will be to the request of secure hardware sending function, secure hardware will send to protected software with " DAY 15:00 Meeting " data, as the basis for estimation of reminder time.
In the middle of whole software running process, can be periodically to secure hardware transmitting system real time data, concrete data dependence is in the debugging behavior judge module of secure hardware inside, information includes but not limited to the returning results of parent process title, system API IsDebuggerPresent, SeDebugPrivilege (the debug privilege attribute of system) authority credentials, be used for judging whether current operational process exists the debugging behavior, prevent that further software is debugged in operational process.
Inner just by judging that parent process judges whether to exist the debugging behavior at secure hardware in above-mentioned steps two.According to a specific embodiment of the present invention; in fact existing most of debugging behavior determination methods can be put into secure hardware inside; increase the correctness of debugging software judgement, such as the returning results of judgement parent process, system API IsDebuggerPresent, SeDebugPrivilege (the debug privilege attribute of system) authority credentials, search in protected software runtime environment dangerous process etc.
In addition, according to a specific embodiment of the present invention, when having judged the debugging behavior and exist, secure hardware does not first carry out hardware punishment, but waits for software and carry out hardware punishment after secure hardware is repeatedly communicated by letter again.Such as the punishment of delaying time, that is, find that the debugging behavior do not carry out later on hardware punishment immediately, but waited 5 minutes or other times are punished.Make like this deciphering person be difficult to judge the foundation of hardware punishment.
Embodiment 2
Utilize a kind of mapping software of software protecting equipment protection in the present invention, many important curve calculation formula are arranged in this mapping software.
One, mapping software is protected software, determines according to the significance level of code logic function or the data that protected software needs protection.According to one embodiment of the present invention, important curve calculation formula all is transplanted to secure hardware inside.Revise simultaneously this mapping software, can complete with secure hardware cooperation the calculating of the curve equation of secure hardware inside.
Two, mapping software starts, the thread of Start-up and Adjustment behavior detecting simultaneously, and the system information collection module of detecting thread is with the collection system real-time information.According to one embodiment of the present invention, collection be returning results of the API IsDebuggerPresent of system.And returning results by communication module of the API IsDebuggerPresent of system sent to secure hardware.
Three, after the communication module of secure hardware receives system's real-time information of mapping software transmission, this information is sent to the debugging behavior judge module of secure hardware, debugging behavior judge module carries out the debugging behavior judgement on main frame, judges that namely the real-time information that communication module sends is TRUE or FALSE.If that send is TRUE, showing has debugging software debugging shielded mapping software on main frame; If be FALSE, showing does not have debugging software in the shielded mapping software of debugging on main frame, then judged result is sent to hardware punishment module.
Four, hardware punishment module determines whether to carry out hardware punishment according to the judged result that debugging behavior judge module sends.According to one embodiment of the present invention, the hardware punitive measures of taking in the present embodiment is to allow the formula miscount that is implanted in secure hardware inside.Such as, needing to calculate the formula A:c=a+b of addition in protected software, shielded mapping software sends to secure hardware with a and b by communication module, and secure hardware calculates according to formula A.If there is no hardware punishment, secure hardware can normally return to c=a+b, if used hardware punishment, secure hardware can return to the result of certain algorithm at random, such as c=a*b, and c=a-b, c=a/b etc., and c is returned to shielded mapping software.
Clearly, above-mentioned specific embodiment has adopted the form of explanatory note to be described in detail.Those skilled in the art can adopt multiple programming language and similar programming logic to realize its similar function according to existing technology fully.
In addition, above-mentioned each embodiment is only used for illustrating inventive concept of the present invention, and realization of the present invention is not limited to above-mentioned various embodiment.For a person skilled in the art, above-mentioned each step further can be split fully, merging, conversion, deletion, thereby realize core idea of the present invention.
The distortion of above-mentioned multiple situation those skilled in the art will readily appreciate that, therefore above-mentionedly only schematically illustrates for example, and can't contain the various situations in software protection field.Core idea of the present invention is that software protecting equipment judges whether to exist the debugging behavior by the debugging behavior judge module that calls in secure hardware, and according to judged result, control and management is carried out in the execution of protected software.Therefore, on this basis, other various distortion of calling order, processing sequence all are easy to expect, need not to carry out the description of exhaustive in instructions of the present invention.
In addition, for judging in the situation that has the debugging behavior, secure hardware also can carry out such as sending the operation such as report to the police or quit work, thereby reminds current protected software to be debugged.That is to say, in case detect the debugging behavior, the secure hardware alerting pattern can have multiple, and this belongs to and those skilled in the art will readily appreciate that, need not to carry out the description of exhaustive in instructions of the present invention.
The above includes example of the present invention.Certainly, in order to describe purpose of the present invention, the combination of describing each assembly that can infer or method is unpractical, still, it will be understood by those skilled in the art that many further combinations and rotation are possible for purposes of the invention.Therefore, the present invention is intended to comprise change, improvement and the variation within all such spirit and scope that drop on appended claims.In addition, be limited with this instructions and claims, term " has " and is similar to term and " comprises ".