CN104063635B - The guard method of file destination and protection system - Google Patents
The guard method of file destination and protection system Download PDFInfo
- Publication number
- CN104063635B CN104063635B CN201410313183.2A CN201410313183A CN104063635B CN 104063635 B CN104063635 B CN 104063635B CN 201410313183 A CN201410313183 A CN 201410313183A CN 104063635 B CN104063635 B CN 104063635B
- Authority
- CN
- China
- Prior art keywords
- instruction
- file destination
- rubbish
- function
- deformation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 230000008439 repair process Effects 0.000 claims abstract description 51
- 238000003780 insertion Methods 0.000 claims abstract description 40
- 230000037431 insertion Effects 0.000 claims abstract description 40
- 230000006870 function Effects 0.000 claims description 98
- 230000008859 change Effects 0.000 claims description 26
- 230000004048 modification Effects 0.000 claims description 18
- 238000012986 modification Methods 0.000 claims description 18
- 230000015572 biosynthetic process Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of guard method of file destination, it includes:Carry out after dis-assembling, the instruction to function is deformed, and rubbish inserted in function to instruct for the function protected the need in each file destination for being used in software, so as to be protected to form the Global Macros to software to each file destination.The invention also discloses a kind of protection system of file destination, including:Analysis module;Dis-assembling module;Deformation module;Rubbish instruction insertion module;Repair module.The guard method of the file destination of the present invention and protection system, protect to obj files, can increase the scope of protection, add the difficulty of decompiling and analysis, substantially increase the security of software.
Description
Technical field
The present invention relates to the guard method and protection of field of software protection, more particularly to a kind of file destination (obj files)
System.
Background technology
Software, due to its digitized feature, is just stranded by piracy always as a kind of special product from coming out
Disturb.Pirate presence not only causes huge loss to software developer, also greatly hinders the hair of whole Software Industry
Exhibition.Can be to be protected using shell adding or using virtual machine to the main method that the progress of software is protected at present, shell adding master
If integrally being protected to software, equivalent to having wrapped up one layer of shell outside software, there is obvious boundary between shell and software
Line, is mainly virtualized to key code using virtual machine protection, there is obvious border between software and virtual machine.
No matter software is protected using shell adding or virtual machine, for some built-in functions (such as memcpy, sprintf etc.) in software
It can not be protected.
The content of the invention
The present invention provides guard method and the protection system of a kind of file destination, and obj files are protected, can be increased
The scope of protection, adds the difficulty of decompiling and analysis, substantially increases the security of software.
In order to solve the above-mentioned technical problem, the invention provides a kind of guard method of file destination, it includes:For soft
The function protected the need in each file destination used in part is carried out after dis-assembling, and the instruction to function is deformed, and
Insertion rubbish instruction in function, so as to be protected to form the Global Macros to software to each file destination.
Preferably, specifically including following steps:
S10:The functional symbol in file destination is analyzed, and selects to need the corresponding functional symbol of function to be protected;
S20:According to the coding rule of machine code instruction, to it is described need to function to be protected carry out dis-assembling so that by machine
Device instruction decompiles into assembly language directive;
S30:Using the deformation command template being pre-designed, the flexible instruction in the assembly language directive is carried out
Instruction is replaced;
S40:Rubbish instruction is inserted at select location in the assembly language directive;
S50:Change the functional symbol;
S60:The command byte code of the modification need function to be protected.
If preferably, there is jump instruction inside function, also included between step S40 and step S50:
S41:According between jump instruction and the destination address redirected because instruction deformation and rubbish instruct increased skew
The change occurred, modifies to jump instruction.
If preferably, there is data symbol in file destination, step S10 also includes analyzing the data symbol, and
Also include between step S50 and step S60:
S51:Change the data symbol.
If preferably, resetting bit sign in file destination, step S10 also includes analyzing the reorientation symbol
Number, and also include between step S50 and step S60:
S52:Bit sign is reset described in modification.
Preferably, step S51 is specially:Step S51 is specially:All symbol tables in file destination are swept
Retouch, according to position and the length of rubbish instruction of the length instructed after the position of instruction deformation and deformation, and rubbish instruction insertion
Degree, to change the position of the data symbol.
Preferably, step S52 is specially:Step S52 is specially:All bit signs that reset in file destination are carried out
Scan, instruct what the position of insertion and rubbish were instructed according to the length instructed after the position of instruction deformation and deformation, and rubbish
Length, described bit sign is reset to change.
Preferably, step S50 is specially:Step S50 is specially:All symbol tables in file destination are swept
Retouch, according to position and the length of rubbish instruction of the length instructed after the position of instruction deformation and deformation, and rubbish instruction insertion
Degree, to change position and the length of the functional symbol.
Preferably, step S60 is specially:Instruction, insertion after the presumptive instruction of the function protected as needed, deformation
Rubbish instruction, amended jump instruction, come change the function after being handled through protection command byte code.
Present invention also offers a kind of protection system of the file destination based on above-mentioned method, including:
Analysis module, it is configured to analyze the functional symbol in file destination;
Dis-assembling module, it is configured to the coding rule according to machine code instruction, it would be desirable to which the machine of the function of protection refers to
It is assembly language directive to make decompiling;
Deformation module, it is configured to using the deformation command template being pre-designed to described in dis-assembling module generation
Flexible instruction in assembly language directive carries out instruction replacement;
Rubbish instruction insertion module, it is configured to insertion rubbish at the select location in the assembly language directive and referred to
Order;
Repair module, it is configured to enter the need function to be protected for having carried out instruction deformation and rubbish instruction insertion
Row is repaired and other functional symbols is accordingly repaired;The instruction of function after to being handled through protection is repaired, with life
Into the file destination after protection.
If preferably, there is jump instruction inside function, the repair module is additionally configured to include to be protected to needing
Jump instruction inside function is repaired.
Preferably, the analysis module is additionally configured to analyze the data symbol in file destination, if in file destination
There is data symbol, the repair module is additionally configured to include repairing data symbol.
Preferably, the analysis module, which is additionally configured to analyze in file destination, resets bit sign, if file destination
In reset bit sign, the repair module is additionally configured to include counterweight sprocket bit to be repaired.
Preferably, the mode concrete configuration that the repair module is repaired to functional symbol is:To in file destination
All symbol tables be scanned, according to the length that instructs after the position of instruction deformation and deformation, and rubbish instruction insertion
Position and the length of rubbish instruction, carry out position and the length of repair function symbol.
Preferably, the mode concrete configuration that instruction of the repair module to the function after protection is repaired is:Root
According to instruction, rubbish instruction, the amended jump instruction of insertion after needing the presumptive instruction of function to be protected, deforming, to repair
The command byte code of function after being handled again through protection.
Preferably, the repair module is to needing the mode that the jump instruction inside function to be protected is repaired specific
It is configured to:According between jump instruction and the destination address redirected by instruction deformation and rubbish instruction it is increased skew occurred
Change, to be repaired to jump instruction.
Preferably, the mode concrete configuration that the repair module is repaired to data symbol is:To in file destination
All symbol tables be scanned, according to the position of the length that instructs after the position deformation of instruction deformation, and rubbish instruction insertion
Put and rubbish instruction length, come the position of repair data symbol.
Preferably, the mode concrete configuration that the repair module counterweight sprocket bit is repaired is:To file destination
In all bit signs that reset be scanned, inserted according to the length that instructs after the position deformation of instruction deformation, and rubbish instruction
The position entered and the length of rubbish instruction, bit sign is reset to repair.
Compared with prior art, the guard method of file destination of the invention and the beneficial effect of protection system are:It is logical
Cross the functional symbol analyzed first in obj files, reset bit sign, data symbol, selection needs the corresponding letter of function to be protected
Numerical symbol, dis-assembling is carried out to function, and the instruction to function is deformed, and rubbish instruction, repair function are inserted in the middle of instruction
Jump instruction, repair the functional symbol in obj files, data symbol, reset bit sign, so as to software one entirety of formation
Protection.Obj files are protected, the scope of protection can be increased, the difficulty of decompiling and analysis is added, greatly improves
The security of software.
Brief description of the drawings
Fig. 1 is the schematic flow sheet of the guard method of the file destination of embodiments of the invention;
Fig. 2 is each modular structure schematic diagram of the protection system of the file destination of embodiments of the invention;
Fig. 3 is the coff file structural representation of embodiments of the invention one.
Embodiment
It is to the guard method of the file destination of embodiments of the invention and protection with specific embodiment below in conjunction with the accompanying drawings
System is described in further detail, but not as a limitation of the invention.
Fig. 1 is the schematic flow sheet of the guard method of the file destination of embodiments of the invention.Embodiments of the invention
The guard method of file destination includes:Dis-assembling is carried out for the function protected the need in each file destination for being used in software
Afterwards, the instruction to function is deformed, and inserts rubbish instruction in function, so as to be protected to be formed to each file destination
To the Global Macros of software.
The method that the embodiment of the present invention is used comprises the following steps:
S10:The functional symbol in file destination is analyzed, and selects to need the corresponding functional symbol of function to be protected;
S20:According to the coding rule of machine code instruction, to needing function to be protected to carry out dis-assembling, so that machine be referred to
Order decompiles into assembly language directive;
S30:Using the deformation command template being pre-designed, the flexible instruction in assembly language directive is instructed
Replace;
S40:Rubbish instruction is inserted at select location in assembly language directive;
S50:Modification growth function symbol;Including needing function to be protected and without the functional symbol protected, understanding thoroughly, do not have
The functional symbol of protection may be protected the influence of function, it is also desirable to change, for example, there may be three connected functors
Number, and need to protect middle function, then the position of the functional symbol of the 3rd function can be changed certainly.
S60:Modification needs the command byte code of function to be protected.
The guard method of the file destination of the present invention, by analyzing the functional symbol in obj files first, selection needs to protect
The functional symbol of shield, dis-assembling is carried out to function, and instruction is deformed, and rubbish instruction, repair function are inserted in the middle of instruction
Jump instruction, repair obj files in functional symbol so as to software formation one integrally protect, to obj files carry out
Protection, can increase the scope of protection, add the difficulty of decompiling and analysis, substantially increase the security of software.
As the improvement of the present invention, if there is jump instruction inside function, gone back between step S40 and step S50
Including:S41:According between jump instruction and the destination address redirected by instruction deformation and rubbish instruction it is increased skew sent out
Raw change, modifies to jump instruction.In actual conditions, if there is jump instruction inside function, due to needing protection
Function in instruction deformed, insert rubbish instruction, cause the skew that jump instruction is redirected to be changed, according to
Between jump instruction and the destination address redirected, due to instructing deformation and the increased skew of rubbish instruction to repair jump instruction
Change.
As a further improvement, if there is data symbol in file destination, step S10 also includes analyze data and accorded with
Number, and also include S51 between step S50 and step S60:Change data symbol.As on the other hand, if had in file destination
Bit sign is reset, then step S10 is also reset including analysis also includes S52 between bit sign, and step S50 and step S60:Modification
Reset bit sign.
Further, with reference to the above, if having data symbol in obj files, to all symbols in file destination
Number table is scanned, according to position and the rubbish of the length instructed after the position of instruction deformation and deformation, and rubbish instruction insertion
The length of rubbish instruction, to change the position of data symbol.On the other hand, if resetting bit sign in obj files, modification weight
All bit signs that reset in file destination are scanned by sprocket bit, according to instruction after the position of instruction deformation and deformation
Length, and rubbish instruction insertion position and rubbish instruction length, reset bit sign to change.
As further improving, step S50 is specially:All symbol tables in file destination are scanned, root
According to position and the length of rubbish instruction of the length instructed after the position of instruction deformation and deformation, and rubbish instruction insertion, come
The position of Modification growth function symbol and length.As the preferred embodiment of the present embodiment, step S60 is specially:Protect as needed
Rubbish instruction, the amended jump instruction of instruction, insertion after the presumptive instruction of the function of shield, deformation, to change through protection
The command byte code of function after processing.
As Fig. 2 for embodiments of the invention file destination protection system each modular structure schematic diagram shown in, this hair
It is bright to additionally provide a kind of protection system of the file destination based on above-mentioned method, including:
Analysis module, it is configured to analyze the functional symbol in file destination, and can be further configured to analyze mesh
Mark in the data symbol in file, and analysis file destination and reset bit sign (illustrating in detail below);
Dis-assembling module, it is configured to the coding rule according to machine code instruction, it would be desirable to which the machine of the function of protection refers to
It is assembly language directive to make decompiling;
Deformation module, it is configured to the assembler language generated using the deformation command template being pre-designed to dis-assembling module
Flexible instruction in instruction carries out instruction replacement;
Rubbish instruction insertion module, it is configured to insert rubbish instruction at the select location in assembly language directive;
Repair module, its function for being configured to protect the need for having carried out instruction deformation and rubbish instruction insertion is repaiied
It is multiple, and according to foregoing teachings, repair module also needs to be configured to accordingly to repair other functional symbols, for example, do not protect
The functional symbol of shield, such as positional information, can also may be influenceed, therefore should be located accordingly by need function to be protected
Reason.Repair module to being handled through protection after the instruction of function repair, to generate the file destination after protection.Wherein, it is right
The mode that functional symbol is repaired can be using being scanned, according to instruction deformation to all symbol tables in file destination
The length instructed behind position and deformation, and the length that the position of rubbish instruction insertion and rubbish are instructed, carry out repair function symbol
Position and length;The mode that instruction to the function after protection is repaired can use the original for the function protected as needed
Rubbish instruction, the amended jump instruction of instruction, insertion after beginning instruction, deformation, to repair the function after being handled through protection
Command byte code.
With reference to the description of foregoing guard method of the invention, due to needing function to be protected to carry out instruction deformation
Instruct and insert with rubbish, repair module is needed to needing the jump instruction inside function to be protected to repair, to functional symbol
Repaired, data symbol is repaired, counterweight sprocket bit is repaired, the instruction to the function after protection is repaiied
It is multiple, the obj files after generation protection.That is:
If there is jump instruction inside function, repair module is additionally configured to include to needing redirecting inside function to be protected
Instruction repaired, concrete mode can use according between jump instruction and the destination address redirected due to instruction deformation and rubbish
The increased skew of rubbish instruction change occurred, to be repaired to jump instruction;
Whether analysis module is also analyzed in file destination has data symbol, if there is data symbol in file destination, repairs
Module is additionally configured to include repairing data symbol, and concrete mode can use to enter all symbol tables in file destination
Go and scan, instruct what the position inserted and rubbish were instructed according to the length instructed after the position deformation for instructing deformation, and rubbish
Length, comes the position of repair data symbol;
Analysis module also analyzes in file destination whether reset bit sign, if resetting bit sign in file destination,
Repair module is additionally configured to include counterweight sprocket bit to be repaired, and concrete mode can be used to all heavy in file destination
Sprocket bit is scanned, according to the length that instructs after the position deformation of instruction deformation, and rubbish instruction insertion position and
The length of rubbish instruction, bit sign is reset to repair.
For the objects, technical solutions and advantages of the present invention are more clearly understood, develop simultaneously embodiment referring to the drawings, right
The present invention is further described.
Below by taking the obj files of lower 32 of Microsoft's Windows systems as an example, to describe to apply for the protection that embodiment is provided
Detailed process.Obj file formats in Microsoft's Windows operating system are coff file forms.COFF is referred to as general object text
Part form, COFF full name is Common Object File Format, and the file destination that the compiler of Microsoft is produced is exactly
Coff file form.
Coff file structure is as shown in figure 3, main header structure (COFF HEADER), section structure (Section
Headers), sector data (Raw Data).The specific definition of coff file various pieces see Microsoft's windows systems
Online Help, excessive introduction is not done herein.
For convenience of explanation, this gives a specific obj file, this paper obj files realize one
The function of string length is sought, file name is strlen.obj.
The C language source code of Obj files is:
As shown in figure 1, the detailed step protected to obj files is:
1. analyzing the functional symbol in obj files, bit sign, data symbol are reset;
Functional symbol in the present embodiment in strlen.obj is strlen, and nothing resets bit sign, no data symbol.
2. selection needs functional symbol to be protected;
The function that protection is selected in the present embodiment is strlen.
3. dis-assembling module is utilized, according to the coding rule of machine code instruction, to needing function to be protected to carry out dis-assembling,
Machine instruction is decompiled into assembler language;
After strlen function dis-assemblings, the assembler language of generation is as follows:
The assembly code of strlen functions is in strlen.obj files:
4. utilizing deformation module, the instruction for the function protected as needed utilizes the instruction mould after the deformation being pre-designed
Version, is replaced to instruction;
In the present embodiment, ret instructions are deformed, ret instructions code of equal value is:
5. using rubbish instruction insertion module, needing inside function to be protected, position, insertion rubbish instruction are selected;
In the present embodiment rubbish is all inserted into strlen.obj files behind every assembly instruction of strlen functions
Rubbish instruction is not inserted into behind instruction, the last item assembly instruction.
In the present embodiment, the rubbish of insertion, which is instructed, is
If 6. there is jump instruction inside function, jump instruction is changed using repair module, due to needing letter to be protected
Instruction in number is deformed, and is inserted rubbish instruction, is caused the skew that jump instruction is redirected to be changed, according to redirecting
Because instruction deformation and the increased skew of rubbish instruction are repaiied to jump instruction between the destination address centre for instructing and redirecting
Change;
Needed in the present embodiment modification first jump instruction be
7. all symbols in obj files are scanned by Modification growth function symbol, according to the position of instruction deformation and rubbish
The position of insertion is instructed, position and the length of symbol is changed;
The position of strlen functional symbols is constant in the present embodiment, and length increase, increased length instructs for the flower of insertion
Length and because deformation ret instructs increased length.
If 8. having data symbol in obj files, be scanned to all symbol tables in obj files, become according to instruction
The length instructed behind the position of shape and deformation, instructs the length that the position of insertion and rubbish are instructed according to rubbish, changes data symbols
Number position;
In the present embodiment without data symbol, it is not necessary to change.
9. if reset bit sign in obj files, modification resets bit sign, to all reorientations in obj files
Symbol is scanned, and the position of insertion is instructed according to the position of instruction deformation and rubbish, and modification resets bit sign;
Bit sign is not reset in the present embodiment, it is not necessary to changed.
10. modification needs function instruction bytecode to be protected, after the presumptive instruction of the function protected as needed, deformation
Instruction, rubbish instruction, the amended jump instruction of insertion, the instruction of the function after modification protection;
In the present embodiment, according to the presumptive instruction of strlen functions, the ret instructions after deformation, the rubbish instruction of insertion
And two amended jump instructions, the instruction of the strlen functions after modification protection.
Analysis module, analyzes the functional symbol in obj files, resets bit sign, data symbol;
Dis-assembling module, is assembly language directive by machine instruction decompiling according to the machine instruction of function;
Deformation module, to needing function to be protected, dis-assembling is carried out using dis-assembling module, assembly language directive is generated,
Instruction replacement is carried out to the instruction that can be deformed using the deformation command template being pre-designed;
Rubbish instruction insertion module, to needing function to be protected, dis-assembling, generation compilation language are carried out using dis-assembling module
Speech instruction, is being needed inside function to be protected, selects position, insertion rubbish instruction;
Repair module, due to needing function to be protected to carry out instruction deformation and rubbish instruction insertion, it is necessary to needs
Jump instruction inside the function of protection is repaired, and functional symbol is repaired, and data symbol is repaired, to resetting
Bit sign is repaired, and the instruction to the function after protection is repaired, the obj files after generation protection.
Compared with prior art, the guard method of file destination of the invention and the beneficial effect of protection system are:It is logical
Cross the functional symbol analyzed first in obj files, reset bit sign, data symbol, selection needs functional symbol to be protected, to letter
Number carries out dis-assembling, and instruction is deformed, and rubbish instruction is inserted in the middle of instruction, and obj is repaired in the jump instruction of repair function
Functional symbol, data symbol in file, reset bit sign, thus to software formation one integrally protect, obj files are entered
Row protection, can increase the scope of protection, add the difficulty of decompiling and analysis, substantially increase the security of software.
Above example is only the exemplary embodiment of the present invention, is not used in the limitation present invention, protection scope of the present invention
It is defined by the claims.Those skilled in the art can make respectively in the essence and protection domain of the present invention to the present invention
Modification or equivalent substitution are planted, this modification or equivalent substitution also should be regarded as being within the scope of the present invention.
Claims (17)
1. a kind of guard method of file destination, it is characterised in that for what is protected the need in each file destination in software
Function is carried out after dis-assembling, and the instruction to function is deformed, and inserts rubbish instruction in function, so as to each file destination
Protected to form the Global Macros to software;
And methods described specifically includes following steps:
S10:The functional symbol in file destination is analyzed, and selects to need the corresponding functional symbol of function to be protected;
S20:According to the coding rule of machine code instruction, dis-assembling is carried out to the need function to be protected, so that machine be referred to
Order decompiles into assembly language directive;
S30:Using the deformation command template being pre-designed, the flexible instruction in the assembly language directive is instructed
Replace;
S40:Rubbish instruction is inserted at select location in the assembly language directive;
S50:Change the functional symbol;
S60:The command byte code of the modification need function to be protected.
2. the guard method of file destination according to claim 1, it is characterised in that if redirecting finger inside function
Order, then also include between step S40 and step S50:
S41:According between jump instruction and the destination address redirected by instruction deformation and rubbish instruction it is increased skew sent out
Raw change, modifies to jump instruction.
3. the guard method of file destination according to claim 1, it is characterised in that if there is data symbols in file destination
Number, then step S10 also includes analyzing the data symbol, and also includes between step S50 and step S60:
S51:Change the data symbol.
4. the guard method of file destination according to claim 1, it is characterised in that if there is reorientation in file destination
Symbol, then step S10 also include resetting and also including between bit sign, and step S50 and step S60 described in analysis:
S52:Bit sign is reset described in modification.
5. the guard method of file destination according to claim 3, it is characterised in that step S51 is specially:To target text
All symbol tables in part are scanned, and are inserted according to the length instructed after the position of instruction deformation and deformation, and rubbish instruction
The position entered and the length of rubbish instruction, to change the position of the data symbol.
6. the guard method of file destination according to claim 4, it is characterised in that step S52 is specially:To target text
All bit signs that reset in part are scanned, and are referred to according to the length instructed after the position of instruction deformation and deformation, and rubbish
The position of insertion and the length of rubbish instruction are made, described bit sign is reset to change.
7. the guard method of file destination according to claim 1, it is characterised in that step S50 is specially:To target text
All symbol tables in part are scanned, and are inserted according to the length instructed after the position of instruction deformation and deformation, and rubbish instruction
The position entered and the length of rubbish instruction, to change position and the length of the functional symbol.
8. the guard method of file destination according to claim 1, it is characterised in that step S60 is specially:As needed
Rubbish instruction, the amended jump instruction of instruction, insertion after the presumptive instruction of the function of protection, deformation, to change through protecting
The command byte code of function after shield processing.
9. a kind of protection system of the file destination of the method based on described in claim 1, it is characterised in that including:
Analysis module, it is configured to analyze the functional symbol in file destination;
Dis-assembling module, it is configured to the coding rule according to machine code instruction, it would be desirable to which the machine instruction of the function of protection is anti-
It is compiled as assembly language directive;
Deformation module, it is configured to the compilation generated using the deformation command template being pre-designed to the dis-assembling module
Flexible instruction in sound instruction carries out instruction replacement;
Rubbish instruction insertion module, it is configured to insert rubbish instruction at the select location in the assembly language directive;
Repair module, it is configured to repair the need function to be protected for having carried out instruction deformation and rubbish instruction insertion
Redoubling and other functional symbols are accordingly repaired;The instruction of function after to being handled through protection is repaired, to generate guarantor
File destination after shield.
10. the protection system of file destination according to claim 9, it is characterised in that if redirecting finger inside function
Order, the repair module is additionally configured to include to needing the jump instruction inside function to be protected to repair.
11. the protection system of file destination according to claim 9, it is characterised in that the analysis module is additionally configured to
The data symbol in file destination is analyzed, if there is data symbol in file destination, the repair module is additionally configured to include pair
Data symbol is repaired.
12. the protection system of file destination according to claim 9, it is characterised in that the analysis module is additionally configured to
Bit sign is reset in analysis file destination, if resetting bit sign in file destination, the repair module is additionally configured to bag
Counterweight sprocket bit is included to be repaired.
13. the protection system of file destination according to claim 9, it is characterised in that the repair module is to functor
Number mode concrete configuration repaired is:All symbol tables in file destination are scanned, according to the position of instruction deformation
The length put and instructed after deforming, and the length that the position of rubbish instruction insertion and rubbish are instructed, carry out repair function symbol
Position and length.
14. the protection system of file destination according to claim 10, it is characterised in that after the repair module is to protection
The mode concrete configuration repaired of instruction of function be:Finger after the presumptive instruction of the function protected as needed, deformation
Rubbish instruction, the amended jump instruction make, inserted, to repair the command byte code of the function after being handled through protection.
15. the protection system of file destination according to claim 14, it is characterised in that the repair module is to needing to protect
The mode concrete configuration that jump instruction inside the function of shield is repaired is:According to jump instruction and the destination address redirected it
Between by instruction deformation and the increased skew of rubbish instruction change occurred, to be repaired to jump instruction.
16. the protection system of file destination according to claim 15, it is characterised in that the repair module is to data symbols
Number mode concrete configuration repaired is:All symbol tables in file destination are scanned, according to the position of instruction deformation
The length instructed after deformation, and the length that the position of rubbish instruction insertion and rubbish are instructed are put, comes the position of repair data symbol
Put.
17. the protection system of file destination according to claim 16, it is characterised in that the repair module is to reorientation
The mode concrete configuration that symbol is repaired is:All bit signs that reset in file destination are scanned, become according to instruction
The length instructed after the position deformation of shape, and the length that the position of rubbish instruction insertion and rubbish are instructed, to repair reorientation
Symbol.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410313183.2A CN104063635B (en) | 2014-07-02 | 2014-07-02 | The guard method of file destination and protection system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410313183.2A CN104063635B (en) | 2014-07-02 | 2014-07-02 | The guard method of file destination and protection system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104063635A CN104063635A (en) | 2014-09-24 |
| CN104063635B true CN104063635B (en) | 2017-09-29 |
Family
ID=51551345
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410313183.2A Active CN104063635B (en) | 2014-07-02 | 2014-07-02 | The guard method of file destination and protection system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104063635B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106951745B (en) * | 2017-03-31 | 2019-10-18 | 北京深思数盾科技股份有限公司 | A kind of instruction recombination method and apparatus |
| CN108345773B (en) * | 2017-07-27 | 2020-09-08 | 江苏通付盾信息安全技术有限公司 | Code protection method and device based on virtual machine, electronic equipment and storage medium |
| CN108182358B (en) * | 2017-12-28 | 2020-09-29 | 江苏通付盾信息安全技术有限公司 | File protection method and device, computing equipment and computer storage medium |
| CN108052806B (en) * | 2017-12-28 | 2020-09-29 | 江苏通付盾信息安全技术有限公司 | File protection method and device, computing equipment and computer storage medium |
| US10635523B2 (en) | 2018-02-23 | 2020-04-28 | International Business Machines Corporation | Fast recovery from failures in a chronologically ordered log-structured key-value storage system |
| US10642680B2 (en) * | 2018-02-23 | 2020-05-05 | International Business Machines Corporation | Chronologically ordered log-structured key-value store from failures during garbage collection |
| US10783073B2 (en) | 2018-02-23 | 2020-09-22 | International Business Machines Corporation | Chronologically ordered out-of-place update key-value storage system |
| CN109858204B (en) * | 2019-01-03 | 2021-01-15 | 武汉极意网络科技有限公司 | Program code protection method and device based on LLVM |
| CN110210190A (en) * | 2019-05-30 | 2019-09-06 | 中国科学院信息工程研究所 | A kind of Code obfuscation method based on secondary compilation |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1797263A (en) * | 2004-12-27 | 2006-07-05 | 胡敏 | Encrpytion techniques for storing transformation directive |
| CN101477608A (en) * | 2008-01-04 | 2009-07-08 | 胡敏 | Ciphering process for preventing data and code in software from being modified |
| CN103778355A (en) * | 2014-01-15 | 2014-05-07 | 西北大学 | Code morphing-based binary code obfuscation method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030208395A1 (en) * | 2000-06-15 | 2003-11-06 | Mcclure Neil L. | Distributed network voting system |
-
2014
- 2014-07-02 CN CN201410313183.2A patent/CN104063635B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1797263A (en) * | 2004-12-27 | 2006-07-05 | 胡敏 | Encrpytion techniques for storing transformation directive |
| CN101477608A (en) * | 2008-01-04 | 2009-07-08 | 胡敏 | Ciphering process for preventing data and code in software from being modified |
| CN103778355A (en) * | 2014-01-15 | 2014-05-07 | 西北大学 | Code morphing-based binary code obfuscation method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104063635A (en) | 2014-09-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104063635B (en) | The guard method of file destination and protection system | |
| CN104091100B (en) | Software protection method based on intermediate result compiling | |
| CN103413075B (en) | A kind of method and apparatus of protecting JAVA executable program by virtual machine | |
| CN103778355B (en) | Code morphing-based binary code obfuscation method | |
| CN103413073B (en) | A kind of method and apparatus protecting JAVA executable program | |
| CN108363911B (en) | Python script obfuscating and watermarking method and device | |
| CN107908933A (en) | A kind of character string encryption method based on intermediate language | |
| CN104899010A (en) | Multilingualization method and system of source code | |
| CN103473104B (en) | Bag discriminating conduct is beaten again in a kind of application based on keyword context frequency matrix | |
| CN1889043A (en) | Method for using human natural language in computer programing | |
| CN104462990A (en) | Character string decrypting and encrypting method and device | |
| CN107577925B (en) | Based on the virtual Android application program guard method of dual ARM instruction | |
| CN109543368B (en) | Cross-platform source code virtualization protection method based on intermediate language interpreter | |
| CN103927164A (en) | Method and system for confusing scripts | |
| CN102495736A (en) | Method and system for identifying software code svn version in executable file | |
| CN103077062A (en) | Method and device for detecting code change | |
| CN103955354B (en) | Method for relocating and device | |
| CN107203500A (en) | The automatic switching method of the excel formula object oriented languages of expansion backtracking is replaced based on recurrence | |
| JP2013134573A (en) | Software correction device, software correction system, software correction method and software correction program | |
| CN111512307A (en) | Compiling apparatus and method | |
| CN103886095B (en) | Cross-platform file destination multiplexing method | |
| CN103077066A (en) | Method and system for embedding product key information during compiling | |
| CN107992311A (en) | A kind of method of rapid batch packing generation APK file | |
| CN101706859A (en) | Device and method for protecting source code | |
| CN105912893A (en) | Strengthening method based on Android system microinstruction just-in-time compilation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100872 room 1706, building 59, Zhongguancun street, Haidian District, Beijing Applicant after: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. Address before: 100872 room 1706, building 59, Zhongguancun street, Haidian District, Beijing Applicant before: BEIJING SHENSI SHUDUN TECHNOLOGY Co.,Ltd. |
|
| COR | Change of bibliographic data | ||
| CB02 | Change of applicant information |
Address after: 100193 Beijing, Haidian District, East West Road, No. 10, East Hospital, building No. 5, floor 5, layer 510 Applicant after: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. Address before: 100872 room 1706, building 59, Zhongguancun street, Haidian District, Beijing Applicant before: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. |
|
| COR | Change of bibliographic data | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee after: Beijing Shendun Technology Co.,Ltd. Address before: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee before: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. |