CN105989252A - Function level packing-oriented unpacking method and system - Google Patents
Function level packing-oriented unpacking method and system Download PDFInfo
- Publication number
- CN105989252A CN105989252A CN201510913382.1A CN201510913382A CN105989252A CN 105989252 A CN105989252 A CN 105989252A CN 201510913382 A CN201510913382 A CN 201510913382A CN 105989252 A CN105989252 A CN 105989252A
- Authority
- CN
- China
- Prior art keywords
- dexfile
- class
- code
- actively
- accessflags
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 105
- 230000006870 function Effects 0.000 claims description 13
- 230000008439 repair process Effects 0.000 claims description 9
- 238000005516 engineering process Methods 0.000 abstract description 10
- 230000000977 initiatory effect Effects 0.000 abstract 1
- 230000003014 reinforcing effect Effects 0.000 abstract 1
- 230000002787 reinforcement Effects 0.000 description 5
- 230000008859 change Effects 0.000 description 3
- 238000001514 detection method Methods 0.000 description 3
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000007596 consolidation process Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000005728 strengthening Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a function level packing-oriented unpacking method and system. The method comprises the following steps: starting a simulator, initiating an application program and calling OnCreate of the application program; loading and storing a Dex file of the application program and searching a DexFile structural body; and retrieving a class-defs class definition list, judging whether a loaded Method object in a Dalvik virtual machine is different from a specific code segment in the class definition list or not, and judging whether a code address exceeds a range or not. According to the function level packing-oriented unpacking method and system, initiative decryption can be realized when calling is carried out from the system layer; and meanwhile, for the similar reinforcing technologies, similar unpacking methods can be used, so that the universality problem is effectively solved.
Description
Technical field
The present invention relates to field of information security technology, particularly relate to a kind of hulling method for function rank shell adding and system.
Background technology
Code is the core of a program, is whether in secrecy and security consideration, or for hidden behaviour, encryption technology is most commonly seen, is also most efficient method.In order to hide core code, it is ensured that the safety of system core flow process, code typically can be obscured and encryption by developer.On the other hand and malicious application is in order to reach to hide oneself, hide the detection of fail-safe software, also the code of oneself can be encrypted.
Fail-safe software relies on knowable code significantly for the detection of malicious code, and encrypts the safety detection being undoubtedly for sequencing and add one lock.And As time goes on, Android application is from a small amount of application started most, simple encryption, and new application major part the most out all uses reinforcement protection till now, and exuviating technology is the most urgent.
Android application, at present at the most relatively common exuviating technology, can be divided into two types:
One, Dex entirety encryption type
Application program is operationally waited and is decrypted overall dex file, and DexFile structure analyzed by shelling instrument, and then internal memory dump gets off.
Shortcoming: the mode of internal memory dump time existing scheme is run, compares dependence hook technology, and is easily hindered by various anti-debugging techniques.
Two, Dex function detaches type
Program is consolidation process when, it would be desirable to hiding code extracts and encrypts and deposits, and this exuviating technology needs to be analyzed program decipherment algorithm, is then implemented separately or calls decipherment algorithm, carries out static reduction.
Shortcoming: algorithm specific aim is too strong, does not has a kind of realization to be required for a large amount of manpower and goes follow-up and analyze.
Android system as the system of an exploitation, have stronger can be with customization.We have only to add in position our shelling code, for application program, the most ND, so can effectively solve the drawback of the first exuviating technology.Android system is exactly the environment that application program performs, and the structural relation of application program, is all visual for system layer.Call deciphering during for running, so that it may go to call from system level and just can become a kind of actively deciphering, therefore similar reinforcement technique such as function is detached, it is possible to use the hulling method known each other, so can effectively solve versatility problem.
Summary of the invention
The present invention is by starting simulator, initialize application A ctivity, call shelling body of code, the Dex file of loading application programs also preserves the hash_tables to gDvm, class_defs class definition list in retrieval DexFile structure, and judge that the Method object of the Dalvik virtual machine after loading defines, from class_defs class, the method that in the method structure in list, AccessFlags and insn code segment is the most different, just can realize actively deciphering when system level goes to call with this, for similar reinforcement technique, similar hulling method can be used, the most effectively solve versatility problem simultaneously.
The present invention adopts and realizes with the following method: a kind of hulling method for function rank shell adding, including:
Start simulator, initialize application A ctivity, call the OnCreate of application program;
The Dex file of loading application programs also preserves the hash_tables to gDvm, searches DexFile structure in the hash_tables of gDvm;
Class_defs class definition list in retrieval DexFile structure, and judge that the Method object of the Dalvik virtual machine after loading is the most different from AccessFlags and insn code segment in the method structure in the definition list of class_defs class, if it is different, then in time running, Method obtains decrypted code, is filled up to the AccessFlags position of method in DexFile structure;
Judge that the insns code address of Method, whether beyond DexFile scope, if then extension DexFile size, by Method code copies to new region of memory, and repairs the Method offset address of DexFile.
Further, the side of described acquisition decrypted code is: uses interface dexGetClassDef circulation to obtain DexFile structure C lassDef, uses GetStaticMethodID to search the class containing clinit method, it is achieved actively deciphering.
Further, interface dexGetClassDef circulation is used to obtain the number that number of times is ClassDef of DexFile structure C lassDef.
Further, the described actively decryption method that realizes is the code that in circulation searching internal memory, Method structure is decrypted, it is judged that AccessFlags indicates with or without Native, if nothing, then it represents that complete actively to decipher.
Further, use single kernel interface that the file completing actively to decipher is written and read operation.
The present invention can use following device to realize:
A kind of shelling system for function rank shell adding, it is characterised in that including:
Initialization module, is used for starting simulator, initializes application A ctivity, calls the OnCreate of application program;
Search module, for the Dex file of loading application programs and preserve the hash_tables to gDvm, the hash_tables of gDvm searches DexFile structure;
Analyze module, for retrieving the class_defs class definition list in DexFile structure, and judge that the Method object of the Dalvik virtual machine after loading is the most different from AccessFlags and insn code segment in the method structure in the definition list of class_defs class, if it is different, then in time running, Method obtains decrypted code, is filled up to the AccessFlags position of method in DexFile structure;
Repair module, for judging that the insns code address of Method, whether beyond DexFile scope, if then extension DexFile size, by Method code copies to new region of memory, and repairs the Method offset address of DexFile.
Further, the side of described acquisition decrypted code is: uses interface dexGetClassDef circulation to obtain DexFile structure C lassDef, uses GetStaticMethodID to search the class containing clinit method, it is achieved actively deciphering.
Further, interface dexGetClassDef circulation is used to obtain the number that number of times is ClassDef of DexFile structure C lassDef.
Further, the described actively decryption method that realizes is the code that in circulation searching internal memory, Method structure is decrypted, it is judged that AccessFlags indicates with or without Native, if nothing, then it represents that complete actively to decipher.
Further, use single kernel interface that the file completing actively to decipher is written and read operation.
The present invention can be more general the existing novel reinforced technology of deciphering, be decrypted relative to direct analysis decipherment algorithm, well adapting to property and accuracy.
In sum, the present invention is by starting simulator, initialize application A ctivity, call shelling body of code, the Dex file of loading application programs also preserves the hash_tables to gDvm, class_defs class definition list in retrieval DexFile structure, and judge that the Method object of the Dalvik virtual machine after loading defines, from class_defs class, the method that in the method structure in list, AccessFlags and insn code segment is the most different, just can realize actively deciphering when system level goes to call with this, for similar reinforcement technique, similar hulling method can be used, the most effectively solve versatility problem simultaneously.
Have the beneficial effect that
1.It is the redevelopment carried out based on Android system, applies original interface to change, so application is less susceptible to discover the existence of shelling program.
2, hook block can be broken through in the way of using special purpose interface, and Function Extension.
Actively call deciphering when 3, using operation, for application program, be belonging to normal code and perform, be difficult to be noticeable.
4, according to being that before and after shelling, code difference judges, a class Scheme of Strengthening, highly versatile can disposably be solved.
Accompanying drawing explanation
In order to be illustrated more clearly that the present invention or technical scheme of the prior art, the accompanying drawing used required in embodiment or description of the prior art will be briefly described below, apparently, accompanying drawing in describing below is only some embodiments described in the present invention, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
A kind of hulling method embodiment flow chart for function rank shell adding that Fig. 1 provides for the present invention;
A kind of shelling system embodiment structure chart for function rank shell adding that Fig. 2 provides for the present invention.
Detailed description of the invention
For the technical scheme making those skilled in the art be more fully understood that in the embodiment of the present invention, and it is understandable to enable the above-mentioned purpose of the present invention, feature and advantage to become apparent from, and is described in further detail technical scheme in the present invention below in conjunction with the accompanying drawings.
The present invention is by starting simulator, initialize application A ctivity, call shelling body of code, the Dex file of loading application programs also preserves the hash_tables to gDvm, class_defs class definition list in retrieval DexFile structure, and judge that the Method object of the Dalvik virtual machine after loading defines, from class_defs class, the method that in the method structure in list, AccessFlags and insn code segment is the most different, just can realize actively deciphering when system level goes to call with this, for similar reinforcement technique, similar hulling method can be used, the most effectively solve versatility problem simultaneously.
The present invention adopts and realizes with the following method: a kind of hulling method for function rank shell adding, including:
S101 starts simulator, initializes application A ctivity, calls the OnCreate of application program;
The Dex file of S102 loading application programs also preserves the hash_tables to gDvm, searches DexFile structure in the hash_tables of gDvm;
Class_defs class definition list in S103 retrieval DexFile structure, and judge that the Method object of the Dalvik virtual machine after loading is the most different from AccessFlags and insn code segment in the method structure in the definition list of class_defs class, if it is different, then in time running, Method obtains decrypted code, is filled up to the AccessFlags position of method in DexFile structure;
S104 judges that the insns code address of Method, whether beyond DexFile scope, if then extension DexFile size, by Method code copies to new region of memory, and repairs the Method offset address of DexFile.
Further, the side of described acquisition decrypted code is: uses interface dexGetClassDef circulation to obtain DexFile structure C lassDef, uses GetStaticMethodID to search the class containing clinit method, it is achieved actively deciphering.
Further, interface dexGetClassDef circulation is used to obtain the number that number of times is ClassDef of DexFile structure C lassDef.
Further, the described actively decryption method that realizes is the code that in circulation searching internal memory, Method structure is decrypted, it is judged that AccessFlags indicates with or without Native, if nothing, then it represents that complete actively to decipher.
Further, use single kernel interface that the file completing actively to decipher is written and read operation.
The present invention can use following device to realize:
A kind of shelling system for function rank shell adding, it is characterised in that including:
Initialization module 201, is used for starting simulator, initializes application A ctivity, calls the OnCreate of application program;
Search module 202, for the Dex file of loading application programs and preserve the hash_tables to gDvm, the hash_tables of gDvm searches DexFile structure;
Analyze module 203, for retrieving the class_defs class definition list in DexFile structure, and judge that the Method object of the Dalvik virtual machine after loading is the most different from AccessFlags and insn code segment in the method structure in the definition list of class_defs class, if it is different, then in time running, Method obtains decrypted code, is filled up to the AccessFlags position of method in DexFile structure;
Repair module 204, for judging that the insns code address of Method, whether beyond DexFile scope, if then extension DexFile size, by Method code copies to new region of memory, and repairs the Method offset address of DexFile.
Further, the side of described acquisition decrypted code is: uses interface dexGetClassDef circulation to obtain DexFile structure C lassDef, uses GetStaticMethodID to search the class containing clinit method, it is achieved actively deciphering.
Further, interface dexGetClassDef circulation is used to obtain the number that number of times is ClassDef of DexFile structure C lassDef.
Further, the described actively decryption method that realizes is the code that in circulation searching internal memory, Method structure is decrypted, it is judged that AccessFlags indicates with or without Native, if nothing, then it represents that complete actively to decipher.
Further, use single kernel interface that the file completing actively to decipher is written and read operation.
As seen through the above description of the embodiments, those skilled in the art is it can be understood that can add the mode of required general hardware platform by software to the present invention and realize.Based on such understanding, the part that prior art is contributed by technical scheme the most in other words can embody with the form of software product, this computer software product can be stored in storage medium, such as ROM/RAM, magnetic disc, CD etc., including some instructions with so that a computer equipment (can be personal computer, server, or the network equipment etc.) perform each embodiment of the present invention or the method described in some part of embodiment.
Each embodiment in this specification all uses the mode gone forward one by one to describe, and between each embodiment, identical similar part sees mutually, and what each embodiment stressed is the difference with other embodiments.For system embodiment, owing to it is substantially similar to embodiment of the method, so describe is fairly simple, relevant part sees the part of embodiment of the method and illustrates.
The present invention can be used in numerous general or special purpose computing system environment or configuration.Such as: personal computer, server computer, handheld device or portable set, laptop device, multicomputer system, system based on microprocessor, set top box, programmable consumer-elcetronics devices, network PC, minicomputer, mainframe computer, the distributed computing environment including any of the above system or equipment etc..
The present invention can be described in the general context of computer executable instructions, such as program module.Usually, program module includes performing particular task or realizing the routine of particular abstract data type, program, object, assembly, data structure etc..The present invention can also be put into practice in a distributed computing environment, in these distributed computing environment, the remote processing devices connected by communication network perform task.In a distributed computing environment, during program module may be located at the local and remote computer-readable storage medium including storage device.
Although depicting the present invention by embodiment, it will be appreciated by the skilled addressee that the present invention has many deformation and the change spirit without deviating from the present invention, it is desirable to appended claim includes these deformation and the change spirit without deviating from the present invention.
Claims (10)
1. the hulling method for function rank shell adding, it is characterised in that including:
Start simulator, initialize application A ctivity, call the OnCreate of application program;
The Dex file of loading application programs also preserves the hash_tables to gDvm, searches DexFile structure in the hash_tables of gDvm;
Class_defs class definition list in retrieval DexFile structure, and judge that the Method object of the Dalvik virtual machine after loading is the most different from AccessFlags and insn code segment in the method structure in the definition list of class_defs class, if it is different, then in time running, Method obtains decrypted code, is filled up to the AccessFlags position of method in DexFile structure;
Judge that the insns code address of Method, whether beyond DexFile scope, if then extension DexFile size, by Method code copies to new region of memory, and repairs the Method offset address of DexFile.
2. the method for claim 1, it is characterized in that, the side of described acquisition decrypted code is: uses interface dexGetClassDef circulation to obtain DexFile structure C lassDef, uses GetStaticMethodID to search the class containing clinit method, it is achieved actively deciphering.
3. method as claimed in claim 2, it is characterised in that use interface dexGetClassDef circulation to obtain the number that number of times is ClassDef of DexFile structure C lassDef.
4. method as claimed in claim 2, it is characterised in that described realization actively decryption method is the code that in circulation searching internal memory, Method structure is decrypted, it is judged that AccessFlags indicates with or without Native, if nothing, then it represents that complete actively to decipher.
5. method as claimed in claim 4, it is characterised in that use single kernel interface that the file completing actively to decipher is written and read operation.
6. the shelling system for function rank shell adding, it is characterised in that including:
Initialization module, is used for starting simulator, initializes application A ctivity, calls the OnCreate of application program;
Search module, for the Dex file of loading application programs and preserve the hash_tables to gDvm, the hash_tables of gDvm searches DexFile structure;
Analyze module, for retrieving the class_defs class definition list in DexFile structure, and judge that the Method object of the Dalvik virtual machine after loading is the most different from AccessFlags and insn code segment in the method structure in the definition list of class_defs class, if it is different, then in time running, Method obtains decrypted code, is filled up to the AccessFlags position of method in DexFile structure;
Repair module, for judging that the insns code address of Method, whether beyond DexFile scope, if then extension DexFile size, by Method code copies to new region of memory, and repairs the Method offset address of DexFile.
7. method as claimed in claim 6, it is characterized in that, the side of described acquisition decrypted code is: uses interface dexGetClassDef circulation to obtain DexFile structure C lassDef, uses GetStaticMethodID to search the class containing clinit method, it is achieved actively deciphering.
8. method as claimed in claim 7, it is characterised in that use interface dexGetClassDef circulation to obtain the number that number of times is ClassDef of DexFile structure C lassDef.
9. method as claimed in claim 7, it is characterised in that described realization actively decryption method is the code that in circulation searching internal memory, Method structure is decrypted, it is judged that AccessFlags indicates with or without Native, if nothing, then it represents that complete actively to decipher.
10. method as claimed in claim 9, it is characterised in that use single kernel interface that the file completing actively to decipher is written and read operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510913382.1A CN105989252B (en) | 2015-12-12 | 2015-12-12 | A kind of hulling method and system for function rank shell adding |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510913382.1A CN105989252B (en) | 2015-12-12 | 2015-12-12 | A kind of hulling method and system for function rank shell adding |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105989252A true CN105989252A (en) | 2016-10-05 |
| CN105989252B CN105989252B (en) | 2018-10-12 |
Family
ID=57040434
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510913382.1A Active CN105989252B (en) | 2015-12-12 | 2015-12-12 | A kind of hulling method and system for function rank shell adding |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105989252B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107391223A (en) * | 2017-03-30 | 2017-11-24 | 阿里巴巴集团控股有限公司 | A kind of document handling method and device |
| CN108090353A (en) * | 2017-11-03 | 2018-05-29 | 哈尔滨安天科技股份有限公司 | A kind of shell adding code of knowledge based driving returns detection method and system |
| CN108229148A (en) * | 2016-12-21 | 2018-06-29 | 武汉安天信息技术有限责任公司 | A kind of sandbox hulling method and system based on Android virtual machines |
| CN108229107A (en) * | 2016-12-21 | 2018-06-29 | 武汉安天信息技术有限责任公司 | A kind of hulling method and container of Android platform application program |
| CN109165019A (en) * | 2018-07-28 | 2019-01-08 | 安徽捷兴信息安全技术有限公司 | A kind of hulling method and device for mobile phone application |
| CN111752591A (en) * | 2019-03-27 | 2020-10-09 | 北京奇虎科技有限公司 | Operation method and device for reinforcement application and application reinforcement method and device |
| CN112883374A (en) * | 2021-02-02 | 2021-06-01 | 电子科技大学 | General Android platform application program shelling method and system based on ART environment |
| WO2021248315A1 (en) * | 2020-06-09 | 2021-12-16 | 深圳市欢太科技有限公司 | Unpacking processing method, apparatus, and device, and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103019828A (en) * | 2012-12-28 | 2013-04-03 | 北京神州绿盟信息安全科技股份有限公司 | Auxiliary shelling method and device based on shell adding program |
| KR20150069844A (en) * | 2013-12-16 | 2015-06-24 | 주식회사 에스이웍스 | Method of Obfuscating Files Based on Advanced RISC Machine Processor |
| CN105068932A (en) * | 2015-08-25 | 2015-11-18 | 北京安普诺信息技术有限公司 | Android application program packing detection method |
-
2015
- 2015-12-12 CN CN201510913382.1A patent/CN105989252B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103019828A (en) * | 2012-12-28 | 2013-04-03 | 北京神州绿盟信息安全科技股份有限公司 | Auxiliary shelling method and device based on shell adding program |
| KR20150069844A (en) * | 2013-12-16 | 2015-06-24 | 주식회사 에스이웍스 | Method of Obfuscating Files Based on Advanced RISC Machine Processor |
| CN105068932A (en) * | 2015-08-25 | 2015-11-18 | 北京安普诺信息技术有限公司 | Android application program packing detection method |
Non-Patent Citations (1)
| Title |
|---|
| 李露 等: ""PE文件中脱壳技术的研究"", 《计算机应用与软件》 * |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108229148A (en) * | 2016-12-21 | 2018-06-29 | 武汉安天信息技术有限责任公司 | A kind of sandbox hulling method and system based on Android virtual machines |
| CN108229107A (en) * | 2016-12-21 | 2018-06-29 | 武汉安天信息技术有限责任公司 | A kind of hulling method and container of Android platform application program |
| CN108229107B (en) * | 2016-12-21 | 2021-06-25 | 武汉安天信息技术有限责任公司 | Shelling method and container for Android platform application program |
| CN108229148B (en) * | 2016-12-21 | 2022-06-21 | 武汉安天信息技术有限责任公司 | Sandbox unshelling method and sandbox unshelling system based on Android virtual machine |
| CN107391223A (en) * | 2017-03-30 | 2017-11-24 | 阿里巴巴集团控股有限公司 | A kind of document handling method and device |
| CN107391223B (en) * | 2017-03-30 | 2021-03-19 | 创新先进技术有限公司 | File processing method and device |
| CN108090353A (en) * | 2017-11-03 | 2018-05-29 | 哈尔滨安天科技股份有限公司 | A kind of shell adding code of knowledge based driving returns detection method and system |
| CN109165019A (en) * | 2018-07-28 | 2019-01-08 | 安徽捷兴信息安全技术有限公司 | A kind of hulling method and device for mobile phone application |
| CN111752591A (en) * | 2019-03-27 | 2020-10-09 | 北京奇虎科技有限公司 | Operation method and device for reinforcement application and application reinforcement method and device |
| WO2021248315A1 (en) * | 2020-06-09 | 2021-12-16 | 深圳市欢太科技有限公司 | Unpacking processing method, apparatus, and device, and storage medium |
| CN112883374A (en) * | 2021-02-02 | 2021-06-01 | 电子科技大学 | General Android platform application program shelling method and system based on ART environment |
| CN112883374B (en) * | 2021-02-02 | 2022-07-01 | 电子科技大学 | General Android platform application program shelling method and system based on ART environment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105989252B (en) | 2018-10-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105989252A (en) | Function level packing-oriented unpacking method and system | |
| JP6166839B2 (en) | System and method for replacing application methods at runtime | |
| US20160275019A1 (en) | Method and apparatus for protecting dynamic libraries | |
| CN104680039B (en) | A kind of data guard method and device of application program installation kit | |
| US20160203087A1 (en) | Method for providing security for common intermediate language-based program | |
| CN107273723B (en) | So file shell adding-based Android platform application software protection method | |
| WO2016078130A1 (en) | Dynamic loading method for preventing reverse of apk file | |
| CN107977552B (en) | Android application reinforcing method and device | |
| CN103679060B (en) | Encryption method and encryption device | |
| CN109657488A (en) | A kind of resource file cipher processing method, intelligent terminal and storage medium | |
| US10296728B2 (en) | Method and system for providing cloud-based application security service | |
| US11409653B2 (en) | Method for AI model transferring with address randomization | |
| US10691791B2 (en) | Automatic unpacking of executables | |
| CN111796989B (en) | Method for preventing screen capture in Linux system and computer readable storage medium | |
| CN105488415A (en) | System process scanning method and apparatus | |
| CN108985096B (en) | Security enhancement and security operation method and device for Android SQLite database | |
| CN105825085A (en) | Application program processing method and device | |
| US9659156B1 (en) | Systems and methods for protecting virtual machine program code | |
| CN109325322B (en) | Software intellectual property protection system and method for embedded platform | |
| KR101557455B1 (en) | Application Code Analysis Apparatus and Method For Code Analysis Using The Same | |
| CN107908964B (en) | Security detection method and device for shell files in Android platform Unity3D game | |
| US11657332B2 (en) | Method for AI model transferring with layer randomization | |
| Bogad et al. | Harzer roller: Linker-based instrumentation for enhanced embedded security testing | |
| CN104751057A (en) | Method and device used for enhancing safety of computer system | |
| CN115033870A (en) | Anti-malicious tampering code method and device based on big data cloud deployment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 430000 No.C20 Building of Wuhan Software New Town Industry Phase III, No.8 Huacheng Avenue, Donghu New Technology Development Zone, Wuhan City, Hubei Province Applicant after: Wuhan Antian Information Technology Co., Ltd. Address before: 430000 Hubei Wuhan East Lake New Technology Development Zone Software Park East Road 1 software industry 4.1 phase B4 building 12 stories 01 rooms. Applicant before: Wuhan Antian Information Technology Co., Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |