CN106295327B - Executable file reinforcing method and device - Google Patents
Executable file reinforcing method and device Download PDFInfo
- Publication number
- CN106295327B CN106295327B CN201510246073.3A CN201510246073A CN106295327B CN 106295327 B CN106295327 B CN 106295327B CN 201510246073 A CN201510246073 A CN 201510246073A CN 106295327 B CN106295327 B CN 106295327B
- Authority
- CN
- China
- Prior art keywords
- code
- instruction
- assembly
- executable file
- processor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 230000003014 reinforcing effect Effects 0.000 title abstract description 21
- 238000004590 computer program Methods 0.000 claims description 7
- 238000003780 insertion Methods 0.000 claims description 4
- 230000037431 insertion Effects 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 14
- 238000009434 installation Methods 0.000 description 10
- 238000007596 consolidation process Methods 0.000 description 6
- 230000002787 reinforcement Effects 0.000 description 4
- 238000004422 calculation algorithm Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000012634 fragment Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 210000003813 thumb Anatomy 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/556—Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Abstract
The invention relates to a method and a device for reinforcing an executable file. The method comprises the following steps: acquiring an executable file code of an application program; compiling executable file codes of the application program into an assembly file; acquiring an assembly code corresponding to a preset code needing to be protected from the assembly file; decompilated code will be prevented from being inserted before the assembly code. According to the method and the device for reinforcing the executable file, the executable file code of the application program is compiled into the assembly file, the assembly code corresponding to the code needing to be protected in the assembly file is compiled, the decompilation preventing code is inserted in front of the assembly code, and when the decompilation preventing code is used for decompilating the executable file of the application program, the decompiler is difficult to decompilate the code to be protected, so that the safety of the application program is improved, the application program is prevented from being implanted with malicious instructions, the safety of user data is improved, and meanwhile, the normal execution of the protection code is not influenced.
Description
Technical Field
The invention relates to the field of information security, in particular to a method and a device for reinforcing an executable file.
Background
With the development of network technology, applications providing various services have been developed. The application program is installed on the mobile terminal, corresponding services can be enjoyed by using the application program, for example taxi calling software, the taxi calling software is installed on the mobile terminal, the taxi calling software is started to run, a starting point and a destination are input to generate taxi calling information, the taxi calling information is sent, and a taxi driver receiving the taxi calling information can respond to the taxi calling information to perform the services.
However, the application is installed on the mobile terminal, and is easily modified and repackaged by directly reading an executable file (such as so file) stored in the libs directory in the application installation package by a decompilation tool to construct a large amount of emulational applications.
Disclosure of Invention
Therefore, it is necessary to provide a method for reinforcing an executable file, which can prevent the application program from being implanted with malicious instructions, prevent the user data from being stolen, and improve the security of the user data, aiming at the problem that the user data is stolen because the traditional application program is easily modified and implanted with malicious instructions.
In addition, it is necessary to provide a device for reinforcing executable files, which can prevent application programs from being implanted with malicious instructions, prevent user data from being stolen, and improve the security of user data.
A method of hardening an executable file, comprising the steps of:
acquiring an executable file code of an application program;
compiling executable file codes of the application program into an assembly file;
acquiring an assembly code corresponding to a preset code needing to be protected from the assembly file;
decompilated code will be prevented from being inserted before the assembly code.
An executable file consolidation apparatus, comprising:
the first acquisition module is used for acquiring an executable file code of the application program;
the compiling module is used for compiling the executable file codes of the application program into assembly files;
the second obtaining module is used for obtaining assembly codes corresponding to preset codes needing to be protected from the assembly files;
an insertion module to insert decompilation-protected code in front of the assembly code.
According to the method and the device for reinforcing the executable file, the executable file codes of the application program are compiled into the assembly file, the assembly codes corresponding to the codes needing to be protected in the assembly file are inserted into the assembly codes, and when the decompiler decompilates the executable file of the application program, the decompiler is difficult to decompilate the codes to be protected, so that the safety of the application program is improved, the application program is prevented from being implanted with malicious instructions, the malicious instructions are prevented from stealing user data, and the safety of the user data is improved.
In addition, after the mode switching instruction is identified, the assembly code after the mode switching instruction is identified as a junk instruction, so that the decompiler is misled, the safety of the application program is improved, the application program is prevented from being implanted with malicious instructions, the malicious instructions are prevented from stealing user data, the safety of the user data is improved, and meanwhile, the normal execution of the protection code is not influenced.
After the mode switching instruction is identified by the decompiler, the normal code after the mode switching instruction is identified as the junk instruction, the problems that the original code exists in the memory after decryption in operation and a decompiler copies the code from the memory to achieve the aim of decompilation can be solved, and in the process of normally executing the code, a large amount of data does not need to be decrypted, so that decryption consumption is reduced, and the operation efficiency is improved.
Drawings
Fig. 1A is a schematic diagram of an internal structure of a terminal in one embodiment;
FIG. 1B is a diagram illustrating an internal architecture of a server according to an embodiment;
FIG. 2 is a flow diagram of a method for hardening an executable file in one embodiment;
FIG. 3 is a schematic diagram illustrating the operation of a method for hardening an executable file according to an embodiment;
FIG. 4 is a block diagram of the internal structure of a hardening apparatus for an executable file in one embodiment;
fig. 5 is a block diagram showing an internal structure of a reinforcing apparatus for an executable file according to another embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
It will be understood that, as used herein, the terms "first," "second," and the like may be used herein to describe various elements, but these elements are not limited by these terms. These terms are only used to distinguish one element from another. For example, a first client may be referred to as a second client, and similarly, a second client may be referred to as a first client, without departing from the scope of the present invention. Both the first client and the second client are clients, but they are not the same client.
Fig. 1A is a schematic diagram of an internal structure of a terminal in one embodiment. As shown in fig. 1A, the terminal includes a processor, a storage medium, a memory, and a network interface connected through a system bus. The storage medium of the terminal stores an operating system and further comprises an executable file reinforcing device, and the executable file reinforcing device is used for realizing an executable file reinforcing method. The processor is used for providing calculation and control capability and supporting the operation of the whole terminal. The memory in the terminal provides an environment for the operation of the reinforcing device of the executable file in the storage medium, and the network interface is used for carrying out network communication with the server, such as sending a downloading request of the application program installation package to the server, receiving the application program installation package returned by the server and the like. The terminal may be a mobile phone, a tablet computer or a personal digital assistant. Those skilled in the art will appreciate that the configuration shown in fig. 1A is a block diagram of only a portion of the configuration relevant to the present application, and does not constitute a limitation on the terminal to which the present application is applied, and that a particular terminal may include more or less components than those shown in the figures, or may combine certain components, or have a different arrangement of components.
Fig. 1B is a schematic diagram of an internal structure of a server in one embodiment. As shown in fig. 1B, the server includes a processor, a storage medium, a memory, and a network interface connected by a system bus. The storage medium of the server stores an operating system, a database and a reinforcing device of an executable file, the database stores an installation package of an application program, and the reinforcing device of the executable file is used for realizing a reinforcing method of the executable file suitable for the server. The processor of the server is used for providing calculation and control capacity and supporting the operation of the whole server. The memory of the server provides an environment for the operation of the hardened means of the executable files in the storage medium. The network interface of the server is used for communicating with an external terminal through network connection, such as receiving a download request of an application program installation package sent by the terminal and returning the installation package of the application program to the terminal. The server may be implemented as a stand-alone server or as a server cluster consisting of a plurality of servers. Those skilled in the art will appreciate that the architecture shown in FIG. 1B is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the servers to which the disclosed aspects apply, and that a particular server may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
After the decompiler identifies codes in the installation package of the application program in sequence according to the code sequence, the executable file of the application program is converted into readable codes, then the readable codes generated by decompilation are added with malicious instructions or are tampered to obtain new codes, the new codes are packaged again to generate a new installation package of the application program, the new installation package of the application program is downloaded on the mobile terminal and installed on the mobile terminal, and then the new installation package of the application program runs on the mobile terminal to steal user data, so that the installation package of the application program is unsafe and the user data is also unsafe. Therefore, codes for preventing decompilation (such as jump instructions and mode switching instructions) are inserted before assembly codes of the executable files, so that the decompiler cannot decompilate the codes of the executable files of the application programs, the safety of the codes of the application programs is improved, user data is prevented from being stolen, and the safety of the user data is improved.
The reinforcement means that a series of protection work is carried out on an installation package of an application program, another installation package is output, the application program is prevented from being decompiled and maliciously tampered, application data is protected from being stolen, and maliciousness attack and the like caused by other repackaging are prevented.
FIG. 2 is a flow diagram that illustrates a method for hardening an executable file, in one embodiment. The method for consolidating the executable file in fig. 2 is executed on the mobile terminal. As shown in fig. 2, a method for reinforcing an executable file includes the following steps:
at step 202, executable file code of the application program is obtained.
Specifically, the application refers to application software running on the mobile terminal. The mobile terminal can be a smart phone, a tablet computer, a personal digital assistant and the like. The core algorithm code of the application is almost stored in the executable file SO, and thus, the executable file code of the application is acquired. The SO (shared object) file is a dynamic link library of the user layer.
An Android system or an IOS system and the like can be installed on the mobile terminal. The application program is installed on the mobile terminal and runs under an Android system or an IOS system.
In step 204, the executable file code of the application program is compiled into an assembly file.
In particular, the C + + code of the executable file SO of the application is compiled into an S assembly file.
Specifically, the preset code to be protected is a whole code or a pre-specified partial code.
In the usual case, the default code to be protected is all code in the application's executable file. The portion of the code to be protected may also be pre-specified by the user.
And if the code to be protected is all the code in the executable file of the application program, all assembly code in the assembly file is taken as the assembly code to be protected.
If the code to be protected is a part of code in an executable file of the application program, the assembly code corresponding to the preset code to be protected is selected from the assembly file.
At step 208, decompilated code will be prevented from being inserted before the assembly code.
In this embodiment, step 208 includes: a mode switch instruction is inserted before the assembly code and a jump instruction is inserted before the mode switch instruction.
Specifically, a mode switching instruction BX, BLX, or the like is inserted in the last code of the assembly code that needs to be protected, and a jump instruction is inserted in the last code of the mode switching instruction.
According to the method for reinforcing the executable file, the executable file codes of the application program are compiled into the assembly file, the assembly codes corresponding to the codes needing to be protected in the assembly file are compiled, the decompilation preventing codes are inserted into the assembly codes, and when the decompiler decompilates the executable file of the application program, the decompiler is difficult to decompilate the codes needing to be protected, so that the safety of the application program is improved, the application program is prevented from being implanted with malicious instructions, the malicious instructions are prevented from stealing user data, and the safety of the user data is improved. After the mode switching instruction is identified, the assembly code after the mode switching instruction is identified as a junk instruction, so that the decompiler is misguided, the safety of the application program is improved, the application program is prevented from being implanted with malicious instructions, the malicious instructions are prevented from stealing user data, the safety of the user data is improved, and meanwhile, the normal execution of the protection code is not influenced.
In addition, according to the method for reinforcing the executable file, after the mode switching instruction is identified by the decompiler, the normal code after the mode switching instruction is identified as the junk instruction, the problems that the original code exists in the internal memory after decryption in operation and a decompiler copies the code from the internal memory to achieve the purpose of decompilation can be solved, a large amount of data does not need to be decrypted in the process of normally executing the code, decryption consumption is reduced, and operation efficiency is improved.
In an embodiment, the executable file consolidation method further includes: acquiring an operation instruction of an executable file; and after the operation is carried out according to the operation instruction, skipping the mode switching instruction when the jump instruction is operated, and directly operating the assembly code after the mode switching instruction.
Specifically, the acquisition user clicks on an application program, and the application program is run. And after the application program runs, sequentially reading codes of the application program for execution, when a jump instruction is run, skipping a following mode switching instruction, directly reading an assembly code after the mode switching instruction, and executing the assembly code.
When the application program runs, the assembly code after the execution mode is switched is directly jumped through a jump instruction, so that the normal running of the application program is ensured.
In an embodiment, the executable file consolidation method further includes: acquiring a decompiling instruction; and decompiling the jump instruction and the mode switching instruction in sequence according to the decompiling instruction, and identifying the assembly code after the mode switching instruction as a junk instruction.
Specifically, when the decompiler decompilates the codes of the application program, all the codes are read one by one in sequence and decompilated, the decompiler does not react to the jump instruction, and when the mode switching instruction is encountered, the next code is identified as the instruction after the mode switching, so that the normal code (i.e., the assembly code) is identified as the junk instruction.
After the decompiler identifies the mode switching instruction, the assembly code after the mode switching instruction is identified as a junk instruction, so that the decompiler is misled, the safety of the application program is improved, the application program is prevented from being implanted with malicious instructions, the malicious instructions are prevented from stealing user data, and the safety of the user data is improved.
Fig. 3 is a schematic diagram illustrating an operation principle of the executable file consolidation method according to an embodiment. As shown in fig. 3, the executable file runs, skips the mode switching instruction when executing the jump instruction, directly reads the normal code after the mode switching instruction, the IDA Pro decompilates and identifies the executable file code, and after identifying the mode switching instruction, identifies the normal code as the code after the mode switching, and becomes the garbage instruction. IDA Pro is a piece of disassembly software, and through IDA views and cross references, program logic can be understood and code fragments can be quickly located for convenient modification.
It should be noted that, for the Android system, it may be possible to utilize the thumb mode switching of the assembly arm of the executable file SO and the unexecutable code segment to deceive the decompiler to perform the mode recognition on the code to be protected, SO as to achieve the purpose that the decompiler is difficult to decompilate the code to be protected.
FIG. 4 is a block diagram of the internal structure of a means for hardening an executable file according to one embodiment. The reinforcement means of the executable file in fig. 4 is run on the mobile terminal. As shown in fig. 4, an executable file consolidation apparatus includes a first obtaining module 410, a compiling module 420, a second obtaining module 430, and an inserting module 440.
The first obtaining module 410 is used for obtaining the executable file code of the application program.
Specifically, the application refers to application software running on the mobile terminal. The mobile terminal can be a smart phone, a tablet computer, a personal digital assistant and the like. The core algorithm code of the application is almost stored in the executable file SO, and thus, the executable file code of the application is acquired.
An Android system or an IOS system and the like can be installed on the mobile terminal. The application program is installed on the mobile terminal and runs under an Android system or an IOS system.
The compiling module 420 is used for compiling the executable file code of the application program into an assembly file.
In particular, the C + + code of the executable SO of the application is compiled as an S assembly file.
The second obtaining module 430 is configured to obtain an assembly code corresponding to a preset code that needs to be protected from the assembly file.
Specifically, the preset code to be protected is a whole code or a pre-specified partial code.
In the usual case, the default code to be protected is all code in the application's executable file. The portion of the code to be protected may also be pre-specified by the user.
And if the code to be protected is all the code in the executable file of the application program, all assembly code in the assembly file is taken as the assembly code to be protected.
If the code to be protected is a part of code in an executable file of the application program, the assembly code corresponding to the preset code to be protected is selected from the assembly file.
The insertion module 440 is used to insert decompilated-protected code in front of the assembly code.
In this embodiment, the insertion module 440 is further configured to insert a mode switching instruction before the assembly code, and insert a jump instruction before the mode switching instruction.
Specifically, a mode switching instruction BX, BLX, or the like is inserted in the last code of the assembly code that needs to be protected, and a jump instruction is inserted in the last code of the mode switching instruction.
According to the reinforcement device for the executable file, the executable file codes of the application program are compiled into the assembly file, the assembly codes corresponding to the codes needing to be protected in the assembly file are compiled, the decompilation preventing codes are inserted into the assembly codes, and when the decompiler decompilates the executable file of the application program, the decompiler is difficult to decompilate the codes needing to be protected, so that the safety of the application program is improved, the application program is prevented from being implanted with malicious instructions, the malicious instructions are prevented from stealing user data, and the safety of the user data is improved.
After the mode switching instruction is identified, the assembly code after the mode switching instruction is identified as a junk instruction, so that the decompiler is misguided, the safety of the application program is improved, the application program is prevented from being implanted with malicious instructions, the malicious instructions are prevented from stealing user data, the safety of the user data is improved, and meanwhile, the normal execution of the protection code is not influenced.
In addition, after the decompiler identifies the mode switching instruction, the reinforcing device of the executable file identifies the normal code after the mode switching instruction as the junk instruction, so that the problems that the original code exists in the memory after decryption during running and a decompiler copies the code from the memory to achieve the aim of decompilation can be solved, a large amount of data does not need to be decrypted in the process of normally executing the code, decryption consumption is reduced, and running efficiency is improved.
Fig. 5 is a block diagram showing an internal structure of a reinforcing apparatus for an executable file according to another embodiment. The reinforcement means of the executable file in fig. 5 is run on the mobile terminal. As shown in fig. 5, an executable file consolidation apparatus includes an execution instruction obtaining module 450, an execution module 460, a decompilation instruction obtaining module 470 and a decompilation module 480, in addition to the first obtaining module 410, the compiling module 420, the second obtaining module 430 and the inserting module 440.
The operation instruction obtaining module 450 is configured to obtain an operation instruction of the executable file.
The execution module 460 is configured to skip the mode switching instruction when the jump instruction is executed after the execution according to the execution instruction, and directly execute the assembly code after the mode switching instruction.
Specifically, the acquisition user clicks on an application program, and the application program is run. And after the application program runs, sequentially reading codes of the application program for execution, when a jump instruction is run, skipping a following mode switching instruction, directly reading an assembly code after the mode switching instruction, and executing the assembly code.
When the application program runs, the assembly code after the execution mode is switched is directly jumped through a jump instruction, so that the normal running of the application program is ensured.
Decompilated instruction fetch module 470 is configured to fetch decompilated instructions.
The decompilation module 480 is configured to decompilate the jump instruction and the mode switching instruction in sequence according to the decompilation instruction, and identify an assembly code after the mode switching instruction as a garbage instruction.
Specifically, when the decompiler decompilates the codes of the application program, all the codes are read one by one in sequence and decompilated, the decompiler does not react to the jump instruction, and when the mode switching instruction is encountered, the next code is identified as the instruction after the mode switching, so that the normal code (i.e., the assembly code) is identified as the junk instruction.
After the decompiler identifies the mode switching instruction, the assembly code after the mode switching instruction is identified as a junk instruction, so that the decompiler is misled, the safety of the application program is improved, the application program is prevented from being implanted with malicious instructions, the malicious instructions are prevented from stealing user data, and the safety of the user data is improved.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a non-volatile computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the program is executed. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), or the like.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A method of hardening an executable file, comprising the steps of:
acquiring an executable file code of an application program, wherein the executable file is an SO file, and the SO file is a dynamic link library of a user layer;
compiling executable file codes of the application program into an assembly file;
acquiring an assembly code corresponding to a preset code needing to be protected from the assembly file;
inserting a mode switch instruction before the assembly code and a jump instruction before the mode switch instruction;
acquiring an operation instruction of the executable file;
after the operation is carried out according to the operation instruction, skipping the mode switching instruction when the jump instruction is operated, and directly operating the assembly code after the mode switching instruction;
acquiring a decompiling instruction;
and decompiling the jump instruction and the mode switching instruction in sequence according to the decompiling instruction, and identifying the assembly code after the mode switching instruction as a junk instruction.
2. The method of claim 1, wherein the predetermined code to be protected is a full code or a pre-specified partial code.
3. An executable file binding apparatus, comprising:
the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring an executable file code of an application program, the executable file is an SO file, and the SO file is a dynamic link library of a user layer;
the compiling module is used for compiling the executable file codes of the application program into assembly files;
the second obtaining module is used for obtaining assembly codes corresponding to preset codes needing to be protected from the assembly files;
the insertion module is used for inserting a mode switching instruction in front of the assembly code and inserting a jump instruction in front of the mode switching instruction;
the operation instruction acquisition module is used for acquiring an operation instruction of the executable file;
the execution module is used for skipping the mode switching instruction when the jump instruction is executed after the execution module is operated according to the operation instruction, and directly operating the assembly code after the mode switching instruction;
the decompiling instruction acquisition module is used for acquiring a decompiling instruction;
and the decompiling module is used for decompiling the jump instruction and the mode switching instruction in sequence according to the decompiling instruction, and identifying the assembly code after the mode switching instruction as a garbage instruction.
4. The apparatus of claim 3, wherein the predetermined code to be protected is a full code or a pre-specified partial code.
5. A terminal comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to carry out the steps of the method as claimed in claim 1.
6. A terminal comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to carry out the steps of the method as claimed in claim 2.
7. A server comprising a memory and a processor, the memory storing a computer program that, when executed by the processor, causes the processor to perform the steps of the method of claim 1.
8. A server comprising a memory and a processor, the memory storing a computer program that, when executed by the processor, causes the processor to perform the steps of the method of claim 2.
9. A non-transitory computer readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of the method of claim 1.
10. A non-transitory computer readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of the method of claim 2.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510246073.3A CN106295327B (en) | 2015-05-14 | 2015-05-14 | Executable file reinforcing method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510246073.3A CN106295327B (en) | 2015-05-14 | 2015-05-14 | Executable file reinforcing method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106295327A CN106295327A (en) | 2017-01-04 |
CN106295327B true CN106295327B (en) | 2020-06-23 |
Family
ID=57631394
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510246073.3A Active CN106295327B (en) | 2015-05-14 | 2015-05-14 | Executable file reinforcing method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106295327B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108334756B (en) * | 2017-01-20 | 2020-05-12 | 武汉斗鱼网络科技有限公司 | Interference method and device for decompiling recursive descent type analyzer |
CN107957954B (en) * | 2017-12-19 | 2021-06-29 | 郑州云海信息技术有限公司 | Method and system for improving test data security in Linux system |
CN111162961B (en) * | 2019-12-05 | 2021-12-31 | 任子行网络技术股份有限公司 | Method, system and readable storage medium for discovering mobile application master control server |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102118512A (en) * | 2011-03-28 | 2011-07-06 | 阮晓迅 | Method and system for preventing application program of mobile phone from being cracked |
CN103065069A (en) * | 2013-01-28 | 2013-04-24 | 电子科技大学 | Shell technology based software protection method |
CN104517044A (en) * | 2013-09-27 | 2015-04-15 | 腾讯科技(深圳)有限公司 | Method and device for protecting binary file from being decompiled |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8266608B2 (en) * | 2005-02-18 | 2012-09-11 | Green Hills Software, Inc. | Post-compile instrumentation of object code for generating execution trace data |
-
2015
- 2015-05-14 CN CN201510246073.3A patent/CN106295327B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102118512A (en) * | 2011-03-28 | 2011-07-06 | 阮晓迅 | Method and system for preventing application program of mobile phone from being cracked |
CN103065069A (en) * | 2013-01-28 | 2013-04-24 | 电子科技大学 | Shell technology based software protection method |
CN104517044A (en) * | 2013-09-27 | 2015-04-15 | 腾讯科技(深圳)有限公司 | Method and device for protecting binary file from being decompiled |
Non-Patent Citations (1)
Title |
---|
防止反编译技术研究;陶正等;《装甲兵工程学院学报》;20060831;第20卷(第4期);第64-67页 * |
Also Published As
Publication number | Publication date |
---|---|
CN106295327A (en) | 2017-01-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101471589B1 (en) | Method for Providing Security for Common Intermediate Language Program | |
KR101503785B1 (en) | Method And Apparatus For Protecting Dynamic Library | |
KR101687439B1 (en) | A processor-implemented method for ensuring software integrity | |
CN105786538B (en) | software upgrading method and device based on android system | |
WO2015058620A1 (en) | Method and apparatus for generating installation package corresponding to an application and executing application | |
CN106295255B (en) | Application program reinforcing method and device | |
US20150095653A1 (en) | Method and apparatus of creating application package, method and apparatus of executing application package, and recording medium storing application package | |
CN108363580A (en) | Application program installation method, device, computer equipment and storage medium | |
CN108399319B (en) | Source code protection method, application server and computer readable storage medium | |
US10417412B2 (en) | Protecting computer code against ROP attacks | |
KR20170018745A (en) | System and method for application code obfuscation | |
CN104866739A (en) | Application program encryption method and application program encryption system in Android system | |
CN105354009B (en) | Protection method for firmware | |
US9075966B2 (en) | System and method for loading application classes | |
CN111008034B (en) | Patch generation method and device | |
CN113761482A (en) | Program code protection method and device | |
CN106295327B (en) | Executable file reinforcing method and device | |
CN108334754B (en) | Encryption and decryption method and system for embedded system program | |
CN112231702A (en) | Application protection method, device, equipment and medium | |
CN110502874B (en) | Android App reinforcement method based on file self-modification | |
CN110119601B (en) | Program reinforcing method and device based on application program installation package | |
KR101832594B1 (en) | Method and system for enhancing loading velocity of intermediate language file | |
CN107209815B (en) | Method for code obfuscation using return-oriented programming | |
CN110263532B (en) | Trusted computing method, device and system | |
CN108021790B (en) | File protection method and device, computing equipment and computer storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |