CN106326744B - A kind of method and apparatus for judging to obscure file - Google Patents
A kind of method and apparatus for judging to obscure file Download PDFInfo
- Publication number
- CN106326744B CN106326744B CN201610688203.3A CN201610688203A CN106326744B CN 106326744 B CN106326744 B CN 106326744B CN 201610688203 A CN201610688203 A CN 201610688203A CN 106326744 B CN106326744 B CN 106326744B
- Authority
- CN
- China
- Prior art keywords
- file
- class name
- module
- confused
- spcial character
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Abstract
The present invention relates to a kind of method and apparatus for judging to obscure file.This method comprises: obtaining the executable listed files of portable;The file that each portable is executable in the listed files is loaded, the corresponding procedure set of each file is obtained;Obtain the corresponding class name of described program collection;Detect whether the class name includes preset spcial character, is to be confused by corresponding file mark if the class name includes preset spcial character.The present invention is detected whether the class name includes preset spcial character, is judged automatically whether file to be detected is confused, need not rely on artificial judgment by the class name of acquisition file to be detected.
Description
Technical field
The present invention relates to file detection fields, more particularly to a kind of method and apparatus for judging to obscure file.
Background technique
The executable file of portable can be easy by decompiling, after the file decompiling it can be seen that source of file
Code causes source code to leak.So engineers and technicians are usually used to obscure in order to protect source code not obtained by other people
Tool obscures file.Before software publication, decompiling is carried out using third party's tool, after needing human eye to check decompiling
Source code is judged, to intercept those not files by obscuring.
Summary of the invention
Based on this, it is necessary to aiming at the problem that source code after human eye checks decompiling, provide a kind of judgement and obscure file
Method and apparatus.
A method of file is obscured in judgement, comprising: obtains the executable listed files of portable;Load the file column
The executable file of each portable, obtains the corresponding procedure set of each file in table;Obtain the corresponding class name of described program collection;Inspection
Survey whether the class name includes preset spcial character, if the class name includes preset spcial character, by corresponding text
Part is labeled as being confused.
A kind of device for judging to obscure file, comprising: file acquisition module, loading module, class name obtain module and inspection
Survey module;The file acquisition module, for obtaining the executable listed files of portable;The loading module, described in load
The executable file of each portable, obtains the corresponding procedure set of each file in listed files;The class name obtains module, is used for
Obtain the corresponding class name of described program collection;The detection module, for detecting whether the class name includes preset special
Corresponding file mark is to be confused, if the class name is not if the class name includes preset spcial character by character
It is not to be confused by corresponding file mark including preset spcial character.
The present invention detects whether the class name character string includes preset spy by the class name of acquisition file to be detected
Different character, judges automatically whether file to be detected is confused, and needs not rely on artificial judgment.
Detailed description of the invention
Fig. 1 is the schematic flow chart that the method for file is obscured in a kind of judgement of an embodiment;
Fig. 2 is the schematic flow chart that the method for file is obscured in a kind of judgement of another embodiment;
Fig. 3 is the schematic flow chart that the method for file is obscured in a kind of judgement of another embodiment;
Fig. 4 is the schematic diagram that the device of file is obscured in a kind of judgement of an embodiment.
Specific embodiment
In order to further illustrate the effect of technological means adopted by the present invention and acquirement, with reference to the accompanying drawing and preferably
Embodiment carries out clear and complete description to technical solution of the present invention.
Fig. 1 is the schematic flow chart that the method for file is obscured in a kind of judgement of an embodiment.
As shown in Figure 1, a kind of method for judging to obscure file, comprising:
S101 obtains the executable listed files of portable.
As a preferred embodiment, it is the program text in Microsoft's Windows operating system that (PE) file, which can be performed, in portable
Part;The file format of the PE file of acquisition meets the host program collection of CLI standard, dll the and exe format including part.
S102 loads the file that each portable is executable in the listed files, obtains the corresponding procedure set of each file.
S103 obtains the corresponding class name of described program collection.
As a preferred embodiment, the class name is class name and type name etc. in actual code.For example, procedure set generation
It is defined in code:
public class BusinessModule
{
}
The class name then got is exactly BusinessModule.
S104 detects whether the class name includes preset spcial character, if the class name includes preset special
Corresponding file mark is to be confused by character.
As a preferred embodiment, detect that the step of whether class name includes preset spcial character is also wrapped later
It includes: being not to be confused by corresponding file mark if the class name does not include preset spcial character.
The present embodiment detects whether the class name includes preset special word by the class name of acquisition file to be detected
Symbol, judges automatically whether file to be detected is confused, needs not rely on artificial judgment.
Fig. 2 is the schematic flow chart that the method for file is obscured in a kind of judgement of another embodiment.
As shown in Fig. 2, a kind of method for judging to obscure file, comprising:
S201 selects a catalogue to be detected or file, filters the catalogue or file, obtains what portable can be performed
Listed files.
As a preferred embodiment, automatically to the catalogue or file filter, the file except dll and exe suffix is filtered out,
Retain the file for meeting dll the and exe suffix of host program collection of CLI standard.
S202 loads the file that each portable is executable in the listed files, obtains the corresponding procedure set of each file.
As a preferred embodiment, the file retained in the listed files is loaded automatically, obtains the corresponding journey of each file
Sequence collection.
S203 obtains the corresponding class name of described program collection.
As a preferred embodiment, the corresponding class name of each file routine collection is automatically obtained.
S204 detects whether the class name includes preset spcial character;If so, step S206 is executed, if it is not, executing
Step S205.
Whether as a preferred embodiment, can detecte in class name character string includes Unicode unprintable character,
Unicode unprintable character include: u0000~u001F, u007F and u0080~u009F etc..
Corresponding file mark is not to be confused by S205.
As a preferred embodiment, if the class name does not include preset spcial character, it is by corresponding file mark
It is not confused.
Corresponding file mark is to be confused by S206.
It is by corresponding file mark if the class name includes preset spcial character as a preferred embodiment
It is confused.
S207 comes out label as the result is shown.
The present embodiment obtains the class name of file to be detected by one catalogue to be detected of selection or file, detects institute
State whether class name includes preset spcial character, judges automatically whether file to be detected is confused, do not need manually to check source
Code.
Fig. 3 is the schematic flow chart that the method for file is obscured in a kind of judgement of another embodiment.
As shown in figure 3, a kind of method for judging to obscure file, comprising:
S301 selects a catalogue to be detected or file.
S302 filters the catalogue or file, obtains the listed files of the entitled dll and exe of suffix.
As a preferred embodiment, automatically to the catalogue or file filter, the file except dll and exe suffix is filtered out,
Retain the file for meeting dll the and exe suffix of host program collection of CLI standard.
S303 judges whether the listed files is empty, if listed files is not empty, execution step S304, if file arranges
Table is sky, and label is come out as the result is shown.
As a preferred embodiment, show that result includes which file has been confused and is not confused with which file.
S304 takes out a file from the listed files.
S305 loads the file acquisition procedure set.
S306 obtains the corresponding class name of described program collection.
S308 judges whether the class name includes preset spcial character, if the class name does not include preset spy
Different character executes step S303, if the class name includes preset spcial character, executes step S309.
Corresponding file mark is to be confused, returns to step S303 by S309.
It is by corresponding file mark if the class name includes preset spcial character as a preferred embodiment
It is confused.
The present embodiment is successively read the file of suffix entitled dll and exe under a catalogue, obtains file to be detected automatically
Class name detects whether the class name includes preset spcial character, can judge automatically simultaneously all under a catalogue
Whether file is confused.
Fig. 4 is the schematic diagram that the device of file is obscured in a kind of judgement of another embodiment.
As shown in figure 4, a kind of device for judging to obscure file, comprising: file acquisition module 101, loading module 102, class
Name acquiring module 103 and detection module 104;The file acquisition module 101, for obtaining the executable file column of portable
Table;The loading module 102 loads the file that each portable is executable in the listed files, obtains the corresponding journey of each file
Sequence collection;The class name obtains module 103, for obtaining the corresponding class name of described program collection, if the class name is not wrapped
Preset spcial character is included, is not to be confused by corresponding file mark;The detection module 104, for detecting the class
Whether title includes preset spcial character, if the class name includes preset spcial character, is by corresponding file mark
It has been confused.
As a preferred embodiment, it further includes selecting module that the device of file is obscured in the judgement;The selecting module is used
In selection one catalogue or file to be checked.
As a preferred embodiment, it further includes filtering module that the device of file is obscured in the judgement;The filtering module is used
In filtering the catalogue or file, the executable listed files of portable is obtained.
As a preferred embodiment, it further includes display module that the device of file is obscured in the judgement;The display module is used
It is come out as the result is shown in that will mark.
As a preferred embodiment, the format of file meets CLI mark in the listed files that the file acquisition module obtains
Quasi- host program collection.
As a preferred embodiment, Developmental Engineer can choose when carrying out file and obscuring and can not be beaten using Unicode
Lettering symbol is obscured, and Test Engineer send the installation kit of survey taking, and after being installed, obscures file using the judgement
Device selects the installation directory of installation kit, and described device can screen the file under catalogue, filter out the text except dll and exe suffix
Then part traverses the list to be verified, load to each file and obtain its procedure set, and obtains the corresponding class name of procedure set
Claim;If it find that the class name of file includes Unicode unprintable character, for example, u0001, u0002, just mark this document
It is confused, otherwise this document is marked not to be confused.
File under the present embodiment automatic screening catalogue, filters out the file except dll and exe suffix, obtains the text of reservation
The corresponding class name of part, and detect whether the class name character string includes preset spcial character, it is to be detected to judge automatically
Whether file is confused, and needs not rely on artificial.
Each technical characteristic of embodiment described above can be combined arbitrarily, for simplicity of description, not to above-mentioned reality
It applies all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited
In contradiction, all should be considered as described in this specification.
The embodiments described above only express several embodiments of the present invention, and the description thereof is more specific and detailed, but simultaneously
It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art
It says, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to protection of the invention
Range.Therefore, the scope of protection of the patent of the invention shall be subject to the appended claims.
Claims (7)
1. a kind of method for judging to obscure file characterized by comprising
Catalogue to be detected or file, catalogue described in automatic fitration or file are selected, the executable listed files of portable is obtained;
The file that each portable is executable in the listed files is loaded, the corresponding procedure set of each file is obtained;
Obtain the corresponding class name of described program collection;
Detect whether the class name includes preset spcial character, judges automatically whether file to be detected is confused, if described
Class name includes preset spcial character, is to be confused by corresponding file mark, the preset spcial character includes
Unicode unprintable character.
2. the method according to claim 1 for judging to obscure file, which is characterized in that the executable text of the portable of acquisition
The format of file meets the host program collection of CLI standard in part list.
3. according to claim 1 judge to obscure the method for file, which is characterized in that detect the class name whether include
After the step of preset spcial character further include:
It is not to be confused by corresponding file mark if the class name does not include preset spcial character.
4. the method according to claim 1 for judging to obscure file, which is characterized in that if the class name includes preset
Corresponding file mark is the step of being confused by spcial character includes: later
Label is come out as the result is shown.
5. a kind of judge to obscure the device of file characterized by comprising selecting module, filtering module, file acquisition module,
Loading module, class name obtain module and detection module;
The selecting module, for selecting catalogue or file to be checked;
The filtering module, for filtering the catalogue or file;
The file acquisition module, for obtaining the executable listed files of portable;
The loading module loads the file that each portable is executable in the listed files, obtains the corresponding program of each file
Collection;
The class name obtains module, for obtaining the corresponding class name of described program collection;
The detection module judges automatically file to be detected for detecting whether the class name includes preset spcial character
Whether it is confused, is to be confused by corresponding file mark if the class name includes preset spcial character;If the class
Title does not include preset spcial character, is not to be confused by corresponding file mark, the preset spcial character includes
Unicode unprintable character.
6. the device according to claim 5 for judging to obscure file, which is characterized in that the file acquisition module obtained
The format of file meets the host program collection of CLI standard in listed files.
7. the device according to claim 5 for judging to obscure file, which is characterized in that further include display module:
The display module comes out as the result is shown for that will mark.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610688203.3A CN106326744B (en) | 2016-08-18 | 2016-08-18 | A kind of method and apparatus for judging to obscure file |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610688203.3A CN106326744B (en) | 2016-08-18 | 2016-08-18 | A kind of method and apparatus for judging to obscure file |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106326744A CN106326744A (en) | 2017-01-11 |
CN106326744B true CN106326744B (en) | 2019-05-07 |
Family
ID=57743300
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610688203.3A Active CN106326744B (en) | 2016-08-18 | 2016-08-18 | A kind of method and apparatus for judging to obscure file |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106326744B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107967415B (en) * | 2017-12-11 | 2021-09-17 | 北京奇虎科技有限公司 | Resource confusion protection method, system and terminal device |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2000072112A2 (en) * | 1999-05-12 | 2000-11-30 | Fraunhofer Crcg, Inc. | Obfuscation of executable code |
CN103377326A (en) * | 2012-04-13 | 2013-10-30 | 腾讯科技(北京)有限公司 | Confusion encrypting method and device for dynamic webpage program codes |
CN104484607A (en) * | 2014-12-16 | 2015-04-01 | 上海交通大学 | Universal method and universal system for performing safety testing on Android application programs |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105809034A (en) * | 2016-03-07 | 2016-07-27 | 成都驭奔科技有限公司 | Malicious software identification method |
-
2016
- 2016-08-18 CN CN201610688203.3A patent/CN106326744B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2000072112A2 (en) * | 1999-05-12 | 2000-11-30 | Fraunhofer Crcg, Inc. | Obfuscation of executable code |
CN103377326A (en) * | 2012-04-13 | 2013-10-30 | 腾讯科技(北京)有限公司 | Confusion encrypting method and device for dynamic webpage program codes |
CN104484607A (en) * | 2014-12-16 | 2015-04-01 | 上海交通大学 | Universal method and universal system for performing safety testing on Android application programs |
Non-Patent Citations (3)
Title |
---|
"Proguard使用最新,最全教程,亲自试验";Rulon147;《https://blog.csdn.net/rulon147/article/details/42550901》;20150109;参见14)-15)步 |
"基于Android的应用软件逆向分析及安全保护";马开睿;《中国优秀硕士学位论文全文数据库 信息科技辑》;20160115(第1期);参见第5.2.1-5.2.2节 |
"移动智能终端的软件保护研究";孟姗姗;《中国优秀硕士学位论文全文数据库 信息科技辑》;20160815(第8期);参见第4.4.1节 |
Also Published As
Publication number | Publication date |
---|---|
CN106326744A (en) | 2017-01-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102243699B (en) | Malicious code detection method and system | |
CN103632100B (en) | A kind of website vulnerability detection method and device | |
CN103970516B (en) | Redundancy image deletion method and device | |
EP4148574A1 (en) | Techniques for correlating vulnerabilities across an evolving codebase | |
CN102468985A (en) | Method and system for carrying out penetration test on network safety equipment | |
CN104268473B (en) | Method and device for detecting application programs | |
CN104050417B (en) | A kind of method and device detected in mobile terminal to application state | |
CN103294951B (en) | A kind of malicious code sample extracting method based on document type bug and system | |
CN104050409B (en) | A kind of method identifying tied software and device thereof | |
CN103002342B (en) | Television camera means of defence and system | |
CN104199704A (en) | Application program installation package clearing method and device | |
CN106055363A (en) | Method for identifying file and mobile terminal | |
WO2013097718A1 (en) | Method and device for detecting malicious code on web pages | |
CN106529294A (en) | Method for determining and filtering mobile phone viruses | |
US8572748B2 (en) | Label-based taint analysis | |
CN106326744B (en) | A kind of method and apparatus for judging to obscure file | |
CN105975302A (en) | Application installation method and terminal | |
CN107291487A (en) | CONFIG.SYS amending method and system | |
KR101130088B1 (en) | Malware detecting apparatus and its method, recording medium having computer program recorded | |
CN110348226B (en) | Engineering file scanning method and device, electronic equipment and storage medium | |
CN105653961B (en) | A kind of method and apparatus improving mobile terminal application load safety | |
CN106407815A (en) | Vulnerability detection method and device | |
CN104239801B (en) | The recognition methods of 0day leaks and device | |
CN105809040A (en) | Method and apparatus for detecting application privacy security information | |
KR101579175B1 (en) | Apparatus and method for detection of repackaging |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |