CN106650340A - Binary software protection method by means of dynamic fine-grained code hiding and obfuscating technology - Google Patents

Binary software protection method by means of dynamic fine-grained code hiding and obfuscating technology Download PDF

Info

Publication number
CN106650340A
CN106650340A CN201611009334.0A CN201611009334A CN106650340A CN 106650340 A CN106650340 A CN 106650340A CN 201611009334 A CN201611009334 A CN 201611009334A CN 106650340 A CN106650340 A CN 106650340A
Authority
CN
China
Prior art keywords
code
obfuscation
state
basic block
hidden
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611009334.0A
Other languages
Chinese (zh)
Other versions
CN106650340B (en
Inventor
张怡
吴蒙
糜娴雅
徐彬彬
唐勇
杨强
解炜
周旭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National University of Defense Technology
Original Assignee
National University of Defense Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National University of Defense Technology filed Critical National University of Defense Technology
Priority to CN201611009334.0A priority Critical patent/CN106650340B/en
Publication of CN106650340A publication Critical patent/CN106650340A/en
Application granted granted Critical
Publication of CN106650340B publication Critical patent/CN106650340B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/106Enforcing content protection by specific content processing
    • G06F21/1066Hiding content
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/125Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a binary software protection method by means of a dynamic fine-grained code hiding and obfuscating technology. The method comprises the steps that S1, a hidden target is selected, wherein a to-be-hidden code block is selected in a target program with a basic block as a unit; S2, the selected basic block is hidden, wherein according to each to-be-hidden basic block, an original code segment is replaced with a distributor function call, and other obfuscating instructions are filled in the rest positions; S3, the codes are packaged again, a new code segment is created so as to save all additional logic and data. The method has the advantages of being wide in application range, light in magnitude, extendable, high in safety and the like.

Description

A kind of being hidden using dynamic fine-grained code is protected with the binary software of obfuscation Method
Technical field
Present invention relates generally to computer system security and Software Protection Technique field, refer in particular to a kind of using dynamic particulate Degree code hides the binary software guard method with obfuscation.
Background technology
It is one of core of software protection that anti-reversing is cracked, and with the enhancing of intellectual property importance, software is inversely protected Technology has obtained significant progress, and from encryption technology, static state resist technology is obscured, till now widely used dynamic obfuscation protection With virtual machine resist technology, software cracks difficulty constantly to be strengthened.On the other hand, while software is greatly developed, various debugging Software and attack that software is also more and more advanced, intellectuality, cracking and attacking and provide more easily approach for software.
The attack that software faces mainly has three classes:Software conversed analysis, software are distorted and software piracy.Different attacks is right The Software Protection Technique answered is also different.Operation program, binary software Back analysis technique whether is needed mainly to divide according to when protecting For the static resist technology obscured and the resist technology using dynamic obfuscation can be adopted.
The main realization rate of static obfuscation has upset disassembler, hides controlling stream and upset data structure etc., Its main feature for being different from dynamic obfuscation is that operationally code will not change program.Typical static state obscures method Including rubbish instruction, controlling stream planarization technique, branch function etc..Static obfuscation can be effective against static analysis, disturb Disorderly reverse analysis result of the instrument to program, it is advantageous that simple realization, executing efficiency and volume expense are little.But work as journey By during dynamic debugging, by means such as tracking reduction, the reverse instrument of dynamic can easily dispose the rubbish for upsetting dis-assembling to sequence Instruction, so as to reduce real assembly code, while the reverse instrument of dynamic can be with the execution route of trace routine so as to obtaining The controlling stream being hidden, finally by assembly code analysis real data structure is reduced from the data structure being hidden.Cause This static obfuscation is difficult to resist dynamic analysis, relies solely on static state and obscures the safety for being difficult to ensure that software.
Dynamic obfuscation technology can resist the software obfuscation technology of dynamic analysis, and it mainly includes in realization self-modifying generation Code technology and virtual machine resist technology.Self modifying code technology is a kind of mechanism of the modification of program run duration or generation code, The characteristics of it mainly make use of the storage program of Feng Luoyiman architectures, i.e. instruction and data are stored in same memory headroom In, therefore instruction can be considered data by other instruction readings and modification.Program operationally writes data in code segment, and And the data for writing are performed as instruction, the effect of self modification is reached.Self-modifying protection mechanism can effectively resist static state Conversed analysis and due to code only when needed just in the form of plaintext occur, can to a certain extent hinder reverse instrument The all of plaintext code of acquisition program, so as to resist dynamic analysis.The main method that self modifying code is realized mainly includes instruction Replacement, function dynamic encryption and decryption, burst cluster encryption and decryption and virtual machine protection etc. method.
The core concept of dynamic obfuscation technology is the machine code for preventing reverse instrument direct access program, so as to reach guarantor The purpose of shield software.But at present the method for main flow still has several drawbacks that one is that plaintext window is larger, either self modifying code Technology or virtual machine resist technology would generally enter action to improve execution efficiency in units of function or one whole section of code State is generated, and attacker is easily by key messages such as the plaintext window direct access functions for tracking code;Two is to be difficult to hide journey The controlling stream of sequence, because plaintext window includes complete function information, reverse instrument is easy to obtain the plaintext machine of the function Code, and by analyzing the function in External Function Call, obtain function between call relation, so as to build the control of whole program Flow graph processed.
The content of the invention
The technical problem to be solved in the present invention is that:For the technical problem that prior art is present, the present invention provides one Plant two that there is applied widely, lightweight, the dynamic fine-grained code of expansible, safe employing to hide with obfuscation System method for protecting software.
To solve above-mentioned technical problem, the present invention is employed the following technical solutions:
A kind of to be hidden and the binary software guard method of obfuscation using dynamic fine-grained code, its step is:
S1:Select vanishing target;In units of basic block, code block to be concealed is selected in target program;
S2:The basic block of hiding selection;For each basic block to be concealed, one section of original code is replaced with into one point Orchestration function call, and fill other in remaining position and obscure instruction;
S3:Repack code;A newly-built code segment is used for preserving all of additional logic and data.
As a further improvement on the present invention:The flow process of step S3 is:First, it is all in the beginning insertion of code segment Additional processing logic code, including code cache;It is then followed by adding a covered code information table backward, for according to hiding The allocation index of code is to covered code in the position of encrypting storing;Finally code is encrypted and is inserted in hiding source code Section it is last.
As a further improvement on the present invention:Encryption in step S3 take it is simple also or cipher mode, key In being stored in a global variable.
As a further improvement on the present invention:In step S3, the initial of additional logic is pointed in program entry address Change function, setup code will jump to the former entry address of program after being finished.
As a further improvement on the present invention:In step S2, the handling process of the assignor function is:
S201:Preservation state;Semantic equivalence conversion is carried out to code, the execution before performing the code of generation with original code Front state is identical, that is, makes all registers and the state of storehouse not change, and buffer status are stored in In storehouse;
S202:Lock;Lock to position of the code in code cache will be generated before code is generated, by this block Code cache freezes, and enciphered information is stored in a global listings;
S203:Generate code;Return address according to preserving in stack obtains base to be generated in covered code information table The core position of this block, is then decrypted code cache;
S204:Recovery state;Reply the state before code is performed;
S205:Perform code;Jump to and performed at the code of generation, distributor is returned to after being finished and is continued executing with, Guarantee that unlocking information and the address of next instruction have been stored in stack;
S206:Preservation state;Preserve the state after code is performed;
S207:Unblock;According to the unlocking information of stacking when performing code, currently allocated code cache space is reclaimed;
S208:Recovery state;Recover the state after code is performed;
S209:Return;Return address in storehouse returns to next instruction.
As a further improvement on the present invention:During step S203, enter line code buffering distribution, i.e., with one The distribution of individual global information table record and management code caching, and mutex is added, allow the distribution of code to become an atom behaviour Make;Generate every time before code and distribute code cache space first, release is reclaimed in the space after instruction is finished.
Compared with prior art, it is an advantage of the current invention that:
1st, the dynamic fine-grained code of employing of the invention hides the binary software guard method with obfuscation, hides original Basic block to be protected is needed in beginning code, operationally dynamic reduction performs covered code, and strengthens using Code Obfuscation Security Technology Security.DynFCHO methods can be effective against static analysis and dynamic point under the premise of ensureing that program function is correct Analysis, protection intensity is higher, it is possible to be applied to the binary program that great majority are generated by standard compiler compiling (such as MSVC), tool Have the advantages that applied widely, lightweight, expansible, improve plaintext window present in existing dynamic obfuscation technology it is larger and Two weak links of obfuscating control flow effect on driving birds is not good.
2nd, the dynamic fine-grained code of employing of the invention hides the binary software guard method with obfuscation, using non- Fine granularity is hidden and dynamic generates code, and dynFCHO can hide and dynamic dynamic is generated and needs code snippet to be protected, can have The reverse instrument of effect interference obtains the plaintext machine code of program.Compared with traditional dynamic obfuscation algorithm, dynFCHO algorithms protection grain Degree is less, and code is finished and destroy, and size and the duration of code plaintext window is reduced to greatest extent, with higher Confusion and security.
3rd, the dynamic fine-grained code of employing of the invention hides the binary software guard method with obfuscation, Neng Gouyou Effect hides controlling stream.DynFCHO not only conceals code, and conceals the controlling stream of program.Real controlling stream is hidden In ensconcing assignor function, the actual position of next instruction is just can know that only when program is behaved, by hiding control Flow graph processed, dynFCHO can be effective against static analysis, and the expense of dynamic analysis can be greatly improved, with it is traditional with Instruction or the dynamic obfuscation method obscured in units of function are compared with higher protection intensity.
4th, the dynamic fine-grained code of employing of the invention hides the binary software guard method with obfuscation, using light Magnitude is realized.Method of the present invention design is succinct, and clear logic, the performance cost of increase is less, and whole dynFCHO methods are added Process logic only 40KB, and without the need for program source code when realizing protection, it is adaptable to extensive software protection scene.
Description of the drawings
Fig. 1 is the schematic flow sheet of the inventive method.
Fig. 2 is the principle schematic when present invention is performed in concrete application example.
Fig. 3 is the principle schematic of present invention assignor function in concrete application example.
Specific embodiment
The present invention is described in further details below with reference to Figure of description and specific embodiment.
The present invention mainly serves for resisting the binary software resist technology of software conversed analysis, i.e. binary software is anti- Analytical technology.The dynamic fine-grained code of employing of the present invention hides the binary software guard method with obfuscation (Dynamically Fine-grained Code Hiding and Obfuscation, abbreviation dynFCHO), by by one section Core code to be protected replaces with function call, and inserts the method for rubbish instruction and reach the purpose hidden and protect.Such as Fig. 1 institutes Show, in concrete application example, the detailed step of the present invention is:
S1:Select vanishing target;
In units of basic block, code block to be concealed is selected in target program.
System of selection is described as follows:
Carry out obscuring foundation to binary file on the basis of correct dis-assembling, DynFCHO is with basic block as minimum single Position is entered line code and is hidden, it is necessary to assure all hiding basic blocks are all correctly divided.
It is relatively difficult to make all of instruction of program all by correct dis-assembling and correctly divide basic block, and it mainly hinders Hindering has at 2 points, and one is that program is possible to be confused or is write as by nonstandard compilation, and two is the presence of many not knowing in program Transfer instruction.First point significantly impacts the accuracy of dis-assembling, but can be by simple method and avoid, i.e., only select The binary program generated with high level language and by compiler, has the property strictly regulated because compiler generates code, because This can ensure that the accuracy of dis-assembling.Although but second point does not affect the result of dis-assembling can extreme influence division basic block Accuracy because static analysis cannot determine the position for redirecting, it is possible to cause the boundary demarcation mistake of basic block, and this Class mistake is difficult to correct, and can only be avoided using conservative back-and-forth method.
Conservative back-and-forth method refers to that only selection may insure to divide correct basic block.According to the characteristics of compiler, with function For border, it is believed that if the code in function does not include uncertain transfer instruction (such as jmp eax), the function is to protect Keep, all basic blocks of the function are also conservative.By conservatively selecting to need hiding basic block, it is ensured that Jing systems The program that system was obscured correctly is performed.
In general, the core code of program often only accounts for the proportion of very little, because dynFCHO can bring certain performance Expense, so the core code with option program should be accurately positioned when selecting target to be concealed.Core code is typically with function Form occur, during selection should more options be located at functional boundary basic block, the such as beginning and return of function so can be effective Disturb search and positioning of the reverse instrument to function.Meanwhile, should try one's best the basic block for avoiding selecting to be located in circulation, because repeatedly Ground generates code and can greatly increase performance cost.
S2:The basic block of hiding selection;
For each basic block to be concealed, one section of original code is replaced with into a special function call, this letter Count and be referred to as " distributor ", and other are filled in remaining position and obscure instruction (such as rubbish code).
S3:Repack code;
A newly-built code segment is used for preserving all of additional logic and data.
First, all Additional processing logic codes, including code cache are inserted in the beginning in code segment, are then followed by backward One covered code information table of addition, it is hidden for being indexed according to the address of covered code (call instructs the address of automatic stacking) Code is hidden in the position of encrypting storing, finally the last of code segment is encrypted and be inserted in hiding source code.Here plus It is close take it is simple also or cipher mode, key is stored in a global variable.
Because additional logic needs to carry out some initialization operations, need for program entry address to point to the first of additional logic Beginningization function, setup code will jump to the former entry address of program after being finished.Due to increased new code segment Simultaneously entry address is changed, so finally needing accordingly to correct executable file.
In concrete application example, as illustrated in fig. 2, it is assumed that program has 3 basic blocks, the wherein subsequent node of basic block 1 It is basic block 2 and basic block 3, basic block 2 is that order performs node, and basic block 3 is to redirect execution node.To hide basic block 1, Function call instruction that can be with target for " distributor " function is replaced.During operation, " distributor " function generates institute Hiding code simultaneously jumps to execution original function at code, returns to next basic block further according to operation result and continues to hold OK.Because the instruction total length of basic block 1 is 24 bits, and 1 call instruction only takes up 5 bit sizes, so also 19 ratios Special space may be inserted into other obfuscated codes (such as rubbish instruction), in order to demonstrate in figure, only be replaced with nop.
Jing after hiding and process, static analysis tools does not know the subsequent node for being hidden basic block, it is impossible to which Direct Analysis go out The complete controlling stream graph of function, cannot more obtain correct semanteme.Additionally, code is in all the time not exclusively solution in running Close state, has been provided simultaneously with resisting the ability of dynamic analysis.
In concrete application example, distributor is realized by function;When program performing is to covered code, will jump to Assignor function is simultaneously taken over by it.The design of distributor is dynFCHO cores, and it will not only be responsible for the generation of covered code With correct execution, also to ensure the security of thread, in addition the executive overhead of code is also the problem that can not be ignored.
As shown in figure 3, the handling process of assignor function is:
S201:Preservation state;Core concept is to carry out semantic equivalence conversion to code, make generation code perform before and State before the execution of original code is identical, that is, makes all registers and the state of storehouse not change.Due to dividing Orchestration introduces extra operation, so buffer status must be stored in storehouse first.
S202:Lock;In order to ensure the security and Thread safety of nesting allocation, need before code is generated to will Generate position of the code in code cache to be locked, this block code caching is freezed, locking is an atomic operation, is locked Information is stored in a global listings.
S203:Generate code;Because call instructions can automatically by return address stacking, can be according to the return preserved in stack Address obtains the core position of basic block to be generated in covered code information table, is then decrypted code cache.For Conflict is avoided, needs reasonably to distribute code cache.Need to return to after having performed due to code after assignor function carries out Continuous unblock etc. is operated, so needing that unlocking information and next are instructed and be temporarily stored in stack, is directed to generation Code-phase does some amendments to skew and instruction.
S204:Recovery state;Reply the state before code is performed.In order to ensure semantic consistency, must before code is performed State must be recovered, it is ensured that buffer status and stack states are of equal value.
S205:Perform code;Jump to and performed at the code of generation, distributor is returned to after being finished and is continued executing with, Now it is necessary to ensure that unlocking information and the address of next instruction have been stored in stack.
S206:Preservation state;Preserve the state after code is performed.
S207:Unblock;According to the unlocking information of stacking when performing code, currently allocated code cache space is reclaimed.
S208:Recovery state;Recover the state after code is performed.
S209:Return;Return address in storehouse returns to next instruction.
During as preferably application example, above-mentioned steps S203, need into line code buffering to distribute.Due to code Generate in a public code cache, rather than source code position, so how correct an important problem is Distribution code cache.Consider a kind of simplest code cache allocation model, i.e. the buffer address of sequential loop distribution from top to bottom, Two class conflicts may then be faced.The first kind is thread conflict, it is assumed that two threads enter distributor simultaneously, if two threads Identical code cache address is assigned, generation code position conflict is will result in;Equations of The Second Kind is nested covering, this be due to With function call instruction ending, the instruction before function is returned must assure that to be present in code cache and is not coated to some basic blocks Lid, and hundreds and thousands of basic blocks may be generated in the invoked procedure of the function, it is slow according to systematic order cycle assignment code The principle deposited, the basic block may be covered by the basic block of follow-up generation, cause to cover conflict.
The distribution cached with a global information table record and management code to solve both above conflict to consider, and add Enter mutex, allow the distribution of code to become an atomic operation.Generate every time before code and distribute code cache space first, the sky Between after instruction is finished reclaim release.
The difficult point of locking is how to transmit unlocking information, and unblock is needed after having performed due to code, and cannot directly be used The local variable transmission unlocking information of assignor function, because the local variable of function is stored in stack, and must before execution code Context state, that is, the local variable in all stacks that to erase must be recovered.And if transmitting unlocking information with global variable Multithreading and mutex are necessarily involved again, and program expense is necessarily significantly greatly increased.So needing a kind of light and effective method solution Certainly this problem, it is contemplated that still know unlocking information when code is generated, the code that unlocking information dynamic write can be generated In, as shown in Fig. 2 in code cache, instruction P uses unlocking information (lockInf) stacking for unlocking function.
During as preferably application example, above-mentioned steps S203, need to be hidden code amendment.In machine code Relative skew has been used in a large number, and in call, jmp and conditional jump instructions, all of machine code for directly shifting class instruction is all It is relative displacement, part indirectly transferring instruction also using relative displacement, for example:The corresponding machine codes of jmp 040355b are eb 10, wherein eb represent jmp instructions, and 10 represent the next skew for instructing relative to present instruction;Call 403460 is corresponding Machine code is the f8 of ff 55, and wherein ff 55 represents call instructions, and f8 represents the skew relative to ebp.
Because the code for ultimately generating is not in original position so need manual correction code so as to after being finished Jump to next instruction.Assume that the code in code cache can be jumped directly to down after having performed without locking and unlocking One Codabar code, now corrects return address fairly simple.The characteristics of being shifted relatively according to machine code, similar direct function calls finger Order such as call4010e0, unconditional direct jump instruction jmp 4010e0 and conditional branch instruction such as jne 4010e0 etc., they The skew of machine code be all relative, therefore only need to correct relativeness, internal memory and register indirect function call Instruction then need not be corrected with internal memory and register indirectly transferring instruction..
After adding lock, unblock is needed after directly finishing due to code, that is, need to return distributor, now needing will be final The address stacking that needs are transferred to, so needing to carry out different amendments according to the characteristics of basic block.According to the type corrected not Together, basic block is divided into into order to perform, ending is instructed with call, end up and with condition with ret instruction endings, with imp instructions 5 big class, the instructions of 9 groups such as transfer, are modified respectively.As shown in table 1.The ground of next instruction after relative skew is corrected Location is stored in stack, after having performed unblock and recovery state, is returned to correspondence code by ret instructions and is continued executing with.
The basic block type of table 1
From the foregoing, it will be observed that the dynamic fine-grained code of the employing of the present invention hides the binary software guard method with obfuscation In, hiding in source code needs basic block to be protected, and operationally dynamic reduction performs covered code, and adopts Code obfuscation Technology enhances security.DynFCHO methods ensure program function it is correct under the premise of, can be effective against static analysis and Dynamic analysis, protection intensity is higher, it is possible to be applied to the binary system that great majority are generated by standard compiler compiling (such as MSVC) Program, has the advantages that applied widely, lightweight, expansible, improves plaintext window present in existing dynamic obfuscation technology Mouthful larger and two weak links of obfuscating control flow effect on driving birds is not good.
In the present invention, with reference to self modifying code technology, code is hidden by least unit of basic block, and is being needed Dynamic generates the code being hidden when performing, and code is finished and destroy, and code plaintext window is reduced to greatest extent Size and duration, drastically increase the security of code.DynFCHO hides the basic block of code to be protected, can make Reverse instrument lacks key node and cannot reduce real function controlling stream, additionally, also by upsetting functional boundary, hiding letter The mutual call relation of number, greatly hinders the controlling stream that reverse instrument reduces whole program.The method of the present invention adopts lightweight Design, the algorithm realizes that simply program volume expense is little, without the need for program source code, it is adaptable to extensive software protection scene.
The above is only the preferred embodiment of the present invention, protection scope of the present invention is not limited merely to above-described embodiment, All technical schemes belonged under thinking of the present invention belong to protection scope of the present invention.It should be pointed out that for the art For those of ordinary skill, some improvements and modifications without departing from the principles of the present invention should be regarded as the protection of the present invention Scope.

Claims (6)

1. a kind of binary software guard method hidden using dynamic fine-grained code with obfuscation, it is characterised in that step Suddenly it is:
S1:Select vanishing target;In units of basic block, code block to be concealed is selected in target program;
S2:The basic block of hiding selection;For each basic block to be concealed, one section of original code is replaced with into a distributor Function call, and fill other in remaining position and obscure instruction;
S3:Repack code;A newly-built code segment is used for preserving all of additional logic and data.
2. according to claim 1 using the hiding binary software guard method with obfuscation of dynamic fine-grained code, Characterized in that, the flow process of step S3 is:First, all Additional processing logic codes, bag are inserted in the beginning in code segment Include code cache;Be then followed by adding a covered code information table backward, for according to the allocation index of covered code to hidden Code is hidden in the position of encrypting storing;Finally the last of code segment is encrypted and is inserted in hiding source code.
3. according to claim 2 using the hiding binary software guard method with obfuscation of dynamic fine-grained code, Characterized in that, the encryption in step S3 take it is simple also or cipher mode, key is stored in a global variable.
4. according to claim 2 using the hiding binary software guard method with obfuscation of dynamic fine-grained code, Characterized in that, in step S3, program entry address is pointed to into the initialization function of additional logic, setup code is performed The former entry address of program will be jumped to after finishing.
5. the binary software with obfuscation is hidden using dynamic fine-grained code according to claim 1 or 2 or 3 or 4 Guard method, it is characterised in that in step S2, the handling process of the assignor function is:
S201:Preservation state;Semantic equivalence conversion is carried out to code, before performing the code of generation and before the execution of original code State is identical, that is, makes all registers and the state of storehouse not change, and buffer status are stored in into storehouse In;
S202:Lock;Lock to position of the code in code cache will be generated before code is generated, by this block code Caching freezes, and enciphered information is stored in a global listings;
S203:Generate code;Return address according to preserving in stack obtains basic block to be generated in covered code information table Core position, then decrypted code cache;
S204:Recovery state;Reply the state before code is performed;
S205:Perform code;Jump to and performed at the code of generation, distributor is returned to after being finished and is continued executing with, it is ensured that The address of unlocking information and next instruction has been stored in stack;
S206:Preservation state;Preserve the state after code is performed;
S207:Unblock;According to the unlocking information of stacking when performing code, currently allocated code cache space is reclaimed;
S208:Recovery state;Recover the state after code is performed;
S209:Return;Return address in storehouse returns to next instruction.
6. according to claim 5 using the hiding binary software guard method with obfuscation of dynamic fine-grained code, Characterized in that, during step S203, entering line code buffering distribution, i.e., with a global information table record and pipe The distribution of reason code cache, and mutex is added, allow the distribution of code to become an atomic operation;Generate before code every time first Distribution code cache space, release is reclaimed in the space after instruction is finished.
CN201611009334.0A 2016-11-16 2016-11-16 binary software protection method adopting dynamic fine-grained code hiding and obfuscating technology Active CN106650340B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611009334.0A CN106650340B (en) 2016-11-16 2016-11-16 binary software protection method adopting dynamic fine-grained code hiding and obfuscating technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611009334.0A CN106650340B (en) 2016-11-16 2016-11-16 binary software protection method adopting dynamic fine-grained code hiding and obfuscating technology

Publications (2)

Publication Number Publication Date
CN106650340A true CN106650340A (en) 2017-05-10
CN106650340B CN106650340B (en) 2019-12-06

Family

ID=58806525

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611009334.0A Active CN106650340B (en) 2016-11-16 2016-11-16 binary software protection method adopting dynamic fine-grained code hiding and obfuscating technology

Country Status (1)

Country Link
CN (1) CN106650340B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107423586A (en) * 2017-07-31 2017-12-01 北京深思数盾科技股份有限公司 Method for protecting software and software protecting equipment
CN107451482A (en) * 2017-08-01 2017-12-08 北京数字时代科技有限公司 A kind of mobile APP copy-right protection method and system
CN108021790A (en) * 2017-12-28 2018-05-11 江苏通付盾信息安全技术有限公司 Document protection method, device, computing device and computer-readable storage medium
CN108182358A (en) * 2017-12-28 2018-06-19 江苏通付盾信息安全技术有限公司 Document protection method, device, computing device and computer storage media
CN108733990A (en) * 2018-05-22 2018-11-02 深圳壹账通智能科技有限公司 A kind of document protection method and terminal device based on block chain
CN109992932A (en) * 2017-12-27 2019-07-09 中城智慧科技有限公司 A kind of software security based on ID authentication holds the implementation method at base
CN111814120A (en) * 2020-07-10 2020-10-23 北京嘀嘀无限科技发展有限公司 Program anti-aliasing processing method, device, equipment and storage medium
CN112332973A (en) * 2020-10-23 2021-02-05 南京理工大学 Fine-grained Internet of things equipment control flow protection method
CN115048623A (en) * 2022-04-01 2022-09-13 上海任意门科技有限公司 Method, computing device and storage medium for encrypting code
CN115906014A (en) * 2021-08-13 2023-04-04 华为技术有限公司 Data processing method and related device

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102132289A (en) * 2008-08-21 2011-07-20 汤姆森特许公司 Method and device for code obfuscation
CN102713839A (en) * 2009-10-08 2012-10-03 埃德图加拿大公司 A system and method for aggressive self-modification in dynamic function call systems
CN103413073A (en) * 2013-07-09 2013-11-27 北京深思数盾科技有限公司 Method and equipment for protecting JAVA executable program
CN103678961A (en) * 2013-11-07 2014-03-26 北京深思数盾科技有限公司 Code dynamic generating method
CN104091100A (en) * 2014-07-15 2014-10-08 电子科技大学 Software protection method based on intermediate result compiling
CN104751026A (en) * 2013-12-25 2015-07-01 中国移动通信集团公司 Software protection method and software application method of android system, and related devices
CN105103127A (en) * 2013-02-28 2015-11-25 微软技术许可有限责任公司 Compiler based obfuscation
CN105787305A (en) * 2016-02-26 2016-07-20 西北大学 Software protection method capable of resisting symbolic execution and taint analysis

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102132289A (en) * 2008-08-21 2011-07-20 汤姆森特许公司 Method and device for code obfuscation
CN102713839A (en) * 2009-10-08 2012-10-03 埃德图加拿大公司 A system and method for aggressive self-modification in dynamic function call systems
CN105103127A (en) * 2013-02-28 2015-11-25 微软技术许可有限责任公司 Compiler based obfuscation
CN103413073A (en) * 2013-07-09 2013-11-27 北京深思数盾科技有限公司 Method and equipment for protecting JAVA executable program
CN103678961A (en) * 2013-11-07 2014-03-26 北京深思数盾科技有限公司 Code dynamic generating method
CN104751026A (en) * 2013-12-25 2015-07-01 中国移动通信集团公司 Software protection method and software application method of android system, and related devices
CN104091100A (en) * 2014-07-15 2014-10-08 电子科技大学 Software protection method based on intermediate result compiling
CN105787305A (en) * 2016-02-26 2016-07-20 西北大学 Software protection method capable of resisting symbolic execution and taint analysis

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
徐长征等: "《代码迷惑及其有效性研究》", 《计算机应用研究》 *
高玉新等: "《恶意代码反分析与分析综述》", 《小型微型计算机系统》 *

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107423586A (en) * 2017-07-31 2017-12-01 北京深思数盾科技股份有限公司 Method for protecting software and software protecting equipment
CN107451482A (en) * 2017-08-01 2017-12-08 北京数字时代科技有限公司 A kind of mobile APP copy-right protection method and system
CN107451482B (en) * 2017-08-01 2020-06-05 北京数字时代科技有限公司 Copyright protection method and system for mobile APP
CN109992932A (en) * 2017-12-27 2019-07-09 中城智慧科技有限公司 A kind of software security based on ID authentication holds the implementation method at base
CN108182358A (en) * 2017-12-28 2018-06-19 江苏通付盾信息安全技术有限公司 Document protection method, device, computing device and computer storage media
CN108021790A (en) * 2017-12-28 2018-05-11 江苏通付盾信息安全技术有限公司 Document protection method, device, computing device and computer-readable storage medium
CN108021790B (en) * 2017-12-28 2020-09-08 江苏通付盾信息安全技术有限公司 File protection method and device, computing equipment and computer storage medium
CN108733990A (en) * 2018-05-22 2018-11-02 深圳壹账通智能科技有限公司 A kind of document protection method and terminal device based on block chain
CN111814120A (en) * 2020-07-10 2020-10-23 北京嘀嘀无限科技发展有限公司 Program anti-aliasing processing method, device, equipment and storage medium
CN111814120B (en) * 2020-07-10 2021-04-23 北京嘀嘀无限科技发展有限公司 Program anti-aliasing processing method, device, equipment and storage medium
CN112332973A (en) * 2020-10-23 2021-02-05 南京理工大学 Fine-grained Internet of things equipment control flow protection method
CN112332973B (en) * 2020-10-23 2022-06-24 南京理工大学 Fine-grained Internet of things equipment control flow protection method
CN115906014A (en) * 2021-08-13 2023-04-04 华为技术有限公司 Data processing method and related device
CN115048623A (en) * 2022-04-01 2022-09-13 上海任意门科技有限公司 Method, computing device and storage medium for encrypting code

Also Published As

Publication number Publication date
CN106650340B (en) 2019-12-06

Similar Documents

Publication Publication Date Title
CN106650340A (en) Binary software protection method by means of dynamic fine-grained code hiding and obfuscating technology
Jiang et al. A novel side-channel timing attack on GPUs
US8583939B2 (en) Method and apparatus for securing indirect function calls by using program counter encoding
KR101480821B1 (en) Dynamic execution prevention to inhibit return-oriented programming
US9274976B2 (en) Code tampering protection for insecure environments
US20120210303A1 (en) System and method for revising boolean and arithmetic operations
EP2691861A2 (en) Method of securing memory against malicious attack
CN105653905B (en) A kind of method for protecting software hidden based on API security attributes with attack threat monitoring
CN108701025B (en) Secure Memory Addressing Method
Payer et al. String oriented programming: When ASLR is not enough
CN102375957B (en) Defense method for kernel-level return-oriented rootkits
US20190286818A1 (en) Methods and systems for defending against cyber-attacks
US20170046280A1 (en) Data processing device and method for protecting a data processing device against attacks
CN101847195B (en) Defensive attack method based on Cache time characteristics
CN101621498A (en) Method, device and equipment for defending against network attacks
EP3224759B1 (en) In-memory attack prevention
CN115510430A (en) Function pointer and data dependency identification and protection method and device thereof
CN103186746B (en) A kind of guard method of executable file and system
CN109508537A (en) The method and device that return address is tampered in detection storehouse
EP2674892B1 (en) A method, a device and a computer program support for execution of encrypted computer code
CN106687973B (en) For defending the method and system based on the attack for returning to guiding programming (ROP)
CN107885981A (en) Compile result processing method, device, storage medium, processor and compiler
CN104636276A (en) Method for protecting confidentiality and integrity of data in memory
CN111222103B (en) Software protection method based on vectorization exception handling
EP3040895A1 (en) System and method for protecting a device against return-oriented programming attacks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant