CN106778104A - A kind of anti-debug method and system of application program - Google Patents
A kind of anti-debug method and system of application program Download PDFInfo
- Publication number
- CN106778104A CN106778104A CN201710040492.0A CN201710040492A CN106778104A CN 106778104 A CN106778104 A CN 106778104A CN 201710040492 A CN201710040492 A CN 201710040492A CN 106778104 A CN106778104 A CN 106778104A
- Authority
- CN
- China
- Prior art keywords
- application program
- program
- debugged
- logic
- thread
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 63
- 238000001514 detection method Methods 0.000 claims abstract description 33
- 238000012545 processing Methods 0.000 claims abstract description 11
- 230000006870 function Effects 0.000 claims description 35
- 238000009826 distribution Methods 0.000 claims description 5
- 238000007689 inspection Methods 0.000 claims description 4
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 abstract description 2
- 238000004321 preservation Methods 0.000 abstract 1
- 238000010586 diagram Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 7
- 238000004458 analytical method Methods 0.000 description 5
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 238000003860 storage Methods 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012856 packing Methods 0.000 description 1
- 230000002787 reinforcement Effects 0.000 description 1
- 238000005728 strengthening Methods 0.000 description 1
- 239000011800 void material Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Abstract
The invention discloses a kind of anti-debug method of application program, in the method, by the current debugging process for reading the status file of android system preservation to know application program, if detecting application program to be debugged, can then call and quit a program, terminate current application program, and the user profile for performing debugging operations is reported into server simultaneously, server can carry out title treatment to the user, or forbid the user to log in application program within a period of time.The invention discloses a kind of anti-debug system of application program, the system includes detection module, adds module and processing module.The present invention greatly improves the threshold that program is cracked, and enhances security.
Description
Technical field
The present invention relates to the debugging field of application program, more particularly to a kind of application program anti-debug method and system.
Background technology
As computer technology application becomes increasingly popular, the fast development of Android intelligent terminal, Android software industry
Developed rapidly, at the same time, attacker is made using Android software reversal technique to the various attacks of software and unauthorized
With and pirate the behavior such as to replicate also more and more.
Android conversed analysis technology can be used to the analysis in the case where application source code is not known and apply journey
The functional sequence of sequence, the data code for distorting application program etc., if conversed analysis technology is used by malice without restriction, profit
User can analyze the core technology for obtaining application program, it is also possible to distort the signature and author information of application program, can be with
Malicious code is injected into existing application program and is pretended by secondary packing, these behaviors are all greatly compromised
The interests of application developer, seriously compromise the personal secrets of users.
In Android software reversal technique, Android debugging techniques are a very important parts.Pass through
The debugging of Android applications is carried out, the operational process of Android applications can be obtained, be inferred to the substantially former of Android applications
Reason, generally can with it is very well and rapidly bypass some log in limitation or function restriction, get some user's private informations,
With larger harm.For example, can analyze and understand the data encryption/decryption method used in Android program, such as analyze clear
Using the decision logic of charging function, such that it is able to bypass the inspection whether paid, such that it is able to not pay the fees in the case of use
Charging function etc., such as can go to develop corresponding " game is plug-in " for game application.And the reverse first step of software is then
It is that program can be debugged, if not having anti-debug technology, equivalent to program quilt " exposed " in face of hacker.Compare at present
More important program is intended to that anti-debug function can be added, and prevents hacker from being debugged, from without allowing others' analysis program
Realization principle, the threshold that the program of greatly improving is cracked, how to carry out the anti-debug of application program has turned into urgent need solution
Problem.
The content of the invention
It is an object of the invention to provide a kind of anti-debug method and system of application program, by judging current application
Whether program is debugged, if detect current application program be debugged, the application program is terminated at once, from
And realize the anti-debug to application program.
The technical solution adopted in the present invention is as follows:
A kind of anti-debug method of application program, it is characterised in that the method includes:Step S101, detects current application program
Whether in debugged state;Step S102, in the key point of application program, adds detection logic;Step S103, if inspection
Measure application program to be debugged, then obtain the user profile for performing debugging operations, and the user profile is sent to server, and
Execution quits a program.
Preferably, whether detection current application program specifically includes in debugged state:Power function is write for examining
Whether current application program is surveyed in debugged state, the power function reads the status file of android system, and judges institute
TracePid fields in the status file of reading, if the value of TracePid fields is equal to 0, illustrate that the application program does not have
It is debugged, if being not equal to 0, illustrate that the application program has been debugged, and TracePid fields value be exactly debug into
The ID of journey.
Preferably, detection logic is added to specifically include:Call write for checking the work(whether current process is debugged
Can function.
Preferably, in the key point of application program, detection logic is added to specifically include:Application program launching when
After time, User logs in success and when application program loads other SO files, detection logic is added.
Preferably, perform to quit a program and specifically include:If detecting application program be currently debugged, n is created
Individual thread, and add program to exit logic in each thread, then randomly choose a thread and exit logic to perform, wherein
N is the positive integer more than 1, wherein, the program exits the interface System.exit (0) that logic is provided for android system.
Preferably, a thread is randomly choosed to exit logic and specifically include to perform:Calling system function Rand is produced
One 1 random number to n, performs to select a thread from n thread.
Preferably, perform to quit a program and specifically include:Object needed for being performed by deleting application program, allows the program cannot
Continue executing with down, wherein the object needed for the application program is performed includes reading the internal memory sky of the handle of file or distribution
Between.
Preferably, the user profile for performing debugging operations is obtained, and the user profile is sent to server and specifically included:
Current user information is sent to by server by web socket, server-tag active user has debugging utility.
A kind of anti-debug system of application program, the system includes detection module, adds module and processing module:It is special
Levy and be:Detection module, for detecting current application program whether in debugged state;Module is added, in application journey
In the key point of sequence, detection logic is added;Processing module, if for debugged when application program is detected, obtaining and performing
The user profile of debugging operations, and the user profile is sent to server, and execution quits a program.
Preferably, whether detection current application program specifically includes in debugged state and writes power function for detecting
Whether in debugged state, the power function reads the status file of android system to current application program, and judges to be read
TracePid fields in the status file for taking, if the value of TracePid fields be equal to 0, illustrate the application program not by
Debugging, if being not equal to 0, illustrates that the application program has been debugged, and the value of TracePid fields is exactly the process of debugging
ID.
Preferably, add detection logic specifically include call write for checking the function whether current process is debugged
Function.
Preferably, in the key point of application program, when adding detection logic to be specifically included in application program launching,
After User logs in success and when application program loads other SO files, detection logic is added.
Preferably, detect application program and be currently debugged if performing and quitting a program to specifically include, create n
Thread, and add program to exit logic in each thread, then randomly choose a thread and exit logic to perform, wherein n
It is the positive integer more than 1, wherein, the program exits the interface System.exit (0) that logic is provided for android system.
Preferably, a thread is randomly choosed to exit logic and specifically include calling system function Rand to produce one to perform
Individual 1 to n random number, performs to select a thread from n thread.
Preferably, the object for quitting a program and specifically including needed for performing by deleting application program is performed, allows the program cannot
Continue executing with down, wherein the object needed for the application program is performed includes reading the internal memory sky of the handle of file or distribution
Between.
Preferably, the user profile for performing debugging operations is obtained, and the user profile is sent to server and specifically included
Current user information is sent to by server by web socket, server-tag active user has debugging utility.
Technical scheme can be obtained beneficial effect to be included, the threshold that the program of greatly improving is cracked,
Enhance security.
Brief description of the drawings
Fig. 1 is the schematic flow sheet of the anti-debug method;
Fig. 2 is the high-level schematic functional block diagram of the anti-debug system.
Specific embodiment
In order to better illustrate the present invention, further is made to technical scheme in conjunction with specific embodiment and Figure of description
Explanation.Although having recorded these specific embodiments in embodiment, so it is not limited to the present invention, any affiliated skill
Have usually intellectual in art field, without departing from the spirit and scope of the present invention, when can make a little change with retouching, therefore
Protection scope of the present invention ought be defined depending on those as defined in claim.
Can be stored in the debugging mode of process in status file by android system, and the anti-debug method can read first
The status file that android system is preserved knows the current debugging process of application program, if current application program not by
Debugging, then the process numbering ID values for debugging process are 0, if current application program is debugged, debug the process of process
Numbering ID values, just can judge whether application program is debugged by process numbering ID values.If detecting application program
It is debugged, then can call and quit a program, terminate current application program, and simultaneously report the user profile for performing debugging operations
To server, server can be accordingly punished the current user for performing debugging, for example, being carried out at title to the user
Reason, or forbid the user to log in application program etc. within a period of time.Simultaneously in order to further whether strengthen detection procedure
In debugging, can be all inserted into detecting logic in multiple key points of program.
The schematic flow sheet of the anti-debug method of the application program is as shown in figure 1, the anti-debug method comprises the following steps:
1)Step S101:Whether detection current application program is in debugged state;
The debugging process ID of application program can be recorded android system the state in the application(status)In file, and
The ID of the debugging process of the application is represented with field TracerPid, it is only necessary to reading state file, and judge read shape
TracePid fields in state file, illustrate the application without debugged, if not if the value of TracePid fields is equal to 0
Illustrate that the process has been debugged equal to 0, and TracePid fields value be exactly the process of debugging ID.Concrete methods of realizing
It is as follows:
Pid = getpid();The PID of // acquisition current process, i.e., the TracePid fields in status file
Snprintf(path,“/proc/%d/status”,Pid);
File *fp = fopen(path);// open status files
Wherein, Snprintf () function is used for being spliced into ID and the path of status file of debugging process, "/proc/%d/
Status " represents that %d needs to insert the PID of current debugging process, and path represents the path of the status file of final reading.Then,
Carry out open mode status files using fopen () function.
While(fgets(line, 255, fp))
{
if(strncmp(line,"TracerPid",9) == 0)
{int statue = atoi(&line[10]);
If statue !=0 { } // explanation process is debugged
Else { } // explanation process is not debugged
}
}
Call function strncmp () judge read row content line in whether have this field of TracerPid, While is followed
Ring is used for call function fgets () and reads file, according to capable mode, a line is read every time, then reads status files
Content, and judge whether there is this field of TracePid in reading of content, if this field, then value thereafter is read,
Judge whether its value is 0, be debugged if not 0 explanation current process.
2)Step S102:In the key point of application program, detection logic is added;
The state whether reading process is debugged, it is necessary to be judged often judge it is all once to judge in the application always
Either with or without debugged under current state, so the anti-debug method all adds detection logic to enter using the key point in application program
Row check, when the key point such as application program launching of application program, User logs in success after, application program load other
SO files etc..The specific method for adding detection logic is whether the inspection current process that invocation step S101 writes is debugged
Power function, can be obtained after the completion of calling whether the debugged returning result of current process.
3)Step S103:If detecting application program to be debugged, the user profile for performing debugging operations is obtained, and will
The user profile is sent to server, and execution quits a program;
If detecting application program be currently debugged, the interface System.exit for calling android system to provide
(0) current application program is exited, prevents from performing the hacker further conversed analysis application program of debugging operations.In view of program
It is a weak spot to exit, and hacker is easier to analyze the logical point that program is exited, so as to be modified to exiting logic, around
Cross and exit logic.The mode that some reinforcement programs are exited is provided in anti-debug method of the invention, once detect application
Program is currently being debugged, and the method using multiple threads are created, each thread adds program to exit logic, then random choosing
Select a thread and exit logic to perform, the thread called when so exiting every time is different, while the function generation called
The position of code is also different.
It is as follows that multithreading exits implementation method:3 threads are created, a thread is then randomly choosed and is quit a program.
Thread1 = new Thread();
Thread2 = new Thread();
Thread2 = new Thread();
Program is added to exit logic in RUN functions in the interface function of each thread, it is specific as follows:
Thread
{ public void run()
{System.exit(0);}
}
Then calling system function Rand holds to produce the random number of 1 to 3 to select a thread from 3 threads
OK.
Further, it is also possible to using abnormal method is produced, program cannot be continued executing with down, for example, journey is applied in deletion
Sequence performs required object(Can be the handle for reading file, can be memory headroom of distribution etc.), once used when program and deleted
The object for removing can then make calling program produce mistake, so as to exit.Above method can also be used in combination with, so that further
The complexity that the program of strengthening is exited so that the threshold of hacker's analysis is higher.Can will currently be used by web socket simultaneously
Family information is sent to server, and server-tag active user has debugging utility, can make corresponding punishment.
The high-level schematic functional block diagram of the anti-debug system is as shown in Fig. 2 the anti-debug system includes detection module 201, adds
Enter module 202 and processing module 203.Detection module 201, for whether detecting current application program in debugged state,
Module 202 is added, for the key point in application program, detection logic, processing module 203, if for when detection is added
It is debugged to application program, then the user profile for performing debugging operations is obtained, and the user profile is sent to server, and hold
Row quits a program.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program
Product.Therefore, the present invention can be using the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Apply the form of example.And, the present invention can be used and wherein include the computer of computer usable program code at one or more
Usable storage medium(Including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)The computer program of upper implementation is produced
The form of product.
The present invention is with reference to method according to embodiments of the present invention, equipment(System)And the flow of computer program product
Figure and/or block diagram are described.It should be understood that every first-class during flow chart and/or block diagram can be realized by computer program instructions
The combination of flow and/or square frame in journey and/or square frame and flow chart and/or block diagram.These computer programs can be provided
The processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced for reality by the instruction of computer or the computing device of other programmable data processing devices
The device of the function of being specified in present one flow of flow chart or multiple one square frame of flow and/or block diagram or multiple square frames.
These computer program instructions may be alternatively stored in can guide computer or other programmable data processing devices with spy
In determining the computer-readable memory that mode works so that instruction of the storage in the computer-readable memory is produced and include finger
Make the manufacture of device, the command device realize in one flow of flow chart or multiple one square frame of flow and/or block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that in meter
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented treatment, so as in computer or
The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in individual square frame or multiple square frames.
Obviously, those skilled in the art can carry out various changes and modification without deviating from essence of the invention to the present invention
God and scope.So, if these modifications of the invention and modification belong to the scope of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to comprising these changes and modification.
Claims (10)
1. a kind of anti-debug method of application program, it is characterised in that the method includes:
Step S101, whether detection current application program is in debugged state;
Step S102, in the key point of application program, adds detection logic;
Step S103, if detect application program be debugged, obtains the user profile for performing debugging operations, and by the user
Information is sent to server, and execution quits a program.
2. anti-debug method according to claim 1, it is characterised in that whether detection current application program is in debugged
State is specifically included:
Whether power function is write for detecting current application program in debugged state, the power function reads Android
The status file of system, and judge the TracePid fields in read status file, if value of TracePid fields etc.
In 0, then illustrate that the application program is not debugged, if being not equal to 0, illustrate that the application program has been debugged.
3. anti-debug method according to claim 2, it is characterised in that add detection logic to specifically include:
Call write for checking the power function whether current process is debugged.
4. the anti-debug method according to claim 1 or 3, it is characterised in that in the key point of application program, adds inspection
Logic is surveyed to specifically include:
When application program launching, after User logs in success or when application program loads other SO files, detection is added
Logic.
5. anti-debug method according to claim 1, it is characterised in that execution quits a program and specifically includes:
If detecting application program be currently debugged, m thread is created, and add program to exit in each thread
Logic, then randomly chooses a thread and exits logic to perform, and wherein m is the positive integer more than 1, and the described logic that exits is
The interface function System.exit (0) provided by performing android system realizes exit function.
6. anti-debug method according to claim 5, it is characterised in that one thread of random selection exits logic to perform
Specifically include:
Calling system function Rand generates a span and is 1 to n random number, and selects one from random several threads
Individual thread exits logic to perform, and wherein n is the positive integer more than 1, the m mono- in m thread of span n and the establishment
Cause.
7. according to the anti-debug method that one of claim 5 to 6 is described, it is characterised in that execution quits a program and specifically includes:
Required object is performed by deleting application program, program cannot be continued executing with down, wherein the application program is held
Object needed for row includes reading the handle of file or the memory headroom of distribution.
8. anti-debug method according to claim 1, it is characterised in that obtain the user profile for performing debugging operations, and
The user profile is sent into server to specifically include:
Current user information is sent to by server by web socket, after receiving information, server is to the active user
It is marked, indicates the active user to there is the operation of debugging utility.
9. a kind of anti-debug system of application program, the system includes detection module, adds module and processing module, its feature
It is:
Detection module, for detecting current application program whether in debugged state;
Module is added, for the key point in application program, detection logic is added;
Processing module, if for application program to be debugged when detecting, the user profile for performing debugging operations is obtained, and will
The user profile is sent to server, and execution quits a program;
Whether detection current application program specifically includes in debugged state:
Whether power function is write for detecting current application program in debugged state, the power function reads Android
The status file of system, and judge the TracePid fields in read status file, if value of TracePid fields etc.
In 0, then illustrate that the application program is not debugged, if being not equal to 0, illustrate that the application program has been debugged;
Execution quits a program and specifically includes:
If detecting application program be currently debugged, m thread is created, and add program to exit in each thread
Logic, then randomly chooses a thread and exits logic to perform, and wherein m is the positive integer more than 1, wherein, the program is exited
The interface function System.exit (0) that logic is provided for android system;
In the key point of application program, detection logic is added to specifically include:
Call write for checking the power function whether current process is debugged;
When application program launching, after User logs in success or when application program loads other SO files, detection is added
Logic;
One thread of random selection exits logic and specifically includes to perform:
Calling system function Rand generates a span and is 1 to n random number, and selects one from random several threads
Individual thread exits logic to perform, and the n in n thread of wherein span n and the establishment is consistent.
10. anti-debug system according to claim 9, it is characterised in that execution quits a program and specifically includes:
Required object is performed by deleting application program, program cannot be continued executing with down, wherein the application program is held
Object needed for row includes reading the handle of file or the memory headroom of distribution;
The user profile for performing debugging operations is obtained, and the user profile is sent to server and specifically included:
Current user information is sent to by server by web socket, after receiving information, server is to the active user
It is marked, indicates the active user to there is the operation of debugging utility.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710040492.0A CN106778104B (en) | 2017-01-20 | 2017-01-20 | A kind of anti-debug method and system of application program |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710040492.0A CN106778104B (en) | 2017-01-20 | 2017-01-20 | A kind of anti-debug method and system of application program |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106778104A true CN106778104A (en) | 2017-05-31 |
| CN106778104B CN106778104B (en) | 2019-10-25 |
Family
ID=58944237
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710040492.0A Active CN106778104B (en) | 2017-01-20 | 2017-01-20 | A kind of anti-debug method and system of application program |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106778104B (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107463836A (en) * | 2017-08-17 | 2017-12-12 | 郑州云海信息技术有限公司 | A kind of synthesis anti-debug method and system under Windows systems |
| CN107992724A (en) * | 2017-12-14 | 2018-05-04 | 四川大学 | A kind of software security reinforcement means |
| CN109117631A (en) * | 2018-07-05 | 2019-01-01 | 武汉斗鱼网络科技有限公司 | A kind of method that program exits and relevant device |
| CN109190377A (en) * | 2018-09-13 | 2019-01-11 | 麒麟合盛网络技术股份有限公司 | Intrusion detection method and device |
| CN109684795A (en) * | 2018-12-25 | 2019-04-26 | 成都卫士通信息产业股份有限公司 | The method, apparatus and electronic equipment of application program anti-debug |
| CN109977633A (en) * | 2019-03-28 | 2019-07-05 | 武汉斗鱼鱼乐网络科技有限公司 | A kind of program protection method and relevant apparatus |
| CN110750782A (en) * | 2018-07-05 | 2020-02-04 | 武汉斗鱼网络科技有限公司 | Program exiting method and related equipment |
| CN112199642A (en) * | 2019-07-08 | 2021-01-08 | 北京智游网安科技有限公司 | Detection method for anti-debugging of android system, mobile terminal and storage medium |
| CN112363917A (en) * | 2020-10-30 | 2021-02-12 | 北京五八信息技术有限公司 | Application program debugging exception processing method and device, electronic equipment and medium |
| US11409635B2 (en) | 2019-08-23 | 2022-08-09 | Raytheon Company | Hacker-resistant anti-debug system |
| WO2022237120A1 (en) * | 2021-05-14 | 2022-11-17 | 上海完美时空软件有限公司 | Frame capture defense method and apparatus for game application, and storage medium and computer device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103164643A (en) * | 2011-12-08 | 2013-06-19 | 北京深思洛克软件技术股份有限公司 | Method and device using hardware to debug |
| CN104932972A (en) * | 2014-03-19 | 2015-09-23 | 北京娜迦信息科技发展有限公司 | Method and apparatus for preventing application from dynamic debugging |
| US20160300044A1 (en) * | 2013-11-14 | 2016-10-13 | Inka Entworks, Inc. | Anti-debugging method |
| CN106055983A (en) * | 2016-07-27 | 2016-10-26 | 北京鼎源科技有限公司 | Anti-debugging method of android application based on IDA communication |
-
2017
- 2017-01-20 CN CN201710040492.0A patent/CN106778104B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103164643A (en) * | 2011-12-08 | 2013-06-19 | 北京深思洛克软件技术股份有限公司 | Method and device using hardware to debug |
| US20160300044A1 (en) * | 2013-11-14 | 2016-10-13 | Inka Entworks, Inc. | Anti-debugging method |
| CN104932972A (en) * | 2014-03-19 | 2015-09-23 | 北京娜迦信息科技发展有限公司 | Method and apparatus for preventing application from dynamic debugging |
| CN106055983A (en) * | 2016-07-27 | 2016-10-26 | 北京鼎源科技有限公司 | Anti-debugging method of android application based on IDA communication |
Non-Patent Citations (1)
| Title |
|---|
| 朱洪军等: "一种Android应用加固方案", 《计算机应用与软件》 * |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107463836A (en) * | 2017-08-17 | 2017-12-12 | 郑州云海信息技术有限公司 | A kind of synthesis anti-debug method and system under Windows systems |
| CN107992724A (en) * | 2017-12-14 | 2018-05-04 | 四川大学 | A kind of software security reinforcement means |
| CN110750782A (en) * | 2018-07-05 | 2020-02-04 | 武汉斗鱼网络科技有限公司 | Program exiting method and related equipment |
| CN109117631A (en) * | 2018-07-05 | 2019-01-01 | 武汉斗鱼网络科技有限公司 | A kind of method that program exits and relevant device |
| CN110750782B (en) * | 2018-07-05 | 2022-05-13 | 武汉斗鱼网络科技有限公司 | Program exiting method and related equipment |
| CN109190377A (en) * | 2018-09-13 | 2019-01-11 | 麒麟合盛网络技术股份有限公司 | Intrusion detection method and device |
| CN109684795A (en) * | 2018-12-25 | 2019-04-26 | 成都卫士通信息产业股份有限公司 | The method, apparatus and electronic equipment of application program anti-debug |
| CN109684795B (en) * | 2018-12-25 | 2023-01-24 | 成都卫士通信息产业股份有限公司 | Method and device for anti-debugging of application program and electronic equipment |
| CN109977633A (en) * | 2019-03-28 | 2019-07-05 | 武汉斗鱼鱼乐网络科技有限公司 | A kind of program protection method and relevant apparatus |
| CN112199642A (en) * | 2019-07-08 | 2021-01-08 | 北京智游网安科技有限公司 | Detection method for anti-debugging of android system, mobile terminal and storage medium |
| US11409635B2 (en) | 2019-08-23 | 2022-08-09 | Raytheon Company | Hacker-resistant anti-debug system |
| CN112363917A (en) * | 2020-10-30 | 2021-02-12 | 北京五八信息技术有限公司 | Application program debugging exception processing method and device, electronic equipment and medium |
| CN112363917B (en) * | 2020-10-30 | 2022-03-04 | 北京五八信息技术有限公司 | Application program debugging exception processing method and device, electronic equipment and medium |
| WO2022237120A1 (en) * | 2021-05-14 | 2022-11-17 | 上海完美时空软件有限公司 | Frame capture defense method and apparatus for game application, and storage medium and computer device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106778104B (en) | 2019-10-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106778104A (en) | A kind of anti-debug method and system of application program | |
| CN106845170B (en) | A kind of anti-debug method and system | |
| Yang et al. | Appintent: Analyzing sensitive data transmission in android for privacy leakage detection | |
| CN108123956B (en) | Password misuse vulnerability detection method and system based on Petri network | |
| CN110765000B (en) | Program testing method and device | |
| CN108182359B (en) | Method, device and storage medium for testing API security in trusted environment | |
| CN109635568B (en) | Concurrent vulnerability detection method based on combination of static analysis and fuzzy test | |
| CN107193732B (en) | Verification function positioning method based on path comparison | |
| CN109117201B (en) | Program exiting method and related equipment | |
| CN110096433B (en) | Method for acquiring encrypted data on iOS platform | |
| CN102043915A (en) | Method and device for detecting malicious code contained in non-executable file | |
| CN109214171A (en) | A kind of detection method of software, device, equipment and medium | |
| US9047448B2 (en) | Branch auditing in a computer program | |
| Berthomé et al. | High level model of control flow attacks for smart card functional security | |
| Gao et al. | Em-fuzz: Augmented firmware fuzzing via memory checking | |
| CN105512562B (en) | Vulnerability mining method and device and electronic equipment | |
| Chao et al. | An android application vulnerability mining method based on static and dynamic analysis | |
| WO2023035751A1 (en) | Intelligent confusion for mobile terminal application | |
| Jiang et al. | Evocatio: Conjuring bug capabilities from a single poc | |
| CN109977633A (en) | A kind of program protection method and relevant apparatus | |
| Bell | Detecting, isolating, and enforcing dependencies among and within test cases | |
| CN109726115B (en) | Anti-debugging automatic bypass method based on tracking of Intel processor | |
| Yuan et al. | Scalable and obfuscation-resilient android app repackaging detection based on behavior birthmark | |
| Crincoli et al. | Vulnerable smart contract detection by means of model checking | |
| Wu et al. | Detecting Android Inter-App Data Leakage via Compositional Concolic Walking. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |