CN106845166A - The storage method and device of a kind of dex files - Google Patents
The storage method and device of a kind of dex files Download PDFInfo
- Publication number
- CN106845166A CN106845166A CN201611139435.XA CN201611139435A CN106845166A CN 106845166 A CN106845166 A CN 106845166A CN 201611139435 A CN201611139435 A CN 201611139435A CN 106845166 A CN106845166 A CN 106845166A
- Authority
- CN
- China
- Prior art keywords
- dex files
- dex
- files
- internal memory
- field
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 230000015654 memory Effects 0.000 claims abstract description 58
- 238000012217 deletion Methods 0.000 claims abstract description 4
- 230000037430 deletion Effects 0.000 claims abstract description 4
- 238000005516 engineering process Methods 0.000 abstract description 6
- 238000000151 deposition Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 230000002787 reinforcement Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Abstract
The storage method and device of a kind of dex files are disclosed in the embodiment of the present invention, belongs to application security protection technology field.Methods described includes:Parsing dex files to be loaded, the dex files after parsing are loaded into internal memory;Delete the specified data in the file header header of the dex files in the internal memory.Storage method and device provided in the present embodiment, specified data in the file header of the dex files being loaded into internal memory by deletion, so that dex document memories extracting tool and dexdump cannot find dex files from internal memory or cannot extract complete dex files, the dynamic inverse compiling of dex files is effectively prevent, the security of the loading of dex files and operation is improve.
Description
Technical field
The present invention relates to application security protection technology field, and in particular to the storage method and dress of a kind of dex files
Put.
Background technology
With the fast-developing of android system and and equipment rapid growth, the platform application demand based on Android
Also become increasingly complex.Panoramic application software has grown Android markets, also enriches our life, more and more
People from trial originally to enjoying again to dependence, Android applications are more and more extensive.Compared with other operating systems,
The increasing income property of android system more functional interfaces for application developer is provided, but these functional interfaces are in the system of raising
Also constantly threaten for Malware provides the means such as traversal, illegal copies, decompiling, internal memory interception while scalability
The safety of Android system, not only compromises user, also causes serious infringement to normal use developer.Therefore,
Android application securities are always developer's Important Problems of interest.
The main purpose that Android applications carry out reinforcement protection is for preventing its java byte code files
Classes.dex files are acquired, in Android platform installation and operation APK file, it is necessary to be discharged into dex files interior
In depositing, when dex files complete to load, the offset address and length information of the other structures according to defined in file header header
Parsing is addressed, the data loading in other structures is loaded into internal memory respectively.Because the content of dex files is to be stored in
In the continuous memory headroom in one end in internal memory, therefore, cracker is dexdump instruments by dex document memory extracting tools
Scanning to the character string of the beginning address location of the file header in internal memory is only needed to, is equivalent to have found dex files,
Just can it from internal memory extraction be dump out so that application program is easy to be tampered, and is developer and user causes to damage
Evil.
The content of the invention
For defect present in prior art, the purpose of the embodiment of the present invention is to provide one kind to overcome above-mentioned asking
The storage method and device of topic or a kind of dex files that at least can partly solve the above problems.
To achieve the above object, a kind of storage method of dex files, the method bag are provided in one embodiment of the present of invention
Include:
Parsing dex files to be loaded, the dex files after parsing are loaded into internal memory;
Delete the specified data in the file header header of the dex files in the internal memory.
Preferably, a kind of storage method of dex files as described above, also includes:
Memory address according to where the dex files after parsing, completes the dynamic load of dex files.
Preferably, a kind of storage method of dex files as described above, the specified data are included in file header header
Magic digital section magic.
Preferably, a kind of storage method of dex files as described above, dex files in the deletion internal memory
Specified data in file header header, including:Delete " dex the 0035 " character string in internal memory.
Preferably, a kind of storage method of dex files as described above, the specified data are included in data below extremely
Few one kind:
Check code field checksum, signature field signature, file total length field fileSize, file header are long
It is degree field headerSize, byte order constant identification field endianTag, linkage section starting position field link Off, each
Base address field.
A kind of storage device of dex files is also disclosed in one embodiment of the present of invention, the device includes:
Dex parses load-on module, for parsing dex files to be loaded, the dex files after parsing is loaded into internal memory
In;
Data removing module is specified, for the specified number in the file header header for deleting the dex files in the internal memory
According to.
Preferably, a kind of storage device of dex files as described above, also includes:
Dex dlm (dynamic loading module)s, for the memory address according to where the dex files after parsing, complete the dynamic of dex files
State is loaded.
Preferably, a kind of storage device of dex files as described above, the specified data are included in file header header
Magic digital section magic.
Preferably, a kind of storage device of dex files as described above, the specified data removing module is used to delete interior
" dex 0035 " character string in depositing.
Preferably, a kind of storage device of dex files as described above, the specified data are included in data below extremely
Few one kind:
Check code field checksum, signature field signature, file total length field fileSize, file header are long
Degree field headerSize, byte order constant identification field endianTag, base address field.
The beneficial effects of the present invention are:The storage method and device of the dex files provided in the embodiment of the present invention, lead to
The specified data crossed in the file header header of the dex files being loaded into internal memory of erasing so that decompiling person cannot be from interior
Dex files are found in depositing or complete dex files cannot be extracted, solving can extract asking for dex files from internal memory
Topic, effectively prevent the dynamic inverse compiling of dex files, improve the security of dex files dynamic load and operation.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
The accompanying drawing to be used needed for having technology description is briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments of invention, accompanying drawing is only limitted to show the purpose of preferred embodiment, and is not considered as limitation of the invention, and
For those of ordinary skill in the art, on the premise of not paying creative work, can also be obtained according to these accompanying drawings
Other accompanying drawings.
Fig. 1 is a kind of schematic flow sheet of the storage method of the dex files in one embodiment of the invention;
Fig. 2 is structural representation of the file header part of existing dex files in internal memory;
Fig. 3 is the dex files in the internal memory after the specified data in dex files are deleted in one embodiment of the invention
The structural representation of file header part;
Fig. 4 is a kind of schematic flow sheet of the storage method of the dex files in one embodiment of the invention
Fig. 5 is a kind of structural representation of the storage device of dex files in one embodiment of the invention;
Fig. 6 is a kind of structural representation of the storage device of dex files in one embodiment of the invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on
Embodiments of the invention, the every other reality that those of ordinary skill in the art are obtained under the premise of creative work is not made
Example is applied, the scope of protection of the invention is belonged to.
Fig. 1 shows a kind of schematic flow sheet of the storage method of the dex files provided in one embodiment of the present of invention,
As can be seen from Figure, the method may comprise steps of:
Step S110:Parsing dex files to be loaded, the dex files after parsing are loaded into internal memory;
Step S120:Delete the specified data in the file header header of the dex files in the internal memory.
In order to realize the dynamic load of Android executable file classes.dex files, it is necessary first to which dex files are carried out
Bottom is parsed and loading, offset address and data length information of each several part etc. in the file header according to dex files, by dex texts
The each several part content of part is loaded into internal memory, then is called by the communication between bottom and upper strata, is completed by dex Classloaders
The dynamic load of the dex files of layer.
Storage method provided in the present embodiment, exactly completes the bottom parsing and loading of dex files to be loaded
Carry out afterwards, therefore, it is necessary first to dex files to be loaded are parsed, after the dex files after by parsing are loaded into internal memory,
Delete the specified data in the file header header of the dex files in internal memory.With it, loaded in internal memory of having erased
Specified data in the file header header of dex files, can be from internal memory so as to avoid decompiling instrument (such as dexdump)
The middle problem for extracting complete dex files, it is to avoid to the dynamic inverse compiling of dex files.
In one embodiment of the invention, the specified data include the magic digital section magic in file header header.
Now, the specified data in the file header header for deleting the dex files in the internal memory, including:In deletion internal memory
" dex 0035 " character string.
Magic digital section magic, the i.e. identifier of Dex files, its form are " dex 0035 ", wherein, 035 represents structure
Version, after dex document analysis are loaded into internal memory, the character string of magic digital section magic " dex 0035 " is to identify dex files
The decompiling instruments such as the beginning address location in internal memory, dexdump can be by searching " dex the 0035 " character in internal memory
String finds dex files, therefore, by deleting the digital section magic in file header, decompiling instrument is found in internal memory
The beginning address location of dex files, so as to dex files cannot be extracted from internal memory.
In one embodiment of the invention, the specified data can also include at least one in data below:
Check code field checksum, signature field signature, file total length field fileSize, file header are long
It is degree field headerSize, byte order constant identification field endianTag, linkage section starting position field link Off, each
Base address field.
Wherein, the base address field includes linkage section starting position field link Off, data base address field
MapOff, character string list base address field stringIds Off, list of types base address field typeIds Off, prototype column
Table base address field protoIds Off, list of fields base address fieldIds Off, method list base address field
MethodIds Off, class define list base address field classDefs Off and data segment base address field data Off.
In the present embodiment, by any of the above-described specified data in the file header for deleting dex files so that decompiling instrument
Allow to find the original position of dex files by the character string " dex 0035 " of magic digital section magic, but cannot also extract
To complete dex files.
In a preferred embodiment of the invention, the specified data include the magic digital section in file header header
Magic, can also include one or more in above-mentioned each field data.
Fig. 2 shows structural representation of the file header part of dex files in the prior art in internal memory, is shown in Fig. 3
Structural representation of the file header part of dex files in internal memory in one embodiment of the invention, as can be seen from Figure, this
In embodiment, the specified data include all fields in magic digital section magic and above-mentioned each field, by dex file solutions
After analysis is loaded into internal memory, for file header header, except the compatibility issue in view of system, in remaining file header
Outside size fields, other other information is that above-mentioned specified data are erased, and cannot just be searched so in internal memory
The character string " dex 0035 " of the beginning address location of classes.dex files, cannot also extract above-mentioned each field, reach
Prevent from internal memory force search " dex 0035 " character string to be extracted from internal memory the purpose of dex files, it is to avoid dex files
By dynamic inverse compiling.
In one embodiment of the invention, the storage method of the dex files can also include step S130, such as Fig. 4
It is shown.
Step S130:Memory address according to where the dex files after parsing, completes the dynamic load of dex files.
After completing the bottom parsing of dex files and loading, by dex Classloaders Dexclassloader according to parsing
The memory address where dex files afterwards, completes the dynamic load of dex files, realizes the operation of correspondence application program.
Corresponding to the method shown in Fig. 1, a kind of storage dress of dex files is additionally provided in one embodiment of the present of invention
Put, as shown in figure 5, the device includes that dex parses load-on module 110 and specified data removing module 120.Wherein:
Dex parses load-on module 110, for parsing dex files to be loaded, the dex files after parsing is loaded into interior
In depositing;
Data removing module 120 is specified, for specifying in the file header header for deleting the dex files in the internal memory
Data.
In an alternative embodiment of the invention, the storage device can also include dex dlm (dynamic loading module)s 130, such as Fig. 6 institutes
Show.Wherein:
Dex dlm (dynamic loading module)s 130, for the memory address according to where the dex files after parsing, complete dex files
Dynamic load.
In one embodiment of the present of invention, the specified data include the magic digital section magic in file header header.This
When, " dex 0035 " character string that the specified data removing module 120 is used to delete in internal memory.
In another embodiment of the present invention, the specified data can include at least one in data below:
Check code field checksum, signature field signature, file total length field fileSize, file header are long
Degree field headerSize, byte order constant identification field endianTag, base address field.
In a preferred embodiment of the invention, the specified data include the magic digital section in file header header
One or more fields in magic and above-described embodiment.
It should be noted that herein, such as first and second or the like relational terms are used merely to a reality
Body or operation make a distinction with another entity or operation, and not necessarily require or imply these entities or deposited between operating
In any this actual relation or order.And, term " including ", "comprising" or its any other variant be intended to
Nonexcludability is included, so that process, method, article or equipment including a series of key elements not only will including those
Element, but also other key elements including being not expressly set out, or also include being this process, method, article or equipment
Intrinsic key element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that
Also there is other identical element in process, method, article or equipment including the key element.
Each embodiment in this specification is described by the way of correlation, identical similar portion between each embodiment
Divide mutually referring to what each embodiment was stressed is the difference with other embodiment.Especially for device reality
Apply for example, because it is substantially similar to embodiment of the method, so description is fairly simple, related part is referring to embodiment of the method
Part explanation.
One of ordinary skill in the art will appreciate that realizing that all or part of each several part in said apparatus implementation method can
Realized with hardware, or realized with the software module run on one or more hardware, it is complete in method implementation method
Portion or part steps can be by program to instruct the hardware of correlation to complete.It will be understood by those skilled in the art that this hair
Bright described method and apparatus are not limited to the embodiment described in specific embodiment, and specific descriptions above are intended merely to solution
The purpose of the present invention is released, the present invention is not intended to limit.Those skilled in the art's technology according to the present invention scheme draws other
Implementation method, also belong to technological innovation scope of the invention, protection scope of the present invention is by claim and its equivalent
Limit.
Obviously, those skilled in the art can carry out various changes and modification without deviating from essence of the invention to the present invention
God and scope.So, if these modifications of the invention and modification belong to the scope of the claims in the present invention and its equivalent technology
Within, then the present invention is also intended to comprising these changes and modification.
Claims (10)
1. a kind of storage method of dex files, it is characterised in that including:
Parsing dex files to be loaded, the dex files after parsing are loaded into internal memory;
Delete the specified data in the file header header of the dex files in the internal memory.
2. the storage method of a kind of dex files according to claim 1, it is characterised in that also include:
Memory address according to where the dex files after parsing, completes the dynamic load of dex files.
3. the storage method of a kind of dex files according to claim 1, it is characterised in that the specified data include text
Magic digital section magic in part head header.
4. the storage method of a kind of dex files according to claim 2, it is characterised in that:In the deletion internal memory
Dex files file header header in specified data, including:Delete " dex the 0035 " character string in internal memory.
5. according to a kind of storage method of the described dex files of one of Claims 1-4, it is characterised in that the specified data
Including at least one in data below:
Check code field checksum, signature field signature, file total length field fileSize, file header length word
Section headerSize, byte order constant identification field endianTag, linkage section starting position field link Off, each base
Location field.
6. a kind of storage device of dex files, it is characterised in that including:
Dex parses load-on module, for parsing dex files to be loaded, the dex files after parsing is loaded into internal memory;
Data removing module is specified, for the specified data in the file header header for deleting the dex files in the internal memory.
7. the storage device of a kind of dex files according to claim 6, it is characterised in that also include:
Dex dlm (dynamic loading module)s, for the memory address according to where the dex files after parsing, the dynamic for completing dex files adds
Carry.
8. the storage device of a kind of dex files according to claim 6, it is characterised in that the specified data include text
Magic digital section magic in part head header.
9. the storage device of a kind of dex files according to claim 8, it is characterised in that the specified data delete mould
" dex 0035 " character string that block is used to delete in internal memory.
10. according to a kind of storage device of the described dex files of one of claim 6 to 9, it is characterised in that:The specified number
According to including at least one in data below:
Check code field checksum, signature field signature, file total length field fileSize, file header length word
Section headerSize, byte order constant identification field endianTag, base address field.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611139435.XA CN106845166A (en) | 2016-12-12 | 2016-12-12 | The storage method and device of a kind of dex files |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611139435.XA CN106845166A (en) | 2016-12-12 | 2016-12-12 | The storage method and device of a kind of dex files |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106845166A true CN106845166A (en) | 2017-06-13 |
Family
ID=59139693
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611139435.XA Pending CN106845166A (en) | 2016-12-12 | 2016-12-12 | The storage method and device of a kind of dex files |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106845166A (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104318155A (en) * | 2014-11-18 | 2015-01-28 | 刘鹏 | Dynamic loading method capable of guarding against reverse APK file |
| CN105844160A (en) * | 2016-06-21 | 2016-08-10 | 北京金山安全软件有限公司 | Driver hiding method, device and equipment |
-
2016
- 2016-12-12 CN CN201611139435.XA patent/CN106845166A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104318155A (en) * | 2014-11-18 | 2015-01-28 | 刘鹏 | Dynamic loading method capable of guarding against reverse APK file |
| CN105844160A (en) * | 2016-06-21 | 2016-08-10 | 北京金山安全软件有限公司 | Driver hiding method, device and equipment |
Non-Patent Citations (1)
| Title |
|---|
| ANDROID哥哥: "APK安装过程及原理详解", 《HTTPS://BLOG.CSDN.NET/HDHD588/ARTICLE/DETAILS/6739281》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2137492C (en) | System for and method of providing delta-versioning of the contents of pcte file objects | |
| CN100451987C (en) | System and method for carrying out safety risk check to computer BIOS firmware | |
| US20100138619A1 (en) | Secure Erasure of Digital Files | |
| Klaver | Windows mobile advanced forensics | |
| CA2399891A1 (en) | Software patch generator | |
| WO2016078130A1 (en) | Dynamic loading method for preventing reverse of apk file | |
| US20040019784A1 (en) | File system for nonvolatile memory | |
| KR20060045659A (en) | Method and system for renaming consecutive keys in a b-tree | |
| CN111581163B (en) | Data traceless deletion method and system based on NTFS (New technology File System) | |
| US8650229B2 (en) | System and method for removing master file table ($MFT) file record segments (FRS) | |
| EP1967954A1 (en) | A method for deleting virus program and a method to get back the data destroyed by the virus. | |
| CN104268473B (en) | Method and device for detecting application programs | |
| WO2008056944A1 (en) | Confirmation method of api by the information at call-stack | |
| CN101206656B (en) | File safety deletion system and method | |
| CN106803040A (en) | Virus signature processing method and processing device | |
| CN108460293A (en) | A kind of application integrity multistage checking mechanism | |
| Sitompul et al. | File reconstruction in digital forensic | |
| Vandermeer et al. | Forensic analysis of the exfat artefacts | |
| CN106845166A (en) | The storage method and device of a kind of dex files | |
| WO2019041891A1 (en) | Method and device for generating upgrade package | |
| CN106843919A (en) | The storage method and device of a kind of dex files | |
| CN107908954A (en) | A kind of method that memory overflows on dynamic detection GPU based on address compression technology | |
| CN106815301A (en) | The storage method and device of a kind of dex files | |
| CN116611032A (en) | Method, system and storage medium for embedding and extracting software watermark in JAR package | |
| Jarrett et al. | Purple dawn: Dead disk forensics on Google's Fuchsia operating system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170613 |