CN106845170A - A kind of anti-debug method and system - Google Patents
A kind of anti-debug method and system Download PDFInfo
- Publication number
- CN106845170A CN106845170A CN201710042165.9A CN201710042165A CN106845170A CN 106845170 A CN106845170 A CN 106845170A CN 201710042165 A CN201710042165 A CN 201710042165A CN 106845170 A CN106845170 A CN 106845170A
- Authority
- CN
- China
- Prior art keywords
- debug
- subprocess
- parameter
- needing
- value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 200
- 238000012545 processing Methods 0.000 claims abstract description 11
- 101150108030 ppiD gene Proteins 0.000 claims description 17
- 101150026173 ARG2 gene Proteins 0.000 claims description 12
- 101100005166 Hypocrea virens cpa1 gene Proteins 0.000 claims description 12
- 101100379634 Xenopus laevis arg2-b gene Proteins 0.000 claims description 12
- 101100166068 Schizosaccharomyces pombe (strain 972 / ATCC 24843) arg5 gene Proteins 0.000 claims description 10
- 238000012986 modification Methods 0.000 claims description 9
- 230000004048 modification Effects 0.000 claims description 9
- 238000012217 deletion Methods 0.000 claims 1
- 230000037430 deletion Effects 0.000 claims 1
- 230000006870 function Effects 0.000 description 29
- 238000010586 diagram Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 7
- 238000003860 storage Methods 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 230000006399 behavior Effects 0.000 description 3
- 239000011800 void material Substances 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000005304 joining Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012856 packing Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Abstract
The invention discloses a kind of anti-debug method, in the method, it would be desirable to which the process of anti-debug is set to debugging mode;Subprocess is created in the process for need anti-debug;The subprocess that will be created is attached in the process for needing anti-debug;Subprocess receives the feedback message for needing the process of anti-debug to send, and the feedback message is processed.The invention also discloses a kind of anti-debug system, the system includes:Setup module, the process for will need anti-debug is set to debugging mode;Creation module, for creating subprocess in the process for need anti-debug;Debugging module, the subprocess for that will be created is attached in the process for needing anti-debug;Processing module, the message of the process for needing anti-debug is waited for subprocess, and message is processed.The present invention, so as to avoid application program by the possibility of assault, realizes the anti-debug to application program by creating a subprocess for being used for debugging utility process.
Description
Technical field
The present invention relates to the debugging field of application program, more particularly to a kind of application program anti-debug method and system.
Background technology
As computer technology application becomes increasingly popular, the fast development of Android intelligent terminal, Android software industry
Developed rapidly, at the same time, attacker is made using Android software reversal technique to the various attacks of software and unauthorized
With and pirate the behavior such as to replicate also more and more.
Android conversed analysis technology can be used to the analysis in the case where application source code is not known and apply journey
The functional sequence of sequence, the data code for distorting application program etc., if conversed analysis technology is used by malice without restriction, profit
User can analyze the core technology for obtaining application program, it is also possible to distort the signature and author information of application program, can be with
Malicious code is injected into existing application program and is pretended by secondary packing, these behaviors are all greatly compromised
The interests of application developer, seriously compromise the personal secrets of users.
In Android software reversal technique, Android debugging techniques are a very important parts.Pass through
The debugging of Android applications is carried out, the operational process of Android applications can be obtained, be inferred to the substantially former of Android applications
Reason, generally can with it is very well and rapidly bypass some log in limitation or function restriction, get some user's private informations,
With larger harm.For example, can analyze and understand the data encryption/decryption method used in Android program, such as analyze clear
Using the decision logic of charging function, such that it is able to bypass the inspection whether paid, such that it is able to not pay the fees in the case of use
Charging function etc., such as can go to develop corresponding " game is plug-in " for game application.And the reverse first step of software is then
It is that program can be debugged, if not having anti-debug technology, equivalent to program quilt " exposed " in face of hacker.Compare at present
More important program is intended to that anti-debug function can be added, and prevents hacker from being debugged, from without allowing others' analysis program
Realization principle, the threshold that the program of greatly improving is cracked, how to carry out the anti-debug of application program has turned into urgent need solution
Problem.
The content of the invention
It is an object of the invention to provide a kind of anti-debug method and system, debugging utility to be used for by creating one
The subprocess of process, so as to prevent application program completely by the possibility of assault, realizes the anti-tune to application program
Examination.
The technical solution adopted in the present invention is as follows:
A kind of anti-debug method, it is characterised in that the method includes:
Step S101, it would be desirable to which the process of anti-debug is set to debugging mode;
Step S102, creates subprocess in the process for need anti-debug;
Step S103, the subprocess that will be created is attached in the process for needing anti-debug;
Step S104, subprocess receives the feedback message for needing the process of anti-debug to send, and the feedback message is processed.
The process of anti-debug will be needed to be set to debugging mode to be included:
Anti- tune will be needed by calling android system interface function prctl (option, arg2, arg3, arg4, arg5)
The process of examination is set to debugging mode, and wherein parameter option is PR_SET_DUMPABLE, and the value of parameter arg2 is 1, parameter
The value of arg3 is 0, and the value of parameter arg4 is 0, and the value of parameter arg5 is 0.
Subprocess is created in the process for need anti-debug to be included:
The establishment of subprocess is completed by calling android system function fork.
The subprocess that will be created is attached to and needs the process of anti-debug to include:
The process ID of the process for needing anti-debug is got by calling android system function getppid, by what is created
Subprocess is attached in the process for needing anti-debug.
The subprocess that will be created is attached to and needs the process of anti-debug to include:
Android system function ptrace (PTRACE_ATTACH, ppid, NULL, NULL) is called to perform additional operations,
Wherein parameter PTRACE_ATTACH is shown to be additional operations, and parameter ppid is the process of the process of anti-debug the need for getting
ID, the subprocess that expression will be created is attached in the process indicated by the process ID of the process for needing anti-debug, NULL generations
Table vacancy.
Subprocess receives the feedback message for needing that the process of anti-debug sends, and carries out treatment to the feedback message and include:
The feedback message of the process for needing anti-debug is obtained by calling android system function WSTOPSIG (status),
Wherein variable status is used to deposit variable signal value,
Whether the value of the status is judged equal to any one in following four signal, and four signals include:Stop the anti-tune
The execution signal SIGSTOP of the process of examination, stop the anti-debug process run signal SIGTSTP, when background job will be from
Signal SIGTTIN when user terminal reads data, the signal SIGTTOU that receives when terminal or modification terminal pattern is write, if
Above-mentioned judgement is invalid, then do not carry out any treatment to described feedback message, if above-mentioned judgement is set up, setting needs instead
Feedback message described in the process-kill of debugging.
Realize deleting behaviour by calling android system function ptrace (PTRACE_CONT, ppid, 0,0)
Make, wherein, parameter PTRACE_CONT is used to indicate to need the process of anti-debug to continue executing with system invoked procedure, parameter ppid
It is the process ID value of the process for needing anti-debug, parameter 0 indicates to need the feedback message described in the process-kill of anti-debug.
A kind of anti-debug system, the system includes setup module, creation module, debugging module and processing module, and it is special
Levy and be:
Setup module, the process for will need anti-debug is set to debugging mode;
Creation module, for creating subprocess in the process for need anti-debug;
Debugging module, the subprocess for that will be created is attached in the process for needing anti-debug;
Processing module, the message of the process for needing anti-debug is waited for subprocess, and message is processed.
Setup module includes:
Call unit:
Work as being set by calling android system interface function prctl (option, arg2, arg3, arg4, arg5)
Preceding process can be debugged, and wherein parameter option is PR_SET_DUMPABLE, and the value of parameter arg2 is 1, parameter arg3's
Value is 0, and the value of parameter arg4 is 0, and the value of parameter arg5 is 0;
Creation module includes:
Unit is set up, the establishment for completing new process by calling system function fork;
The subprocess that will be created is attached to and needs the process of anti-debug to include:
The process ID of the process for needing anti-debug is got by call function getppid, the subprocess that will be created is added
To in the process for needing anti-debug;
Subprocess waits the message of the process for needing anti-debug, and carries out treatment to message and include:
The feedback message of the process for needing anti-debug is obtained by calling android system function WSTOPSIG (status),
Wherein variable status is used to deposit variable signal value,
Whether the value of the status is judged equal to any one in following four signal, and four signals include:Stop the anti-tune
The execution signal SIGSTOP of the process of examination, stop the anti-debug process run signal SIGTSTP, when background job will be from
Signal SIGTTIN when user terminal reads data, the signal SIGTTOU that receives when terminal or modification terminal pattern is write, if
Above-mentioned judgement is invalid, then do not carry out any treatment to described feedback message, if above-mentioned judgement is set up, setting needs instead
Feedback message described in the process-kill of debugging.
The subprocess that will be created is attached to and needs the process of anti-debug to include:
Call function ptrace (PTRACE_ATTACH, ppid, NULL, NULL) performs additional operations, wherein parameter
Request inserts PTRACE_ATTACH, and parameter ppid is the process ID of the process of anti-debug the need for getting, and represents institute
The subprocess of establishment is attached in the process indicated by the process ID of the process for needing anti-debug, and NULL represents vacancy.
Technical scheme can be obtained beneficial effect to be included, by consuming less system resource, simple, side
Just prevent the protected process of other Process Debuggings.
Brief description of the drawings
Fig. 1 is the schematic flow sheet of the anti-debug method;
Fig. 2 is the high-level schematic functional block diagram of the anti-debug system.
Specific embodiment
In order to better illustrate the present invention, further is made to technical scheme in conjunction with specific embodiment and Figure of description
Explanation.Although having recorded these specific embodiments in embodiment, so it is not limited to the present invention, any affiliated skill
Have usually intellectual in art field, without departing from the spirit and scope of the present invention, when can make a little change with retouching, therefore
Protection scope of the present invention ought be defined depending on those as defined in claim.
The schematic flow sheet of the anti-debug method of the application program is as shown in Figure 1.The anti-debug method first can be anti-
In the process of debugging, i.e. program process, setting current process can be attached, and a subprocess is then created again, and son enters
Cheng Zehui performs debugging task in being attached to anti-debug process, and then subprocess inbound message circulates to process parent process transmission
The message for coming over.The anti-debug method specifically includes following steps:
1)Step S101:The process of anti-debug is set to debugging mode;
By calling android system interface function prctl (int option, unsigned long arg2, unsigned
Long arg3, unsigned long arg4, unsigned long arg5) can be debugged setting current process, this letter
Several key points is parameter option.
Specifically calling in the anti-debug method is prctl (PR_SET_DUMPABLE, 1,0,0,0), wherein joining
Number option is PR_SET_DUMPABLE, and the value of parameter arg2 is 1.
2)Step S102:Subprocess is created in the process of anti-debug;
A new process is created in android system, the establishment of new process is completed by calling system function fork (),
The new process created by fork is referred to as subprocess(child process), call fork functions to have return value, if returned
It is 0 to return value, then it represents that establishment is subprocess, if return value is more than 0, then it represents that establishment is parent process, for parent process,
Its return value is the process ID of new process, and the process ID is the unique number of process, and subprocess can be by calling system function
Getpid is implemented as follows with obtaining the process ID of its parent process:
pid_tpid = fork();
Illustrate that current process is subprocess if the value of pid is for 0.
3)Step S103:The subprocess for being created is debugged to the process of anti-debug;
The subprocess for creating in step s 102, the process of parent process, i.e. anti-debug is got by call function getpid
Process ID, subprocess is attached to parent process, will subprocess be attached in the process of anti-debug, subprocess is to anti-debug
Process is debugged.It is implemented as follows:
A. Parent process ID is obtained
pid_tppid =getppid();
Wherein, pid_t is the type of process ID, and getppid () is the function of the acquisition process ID that android system is provided,
Ppid is the unique number of the ID of parent process, i.e. process.
B. it is attached in parent process
The ptrace () function that android system is provided is called to perform additional operations, long ptrace (int request,
Pid_tppid, void * addr, void * data), wherein parameter request inserts type PTRACE_ATTACH then
Explanation is additional operations.It is implemented as follows:
long err = ptrace(PTRACE_ATTACH, ppid, NULL, NULL);
What wherein parameter request was inserted is PTRACE_ATTACH then illustrates it is additional operations, and parameter ppid is then step S102
In the ID of parent process that gets, indicate which process be attached to.
Subprocess can be then allowed by step S103 to debug parent process, but this debugging is not real debugging,
And parent process is only attached to, and can so prevent other processes from carrying out additional parent process, the purpose of " accounting for hole " can be played, while
Above all subprocess is needed to handle the halt signal of parent process well, it is to avoid parent process is collapsed, so needing treatment temporary below
Stop signal.
4)Step S104:Subprocess waits the message of the process of anti-debug, and message is processed;
Subprocess needs to handle the signal of parent process well, so as to avoid parent process from entering group-stop states, so as to avoid journey
Sequence collapse is abnormal.
A total of 4 kinds of signal SIGSTOP of program(The execution signal of stopping process)、SIGTSTP(The operation letter of stopping process
Number)、SIGTTIN(Signal when background job will read data from user terminal)、SIGTTOU(Writing terminal or modification terminal
The signal received during pattern)Process can be caused to be trapped in group-stop states.So needing to handle this 4 kinds of signals well.
The signal of parent process pause is obtained by calling system function WSTOPSIG ().Call WSTOPSIG(status)
To get the halt signal of parent process from status variables, wherein status is a variable storage signal value, is judged
The value of status is 4 above-mentioned signal values, i.e. this 4 kinds of SIGSTOP, SIGTSTP, SIGTTIN, SIGTTOU, is judged
Whether the value of stauts is equal to any one in above-mentioned 4 signal values, if it is not, then can ignore, if it is, needing
Parent process is set and loses this signal, it is not necessary to processed.Wherein, the operation for losing this signal is by calling system function
Ptrace () is realized.It is implemented as follows:
ptrace(PTRACE_CONT, ppid, 0, 0);
Wherein, parameter PTRACE_CONT indicates parent process to continue executing with system invoked procedure, and parameter ppid is the process of parent process
ID values, parameter 0 indicates parent process to ignore the halt signal for causing, and abandons this signal and is not processed.
By the treatment to this halt signal, the feelings that parent process quilt Process Debugging occurs program crashing have just been processed
Condition a, so step of most critical is handled well, then parent process and subprocess can just exist always, and will not produce different
Often.Simultaneously because parent process quilt Process Debugging, so others Hack wants that it has been then impossible to debug this process
(One process of android system only allows a Process Debugging).
The high-level schematic functional block diagram of the anti-debug system is as shown in Fig. 2 the anti-debug system includes setup module 201, wound
Modeling block 202, debugging module 203 and processing module 204.Wherein, setup module, for being set to the process of anti-debug to adjust
Examination state;Creation module, for creating subprocess in the process of anti-debug;Debugging module, for the subprocess pair for being created
The process of anti-debug is debugged;Processing module, for subprocess wait anti-debug process message, and to message at
Reason.
Specifically included in setup module:Call unit, for by calling android system interface function prctl
(option, arg2, arg3, arg4, arg5) can be debugged setting current process, and wherein parameter option is PR_SET_
The value of DUMPABLE, parameter arg2 is 1.Specifically included in creation module:Unit is set up, for by calling system function fork
To complete the establishment of new process.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program
Product.Therefore, the present invention can be using the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Apply the form of example.And, the present invention can be used and wherein include the computer of computer usable program code at one or more
Usable storage medium(Including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)The computer program of upper implementation is produced
The form of product.
The present invention is with reference to method according to embodiments of the present invention, equipment(System)And the flow of computer program product
Figure and/or block diagram are described.It should be understood that every first-class during flow chart and/or block diagram can be realized by computer program instructions
The combination of flow and/or square frame in journey and/or square frame and flow chart and/or block diagram.These computer programs can be provided
The processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced for reality by the instruction of computer or the computing device of other programmable data processing devices
The device of the function of being specified in present one flow of flow chart or multiple one square frame of flow and/or block diagram or multiple square frames.
These computer program instructions may be alternatively stored in can guide computer or other programmable data processing devices with spy
In determining the computer-readable memory that mode works so that instruction of the storage in the computer-readable memory is produced and include finger
Make the manufacture of device, the command device realize in one flow of flow chart or multiple one square frame of flow and/or block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that in meter
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented treatment, so as in computer or
The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in individual square frame or multiple square frames.
Obviously, those skilled in the art can carry out various changes and modification without deviating from essence of the invention to the present invention
God and scope.So, if these modifications of the invention and modification belong to the scope of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to comprising these changes and modification.
Claims (10)
1. a kind of anti-debug method, it is characterised in that the method includes:
Step S101, it would be desirable to which the process of anti-debug is set to debugging mode;
Step S102, creates subprocess in the process for need anti-debug;
Step S103, the subprocess that will be created is attached in the process for needing anti-debug;
Step S104, subprocess receives the feedback message for needing the process of anti-debug to send, and the feedback message is processed.
2. anti-debug method according to claim 1, it is characterised in that the process of anti-debug will be needed to be set to debug shape
State includes:
Anti- tune will be needed by calling android system interface function prctl (option, arg2, arg3, arg4, arg5)
The process of examination is set to debugging mode, and wherein parameter option is PR_SET_DUMPABLE, and the value of parameter arg2 is 1, parameter
The value of arg3 is 0, and the value of parameter arg4 is 0, and the value of parameter arg5 is 0.
3. anti-debug method according to claim 1, it is characterised in that subprocess is created in the process for need anti-debug
Including:
The establishment of subprocess is completed by calling android system function fork.
4. anti-debug method according to claim 1, it is characterised in that the subprocess that will be created is attached to that needs are anti-to be adjusted
The process of examination includes:
The process ID of the process for needing anti-debug is got by calling android system function getppid, by what is created
Subprocess is attached in the process for needing anti-debug.
5. anti-debug method according to claim 4, it is characterised in that the subprocess that will be created is attached to that needs are anti-to be adjusted
The process of examination includes:
Android system function ptrace (PTRACE_ATTACH, ppid, NULL, NULL) is called to perform additional operations,
Wherein parameter PTRACE_ATTACH is shown to be additional operations, and parameter ppid is the process of the process of anti-debug the need for getting
ID, the subprocess that expression will be created is attached in the process indicated by the process ID of the process for needing anti-debug, NULL generations
Table vacancy.
6. anti-debug method according to claim 1, it is characterised in that subprocess is received needs the process of anti-debug to send
Feedback message, and treatment carried out to the feedback message include:
The feedback message of the process for needing anti-debug is obtained by calling android system function WSTOPSIG (status),
Wherein variable status is used to deposit variable signal value,
Whether the value of the status is judged equal to any one in following four signal, and four signals include:Stop the anti-tune
The execution signal SIGSTOP of the process of examination, stop the anti-debug process run signal SIGTSTP, when background job will be from
Signal SIGTTIN when user terminal reads data, the signal SIGTTOU that receives when terminal or modification terminal pattern is write, if
Above-mentioned judgement is invalid, then do not carry out any treatment to described feedback message, if above-mentioned judgement is set up, setting needs instead
Feedback message described in the process-kill of debugging.
7. anti-debug method according to claim 6, it is characterised in that including:
By calling android system function ptrace (PTRACE_CONT, ppid, 0,0) to realize deletion action, its
In, parameter PTRACE_CONT is used to indicate to need the process of anti-debug to continue executing with system invoked procedure, and parameter ppid is desirable
The process ID value of the process of anti-debug, parameter 0 indicates to need the feedback message described in the process-kill of anti-debug.
8. a kind of anti-debug system, the system includes setup module, creation module, debugging module and processing module, its feature
It is:
Setup module, the process for will need anti-debug is set to debugging mode;
Creation module, for creating subprocess in the process for need anti-debug;
Debugging module, the subprocess for that will be created is attached in the process for needing anti-debug;
Processing module, the message of the process for needing anti-debug is waited for subprocess, and message is processed.
9. anti-debug system according to claim 8, it is characterised in that setup module includes:
Call unit:
Work as being set by calling android system interface function prctl (option, arg2, arg3, arg4, arg5)
Preceding process can be debugged, and wherein parameter option is PR_SET_DUMPABLE, and the value of parameter arg2 is 1, parameter arg3's
Value is 0, and the value of parameter arg4 is 0, and the value of parameter arg5 is 0;
Creation module includes:
Unit is set up, the establishment for completing new process by calling system function fork;
The subprocess that will be created is attached to and needs the process of anti-debug to include:
The process ID of the process for needing anti-debug is got by call function getppid, the subprocess that will be created is added
To in the process for needing anti-debug;
Subprocess waits the message of the process for needing anti-debug, and carries out treatment to message and include:
The feedback message of the process for needing anti-debug is obtained by calling android system function WSTOPSIG (status),
Wherein variable status is used to deposit variable signal value,
Whether the value of the status is judged equal to any one in following four signal, and four signals include:Stop the anti-tune
The execution signal SIGSTOP of the process of examination, stop the anti-debug process run signal SIGTSTP, when background job will be from
Signal SIGTTIN when user terminal reads data, the signal SIGTTOU that receives when terminal or modification terminal pattern is write, if
Above-mentioned judgement is invalid, then do not carry out any treatment to described feedback message, if above-mentioned judgement is set up, setting needs instead
Feedback message described in the process-kill of debugging.
10. anti-debug system according to claim 9, it is characterised in that it is anti-that the subprocess that will be created is attached to needs
The process of debugging includes:
Call function ptrace (PTRACE_ATTACH, ppid, NULL, NULL) performs additional operations, wherein parameter
Request inserts PTRACE_ATTACH, and parameter ppid is the process ID of the process of anti-debug the need for getting, and represents institute
The subprocess of establishment is attached in the process indicated by the process ID of the process for needing anti-debug, and NULL represents vacancy.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710042165.9A CN106845170B (en) | 2017-01-20 | 2017-01-20 | A kind of anti-debug method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710042165.9A CN106845170B (en) | 2017-01-20 | 2017-01-20 | A kind of anti-debug method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106845170A true CN106845170A (en) | 2017-06-13 |
CN106845170B CN106845170B (en) | 2019-11-15 |
Family
ID=59120152
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710042165.9A Active CN106845170B (en) | 2017-01-20 | 2017-01-20 | A kind of anti-debug method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106845170B (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108256318A (en) * | 2018-01-15 | 2018-07-06 | 郑州云海信息技术有限公司 | A kind of process method for safe operation, device and terminal |
CN108388778A (en) * | 2018-03-21 | 2018-08-10 | 北京理工大学 | The APP that Android platform merges multiple features demodulates method for testing |
CN109981580A (en) * | 2019-02-25 | 2019-07-05 | 浪潮软件集团有限公司 | It is a kind of to prevent safety method and system of the CMSP by dynamically track |
CN111427623A (en) * | 2020-03-20 | 2020-07-17 | 北京奇艺世纪科技有限公司 | Program exit method, device, computer equipment and storage medium |
CN112199642A (en) * | 2019-07-08 | 2021-01-08 | 北京智游网安科技有限公司 | Detection method for anti-debugging of android system, mobile terminal and storage medium |
CN112363917A (en) * | 2020-10-30 | 2021-02-12 | 北京五八信息技术有限公司 | Application program debugging exception processing method and device, electronic equipment and medium |
US11409635B2 (en) | 2019-08-23 | 2022-08-09 | Raytheon Company | Hacker-resistant anti-debug system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040139432A1 (en) * | 2002-12-31 | 2004-07-15 | International Business Machines Corporation | Method and apparatus for managing thread execution in a multithread application |
CN101473333A (en) * | 2006-06-21 | 2009-07-01 | 威步系统股份公司 | Method and system for intrusion detection |
CN105793860A (en) * | 2013-11-14 | 2016-07-20 | Inka安特沃客有限公司 | Method for anti-debugging |
-
2017
- 2017-01-20 CN CN201710042165.9A patent/CN106845170B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040139432A1 (en) * | 2002-12-31 | 2004-07-15 | International Business Machines Corporation | Method and apparatus for managing thread execution in a multithread application |
CN101473333A (en) * | 2006-06-21 | 2009-07-01 | 威步系统股份公司 | Method and system for intrusion detection |
CN105793860A (en) * | 2013-11-14 | 2016-07-20 | Inka安特沃客有限公司 | Method for anti-debugging |
Non-Patent Citations (1)
Title |
---|
FLY20141201: "Android加固多进程ptrace反调试的思路整理", 《HTTPS://BLOG.CSDN.NET/QQ1084283172/ARTICLE.DETAILS/53613481》 * |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108256318A (en) * | 2018-01-15 | 2018-07-06 | 郑州云海信息技术有限公司 | A kind of process method for safe operation, device and terminal |
CN108388778A (en) * | 2018-03-21 | 2018-08-10 | 北京理工大学 | The APP that Android platform merges multiple features demodulates method for testing |
CN108388778B (en) * | 2018-03-21 | 2021-03-30 | 北京理工大学 | APP anti-debugging method with Android platform fused with multiple features |
CN109981580A (en) * | 2019-02-25 | 2019-07-05 | 浪潮软件集团有限公司 | It is a kind of to prevent safety method and system of the CMSP by dynamically track |
CN112199642A (en) * | 2019-07-08 | 2021-01-08 | 北京智游网安科技有限公司 | Detection method for anti-debugging of android system, mobile terminal and storage medium |
US11409635B2 (en) | 2019-08-23 | 2022-08-09 | Raytheon Company | Hacker-resistant anti-debug system |
CN111427623A (en) * | 2020-03-20 | 2020-07-17 | 北京奇艺世纪科技有限公司 | Program exit method, device, computer equipment and storage medium |
CN112363917A (en) * | 2020-10-30 | 2021-02-12 | 北京五八信息技术有限公司 | Application program debugging exception processing method and device, electronic equipment and medium |
Also Published As
Publication number | Publication date |
---|---|
CN106845170B (en) | 2019-11-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106845170A (en) | A kind of anti-debug method and system | |
CN106778104B (en) | A kind of anti-debug method and system of application program | |
Gilbert et al. | Vision: automated security validation of mobile apps at app markets | |
KR101519845B1 (en) | Method For Anti-Debugging | |
US9438617B2 (en) | Application security testing | |
US10013553B2 (en) | Protecting software application | |
CN108182359B (en) | Method, device and storage medium for testing API security in trusted environment | |
CN107145376A (en) | A kind of active defense method and device | |
JP2021502648A (en) | FPGA cloud host development method and system | |
Katz et al. | Incremental analysis of interference among aspects | |
Le Charlier et al. | Dynamic detection and classification of computer viruses using general behaviour patterns | |
US20190197216A1 (en) | Method, apparatus, and computer-readable medium for executing a logic on a computing device and protecting the logic against reverse engineering | |
KR20210061446A (en) | Safety-related data stream detection method | |
CN107239698A (en) | A kind of anti-debug method and apparatus based on signal transacting mechanism | |
Hong et al. | Avguardian: Detecting and mitigating publish-subscribe overprivilege for autonomous vehicle systems | |
CN107122656B (en) | Method and device for preventing external debugging through self-debugging | |
Radhakrishna et al. | DroidStar: callback typestates for Android classes | |
CN110414220B (en) | Method and device for extracting operation files in dynamic execution process of program in sandbox | |
CN109165509B (en) | Method, device, system and storage medium for measuring real-time credibility of software | |
CN115795546A (en) | Micro-service application access control method and device based on stain mark tracking | |
CN107368713B (en) | Protect the method and security component of software | |
WO2020027956A1 (en) | Listen mode for application operation whitelisting mechanisms | |
Auer et al. | Concurrency control generation for dynamic threads using discrete-event systems | |
Aljuraidan et al. | Run-time enforcement of information-flow properties on Android | |
JP2019003349A (en) | Virus monitoring method by individual instruction processing time measurement |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |