CN106886717A - A kind of method and device with the shelling of shell software - Google Patents
A kind of method and device with the shelling of shell software Download PDFInfo
- Publication number
- CN106886717A CN106886717A CN201510933399.3A CN201510933399A CN106886717A CN 106886717 A CN106886717 A CN 106886717A CN 201510933399 A CN201510933399 A CN 201510933399A CN 106886717 A CN106886717 A CN 106886717A
- Authority
- CN
- China
- Prior art keywords
- shelling
- clear data
- original program
- software
- shell software
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a kind of method and device with the shelling of shell software, the method includes:When band shell software for shelling is run in shelling system, the clear data of the original program with shell software is stored into the Installed System Memory of shelling system by the loading interface of the system of shelling, and record storage information of the clear data storage in Installed System Memory;Storage information is obtained by loading interface;The clear data of the original program with shell software is read from Installed System Memory according to storage information.Band shell software hulling method and device that the present invention is provided, the clear data that clear data stores the storage information in Installed System Memory and reads original program file is obtained by loading interface, without carrying out logic analysis or flow trace to every kind of shell side sequence, shelling efficiency is higher;And the present invention carries out software shelling by loading interface, being applicable to the system of same-interface carries out various shellings with shell software, including is segmented the band shell software of encryption, with stronger versatility.
Description
Technical field
The present invention relates to field of computer technology, more particularly to a kind of method and device with the shelling of shell software.
Background technology
Software shelling is a kind of conventional Software Protection Technique, the original program of software is encrypted first or
Person hides original program entrance with some form, adds a pre-start-up procedure, i.e. shell side in software afterwards
Sequence.When software brings into operation, what is run first is shell side sequence, shell side ordered pair original program be decrypted or
Original program entrance is obtained, original program is given by operation power afterwards, now, original program brings into operation,
And shell side sort run terminates.Software shelling technology can be protected effectively to priginal soft, be a kind of logical
, the preferable method for protecting software of effect.
Compared to common software developer, many viruses, the developer of trojan horse program are more prone to use and add
Shell technology protects the Malware of oneself, so as to reach illegal objective in longer time.Protected for shell adding
The Malware of shield, malicious code detection system is often only able to detect the code of shell side sequence, it is impossible to detect
The malicious code being hidden in original program, and malicious code typically is not contained in shell side sequence, therefore software adds
Shell also becomes the approach for bypassing software security detection.
At present, existing shelling scheme is usually that the logic of certain shell side sequence is cracked, or by dynamic
Debugging, tracks the operational process of shell side sequence, traces into after shell side sort run, is obtained from Installed System Memory and opened
Begin the original program for running.
However, existing shelling scheme typically have extremely strong specific aim, the shell adding method of every kind of shell side sequence,
Operational process, the algorithm for using all have differences.Therefore every kind of hulling method may be only to a kind of shell or one kind
Effectively, versatility is poor for certain version of shell.
The content of the invention
It is existing its purpose is to solve the invention provides a kind of method and device with the shelling of shell software
Software shelling scheme has an extremely strong specific aim, and the poor problem of versatility.
In order to achieve the above object, The embodiment provides a kind of method with the shelling of shell software, should
Method includes:
When band shell software for shelling is run in shelling system, will be with shell by the loading interface of the system of shelling
The clear data of the original program of software is stored into the Installed System Memory of shelling system, and is recorded clear data and deposited
Store up the storage information in Installed System Memory;
Storage information is obtained by loading interface;
The clear data of the original program with shell software is read from Installed System Memory according to storage information.
Preferably, before band shell software for shelling is run in shelling system, the method also includes:
Obtain the source code of original shelling system;
Increase by one in source code and obtain instruction, obtain instruction for the loading interface of the system of shelling to be configured into tool
There is the function of obtaining memory address and read internal memory;
The source code that instruction is obtained to increasing is compiled, the system file of the shelling system after being compiled,
And run shelling system.
Preferably, the clear data of the original program with shell software is stored by the loading interface of the system of shelling
Into the Installed System Memory of shelling system, and record storage information of the clear data storage in Installed System Memory, bag
Include:
If the original program with shell software only has one-time pad encryption process, by the bright of the original program with shell software
Literary data are disposably stored into the Installed System Memory of shelling system, and record clear data storage in Installed System Memory
In storage information;Or
If the original program with shell software is segmented encryption, by the clear data of the original program with shell software
In fragmented storage to the Installed System Memory of the system of shelling, and record storage of the clear data storage in Installed System Memory
Information and segment data, segment information of the segment data at least including the original program with shell software and every
Individual fragmented storage to Installed System Memory timestamp.
Preferably, the clear data of the original program with shell software is read from Installed System Memory according to storage information,
Including:
If the original program with shell software only has one-time pad encryption process, according to storage information from Installed System Memory
The clear data of the original program with shell software is read, or makes shelling system according to storage information from Installed System Memory
It is middle to read the clear data of the original program with shell software, and read with the original of shell software from shelling system
The clear data of program;Or
If the original program with shell software is segmented encryption, according to segment information, timestamp and storage letter
Breath reads each corresponding clear data of segmentation from Installed System Memory, and to each corresponding clear data of segmentation
Collected, obtain the clear data of the original program of software for shelling and store.
Preferably, storage information is obtained by loading interface, including:
Storage information is write by file or in real time output by loading interface.
To achieve these goals, present invention also offers a kind of device with the shelling of shell software, the device bag
Include:
Memory module, for being run in shelling system during band shell software for shelling, by the system of shelling
Loading interface stores into the Installed System Memory of shelling system the clear data of the original program with shell software, and
Storage information of the record clear data storage in Installed System Memory;
Acquisition module, for obtaining storage information by loading interface;
Data read module, for reading the original program with shell software from Installed System Memory according to storage information
Clear data.
Preferably, the device also includes:
Collector, before band shell software for shelling is run in shelling system for memory module,
Obtain the source code of original shelling system;
Increase by one in source code and obtain instruction, obtain instruction for the loading interface of the system of shelling to be configured into tool
There is the function of obtaining memory address and read internal memory;
The source code that instruction is obtained to increasing is compiled, the system file of the shelling system after being compiled,
And run shelling system.
Preferably, memory module includes:
First sub-module stored, if there was only one-time pad encryption process for the original program with shell software, by band
The clear data of the original program of shell software is disposable to be stored into the Installed System Memory of shelling system, and records bright
Storage information of the literary data storage in Installed System Memory;
Second sub-module stored, if be segmented encryption for the original program with shell software, will be with shell software
Original program clear data fragmented storage to the Installed System Memory of the system of shelling in, and record clear data and deposit
Storage information and segment data in Installed System Memory are stored up, segment data at least includes with the original of shell software
The segment information of program and each fragmented storage to Installed System Memory timestamp.
Preferably, data read module includes:
First reading submodule, if there was only one-time pad encryption process for the original program with shell software, according to
Storage information reads the clear data of the original program with shell software from Installed System Memory, or makes shelling system root
Read the clear data of the original program with shell software from Installed System Memory according to storage information, and from shelling system
The middle clear data for reading the original program with shell software;
Second reading submodule, if be segmented encryption for the original program with shell software, believes according to segmentation
Breath, timestamp and storage information read each corresponding clear data of segmentation from Installed System Memory, and to every
The corresponding clear data of individual segmentation is collected, and is obtained the clear data of the original program of software for shelling and is deposited
Storage.
Preferably, acquisition module is used for:
Storage information is write by file or in real time output by loading interface.
Such scheme of the invention at least includes following beneficial effect:
Band shell software hulling method and device that the present invention is provided, directly obtain clear data by loading interface
Store the storage information in Installed System Memory and read the clear data of original program file, without to every kind of shell
Program carries out logic analysis or flow trace, and shelling efficiency is higher;And the present invention is carried out by loading interface
Software shells, and being applicable to the system of same-interface carries out various shellings with shell software, including be segmented plus
Close band shell software, with stronger versatility.
Brief description of the drawings
The basic step flow of the method with the shelling of shell software that Fig. 1 is provided for the first embodiment of the present invention
Figure;
The basic step flow of the method with the shelling of shell software that Fig. 2 is provided for the second embodiment of the present invention
Figure;
The basic step flow of the method with the shelling of shell software that Fig. 3 is provided for the third embodiment of the present invention
Figure;
The basic step flow of the method with the shelling of shell software that Fig. 4 is provided for the fourth embodiment of the present invention
Figure;
The structural representation of the square law device with the shelling of shell software that Fig. 5 is provided for the fifth embodiment of the present invention
Figure.
Specific embodiment
To make the technical problem to be solved in the present invention, technical scheme and advantage clearer, below in conjunction with attached
Figure and specific embodiment are described in detail.
First embodiment
Referring to Fig. 1, the first embodiment of the present invention provides a kind of method with the shelling of shell software, the method
Including:
Step 101, when band shell software for shelling is run in shelling system, by the loading of the system of shelling
Interface stores into the Installed System Memory of shelling system the clear data of the original program with shell software, and records
Clear data stores the storage information in Installed System Memory.
Wherein, loading interface is used to store the clear data of original program into Installed System Memory, and records phase
The storage information (information such as initial address, committed memory size in internal memory) answered.Under normal circumstances, band
The clear data of the original program of shell software store to shelling system Installed System Memory when all need by loading connect
Mouthful realize, therefore, loading interface can effectively record storage letter of the clear data storage in Installed System Memory
Breath.
Step 102, storage information is obtained by loading interface.
Wherein, storage information is obtained by loading interface, that is, make that loading interface provides that it is recorded it is logical
Cross loading interface and obtain storage information.
Step 103, the plaintext number of the original program with shell software is read according to storage information from Installed System Memory
According to.
Wherein, the storage information for being obtained according to loading interface, directly reads the plaintext of original program from internal memory
Data.
Under normal circumstances, the processing scheme that shell side ordered pair original program does is different, but all of shell side sequence
All it is the one section of program run before original program, shell side sequence will finally call original program, and protect
Card original program normally runs.
The general flow of shell side sequence be find the original program bag after ciphered compressed (original program now with
Document form presence), the operation such as decompression is decrypted to it, shell side sequence passes through loading interface by original journey
The clear data loading system internal memory of preface part, afterwards system bring into operation original program;However, developer
It is difficult to directly be obtained from Installed System Memory not by shell side sequence the clear data of original program.
Therefore, in embodiments of the invention, in order to solve the above problems, directly obtain bright by loading interface
Storage information of the literary data storage in Installed System Memory simultaneously reads the clear data of original program file, without right
Every kind of shell side sequence carries out logic analysis or flow trace, and shelling efficiency is higher;And the present invention is connect by loading
Mouthful carry out software shelling, being applicable to the system of same-interface carries out various shellings with shell software, with compared with
Strong versatility.
In the above embodiment of the present invention, step 102 includes:
Storage information is write by file or in real time output by loading interface.
Wherein, can storage information write-in specific text of the loading interface by clear data storage in Installed System Memory
Part or in real time output, for software shelling.
Second embodiment
Referring to Fig. 2, the second embodiment of the present invention provides a kind of method with the shelling of shell software, the method
Including:
Step 201, obtains the source code of original shelling system.
Wherein, source code is the computer language of the shelling system for writing original.
Step 202, increase by obtains instruction in source code, and obtaining instruction is used for the loading of the system of shelling
Interface configuration has the function of obtaining memory address and read internal memory.
Under normal circumstances, loading interface is served only for storing the clear data of original program into Installed System Memory,
And in embodiments of the invention, by increasing acquisition instruction in source code, loading interface is being performed original
During functional, while the function of obtaining memory address and read internal memory is performed, in order to the system of shelling
Obtain corresponding memory address.
Step 203, the source code that instruction is obtained to increasing is compiled, the shelling system after being compiled
System file, and run shelling system.
Wherein, system file can be just obtained after source code is compiled and is run.
Under normal circumstances, it is compiled that obtain is system image file (such as Android system) to source code,
System image file is installed in hardware environment or virtual machine, shelling system just can be normally run.
Step 204, when band shell software for shelling is run in shelling system, by the loading of the system of shelling
Interface stores into the Installed System Memory of shelling system the clear data of the original program with shell software, and records
Clear data stores the storage information in Installed System Memory.
Step 205, storage information is obtained by loading interface,
Step 206, the plaintext number of the original program with shell software is read according to storage information from Installed System Memory
According to.
In the above embodiment of the present invention, modified by the source code to the system that shells, increase acquisition and refer to
Order, makes loading interface have the function of obtaining memory address and read internal memory, directly can read in Installed System Memory
The clear data of the original program with shell software is taken, without carrying out logic analysis or flow to every kind of shell side sequence
Follow the trail of, shelling efficiency is higher.
3rd embodiment
Referring to Fig. 3, the third embodiment of the present invention provides a kind of method with the shelling of shell software, the method
Including:
Step 301, when band shell software for shelling is run in shelling system, if the original journey with shell software
Sequence only has one-time pad encryption process, then disposably store to shelling the clear data of the original program with shell software
In the Installed System Memory of system, and record storage information of the clear data storage in Installed System Memory.
Wherein, if the original program with shell software only has one-time pad encryption process, by the plaintext number of original program
According to disposably storing into Installed System Memory, and record a storage information.
Step 302, when band shell software for shelling is run in shelling system, if the original journey with shell software
Sequence is segmented encryption, then be to the system of shelling by the clear data fragmented storage of the original program with shell software
In system internal memory, and record storage information and segment data of the clear data storage in Installed System Memory, segmentation
Segment information and each fragmented storage of the data at least including the original program with shell software are to Installed System Memory
Timestamp.
Wherein, timestamp is typically a character string, the time for uniquely identifying certain a moment.
Wherein, if the original program with shell software is segmented encryption, clear data may be in different periods point
It is not written into Installed System Memory, that is to say, that storing process is also segmented to be carried out, and segment information need to be recorded
And timestamp, so that the system of shelling is integrated to the clear data being segmented.
Step 303, storage information is obtained by loading interface;
Step 304, the plaintext number of the original program with shell software is read according to storage information from Installed System Memory
According to.
In the above embodiment of the present invention, the band shell software to disposable encryption disposably store to system
Internal memory;Carry out fragmented storage to the band shell side sequence of sectional encryption, and record original program segment information and
Each fragmented storage to Installed System Memory timestamp, in order to be integrated to the clear data being segmented;This
Invention uses different treatment with shell software and sectional encryption by disposable encryption with shell side sequence
Flow, with stronger versatility.
Fourth embodiment
Referring to Fig. 4, the fourth embodiment of the present invention provides a kind of method with the shelling of shell software, the method
Including:
Step 401, when band shell software for shelling is run in shelling system, if the original journey with shell software
Sequence only has one-time pad encryption process, then disposably store to shelling the clear data of the original program with shell software
In the Installed System Memory of system, and record storage information of the clear data storage in Installed System Memory.
Step 402, when band shell software for shelling is run in shelling system, if the original journey with shell software
Sequence is segmented encryption, then be to the system of shelling by the clear data fragmented storage of the original program with shell software
In system internal memory, and record storage information and segment data of the clear data storage in Installed System Memory, segmentation
Segment information and each fragmented storage of the data at least including the original program with shell software are to Installed System Memory
Timestamp.
Step 403, storage information is obtained by loading interface.
Step 404, if the original program with shell software only has one-time pad encryption process, according to storage information from
The clear data of the original program with shell software is read in Installed System Memory, or makes shelling system according to storage information
The clear data of the original program with shell software is read from Installed System Memory, and band shell is read from shelling system
The clear data of the original program of software.
Wherein, for the band shell software of disposable encryption, directly can be read with shell software from Installed System Memory
The clear data of original program;Or after system for shelling reads, the reading result to system is intercepted
(clear data of the original program with shell software is read from shelling system).
Step 405, if the original program with shell software is segmented encryption, according to segment information, timestamp
And storage information reads each corresponding clear data of segmentation from Installed System Memory, and to each segmentation correspondence
Clear data collected, obtain the clear data of the original program of software for shelling and store.
Wherein, for the band shell software of sectional encryption, each need to be read from Installed System Memory according to storage information
Corresponding plaintext number is segmented, and each corresponding clear data of segmentation is carried out according to segment information, timestamp
Collect, to obtain complete clear data and store.
In the above embodiment of the present invention, disposably read by the band shell software to disposable encryption;
Segmentation reading is carried out to the band shell side sequence of sectional encryption and is collected according to segment information and timestamp, most
Complete clear data is obtained eventually, with stronger versatility.
5th embodiment
Referring to Fig. 5, the fifth embodiment of the present invention provides a kind of device with the shelling of shell software, the device
Including:
Memory module 501, for being run in shelling system during band shell software for shelling, be by shelling
The loading interface of system stores the clear data of the original program with shell software to the Installed System Memory of shelling system
In, and record storage information of the clear data storage in Installed System Memory;
Acquisition module 502, for obtaining storage information by loading interface;
Data read module 503, for being read with the original of shell software from Installed System Memory according to storage information
The clear data of program.
In the above embodiment of the present invention, clear data is directly obtained by loading interface and is stored in Installed System Memory
In storage information and read the clear data of original program file, without carrying out logic point to every kind of shell side sequence
Analysis or flow trace, shelling efficiency are higher;And the present invention carries out software shelling by loading interface, can fit
System for same-interface carries out various shellings with shell software, with stronger versatility.
Preferably, the device also includes:
Collector, before band shell software for shelling is run in shelling system for memory module 501,
Obtain the source code of original shelling system;
Increase by one in source code and obtain instruction, obtain instruction for the loading interface of the system of shelling to be configured into tool
There is the function of obtaining memory address and read internal memory;
The source code that instruction is obtained to increasing is compiled, the system file of the shelling system after being compiled,
And run shelling system.
Preferably, memory module 501 includes:
First sub-module stored, if there was only one-time pad encryption process for the original program with shell software, by band
The clear data of the original program of shell software is disposable to be stored into the Installed System Memory of shelling system, and records bright
Storage information of the literary data storage in Installed System Memory;
Second sub-module stored, if be segmented encryption for the original program with shell software, will be with shell software
Original program clear data fragmented storage to the Installed System Memory of the system of shelling in, and record clear data and deposit
Storage information and segment data in Installed System Memory are stored up, segment data at least includes with the original of shell software
The segment information of program and each fragmented storage to Installed System Memory timestamp.
Preferably, data read module 503 includes:
First reading submodule, if there was only one-time pad encryption process for the original program with shell software, according to
Storage information reads the clear data of the original program with shell software from Installed System Memory, or makes shelling system root
Read the clear data of the original program with shell software from Installed System Memory according to storage information, and from shelling system
The middle clear data for reading the original program with shell software;
Second reading submodule, if be segmented encryption for the original program with shell software, believes according to segmentation
Breath, timestamp and storage information read each corresponding clear data of segmentation from Installed System Memory, and to every
The corresponding clear data of individual segmentation is collected, and is obtained the clear data of the original program of software for shelling and is deposited
Storage.
Preferably, acquisition module 502 is used for:
Storage information is write by file or in real time output by loading interface.
It should be noted that the device with the shelling of shell software provided in an embodiment of the present invention is to apply the above method
Device, i.e. all embodiments of the above method are applied to the device, and can reach same or analogous
Beneficial effect.
The above is the preferred embodiment of the present invention, it is noted that for the common skill of the art
For art personnel, on the premise of principle of the present invention is not departed from, some improvements and modifications can also be made,
These improvements and modifications also should be regarded as protection scope of the present invention.
Claims (10)
1. it is a kind of with shell software shelling method, it is characterised in that methods described includes:
When band shell software for shelling is run in shelling system, will by the loading interface of the shelling system
The clear data of the original program with shell software is stored into the Installed System Memory of the shelling system, and is remembered
Record storage information of the clear data storage in the Installed System Memory;
The storage information is obtained by the loading interface;
The bright of the original program with shell software is read from the Installed System Memory according to the storage information
Literary data.
2. method according to claim 1, it is characterised in that described operation in shelling system is treated
Before the band shell software of shelling, methods described also includes:
Obtain the source code of original shelling system;
Increase by an acquisition instruction in the source code, it is described to obtain instruction for adding the shelling system
Carrying interface configuration has the function of obtaining memory address and read internal memory;
It is compiled to increasing the source code for obtaining instruction, the system text of the shelling system after being compiled
Part, and run the shelling system.
3. method according to claim 1, it is characterised in that described by the shelling system
Loading interface stores the clear data of the original program with shell software to the system of the shelling system
In internal memory, and storage information of the clear data storage in the Installed System Memory is recorded, including:
If the original program with shell software only has one-time pad encryption process, by described with the original of shell software
The clear data of program is disposably stored into the Installed System Memory of the shelling system, and record the plaintext number
According to storage information of the storage in the Installed System Memory;Or
If the original program with shell software is segmented encryption, by the original program with shell software
In clear data fragmented storage to the Installed System Memory of the shelling system, and record clear data storage and exist
Storage information and segment data in the Installed System Memory, the segment data at least include that the band shell is soft
The segment information of the original program of part and each fragmented storage to Installed System Memory timestamp.
4. method according to claim 3, it is characterised in that it is described according to the storage information from
The clear data of the original program with shell software is read in the Installed System Memory, including:
If the original program with shell software only has one-time pad encryption process, according to the storage information from being
The clear data of the original program with shell software is read in system internal memory, or makes the shelling system according to institute
State the clear data that storage information reads the original program with shell software from Installed System Memory, and from described
The clear data of the original program with shell software is read in shelling system;Or
If the original program with shell software is segmented encryption, according to the segment information, timestamp with
And storage information reads described each corresponding clear data of segmentation from Installed System Memory, and to described each point
The corresponding clear data of section is collected, and is obtained the clear data of the original program of the software for shelling and is deposited
Storage.
5. method according to claim 1, it is characterised in that described to be obtained by the loading interface
The storage information is taken, including:
The storage information is write by file or in real time output by the loading interface.
6. it is a kind of with shell software shelling device, it is characterised in that described device includes:
Memory module, for being run in shelling system during band shell software for shelling, be by the shelling
The loading interface of system stores to the shelling system clear data of the original program with shell software
In Installed System Memory, and record storage information of the clear data storage in the Installed System Memory;
Acquisition module, for obtaining the storage information by the loading interface;
Data read module is soft for reading the band shell from the Installed System Memory according to the storage information
The clear data of the original program of part.
7. device according to claim 6, it is characterised in that described device also includes:
Collector, before band shell software for shelling is run in shelling system for the memory module,
Obtain the source code of original shelling system;
Increase by an acquisition instruction in the source code, it is described to obtain instruction for adding the shelling system
Carrying interface configuration has the function of obtaining memory address and read internal memory;
It is compiled to increasing the source code for obtaining instruction, the system text of the shelling system after being compiled
Part, and run the shelling system.
8. device according to claim 6, it is characterised in that the memory module includes:
First sub-module stored, if there was only one-time pad encryption process for the original program with shell software,
The clear data of the original program with shell software is disposably stored to the system of the shelling system
In depositing, and record storage information of the clear data storage in the Installed System Memory;
Second sub-module stored, if be segmented encryption for the original program with shell software, will be described
In the clear data fragmented storage of the original program with shell software to the Installed System Memory of the shelling system, and remember
Record storage information and segment data of the clear data storage in the Installed System Memory, the segments
According in the segment information and each fragmented storage to system that at least include the original program with shell software
The timestamp deposited.
9. device according to claim 8, it is characterised in that the data read module includes:
First reading submodule, if there was only one-time pad encryption process for the original program with shell software,
The clear data of the original program with shell software is read from Installed System Memory according to the storage information, or
Make the shelling system that the original journey with shell software is read from Installed System Memory according to the storage information
The clear data of sequence, and the clear data of the original program with shell software is read from the shelling system;
Second reading submodule, if be segmented encryption for the original program with shell software, according to institute
State segment information, timestamp and storage information and described each corresponding plaintext of segmentation is read from Installed System Memory
Data, and described each corresponding clear data of segmentation is collected, obtain the original of the software for shelling
The clear data of beginning program is simultaneously stored.
10. device according to claim 6, it is characterised in that the acquisition module is used for:
The storage information is write by file or in real time output by the loading interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510933399.3A CN106886717A (en) | 2015-12-15 | 2015-12-15 | A kind of method and device with the shelling of shell software |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510933399.3A CN106886717A (en) | 2015-12-15 | 2015-12-15 | A kind of method and device with the shelling of shell software |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106886717A true CN106886717A (en) | 2017-06-23 |
Family
ID=59173544
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510933399.3A Pending CN106886717A (en) | 2015-12-15 | 2015-12-15 | A kind of method and device with the shelling of shell software |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106886717A (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102708322A (en) * | 2012-05-12 | 2012-10-03 | 北京深思洛克软件技术股份有限公司 | Method for protecting JAVA application programs in Android system |
-
2015
- 2015-12-15 CN CN201510933399.3A patent/CN106886717A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102708322A (en) * | 2012-05-12 | 2012-10-03 | 北京深思洛克软件技术股份有限公司 | Method for protecting JAVA application programs in Android system |
Non-Patent Citations (2)
| Title |
|---|
| 李露、刘秋菊、徐汀荣: "PE文件中的脱壳技术的研究", 《计算机应用与软件》 * |
| 鲁凯: "对抗环境敏感技术的代码脱壳方法", 《万方学位论文库》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10387648B2 (en) | Ransomware key extractor and recovery system | |
| Stevens et al. | Extracting Windows command line details from physical memory | |
| Rahman et al. | Review of live forensic analysis techniques | |
| CN104036200B (en) | Data classification and encryption method, system and mobile terminal based on Finger-print labelling method | |
| US20080222215A1 (en) | Method for Deleting Virus Program and Method to Get Back the Data Destroyed by the Virus | |
| CN105653905A (en) | Software protection method based on API (Application Program Interface) security attribute hiding and attack threat monitoring | |
| CN107526970B (en) | Method for detecting runtime program bugs based on dynamic binary platform | |
| CN107292168A (en) | Detect method and device, the server of program code | |
| Lovanshi et al. | Comparative study of digital forensic tools | |
| CN108038376A (en) | The general hulling method of cryptor and device based on hybrid analysis | |
| CN104680065A (en) | Virus detection method, virus detection device and virus detection equipment | |
| CN108108617B (en) | Importing table restorative procedure and device based on the tracking of static instruction stream | |
| CN101236531A (en) | Memory and its automatic protection realization method | |
| CN105930728A (en) | Application examining method and device | |
| Khanuja et al. | Role of metadata in forensic analysis of database attacks | |
| CN104504336B (en) | Prevent embedded system by the method and apparatus of malice on-line debugging | |
| CN106886717A (en) | A kind of method and device with the shelling of shell software | |
| CN106612283A (en) | Method and device for identifying source of downloaded file | |
| Sali et al. | Ram forensics: The analysis and extraction of malicious processes from memory image using gui based memory forensic toolkit | |
| US20220366048A1 (en) | Ai-powered advanced malware detection system | |
| CN104615935B (en) | A kind of hidden method towards Xen virtual platforms | |
| Adamu et al. | A conceptual framework for database anti-forensics impact mitigation | |
| Toraskar et al. | Efficient computer forensic analysis using machine learning approaches | |
| Haider AbdAlkreem et al. | Detect People's Faces and Protect Them by Providing High Privacy Based on Deep Learning | |
| Ajetunmobi et al. | Computer Forensic Guideline: A Requirement for fighting cyber Crime in Nigeria now? |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170623 |