CN107291485B - Dynamic link library reinforcing method, operation method, reinforcing device and safety system - Google Patents
Dynamic link library reinforcing method, operation method, reinforcing device and safety system Download PDFInfo
- Publication number
- CN107291485B CN107291485B CN201610222214.2A CN201610222214A CN107291485B CN 107291485 B CN107291485 B CN 107291485B CN 201610222214 A CN201610222214 A CN 201610222214A CN 107291485 B CN107291485 B CN 107291485B
- Authority
- CN
- China
- Prior art keywords
- dynamic link
- link library
- section
- library
- compressed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 65
- 230000003014 reinforcing effect Effects 0.000 title claims description 20
- 230000006837 decompression Effects 0.000 claims abstract description 42
- 230000002787 reinforcement Effects 0.000 claims abstract description 14
- 230000008569 process Effects 0.000 claims abstract description 11
- 230000006870 function Effects 0.000 claims description 36
- 230000006835 compression Effects 0.000 claims description 24
- 238000007906 compression Methods 0.000 claims description 24
- 238000007596 consolidation process Methods 0.000 claims description 7
- 238000010586 diagram Methods 0.000 description 6
- 230000008520 organization Effects 0.000 description 4
- 238000013507 mapping Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 239000008358 core component Substances 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44521—Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Abstract
The reinforcement method provided by the embodiment of the invention is used for generating a replacement file of a dynamic link library file, and the generation process of the replacement file comprises the following steps: analyzing the dynamic link library to obtain the section data of a plurality of sections; compressing the data of the sections; storing the compressed section data to a first section of a dynamic link library; deleting a plurality of sections; and storing the decompressed code in a first section of the dynamically linked library, wherein the decompressed code is configured to be executed upon initialization of the dynamically linked library. In the replacement file, some key section data in the original dynamic link library file is hidden into another section, and the decompression code is also hidden into the section, and the hidden mode does not influence the loading of the application program on the dynamic link library, thereby realizing the security enhancement of the dynamic link library. When the dynamic link library is loaded, the compressed data of the section area is recovered through the decompression code, and the dynamic link library is loaded normally.
Description
Technical Field
The invention relates to the field of computers, in particular to a dynamic link library reinforcing method, an operation method, a reinforcing device and a safety system.
Background
With the popularization of android intelligent machines and the rapid development of the internet, pirated software and malicious software are hidden at great risk. Android DEX (DEX is a full name of Dalvik VM executables, that is, Android Dalvik execution programs, which are usually optimized during execution) is easy to crack, Dalvik running processes can obtain DEX files, and most developers write core codes into dynamic link libraries (shared objects, dynamic libraries of user layers) by using C/C + + (programming language). The dynamic link library file generated by using JNI programming increases the cracking difficulty, but tools such as IDAPro of online stream and the like can still be decompiled, so that the dynamic link library of the core code is prevented from being reversed, and the dynamic link library reinforcing technology is favorable.
Several dynamic link library consolidation techniques commonly used at present have some problems. For example, by implementing reinforcement on file header offsets in an ELF file, for an open source tool, a section field can be obtained by offset repair of a file header, and then debugging the section field to obtain code. For another example, for function library obfuscation in a dynamic link library realized by registering a JNI method in the JNI _ Onload method, the JNI _ Onload may be loaded (if the JNI _ Onload is obfuscated, a corresponding field of the elf file is restored) to debug, and the key code may be found.
Disclosure of Invention
In view of the above, the present invention provides a method, an apparatus, and a security system for reinforcing a dynamic link library.
According to a first aspect of the present invention, the present invention provides a method for reinforcing a dynamic link library, which is used for generating a replacement file of the dynamic link library, and a generation process of the replacement file includes: analyzing the dynamic link library to obtain the section data of a plurality of sections; compressing the section data; storing the compressed section data to a first section of the dynamic link library; deleting the plurality of section areas; and storing decompression code to a first section of the dynamically linked library, wherein the decompression code is configured to be executed upon initialization of the dynamically linked library.
Preferably, the method further comprises the following steps: encrypting the compressed section data; and storing decryption code to a second section of the dynamically linked library, wherein the decryption code is executed prior to execution of the decompression code.
Preferably, the step of storing the compressed segment data in the first segment of the dynamic link library is: and storing the compressed section data into an entry parameter of an entry function of the dynamic link library.
Preferably, the compressing the section data comprises: the compression is performed by a 7-zip compression algorithm.
Preferably, the first nodal region is the dynamic nodal region.
According to a second aspect of the present invention, there is provided a method for operating a dynamically linked library, comprising: before loading the dynamic link library, judging whether the dynamic link library is compressed or not, if so, recovering compressed section data stored in a first section area through a decompression code in the first section area; and completing loading the dynamic link library according to the decompressed section data.
Preferably, the method further comprises the following steps: before the dynamic link library is judged to be compressed, whether the dynamic link library is encrypted is judged, and if the dynamic link library is encrypted, the encrypted section data stored in the first section is recovered through a decryption code in the first section.
According to a third aspect of the present invention, the present invention provides a dynamic link library reinforcing apparatus, configured to generate a replacement file of the dynamic link library, including: the analysis unit is used for analyzing the dynamic link library file to obtain the section data of a plurality of sections; the compression unit is used for compressing the section data of the dynamic link library; a deleting unit configured to delete the plurality of section areas,
wherein the compressed section data and the decompression code are stored in a first section of the dynamic link library, and the decompression code is configured to be executed when the dynamic link library is initialized.
Preferably, the method further comprises the following steps: an encryption unit, configured to encrypt the compressed segment data;
wherein the encrypted compressed data and decryption code are stored in a first section of the dynamically linked library, the decryption code being arranged to be executed before execution of the decompression code.
Preferably, the first nodal region is the dynamic nodal region.
According to a fourth aspect of the present invention, there is provided a security system for dynamically linked libraries, comprising: the dynamic link library compression unit is used for compressing the section data of a plurality of sections of the dynamic link library; storing the compressed data of the plurality of sections to a first section of the dynamic link library; deleting the plurality of section areas; and storing decompression code to a first section of the dynamically linked library, wherein the decompression code is configured to be executed upon initialization of the dynamically linked library.
And the dynamic link library decompression unit is used for judging whether the dynamic link library is compressed or not before loading the dynamic link library, if the dynamic link library is compressed, recovering compressed section data stored in the first section area through a decompression code in the first section area, and completing the loading of the dynamic link library according to the decompressed section data.
Preferably, the method further comprises the following steps: a dynamic link library encryption unit, configured to encrypt the compressed multiple sections of data, and store a decryption code in a first section of the dynamic link library, where the decryption code is executed before the decompression code is executed;
and the dynamic link library decryption unit is used for judging whether the dynamic link library is encrypted or not before loading the dynamic link library, and if the dynamic link library is encrypted, recovering the encrypted section data stored in the first section through the decryption code in the first section.
Preferably, the first nodal region is the dynamic nodal region.
According to a fifth aspect of the present invention, there is provided a dynamic link library reinforcing apparatus, comprising: a memory; and a processor coupled to the memory, the processor configured to execute the method of dynamically linking libraries described above based on instructions stored in the memory.
According to a sixth aspect of the present invention, there is provided a computer-readable storage medium storing computer instructions which, when executed by a processor, implement the method for reinforcing a dynamic link library described above.
According to a seventh aspect of the present invention, there is provided a running apparatus of a dynamic link library, comprising: a memory; and a processor coupled to the memory, the processor configured to execute the method of operating the dynamically linked library based on instructions stored in the memory.
According to an eighth aspect of the present invention, there is provided a computer-readable storage medium storing computer instructions which, when executed by a processor, implement the method for running the above dynamic link library.
The reinforcement method provided by the embodiment of the invention is used for generating a replacement file of the dynamic link library file, in the replacement file, some key section data in the original dynamic link library file are hidden in another section, and the decompression code is also hidden in the section, and the hidden mode does not influence the loading of the application program on the dynamic link library, thereby realizing the security enhancement of the dynamic link library. When the dynamic link library is loaded, the compressed data of the section area is recovered through the decompression code, and the dynamic link library is loaded normally.
Drawings
The above and other objects, features and advantages of the present invention will become more apparent by describing embodiments of the present invention with reference to the following drawings, in which:
FIG. 1 is a mapping view of a dynamic link library file in memory;
FIG. 2 is a flow chart of a method for dynamically linking library consolidation according to an embodiment of the present invention;
FIG. 3 is a flow diagram of a method for dynamically linking library reinforcement according to another embodiment of the present invention;
FIG. 4 is a flow chart of a method of running an application according to an embodiment of the invention;
fig. 5 is a structural diagram of a reinforcing apparatus of a dynamic link library according to an embodiment of the present invention.
Detailed Description
The present invention will be described below based on examples, but the present invention is not limited to only these examples. In the following detailed description of the present invention, certain specific details are set forth. It will be apparent to one skilled in the art that the present invention may be practiced without these specific details. Well-known methods, procedures, and procedures have not been described in detail so as not to obscure the present invention. The figures are not necessarily drawn to scale.
The flowcharts and block diagrams in the figures and block diagrams illustrate the possible architectures, functions, and operations of the systems, methods, and apparatuses according to the embodiments of the present invention, and may represent a module, a program segment, or merely a code segment, which is an executable instruction for implementing a specified logical function. It should also be noted that the executable instructions that implement the specified logical functions may be recombined to create new modules and program segments. The blocks of the drawings, and the order of the blocks, are thus provided to better illustrate the processes and steps of the embodiments and should not be taken as limiting the invention itself.
ELF (dynamic link library) is an abbreviation of Executable and Linkable Format, and is a file Format of an Executable program and a shared library in an Android/Linux operating system. As is well known, Dalvik is a Java virtual machine for the Android platform. The Dalvik virtual machine (Dalvik VM) is one of the core components of the Android mobile device platform. It can support the running of Java applications that have been converted to the @ (i.e., Dalvik Executable) format, which is a compressed format designed specifically for Dalvik, and which is suitable for systems with limited memory and processor speeds.
According to the definition of the ELF file, the ELF file is composed of 4 parts, which are an ELF header (ELF header), a Program header table (Program header table), a Section (Section), and a Section header table (Section header table), as shown in table 1.
Table 1
The ELF header describes the organization of the entire file at the beginning of the file. The program header table indicates how the process image is created, containing an entry for each program header. In the section header table, for each section, there is an entry for describing the corresponding section, and the content of the entry mainly includes the name, type, size, byte offset position in the entire ELF file, and so on. The section provides various items of information (such as instructions, data, symbol tables, relocation information, etc.) of the target file. The specific sections in an ELF file are determined by the section header table contained in the ELF file. The decompiling debugging tool obtains the initial position and the length of the binary byte of each section by reading the ELF head and the section head table, further analyzes the binary byte, and obtains the key code of the dynamic link library. For example,
bss section: the section holds uninitialized data that exists in the program memory map. By definition, when a program starts running, the system initializes those data to 0.
Comment section: the section holds version control information.
Data and.data1 section: these sections hold initialized data that exists in the program memory map.
Debug nodal area: the section holds information debugged for the label. The content is unspecified.
Dynamic section: the section holds dynamically linked information.
Dynstr section: the section holds the strings required for dynamic connection, and generally, the name strings are associated with
Dynsym node region: the section holds a dynamic symbol table.
Fini section: the section holds executable instructions that constitute the termination code of the process.
Section got: the section holds a global offset table.
Hash section: the section holds a hash table of labels.
Init section: the section holds executable instructions that constitute the initialization code for the process. When a program starts running, the system arranges for the code in this section to execute before the main function is called.
Interp nodal region: this section saves the path of the program's interpreter (interpreter).
Line section: the section contains line number information of the editing character, which describes the relationship between the source program and the machine code
Text-level region: the section holds the text or executable instructions of the program.
FIG. 2 is a flow chart of a method for dynamically linking library reinforcement according to an embodiment of the present invention. The reinforcement method comprises step 200-204.
In step 200, the dynamic link library is parsed to obtain segment data of a plurality of segments.
In table 1, a structure definition of the dynamic link library file is given, in this step, according to the structure definition of the dynamic link library, an ELF header and a section header table are read, and according to the definition of each section in the section header table, a start position and a section data length of the section are obtained, thereby obtaining each section data.
In step 201, section data of a plurality of sections of a dynamically linked library is compressed.
The compression algorithm of the node area data has various forms, and in order to keep the structure of the node area data unchanged, the 7-zip compression algorithm is preferably adopted for compression. As will be understood by those skilled in the art, a dynamically linked library includes a plurality of types of sections, and the sections of different types have different roles in the dynamically linked library, so that one or more sections can be selectively compressed according to actual situations during compression. Of course, all section data may be compressed for security.
In step 202, the compressed section data is stored to the first section of the dynamically linked library.
The compressed section data is preferably stored to a dynamic section of the dynamically linked library.
In step 203, the section data of the plurality of sections is deleted.
In step 204, the decompression code is stored to a first section of the dynamically linked library, wherein the decompression code is configured to be executed upon initialization of the dynamically linked library.
In steps 203 and 204, the compressed section is deleted, the decompressed code is stored in the first section, and the decompressed code is set to be executed when the dynamic link library is initialized, so that when the application program loads the dynamic link library, the decompressed code is called by the initialization function to restore the compressed section.
In a preferred embodiment, the step 202 of storing the compressed section data into the first section of the dynamic link library is storing the compressed section data into an entry parameter of an entry function of the dynamic link library.
The reinforcement method provided by the embodiment of the invention is used for generating a replacement file of the dynamic link library file, in the replacement file, some key section data in the original dynamic link library file are hidden in another section, and the decompression code is also hidden in the section, and the hidden mode does not influence the loading of the application program on the dynamic link library, thereby realizing the security enhancement of the dynamic link library.
Fig. 3 shows a more preferred method of consolidation, with dual consolidation achieved by compression and encryption. The reinforcement method comprises step 301-316.
In step 301, ELF headers of the linked library are parsed.
As described above, the ELF header describes the organization form of the dynamic link library file, and during parsing, the ELF header field needs to be read first to obtain the organization form of the section and section header table.
In step 302, it is determined whether there is an entry function before main.
Here, the main function refers to the entry function of the whole application program, but before the program entry function, if some initialization work needs to be done, for example, decompression of a dynamic link library, this part of code needs to be stored in the function before the main function and explicitly set. Whether a function before the main function exists is judged by judging whether the corresponding setting exists. The functions preceding the Main function will be stored in the dynamic section. If there is a function before main, step 304 is performed, otherwise step 303 is performed.
In step 303, the decompressed entry function is increased.
In this step, if the entry function before main is not set in step 302, the decompression code is set as the entry function before main.
In step 304, a determination is made as to whether a compressed field is present.
Here, the compression field is an identifier of whether to compress or not, and is used for the determination of decompression. If the identifier has been set, step 306 is performed, otherwise step 305 is performed.
In step 305, a function field compression field is added to the function structure.
In this step, a compression field is added to the entry function to identify whether to compress or not.
In step 306, the section field is compressed and stored in the entry function.
In step 307, the decompression code is written at the entry function header.
In steps 306 and 307, the section field is compressed by the compression algorithm and the compressed section data and decompressed code are stored to the header of the entry function. Preferably, the compressed section data is stored into an entry parameter (. init _ array) of the entry function.
In step 308, it is verified whether the decompression algorithm was successful.
If successful, step 309 is performed, otherwise step 314 is performed.
In step 309, it is determined whether to encrypt.
If the dynamic link library needs to be further reinforced, the compressed section data is further encrypted, that is, step 310 is executed, otherwise step 315 is executed.
In step 310, the compressed section data is encrypted.
In step 311, a decryption code is written at the head of the entry function.
In steps 310 and 311, the compressed section data (i.e., init _ array in step 306) is further encrypted by an encryption algorithm and a decryption code is stored in the header of the entry function.
In step 312, it is determined whether the compression and encryption was successful.
In step 313, the decryption algorithm is deleted
In step 314, the entry function field is deleted.
In step 312 and 314, the consolidation process of the dynamic link library is verified, and if successful, the step 315 is skipped, otherwise, the decompression and decryption codes and related fields are deleted, and the consolidation process is executed again.
In step 315, the section field of the linked library is deleted
In step 316, the replacement file is output.
In step 315-.
The dynamic link library reinforcing method provided in fig. 2 and fig. 3 can hide key information well for readelf tool viewing, and IDAPro static loading and dynamic debugging, and if a section byte recovery tool is used to initialize a section field of the dynamic link library, the content of the dynamic section is covered, so that the dynamic link library loses the original function. In particular, in fig. 3, based on the section compression, the compressed section data is further encrypted, so as to implement the double protection of the section data.
FIG. 4 illustrates a method for operating a consolidated dynamic link library, which includes steps 401 and 406.
In step 401, the dynamically linked library file is loaded.
In step 402, it is determined whether the library is a consolidated dynamic link library.
In step 403, it is determined whether the compressed field is encrypted.
In step 404, the compressed field is decrypted.
In step 405, the compressed fields are decompressed to recover the section fields.
In step 406, a JNI call is launched.
When loading the dynamic link library written by the JNI, the loader loads the required section data into the memory space for operation, as shown in fig. 1, copies the section data corresponding to the number 1 to the data section of the process, and copies the section data corresponding to the number 2 to the code section of the process. Before mapping the dynamic link library to the memory space, judging whether the dynamic link library is compressed or not and encrypted or not, executing corresponding decompression and decryption codes in the entry function, recovering the section fields from the dynamic section, and then completing the loading process through the JNI calling.
FIG. 5 is a block diagram of a dynamic link library reinforcing apparatus according to an embodiment of the present invention, including a parsing unit 501, a compressing unit 502, and a deleting unit 504
The parsing unit 501 parses the ELF header, the segment header table, and the segment data of the dynamic link library file 50 according to the organization form of the dynamic link library file.
The compression unit 502 compresses the section data by a compression algorithm, and the compressed section data and the decompressed code are stored to the first section to the dynamic link library file 50. In one existing embodiment, the first section is a dynamic section.
The deleting unit 504 deletes the section field of the dynamic link library file 50, and outputs the replacement file 50' corresponding to the original dynamic link library as the library file loaded by the application program.
In a preferred embodiment, the above mentioned reinforcing apparatus further comprises an encryption unit 503, which further encrypts the section data based on the compression, and stores the encrypted section data and the decryption code into the first section of the dynamic link library file. In one existing embodiment, the first section is a dynamic section.
According to the encryption method and the program running method, the invention also provides a security system of the dynamic link library, which comprises the following steps: a dynamic link library compression unit and a dynamic link library decompression unit.
And the dynamic link library compression unit is used for compressing the section data of the plurality of sections of the dynamic link library, storing the compressed section data and the decompressed codes into a first section of the dynamic link library, and deleting the plurality of sections, wherein the decompressed codes are set to be executed when the dynamic link library is initialized.
Before loading the dynamic link library, the dynamic link library decompression unit judges whether the dynamic link library is compressed, if the dynamic link library is compressed, the compressed section data stored in the first section is recovered through the decompression code in the first section, and the loading of the dynamic link library is completed according to the decompressed section data.
In a preferred embodiment, further comprising: a dynamic link library encryption unit and a dynamic link library decryption unit.
The dynamic link library encryption unit encrypts the compressed plurality of sections of data and stores decryption codes into a first section of the dynamic link library, wherein the decryption codes are executed before the execution of the decompression codes.
The dynamic link library decryption unit judges whether the dynamic link library is encrypted or not before loading the dynamic link library, and if the dynamic link library is encrypted, the encrypted section data stored in the first section is recovered through the decryption code in the first section.
The security system provided by the embodiment of the invention comprises a dynamic link library reinforcing mode and how to use the reinforced dynamic link library, so that the security system can be applied to practice and key codes in the dynamic link library are protected.
The various modules or units of the system may be implemented in hardware, firmware or software. The software includes, for example, a code program formed using various programming languages such as JAVA, C/C + +/C #, SQL, and the like. Although the steps and sequence of steps of the embodiments of the present invention are presented in method and method diagrams, the executable instructions of the steps implementing the specified logical functions may be re-combined to create new steps. The sequence of the steps should not be limited to the sequence of the steps in the method and the method illustrations, and can be modified at any time according to the functional requirements. Such as performing some of the steps in parallel or in reverse order.
Systems and methods according to the present invention may be deployed on a single server or on multiple servers. For example, different modules may be deployed on different servers, respectively, to form a dedicated server. Alternatively, the same functional unit, module or system may be deployed in a distributed fashion across multiple servers to relieve load stress. The server includes but is not limited to a plurality of PCs, PC servers, blades, supercomputers, etc. on the same local area network and connected via the Internet.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (17)
1. A reinforcing method of a dynamic link library is used for generating a replacement file of the dynamic link library, and the generation process of the replacement file comprises the following steps:
analyzing the dynamic link library to obtain the section data of a plurality of sections;
compressing the section data;
storing the compressed section data to a first section of the dynamic link library;
deleting the plurality of section areas; and
storing decompression code to a first section of the dynamically linked library, wherein the decompression code is configured to be executed upon initialization of the dynamically linked library.
2. The reinforcement method according to claim 1, further comprising:
encrypting the compressed section data; and
storing decryption code to a first section of the dynamically linked library, wherein the decryption code is executed prior to execution of the decompression code.
3. The reinforcement method according to claim 2, wherein the storing the compressed section data to the first section of the dynamic link library is: and storing the compressed section data into an entry parameter of an entry function of the dynamic link library.
4. The reinforcement method of claim 1, wherein said compressing said section data comprises: the compression is performed by a 7-zip compression algorithm.
5. The reinforcement method according to any one of claims 1 to 4, wherein the first nodal region is a dynamic nodal region.
6. A running method of a dynamic link library comprises the following steps:
when the dynamic link library is loaded, judging whether the dynamic link library is compressed or not, if so, recovering compressed section data stored in a first section through a decompression code in the first section; and
and completing the loading of the dynamic link library according to the decompressed section data.
7. The method of operation of claim 6, further comprising: before the dynamic link library is judged to be compressed, whether the dynamic link library is encrypted is judged, and if the dynamic link library is encrypted, the encrypted section data stored in the first section is recovered through a decryption code in the first section.
8. A dynamic link library reinforcing apparatus for generating a replacement file of the dynamic link library, comprising:
the analysis unit is used for analyzing the dynamic link library file to obtain the section data of a plurality of sections;
the compression unit is used for compressing the section data of the dynamic link library;
a deleting unit configured to delete the plurality of section areas,
wherein the compressed section data and the decompression code are stored in the first section of the dynamic link library, and the decompression code is set to be executed when the dynamic link library is initialized.
9. The reinforcement device of claim 8, further comprising:
an encryption unit, configured to encrypt the compressed segment data;
wherein the encrypted compressed section data and decryption code are stored in a first section of the dynamically linked library, the decryption code being arranged to be executed before execution of the decompression code.
10. The reinforcement device of any one of claims 8 to 9, wherein the first nodal region is a dynamic nodal region.
11. A security system for dynamically linked libraries, comprising:
a dynamic link library compression unit, configured to compress section data of a plurality of sections of the dynamic link library, store the compressed plurality of section data in a first section of the dynamic link library, delete the plurality of sections, and store a decompression code in the first section of the dynamic link library, where the decompression code is configured to be executed when the dynamic link library is initialized;
and the dynamic link library decompression unit is used for judging whether the dynamic link library is compressed or not before loading the dynamic link library, if the dynamic link library is compressed, recovering compressed section data stored in the first section area through a decompression code in the first section area, and completing the loading of the dynamic link library according to the decompressed section data.
12. The security system of claim 11, further comprising:
a dynamic link library encryption unit, configured to encrypt the compressed multiple sections of data, and store a decryption code in a first section of the dynamic link library, where the decryption code is executed before the decompression code is executed;
and the dynamic link library decryption unit is used for judging whether the dynamic link library is encrypted or not before loading the dynamic link library, and if the dynamic link library is encrypted, recovering the encrypted section data stored in the first section through a decryption code in the first section of the dynamic link library.
13. The security system of claim 11, wherein the first section is a dynamic section.
14. A dynamic link library consolidation apparatus, comprising: a memory; and a processor coupled to the memory, the processor configured to perform the method of dynamically linking libraries of any of claims 1 to 5 based on instructions stored in the memory.
15. A computer readable storage medium storing computer instructions which, when executed by a processor, implement a method of reinforcing a dynamically linked library as claimed in any one of claims 1 to 5.
16. An apparatus for running a dynamically linked library, comprising: a memory; and a processor coupled to the memory, the processor configured to perform a method of operating the dynamically linked library of any of claims 6 to 7 based on instructions stored in the memory.
17. A computer-readable storage medium storing computer instructions which, when executed by a processor, implement a method of operating a dynamically linked library as claimed in any one of claims 6 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610222214.2A CN107291485B (en) | 2016-04-11 | 2016-04-11 | Dynamic link library reinforcing method, operation method, reinforcing device and safety system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610222214.2A CN107291485B (en) | 2016-04-11 | 2016-04-11 | Dynamic link library reinforcing method, operation method, reinforcing device and safety system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107291485A CN107291485A (en) | 2017-10-24 |
| CN107291485B true CN107291485B (en) | 2021-01-26 |
Family
ID=60093447
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610222214.2A Active CN107291485B (en) | 2016-04-11 | 2016-04-11 | Dynamic link library reinforcing method, operation method, reinforcing device and safety system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107291485B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108334754B (en) * | 2018-01-31 | 2020-12-08 | 山东奥太电气有限公司 | Encryption and decryption method and system for embedded system program |
| CN109492353B (en) * | 2018-10-11 | 2024-04-16 | 北京奇虎科技有限公司 | Application reinforcement method, device, electronic equipment and storage medium |
| CN109960902B (en) * | 2019-04-08 | 2021-04-06 | 北京智游网安科技有限公司 | Security protection method of dynamic link library, storage medium and terminal equipment |
| CN110309630B (en) * | 2019-06-28 | 2023-05-30 | 南京冰鉴信息科技有限公司 | Java code encryption method and device |
| CN113094666B (en) * | 2021-04-09 | 2022-06-24 | 每日互动股份有限公司 | System for preventing java program from being decompiled |
| CN113535263A (en) * | 2021-07-07 | 2021-10-22 | 深圳市元征未来汽车技术有限公司 | Dynamic library calling method and device, computer equipment and storage medium |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100618701B1 (en) * | 2004-11-15 | 2006-09-07 | 주식회사 하이닉스반도체 | Memory device capable of detecting its failure |
| CN102136053B (en) * | 2011-03-14 | 2014-12-10 | 中兴通讯股份有限公司 | Method and device for protecting source code of executable file |
| CN103077332B (en) * | 2012-12-28 | 2015-08-26 | 飞天诚信科技股份有限公司 | A kind of method and apparatus running the cryptor containing self checking |
| CN104216890A (en) * | 2013-05-30 | 2014-12-17 | 北京赛科世纪数码科技有限公司 | Method and system for compressing ELF file |
| CN103617401B (en) * | 2013-11-25 | 2017-02-08 | 北京深思数盾科技股份有限公司 | Method and device for protecting data files |
| CN104239757B (en) * | 2014-09-30 | 2017-04-19 | 北京奇虎科技有限公司 | Application program reversing-preventing method and device and operation method and terminal |
-
2016
- 2016-04-11 CN CN201610222214.2A patent/CN107291485B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN107291485A (en) | 2017-10-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107291485B (en) | Dynamic link library reinforcing method, operation method, reinforcing device and safety system | |
| CN106778103B (en) | Reinforcement method, system and decryption method for preventing reverse cracking of android application program | |
| CN106203006A (en) | Android application reinforcement means based on dex Yu so file Dynamic Execution | |
| US20160203087A1 (en) | Method for providing security for common intermediate language-based program | |
| CN106126981B (en) | Software security means of defence based on the replacement of virtual function table | |
| CN110929234B (en) | Python program encryption protection system and method based on code virtualization | |
| CN104680039B (en) | A kind of data guard method and device of application program installation kit | |
| CN108491235B (en) | DEX protection method combining dynamic loading and function Native | |
| CN107273723B (en) | So file shell adding-based Android platform application software protection method | |
| US10878086B2 (en) | Dynamic code extraction-based automatic anti analysis evasion and code logic analysis apparatus | |
| CN103530535A (en) | Shell adding and removing method for Android platform application program protection | |
| KR102433011B1 (en) | Method of apk file protection, apk file protection system performing the same, and storage medium storing the same | |
| KR101695639B1 (en) | Method and system for providing application security service based on cloud | |
| CN108399319B (en) | Source code protection method, application server and computer readable storage medium | |
| CN109598107B (en) | Code conversion method and device based on application installation package file | |
| CN104318155A (en) | Dynamic loading method capable of guarding against reverse APK file | |
| US8533826B2 (en) | Method for protecting the source code of a computer program | |
| KR102001046B1 (en) | Apparatus and Method of Providing Security, and Apparatus and Method of Executing Security for Common Intermediate Language | |
| CN109992974B (en) | Method and device for protecting byte code file of virtual machine and readable storage medium | |
| CN116522368A (en) | Firmware decryption analysis method for Internet of things equipment, electronic equipment and medium | |
| KR101749209B1 (en) | Method and apparatus for hiding information of application, and method and apparatus for executing application | |
| CN112052461A (en) | Code processing method based on instruction injection, terminal and storage medium | |
| CN108664796B (en) | So file protection method and device | |
| KR101863325B1 (en) | Method and apparatus for preventing reverse engineering | |
| CN115756480A (en) | Android application reinforcement method, system and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |