CN107292132B - Method and device for loading shared object file for android system - Google Patents
Method and device for loading shared object file for android system Download PDFInfo
- Publication number
- CN107292132B CN107292132B CN201610192553.0A CN201610192553A CN107292132B CN 107292132 B CN107292132 B CN 107292132B CN 201610192553 A CN201610192553 A CN 201610192553A CN 107292132 B CN107292132 B CN 107292132B
- Authority
- CN
- China
- Prior art keywords
- file
- shared object
- parameter
- object file
- function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000011068 loading method Methods 0.000 title claims abstract description 123
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000002955 isolation Methods 0.000 claims abstract description 86
- 238000007781 pre-processing Methods 0.000 claims abstract description 40
- 238000004458 analytical method Methods 0.000 claims abstract description 16
- 238000004806 packaging method and process Methods 0.000 claims abstract description 11
- 230000006870 function Effects 0.000 claims description 137
- 230000015654 memory Effects 0.000 claims description 34
- 238000012545 processing Methods 0.000 claims description 24
- 230000008569 process Effects 0.000 claims description 16
- 230000004048 modification Effects 0.000 claims description 5
- 238000012986 modification Methods 0.000 claims description 5
- 238000009434 installation Methods 0.000 description 18
- 238000010586 diagram Methods 0.000 description 7
- 238000004891 communication Methods 0.000 description 6
- 238000004590 computer program Methods 0.000 description 5
- 230000003068 static effect Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000005336 cracking Methods 0.000 description 2
- 238000012856 packing Methods 0.000 description 2
- 230000002787 reinforcement Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 238000009517 secondary packaging Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
Abstract
The application discloses a method and a device for loading a shared object file for an android system. One embodiment of the method comprises: responding to a received preprocessing request sent by a terminal, and acquiring a first original parameter of a first preset position and a second original parameter of a second preset position of a shared object file; modifying a first original parameter and a second original parameter of the shared object file into a user-defined parameter; generating an isolation file for isolating the shared object file, wherein the isolation file comprises a loading function, and the loading function comprises an analysis function for analyzing the user-defined parameters; setting parameters of a preset position of an isolated file as first original parameters; and packaging and sending the isolation file containing the first original parameter and the shared object file containing the custom parameter to the terminal so that the terminal loads the shared object file based on the isolation file and the custom parameter. The implementation mode can improve the security level of the shared object file.
Description
Technical Field
The application relates to the technical field of computers, in particular to the technical field of data security, and particularly relates to a method and a device for loading a shared object file for an android system.
Background
With the development of internet technology and terminal devices, the android system has been developed rapidly due to the openness of its functional interface, and has gradually become the most popular operating system of the mobile terminal. Meanwhile, the open functional interface also provides convenience for malicious software, and the malicious behaviors such as decompilation, reverse analysis, secondary packaging and the like aiming at the application of the android system are rampant increasingly, so that very serious security threats are brought to developers and users of application programs.
To combat malware, most android applications encapsulate their core code in a Shared Object (SO) file. However, the SO file itself is a standard Executable Link Format (ELF) file, and can be reversely analyzed by tools such as static decompilation software. The SO file after reverse analysis can be packaged twice, that is, the application program is still unprotected.
Disclosure of Invention
The application aims to provide an improved method and device for loading a shared object file for an android system, so as to solve the technical problems mentioned in the background technology section.
In one aspect, the application provides a method for loading a shared object file for an android system, where the method includes: responding to a received preprocessing request sent by a terminal, and acquiring a first original parameter of a first preset position and a second original parameter of a second preset position of the shared object file; modifying the first original parameter and the second original parameter of the shared object file into custom parameters; generating an isolation file for isolating the shared object file, wherein the isolation file comprises a loading function for loading the shared object file containing the custom parameter, and the loading function comprises an analysis function for analyzing the custom parameter; setting parameters of a preset position of the isolation file as the first original parameters; and packaging and sending the isolation file containing the first original parameter and the shared object file containing the user-defined parameter to a terminal so that the terminal loads the shared object file based on the isolation file and the user-defined parameter.
In a second aspect, a method for loading a shared object file for an android system includes sending a preprocessing request to a server, and receiving a packed file including an isolation file containing a first original parameter and a shared object file containing a custom parameter, which is returned by the server based on the preprocessing request; loading the isolation file to a memory, wherein the isolation file comprises a loading function used for loading a shared object file containing a custom parameter, and the loading function comprises an analysis function used for analyzing the custom parameter of the shared object file containing the custom parameter as an original parameter of the shared object file, wherein the custom parameter is generated after the original parameter is subjected to predetermined processing; the loading function is operated, and the loading function firstly analyzes the custom parameters into the original parameters according to the analysis function; secondly, the loading function loads the shared object file to a memory according to the original parameters.
In a third aspect, the present application provides an apparatus for loading a shared object file for an android system, where the apparatus includes: the acquisition module is configured to respond to a received preprocessing request sent by a terminal and acquire a first original parameter of a first preset position and a second original parameter of a second preset position of the shared object file; configuring the first original parameter and the second original parameter for modifying the shared object file as custom parameters; a generating module configured to generate an isolation file for isolating the shared object file, where the isolation file includes a loading function for loading the shared object file containing the custom parameter, and the loading function includes an analyzing function for analyzing the custom parameter; and the setting module is configured to set the parameter of the preset position of the isolation file as the first original parameter.
In a fourth aspect, the application provides a loading device preprocessing request module for a shared object file of an android system, configured to send a preprocessing request to a server, and receive a packed file including an isolation file containing a first original parameter and a shared object file containing a custom parameter, which is returned by the server based on the preprocessing request; a loading module configured to load the isolated file containing the first original parameter into a memory, where the isolated file includes a loading function used to load the shared object file containing the custom parameter, and the loading function includes an analysis function used to analyze the custom parameter as an original parameter of the shared object file, where the custom parameter is generated after the original parameter is processed in advance; the running module is configured to run the loading function, and the loading function firstly resolves the custom parameter into the original parameter according to the resolving function; secondly, the loading function loads the shared object file to a memory according to the original parameters.
According to the method and the device for loading the shared object file, a first original parameter of a first preset position and a second original parameter of a second preset position of the shared object file are obtained by responding to a received preprocessing request sent by a terminal, then the first original parameter and the second original parameter of the shared object file are modified to be self-defined parameters, then an isolation file used for isolating the shared object file is generated, the isolation file comprises a loading function used for loading the shared object file containing the self-defined parameters, the loading function comprises an analysis function used for analyzing the self-defined parameters, then the parameters of the preset position of the isolation file are set to be the first original parameters, and finally the isolation file containing the first original parameters and the shared object file containing the self-defined parameters are packaged and sent to the terminal, so that the terminal loads the shared object file based on the isolation file and the self-defined parameters. The shared library file can be set to be in a non-standard executable link format from a standard executable link format, so that static decompiling software cannot decompile and analyze the shared library file; meanwhile, the shared library file in the non-standard executable link format is isolated by using the isolation file, so that the security level of the shared file is further improved, and the reinforcement protection of the application based on the android system is realized.
Drawings
Other features, objects and advantages of the present application will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, with reference to the accompanying drawings in which:
FIG. 1 illustrates an exemplary system architecture to which embodiments of the present application may be applied;
FIG. 2 is an exemplary flow diagram of one embodiment of a method for loading shared object files for an android system according to the application;
FIG. 3 is an exemplary flow diagram of another embodiment of a method for loading shared object files for an android system according to the present application;
FIG. 4 is an exemplary block diagram of one embodiment of a loading device for shared object files of an android system according to the present application;
FIG. 5 is an exemplary block diagram of another embodiment of a loading device for a shared object file of an android system according to the present application;
FIG. 6 illustrates a schematic block diagram of a computer system suitable for use in implementing the apparatus of embodiments of the present application.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings.
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
FIG. 1 illustrates an exemplary system architecture 100 to which embodiments of the present application may be applied.
As shown in fig. 1, the system architecture 100 may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 through the network 104, so as to facilitate the terminal devices 101, 102, 103 to upload a preprocessing request for an application to the server 105, and the terminal devices 101, 102, 103 to download a packaged file or the like preprocessed by the server 105. The user may be a developer of the application or a user of the application.
The terminal devices 101, 102, 103 may be electronic devices having a data processing function. The terminal devices 101, 102, and 103 may have installed thereon an android operating system, and various client applications developed based on the android operating system, such as a web browser, a mailbox client, and the like, so as to upload the non-preprocessed shared object file to the server 105 for preprocessing.
The terminal devices 101, 102, 103 may be various electronic devices supporting a web browser and various applications installed thereon, including but not limited to smartphones, smartwatches, tablets, personal digital assistants, laptop portable computers, desktop computers, and the like.
The server 105 may be a server that provides various services. The server 105 may perform preprocessing on the received shared object file through the network 104 and communicate with other servers, and provide services such as uploading and downloading the shared object file to the terminal devices 101, 102, and 103.
It should be noted that the loading method for the shared object file of the android system provided in the embodiment of the present application may be executed by the terminal devices 101, 102, and 103, and the loading device for the shared object file of the android system is also generally disposed in the terminal devices 101, 102, and 103.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Referring to FIG. 2, an exemplary flow 200 of one embodiment of a method for loading shared object files for an android system is shown, in accordance with the present application. The method for loading the shared object file in the android system comprises the following steps:
In this embodiment, an electronic device (for example, the server 105 shown in fig. 1) on which the loading method for the shared object file of the android system runs may receive the preprocessing request from the user terminal (for example, the terminal devices 101, 102, and 103 shown in fig. 1) through a wired connection manner or a wireless connection manner. And the received preprocessing request comprises the shared object file of the application. Specifically, the electronic device may receive an application installation package file from the user terminal, where the installation package file may include a resource file and a shared object file. The shared object file may be a file in an executable link format with an extension of ". So". In the present embodiment, the format of the shared object file includes a file header, a program header, a section header, and each section. The file header is located at the top of the shared object file, and includes a file type, a processor model supported by the file, and addresses where the program header and the segment header start, that is, entry addresses of the program code and the segment content. The program header and the segment header include the offset for locating the program code and the contents of each segment. Each section stores the same type of content, for example, a section storing a code, a section storing initialized data, and a section storing uninitialized data.
The wireless connection means includes, but is not limited to, a 3G/4G connection, a WiFi connection, a bluetooth connection, a WiMAX connection, a Zigbee connection, an UWB (ultra wideband) connection, and other wireless connection means now known or developed in the future.
After receiving a preprocessing request of the user terminal, the electronic device finds the shared object file from the installation package file. And then processes the shared object file by using various processing methods. Specifically, the electronic device first obtains a first original parameter at a first predetermined location and a second original parameter at a second predetermined location of the shared object file.
In this embodiment, the first predetermined location may be an arbitrarily specified location in the shared object file, for example, the first predetermined location may be an extension of the shared object file. The first original parameter may be, for example, an original extension of the shared object file.
In this embodiment, the second predetermined location may be an arbitrarily specified location in the shared object file, for example, the second predetermined location may be a section of the shared object file, where the code is stored. The second original parameter may be a code in the section.
In some optional implementations of the embodiment, the obtaining the first original parameter of the first predetermined location of the shared object file includes obtaining an original parameter of a file header of the shared object file and an extension of the shared object file. That is, the first original parameter may be an original parameter of a file header of the shared object file.
In some optional implementations of the embodiment, acquiring the second original parameter of the second predetermined location of the shared object file includes acquiring original parameters of a section header table and a program header table of the shared object file. That is, the second original parameter may be an original parameter in the section header table and the program header table of the shared object file.
In some optional implementations of this embodiment, the shared object file is shelled before the original parameters of the file header of the shared object file and the original parameters of the program header table and the segment header table are acquired. For example, the original shared object file may be shelled using a commonly used shell tool. Therefore, malicious software can analyze the plaintext codes of the shared object file only after being cracked, and the security level of the shared object file is increased.
The electronic device may process the first original parameter and the second original parameter obtained in step 201 by using various reinforcement methods. Specifically, in this embodiment, the first original parameter and the second original parameter of the shared object file may be modified to obtain the customized parameter.
In some optional implementations of this embodiment, the original parameters of the file header of the shared object file are removed first, and then the original parameters of the section header table and the program header table are subjected to predetermined processing to generate the custom parameters. The predetermined processing here may be, for example, encryption using various encryption algorithms for the original parameters of the section header table and the program header table. The encryption algorithm may include, but is not limited to: advanced Encryption Standard (AES) Algorithm, RSA Encryption Algorithm, elliptic Curve Cryptography (ECC) Algorithm, diffie-Hellman (DH) Algorithm, secure Hash Algorithm (SHA), and the like.
And using the self-defined parameter obtained by performing predetermined processing on the original parameters of the section header table and the program header table as the parameter of the file header of the shared object file with the first original parameter removed. The file header of the shared object file becomes the custom file header, and the standard linker of the android system cannot load the shared object file containing the custom file header.
In addition, in this embodiment, parameters in the program header table and the segment header table may also be encrypted, so that the malware cannot directly read contents in the program header table and the segment header table, and further plays a role in protecting the shared object file.
In addition, the extension of the shared object file containing the custom parameter may be modified and then placed into a resource folder in the application installation package, where the resource folder may be, for example, an "assets" folder in the installation package. The modified extension of the shared object file containing the custom file header put in the resource folder "assets" may be ". Txt", for example.
In step 203, an isolation file for isolating the shared object file is generated.
In this embodiment, in order to further protect the shared object file, an isolation file for isolating the shared object file is generated at a position where the shared object file originally exists. Because the files stored in the assets resource files cannot be compiled by the compiler, a loading function can be set in the isolation files, and a path is specified in the loading function to access the shared object files containing the custom parameters.
Additionally, the load function includes a parse function for parsing the custom parameters. Specifically, the analysis function may be generated according to each step of predetermined processing in the process of performing the predetermined processing on the original parameters of the section header table and the program header table. The parsing function is the inverse process of the predetermined process, and can parse the custom parameter into the original parameters of the program header table and the segment header table of the shared object file.
The load function may obtain offsets of the program code segments, the data segments, and the like according to the original parameters of the program header table and the segment header table of the shared object file obtained by the parse function. And reads the program code, data, etc. into the memory or cache according to the offset.
In order for the system loader to load the isolated file first when loading the shared object file, the header of the shared object file that has not been subjected to predetermined processing may be set at the forefront of the isolated file as the header of the isolated file. While modifying the extension of the isolated file to the original extension (.so) of the shared object file.
In some optional implementations of the present embodiment, after the file header of the shared object file that has not been subjected to the predetermined processing is set at the forefront of the isolated file as the file header of the isolated file, the isolated file is shelled using a commonly used shelling tool. When the isolation file is cracked by malicious software, the shell added to the isolation file needs to be cracked first, so that the difficulty in cracking the isolation file is increased.
When the terminal device loads the shared object file, i.e. the shared library file, in the application installation package, the isolation file disguised as the shared object file is actually loaded. And after the isolation file is loaded into the memory, a loading function in the isolation file runs, and the loading function reads the shared object file containing the self-defined parameters and disguised as the resource file into the memory.
According to the method provided by the above embodiment of the application, because the format of the shared object file is set to the custom format from the standard executable link format, the static decompilation software cannot compile and analyze the shared object file. Meanwhile, the method also sets an isolation file for isolating the shared object file, thereby further increasing the reverse cracking difficulty of the shared object file. The android system-based application can be effectively protected.
Referring next to fig. 3, an exemplary flow 300 of another embodiment of a method for loading a shared object file for an android system according to the present application is shown. The process 300 includes the following steps:
In this embodiment, an electronic device (such as terminal devices 101, 102, and 103 shown in fig. 1) on which a loading method for a shared object file of an android system runs may first send a preprocessing request to a server (such as server 105 shown in fig. 1) through a wired connection manner or a wireless connection manner. And the sent preprocessing request comprises a shared object file of an application. Specifically, the electronic device may send an application installation package file to the server, where the installation package file may include a resource file and a shared object file.
The server performs predetermined processing on the shared object file to generate a shared object file disguised as a resource file and an isolation file disguised as the shared object file and used for isolating the shared object file disguised as the resource file. Wherein the shared object file disguised as a resource file (e.g., a file in the "assets" folder) contains a header of the custom parameters. The header of the isolated file contains all the parameters of the original header of the shared object file. The electronic equipment receives an application installation package file after preset processing is carried out on a shared object file from a server in a wired connection mode or a wireless connection mode, wherein the application installation package file after the preset processing comprises an isolation file containing an original file header of the shared object file and a shared object file containing a custom file header which are packaged together.
In this embodiment, the format of the isolated file obtained by the electronic device from the server in step 301 is the format of the standard shared object file.
The protected shared object file is disguised as a resource file stored in a resource folder, such as the resource folder "assets". Since the files in the resource folder "assets" are not compiled by the compiler, the isolation file includes a load function for loading the shared object file containing the custom parameters. A path can be specified in the loading function to access the shared object file containing the custom parameter.
In addition, the loading function includes an analysis function for analyzing the custom parameter into an original section header table parameter and a program header table parameter of the shared object file, so as to obtain the offset of the code section, the data and the section of the parameter in the shared object file. And reading the program codes, data and the like of the shared object file into a memory or a cache according to the offset.
In this embodiment, since the isolation file has a standard format of the shared object file, when the terminal device loader loads the shared object file into the memory, the terminal device loader first loads the isolation file into the memory or the cache.
In some optional implementations of this embodiment, the isolated file is an isolated file that is shelled by the server using a shell tool. In addition, a shelling function is preset in the isolation file after the shell is added, so that the shelling function automatically runs and shells the isolation file after the shell is added in the process of loading the isolation file after the shell is added to the memory.
In this embodiment, after loading the isolation file into the memory or the cache, the loading function in the isolation file is run. That is, the shared object file with the custom parameters disguised as a resource file is accessed by a specified path in the load function.
In this embodiment, after accessing the shared object file with the custom parameter, the parsing function in the loading function first parses the custom parameter, and parses the custom parameter into the original parameters of the program header table and the segment header table of the shared object file. Then, the loading function locates the storage positions of the code segments, initialized data, uninitialized data and the like in the shared object file according to the offsets specified by the original parameters of the program header table and the header tables of the segments, and reads the codes, the initialized data, the uninitialized data and the like in the original shared object file into the internal memory or the cache.
In some optional implementation manners of this embodiment, the shared object file containing the custom parameter is a shared object file after being shelled by a shell function. The shared object file after being added with the shell also comprises a shelling function stored in advance, so that in the process of loading the shared object file containing the custom parameters into the memory by the loading function, the shelling function automatically runs and shells the shared object file after being added with the shell.
In some optional implementations of this embodiment, the isolation file further includes an inverse debug function pre-bound to the load function, such that the inverse debug function is run before the load function is run.
In some optional implementations of this embodiment, the isolation file further includes an inverse quadratic packing function pre-bound to the load function, so that the inverse quadratic packing function is executed before the load function is executed.
According to the method provided by the embodiment of the application, when the terminal loads the shared object file, the isolation file is loaded first, and then the shared object file disguised as the resource file is loaded by the isolation file, so that the static decompilation software cannot compile and analyze the shared object file. In addition, since the isolation file is bound with an anti-debugging function and an anti-quadratic packaging function in advance, malicious software and malicious personnel cannot dynamically decompile the shared object file. So that the application is effectively protected.
Referring to fig. 4, as an implementation of the method shown in fig. 2, the present application provides an embodiment of a loading apparatus for a shared object file of an android system, where the apparatus may be applied to various electronic devices.
With further reference to fig. 4, as an implementation of the method shown in fig. 2, the present application provides an embodiment of a loading apparatus for a shared object file of an android system, which may be specifically applied to various electronic devices.
As shown in fig. 4, the loading apparatus 400 for the shared object file of the android system may include, but is not limited to: an acquisition module 401, a modification module 402, a generation module 403, a setting module 404 and a sending module 405. The obtaining module 401 is configured to, in response to a received preprocessing request sent by a terminal, obtain a first original parameter at a first predetermined location and a second original parameter at a second predetermined location of a shared object file. The modifying module 402 is configured to modify the first original parameter and the second original parameter of the shared object file into the custom parameter. The generating module 403 is configured to generate an isolation file for isolating the shared object file, where the isolation file includes a loading function for loading the shared object file containing the custom parameter, and the loading function includes a parsing function for parsing the custom parameter. A setting module 404 configured to set a parameter of a predetermined location of the isolated file as a first original parameter. The sending module 405 is configured to package and send the isolated file containing the first original parameter and the shared object file containing the custom parameter to the terminal, so that the terminal loads the shared object file based on the isolated file and the custom parameter.
In this embodiment, the obtaining module 401 of the loading apparatus 400 for a shared object file of an android system may receive a preprocessing request from a user terminal (for example, terminal devices 101, 102, and 103 shown in fig. 1) in a wired connection manner or a wireless connection manner. In the received preprocessing request, a shared object file of an application is included. Specifically, the obtaining module 401 may receive an application installation package file from the user terminal, where the installation package file may include the resource file and the shared object file.
In this embodiment, the sending module 405 may send the application installation package file after performing the predetermined processing on the shared object file to a user terminal (for example, the terminal devices 101, 102, and 103 shown in fig. 1) through a wired connection manner or a wireless connection manner.
In some optional implementations of the embodiment, the obtaining module 401 is further configured to obtain an original parameter of a file header of the shared object file and an original parameter of a section header table and a program header table of the shared object file. The modification module 402 is further configured to remove the original parameters of the file header of the shared object file, and perform predetermined processing on the original parameters of the segment header table and the program header table to generate the custom parameters.
In some optional implementations of this embodiment, the loading apparatus 400 for a shared object file of an android system further includes a shell adding module (not shown in the figure). The shell adding module is configured to add a shell to the shared object file before the obtaining module 401 obtains the parameters of the original file header of the shared object file and the parameters of the original program header table and the segment header table.
In some optional implementations of this embodiment, the shell adding module is further configured to add a shell to the isolated file after the setting module sets the parameter of the predetermined position of the isolated file as the original file header of the shared object file.
Those skilled in the art will appreciate that the loading apparatus 400 for shared object files of android system described above also includes some other well-known structures, such as processors, memories, etc., which are not shown in fig. 4 in order to unnecessarily obscure embodiments of the present disclosure.
Referring to fig. 5 further, as an implementation of the method shown in fig. 3, the present application provides another embodiment of a loading apparatus for a shared object file of an android system, and the apparatus may be specifically applied to various electronic devices.
As shown in fig. 5, the loading apparatus 500 for the shared object file of the android system may include, but is not limited to: a preprocessing request and receiving module 501, a loading module 502 and an operating module 503. The preprocessing request and receiving module 501 is configured to send a preprocessing request to a server, and receive a packed file including an isolation file including an original parameter and a shared object file including a custom parameter, which is returned by the server based on the preprocessing request. The loading module 502 is configured to load an isolation file including an original parameter into a memory, where the isolation file includes a loading function for loading a shared object file including a custom parameter, and the loading function includes an analysis function for analyzing the custom parameter as the original parameter of the shared object file, where the custom parameter is generated after predetermined processing of the original parameter. The running module 503 is configured to run a loading function, and the loading function firstly resolves the custom parameter into an original parameter according to the resolving function; and secondly, the loading function loads the shared object file to the memory according to the original parameters.
In this embodiment, the preprocessing request and receiving module 501 of the loading apparatus 500 for a shared object file of an android system may send a preprocessing request to a server in a wired connection manner or a wireless connection manner. And the sent preprocessing request comprises a shared object file of an application. Specifically, the preprocessing request and receiving module 501 may send an application installation package file and a request for performing predetermined processing on the application installation package file to the server. The application installation package file may include a resource file and a shared object file. The preprocessing request and receiving module 501 may receive the application installation package file subjected to predetermined processing on the shared object file from the server in a wired connection manner or a wireless connection manner. The application installation package file after the preset processing comprises an isolation file containing an original file header of a shared object file and a package file containing a shared object file of a custom file header, wherein the custom file header comprises custom parameters.
In some optional implementations of this embodiment, the isolation file is an isolation file that is shelled by a shelling function, and the shelled isolation file further includes a shelling function stored in advance therein; in the process of loading the isolation file into the memory by the loading module 502, the shelling function automatically runs and shells the isolation file after adding the shell; the loading module 502 loads the unshelled isolation file into the memory.
In some optional implementation manners of this embodiment, the shared object file containing the custom parameter is a shared object file after being shelled by a shell adding function, and the shared object file after being shelled further includes a shell removing function stored in advance therein; when the running module 503 runs, in the process of loading the shelled shared object file to the memory by the loading function, the shelling function automatically runs and shells the shelled shared object file; and loading the unshelled shared object file to the memory by the loading function.
In some optional implementations of this embodiment, the isolation file further includes an inverse debug function pre-bound to the load function, such that the inverse debug function is run before the run module 503 runs the load function.
In some optional implementations of this embodiment, the isolation file further includes an inverse quadratic packaging function pre-bound with the load function, so that the inverse quadratic packaging function is run before the run module 503 runs the load function.
Referring now to FIG. 6, shown is a block diagram of a computer system 600 suitable for use in implementing the various apparatus of the embodiments of the present application.
As shown in fig. 6, the computer system 600 includes a Central Processing Unit (CPU) 601 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 602 or a program loaded from a storage section 608 into a Random Access Memory (RAM) 603. In the RAM 603, various programs and data necessary for the operation of the system 600 are also stored. The CPU 601, ROM 602, and RAM 603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
The following components are connected to the I/O interface 605: an input portion 606 including a keyboard, a mouse, and the like; an output portion 607 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The driver 610 is also connected to the I/O interface 605 as needed. A removable medium 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 610 as necessary, so that a computer program read out therefrom is mounted in the storage section 608 as necessary.
In particular, according to embodiments of the present application, the processes described above with reference to the flow diagrams may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program tangibly embodied on a machine-readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 609, and/or installed from the removable medium 611.
The modules referred to in the embodiments of the present application may be implemented in a software manner, or may be implemented in a hardware manner. The described modules may also be provided in a processor, which may be described as: a processor includes an acquisition module, a modification module, a generation module, and a setting module. The names of the modules do not form a limitation on the modules themselves in some cases, for example, the obtaining module may also be described as a "module configured to obtain a first original parameter of a first predetermined location and a second original parameter of a second predetermined location of the shared object file".
As another aspect, the present application also provides a non-volatile computer storage medium, which may be the non-volatile computer storage medium included in the apparatus in the above-described embodiments; or it may be a non-volatile computer storage medium that exists separately and is not installed in a terminal or server.
The non-transitory computer storage medium stores one or more programs that, when executed by a device, cause the device to: .
Alternatively, the non-volatile computer storage medium stores one or more programs that, when executed by a device, cause the device to: .
The above description is only a preferred embodiment of the application and is illustrative of the principles of the technology employed. It will be appreciated by a person skilled in the art that the scope of the invention as referred to in the present application is not limited to the embodiments with a specific combination of the above-mentioned features, but also covers other embodiments with any combination of the above-mentioned features or their equivalents without departing from the inventive concept. For example, the above features may be replaced with (but not limited to) features having similar functions disclosed in the present application.
Claims (18)
1. A loading method of a shared object file for an android system is characterized by comprising the following steps:
responding to a received preprocessing request sent by a terminal, and acquiring a first original parameter of a first preset position and a second original parameter of a second preset position of the shared object file;
modifying the first original parameter and the second original parameter of the shared object file into custom parameters;
generating an isolation file for isolating the shared object file, wherein the isolation file comprises a loading function for loading the shared object file containing the custom parameter, and the loading function comprises an analysis function for analyzing the custom parameter;
setting the parameter of the preset position of the isolation file as the first original parameter;
and packaging and sending the isolation file containing the first original parameter and the shared object file containing the custom parameter to a terminal so that the terminal loads the shared object file based on the isolation file and the custom parameter.
2. The method of claim 1,
the obtaining of the first original parameter of the first predetermined position of the shared object file comprises obtaining an original parameter of a file header of the shared object file;
the obtaining of the second original parameter at the second predetermined position of the shared object file includes obtaining original parameters of a section header table and a program header table of the shared object file;
the modifying the first original parameter and the second original parameter of the shared object file into the self-defined parameter comprises removing the original parameter of the file header of the shared object file, and generating the self-defined parameter after the original parameters of the section header table and the program header table are subjected to preset processing.
3. The method according to claim 1, further comprising shelling the shared object file before the obtaining of the first original parameter of the first predetermined location and the second original parameter of the second predetermined location of the shared object file.
4. The method of claim 1, further comprising shelling the isolated file after the setting of the parameter for the predetermined location of the isolated file to the first original parameter.
5. A loading method for a shared object file of an android system is characterized by comprising the following steps:
sending a preprocessing request to a server, and receiving a packed file which is returned by the server based on the preprocessing request and comprises an isolation file containing original parameters and a shared object file containing custom parameters;
loading the isolation file to a memory, wherein the isolation file comprises a loading function used for loading a shared object file containing a custom parameter, and the loading function comprises an analysis function used for analyzing the custom parameter of the shared object file containing the custom parameter as an original parameter of the shared object file, wherein the custom parameter is generated after the original parameter is subjected to predetermined processing;
the loading function is operated, and the loading function firstly analyzes the custom parameters into the original parameters according to the analysis function; secondly, the loading function loads the shared object file to a memory according to the original parameters.
6. The method of claim 5, wherein the isolation file further comprises an anti-debug function pre-bound to the load function, such that the anti-debug function is run prior to the load function.
7. The method of claim 5, wherein the isolation file further comprises an inverse quadratic packaging function pre-bound to the load function, such that the inverse quadratic packaging function is run before the load function is run.
8. The method of claim 5, wherein the isolated file is a shelled isolated file, the shelled isolated file further comprising a shelling function pre-stored therein;
and in the process of loading the shelled isolation file into the memory, the shelling function automatically runs and shells the shelled isolation file.
9. The method according to claim 5, wherein the shared object file containing the custom parameter is an shelled shared object file, and the shelled shared object file further comprises a shelling function stored in advance therein;
and in the process that the loading function loads the shared object file containing the custom parameters to the memory, the shelling function automatically runs and shells the shared object file after the shell is added.
10. A loading device for a shared object file of an android system, the device comprising:
the acquisition module is configured to respond to a received preprocessing request sent by a terminal and acquire a first original parameter of a first preset position and a second original parameter of a second preset position of the shared object file;
the modification module is configured to modify the first original parameter and the second original parameter of the shared object file into custom parameters;
a generating module configured to generate an isolation file for isolating the shared object file, where the isolation file includes a loading function for loading the shared object file containing the custom parameter, and the loading function includes an analyzing function for analyzing the custom parameter;
the setting module is configured to set the parameter of the preset position of the isolation file as the first original parameter;
and the sending module is configured to package and send the isolated file containing the first original parameter and the shared object file containing the user-defined parameter to a terminal so that the terminal loads the shared object file based on the isolated file and the user-defined parameter.
11. The apparatus of claim 10,
the acquisition module is further configured to acquire an original parameter of a file header of the shared object file and an original parameter of a segment header table and a program header table of the shared object file;
the modification module is further configured to remove an original parameter of a file header of the shared object file, and perform predetermined processing on the original parameters of the segment header table and the program header table to generate a custom parameter.
12. The apparatus according to claim 10, further comprising a shell adding module configured to add a shell to the shared object file before the obtaining module obtains the first original parameter of the first predetermined location and the second original parameter of the second predetermined location of the shared object file.
13. The apparatus of claim 12, wherein the shelling module is further configured to shell the isolated file after the setting module sets the parameter for the predetermined location of the isolated file to the first original parameter.
14. A loading device for a shared object file of an android system, the device comprising:
the system comprises a preprocessing request and receiving module, a file sharing module and a file sharing module, wherein the preprocessing request and receiving module is configured to send a preprocessing request to a server and receive a packed file which is returned by the server based on the preprocessing request and comprises an isolation file containing original parameters and a shared object file containing custom parameters;
a loading module configured to load the isolated file containing the original parameters into a memory, where the isolated file includes a loading function for loading the shared object file containing the custom parameters, and the loading function includes an analysis function for analyzing the custom parameters as the original parameters of the shared object file, where the custom parameters are generated after predetermined processing of the original parameters;
the running module is configured to run the loading function, and the loading function firstly resolves the custom parameter into the original parameter according to the resolving function; secondly, the loading function loads the shared object file to a memory according to the original parameters.
15. The apparatus of claim 14, wherein the isolation file further comprises an anti-debug function pre-bound to the load function, such that the anti-debug function is executed before the execution module executes the load function.
16. The apparatus of claim 14, wherein the isolation file further comprises an inverse quadratic packaging function pre-bound to the load function, such that the inverse quadratic packaging function is executed before the execute module executes the load function.
17. The apparatus of claim 14, wherein the isolated file is a shelled isolated file, the shelled isolated file further comprising a shelling function pre-stored therein;
in the process of loading the isolation file into the memory by the loading module, the shelling function automatically runs and shells the shell-added isolation file;
and the loading module loads the unshelled isolation file into the memory.
18. The apparatus according to claim 14, wherein the shared object file containing the custom parameter is an shelled shared object file, and the shelled shared object file further includes a shelling function stored in advance therein;
when the running module runs, the unshelling function automatically runs and unshelling the unshelling shared object file after the shell is added in the process of loading the shared object file after the shell is added to the memory by the loading function;
and the loading function loads the unshelled shared object file to the memory.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610192553.0A CN107292132B (en) | 2016-03-30 | 2016-03-30 | Method and device for loading shared object file for android system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610192553.0A CN107292132B (en) | 2016-03-30 | 2016-03-30 | Method and device for loading shared object file for android system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107292132A CN107292132A (en) | 2017-10-24 |
| CN107292132B true CN107292132B (en) | 2023-03-14 |
Family
ID=60087796
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610192553.0A Active CN107292132B (en) | 2016-03-30 | 2016-03-30 | Method and device for loading shared object file for android system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107292132B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108073814B (en) * | 2017-12-29 | 2021-10-15 | 安天科技集团股份有限公司 | Shelling method and system based on static structured shelling parameters and storage medium |
| CN108595226B (en) * | 2018-05-09 | 2021-07-23 | 腾讯科技(深圳)有限公司 | Dynamic loading method and device and computer readable storage medium |
| CN111399927A (en) * | 2018-12-14 | 2020-07-10 | 北京奇虎科技有限公司 | Method and device for sharing Class file by application and computing equipment |
| CN111831294B (en) * | 2020-07-10 | 2024-03-22 | 广州市挖米科技有限责任公司 | Medical system installation-free method and device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101702130A (en) * | 2009-11-12 | 2010-05-05 | 深圳市五巨科技有限公司 | Method for loading sharing function library with movable terminal and device thereof |
| CN103092544A (en) * | 2011-10-27 | 2013-05-08 | 汉王科技股份有限公司 | Method and system for sharing electronic files among electronic devices |
| CN104298932A (en) * | 2014-10-27 | 2015-01-21 | 中国建设银行股份有限公司 | Method and device for calling SO file |
| CN104392181A (en) * | 2014-11-18 | 2015-03-04 | 北京奇虎科技有限公司 | SO file protection method and device and android installation package reinforcement method and system |
| CN105095771A (en) * | 2014-05-08 | 2015-11-25 | 北京娜迦信息科技发展有限公司 | Method and apparatus for protecting shared target file |
| CN105227565A (en) * | 2015-10-13 | 2016-01-06 | 北京娜迦信息科技发展有限公司 | Anti-reversing for Android system cracks the method and apparatus of shared object file |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR2820221B1 (en) * | 2001-02-01 | 2004-08-20 | Cimai Technology | METHOD AND SYSTEM FOR MANAGING EXECUTABLES WITH SHARED LIBRARIES |
-
2016
- 2016-03-30 CN CN201610192553.0A patent/CN107292132B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101702130A (en) * | 2009-11-12 | 2010-05-05 | 深圳市五巨科技有限公司 | Method for loading sharing function library with movable terminal and device thereof |
| CN103092544A (en) * | 2011-10-27 | 2013-05-08 | 汉王科技股份有限公司 | Method and system for sharing electronic files among electronic devices |
| CN105095771A (en) * | 2014-05-08 | 2015-11-25 | 北京娜迦信息科技发展有限公司 | Method and apparatus for protecting shared target file |
| CN104298932A (en) * | 2014-10-27 | 2015-01-21 | 中国建设银行股份有限公司 | Method and device for calling SO file |
| CN104392181A (en) * | 2014-11-18 | 2015-03-04 | 北京奇虎科技有限公司 | SO file protection method and device and android installation package reinforcement method and system |
| CN105227565A (en) * | 2015-10-13 | 2016-01-06 | 北京娜迦信息科技发展有限公司 | Anti-reversing for Android system cracks the method and apparatus of shared object file |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107292132A (en) | 2017-10-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101471589B1 (en) | Method for Providing Security for Common Intermediate Language Program | |
| EP2897072B1 (en) | Device for obfuscating code and method for same | |
| US11169791B2 (en) | Processing, modification, distribution of custom software installation packages | |
| Hoffmann et al. | Slicing droids: program slicing for smali code | |
| CN107292132B (en) | Method and device for loading shared object file for android system | |
| US20190171817A1 (en) | Proactive browser content analysis | |
| CN104680039B (en) | A kind of data guard method and device of application program installation kit | |
| CN111552931A (en) | Method and system for adding shell of java code | |
| WO2019072008A1 (en) | Security scanning method and apparatus for mini program, and electronic device | |
| CN104392181A (en) | SO file protection method and device and android installation package reinforcement method and system | |
| CN111143869B (en) | Application package processing method and device, electronic equipment and storage medium | |
| CN111163095B (en) | Network attack analysis method, network attack analysis device, computing device, and medium | |
| WO2015192637A1 (en) | Method and apparatus for reinforced protection of software installation package | |
| CN111163094B (en) | Network attack detection method, network attack detection device, electronic device, and medium | |
| CN107430650B (en) | Securing computer programs against reverse engineering | |
| US20130074160A1 (en) | Method of controlling information processing system, computer-readable recording medium storing program for controlling apparatus | |
| US10867017B2 (en) | Apparatus and method of providing security and apparatus and method of executing security for common intermediate language | |
| CN109614772B (en) | Code conversion method and device based on application installation package file | |
| KR101557455B1 (en) | Application Code Analysis Apparatus and Method For Code Analysis Using The Same | |
| CN113893550A (en) | Script source code processing method and related equipment | |
| KR101667774B1 (en) | Apparatus and Method of Providing Security for Script Program | |
| Choi et al. | Large-scale analysis of remote code injection attacks in android apps | |
| CN106648770B (en) | Generation method, loading method and device of application program installation package | |
| CN110502900A (en) | A kind of detection method, terminal, server and computer storage medium | |
| KR101863325B1 (en) | Method and apparatus for preventing reverse engineering |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |