CN108021792B - Mirror image software generation method and device and corresponding terminal - Google Patents
Mirror image software generation method and device and corresponding terminal Download PDFInfo
- Publication number
- CN108021792B CN108021792B CN201711262346.9A CN201711262346A CN108021792B CN 108021792 B CN108021792 B CN 108021792B CN 201711262346 A CN201711262346 A CN 201711262346A CN 108021792 B CN108021792 B CN 108021792B
- Authority
- CN
- China
- Prior art keywords
- compiling
- file
- target software
- binary
- source code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 238000005457 optimization Methods 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 6
- 230000002441 reversible effect Effects 0.000 abstract description 19
- 230000006870 function Effects 0.000 abstract description 7
- 230000007480 spreading Effects 0.000 abstract description 5
- 238000003892 spreading Methods 0.000 abstract description 5
- 238000005516 engineering process Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000005034 decoration Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000007123 defense Effects 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000003860 storage Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 239000013598 vector Substances 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method, a device and a corresponding terminal for generating mirror image software, wherein the method comprises the following steps: compiling each source code file forming the target software into corresponding binary files respectively; determining a plurality of link sequences of the binary files according to a preset link rule; linking the plurality of binary files according to any link sequence to generate an executable file of the target software; therefore, the binary image executable files with multiple versions and consistent target software functions are generated, APT attackers are difficult to find attack rules and give up, and even if APT attackers obtain a certain binary executable file and successfully attack the binary executable file by adopting reverse engineering, other binary executable files of the same target software cannot be referred to, the same attack method is prevented from spreading, the reverse APT attack difficulty is effectively increased, and the safety of various levels of networks and terminal equipment is improved.
Description
Technical Field
The invention relates to the technical field of mobile internet, in particular to a method and a device for generating mirror image software and a corresponding terminal.
Background
In recent years, APT (Advanced Persistent Threat) has become a well-known fashionable term for information security circle, and has become a major security Threat facing various levels of networks and terminal devices. It changes the security threat from random attacks to purposeful, organized, conspired group attacks.
It is difficult to give an accurate definition of APT, which is given by the national institute of standards and technology: an attacker proficient in complex technology utilizes a variety of attack vectors (such as network, physical and fraud) to achieve its own goal with rich resource creation opportunities. These goals typically include tampering with the information technology architecture of the target enterprise to steal data, performing or preventing a task, program, or otherwise preemptively steal data into the other's architecture.
The core of the APT is that a malicious attacker secretly invades and hides for a long time by careful observation, careful layout and various means, searches for confidential data and high-value data, steals the data without triggering any alert, and makes the user unaware that the data is lost. This makes traditional rule-based, knowledge-based firewalls, intrusion detection and prevention systems difficult to trigger, and passive defense methods have been unable to timely and effectively discover the intrusion threats of the APT.
The development and exposure of recent APT attacks has taught us that attackers are constantly finding problems, constantly developing attack weapons, and constantly focusing on targets. Determinacy, similarity and stationarity are fatal safety defects of the existing software system and the architecture information system, and the defects cause that the current software information system is always in a passive close-hit situation, endless loopholes are called, incomplete patches are played, and the strength of a defense system is pursued. However, it is proved once again that advanced protection technology, and tight protection software and system can not stand long-term observation, analysis and repeated attack of attackers, and once attackers get hold, large-area attack spread can be caused.
Reverse engineering is a common basic means for APT attacks, and most attacks are based on reverse engineering. The reverse engineering is simple, namely, the running logic of the program is deduced according to the binary program and the running entity, or the original running logic is tampered according to the running characteristics and rules of the binary program to achieve the purpose of attack. Often, software systems released in the market are all unfamiliar with source codes, and an attacker can only attack the software systems through reverse engineering. Reverse engineering is a complex technology, and is often faced with underlying technologies such as compiling links, byte streams, machine instructions, and the like.
In carrying out the present invention, the inventors have recognized that there is a great need for a method of defending against attacks using reverse engineering in an APT attack to thwart or prevent the effects of existing APT attacks.
Disclosure of Invention
In order to overcome the above technical problems or at least partially solve the above technical problems, the following technical solutions are proposed:
the invention provides a generation method of mirror image software, which comprises the following steps:
compiling each source code file forming the target software into corresponding binary files respectively;
determining a plurality of link sequences of the binary files according to a preset link rule;
and linking the plurality of binary files according to any link sequence to generate the executable file of the target software.
Optionally, the preset linking rule includes linking according to a permutation and combination manner of the plurality of binary files.
Further, the step of compiling each source code file constituting the target software into a corresponding binary file includes:
for any source code file, determining the compiling parameters of a plurality of compiling modes associated with the source code file;
and compiling the source code file according to the compiling parameters of any compiling mode to obtain a binary file corresponding to any compiling mode.
In practical applications, the step of determining, for any source code file, the compiling parameters corresponding to the plurality of compiling modes of the source code file respectively includes:
determining an optimization level of the source code file;
and acquiring the compiling parameters of the corresponding compiling mode according to the optimization level.
Further, the step of linking the plurality of binary files according to any linking order to generate the executable file of the target software includes:
and inserting at least one redundant file at any position of a plurality of binary files arranged according to any link sequence, and linking the redundant file into an executable file of the target software.
The invention also provides an updating method of the executable file, which comprises the following steps:
and when a preset updating condition is met, updating the original executable file of the target software based on any executable file of the target software generated by any method in the generation methods of the mirror image software.
The invention also provides a device for generating mirror image software, which comprises:
the compiling module is used for compiling each source code file forming the target software into corresponding binary files respectively;
the determining module is used for determining a plurality of link sequences of the binary files according to a preset link rule;
and the generating module is used for linking the binary files according to any link sequence to generate the executable file of the target software.
Further, the compiling module is specifically configured to determine, for any source code file, compiling parameters of a plurality of compiling modes associated with the source code file; and the number of the first and second groups,
the compiling module is specifically configured to compile the source code file according to the compiling parameter of any compiling mode to obtain a binary file corresponding to any compiling mode.
Further, the generating module is specifically configured to insert at least one redundant file at any position of the plurality of binary files arranged according to any link order, and link the redundant file into the executable file of the target software.
The invention also provides a terminal comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any one of the above when executing the program.
According to the method, the device and the corresponding terminal for generating the mirror image software, provided by the invention, each source code file forming the target software is compiled into a corresponding binary file respectively; determining a plurality of link sequences of the binary files according to a preset link rule; linking the plurality of binary files according to any link sequence to generate an executable file of the target software; therefore, the binary image executable files with multiple versions and consistent target software functions are generated, APT attackers are difficult to find attack rules and give up, and even if APT attackers obtain a certain binary executable file and successfully attack the binary executable file by adopting reverse engineering, other binary executable files of the same target software cannot be referred to, the same attack method is prevented from spreading, the reverse APT attack difficulty is effectively increased, and the safety of various levels of networks and terminal equipment is improved.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
The foregoing and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
fig. 1 is a schematic flowchart of a method for generating mirrored software according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a method for generating mirrored software according to another embodiment of the present invention;
fig. 3 is a schematic frame diagram of a generation apparatus of mirrored software according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative only and should not be construed as limiting the invention.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.
It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
The technical solution of the embodiments of the present invention is specifically described below with reference to the accompanying drawings.
The inventor finds that no matter how advanced and rigorous protection technology is, the method cannot stand long-term observation, analysis and repeated attack of an APT attacker, once the attacker is in the hands, the attack spread of a large area is caused, and a new thinking needs to be developed in order to deal with the threat of the APT.
Consider that most software systems have a similar architecture, even the exact same version of software. To conclude this passive tap-and-tap in APT attacks, an unequal game rule scenario, the software security architecture should have new changes, from a deterministic, similar, static existing architecture and architecture to a changing, dynamic system that is difficult for the attacker to observe the analysis and study over a long period of time. On the basis of the traditional protection method, obvious attacks cannot be effective, and the safety of the software information system can be greatly improved by adding a dynamically-changed software system architecture.
Most APT attacks are based on reverse engineering, and if the use of the reverse engineering in the APT attack can be avoided or the use difficulty of the reverse engineering in the APT attack is increased, the existing APT attack effect can be remarkably prevented or prevented.
Based on this, an embodiment of the present invention provides a method for generating mirror image software, as shown in fig. 1, including the following steps:
step S110: and compiling each source code file forming the target software into a corresponding binary file respectively.
To create a target software, a developer writes a text file in assembly and high-level languages according to a certain programming language specification, which contains a series of human-readable computer language instructions that, only after compilation, produce binary code that can be directly recognized by the cpu. In the embodiment of the present invention, during compiling, each source code file is compiled to obtain their binary files, so as to execute step S120.
By way of example, the target software is composed of four source code files of a.c, b.c, c.c and d.c, which are compiled into binary files a.o, b.o, c.o and d.o respectively:
#gcc–c a.c–o a.o
#gcc–c b.c–o b.o
#gcc–c c.c–o c.o
#gcc–c d.c–o d.o
it should be noted that the embodiments of the present invention are applicable to various programming and compiling languages, models and programs, including but not limited to java, BASIC, C + +, C #, Objective-C,. NET, Visual BASIC, PHP, etc.
Step S120: and determining various link sequences of the binary files according to a preset link rule.
The traditional compiling method links binary files in a fixed order, for example, the four binary files a.o, b.o, c.o and d.o are sequentially connected to form an executable file for distribution, the executable files used by all users have no difference, once the executable file of one user is attacked by an APT attacker, the attacking means can be easily copied and used for the executable files of other users, and large-area attack spreading is caused.
In the embodiment of the invention, the preset link rule defines various link sequences of all binary files in the target software, and it can be understood how many executable files can be generated according to the link sequences. Because all the executable files come from the same source code, the running logic and the function of each executable file are the same, but the complete binary files generated are different due to different link sequences, and the internal jump addresses, the code sizes and the instruction execution sequence are different.
Optionally, the preset linking rule includes linking according to a permutation and combination manner of the plurality of binary files.
In the above example, the preset linking rule may specify: by arranging and combining the four binary files a.o, b.o, c.o and d.o of the target software, at least 24 link sequences can be generated, namely, 24 executable files are generated.
In practical applications, a person skilled in the art may define the preset link rule according to practical situations, and is not limited herein.
In the embodiment of the invention, for convenience of management, each link sequence corresponds to a respective identifier, that is, each executable file corresponds to a respective identifier, so that the link sequences can be distinguished conveniently during later management to take corresponding management measures.
Step S130: and linking the plurality of binary files according to any link sequence to generate an executable file of the target software.
Due to the difference of the link sequence, the link steps of the binary files are different.
In the embodiment of the invention, all binary files which are sequentially arranged in the link are respectively connected. In the above example, the four binary files a.o, b.o, c.o and d.o corresponding to the 24 link orders of the target software permutation and combination are respectively connected:
#gcc a.o b.o c.o d.o–o app01.exe
#gcc b.o a.o c.o d.o–o app02.exe
#gcc a.o c.o b.o d.o–o app03.exe
#gcc a.o b.o d.o c.o–o app04.exe
……
#gcc d.o c.o b.o a.o–o app24.exe
when a product is released, each executable file of the target software enters the market according to a preset release rule, so that the final target software in the market has a wide variety of mirror image software products, and an APT attacker is confused and confused when attacking the target software, cannot find a rule and cannot effectively compare the target software with the target software. Even if the APT attacker tamps some instructions after successfully reverse-engineering one executable file to achieve the purpose of attack, the same tampering strategy cannot be applied to all executable files of the target software.
The type of the exe file of the executable file is only an example, and may also be a type of sys file, a type of com file, a type of elf file, a type of apk file, a type of ipa file, and the like, and is not limited herein.
In a preferred embodiment of the present invention, as shown in fig. 2, step S110 may specifically include:
step S111: and determining the compiling parameters corresponding to the plurality of compiling modes of any source code file.
By adopting different compiling methods, binary structures in the same source code file can be different. In the embodiment of the present invention, for any source code file, the compiling parameters corresponding to the multiple compiling modes of the source code file are determined, so as to execute step S112 to generate multiple binary file versions of the source code file.
Optionally, different compilation methods correspond to different levels of optimization of the source code file. The optimization levels may respectively correspond to the degree of disorder of the binary structure, for example, a compiling method with a higher optimization level requires more complex compiling parameters, but can make an APT attacker have higher difficulty. The person skilled in the art can match the appropriate optimization level for the target software in different fields or scenes according to the actual situation.
Specifically, when mirror image software is manufactured, aiming at any source code file of target software, the optimization level of the source code file is determined; and acquiring the compiling parameters of the corresponding compiling mode according to the optimization level so as to execute the step S112.
Step S112: and compiling the source code file according to the compiling parameters of any compiling mode to obtain a binary file corresponding to any compiling mode.
As an example, 4 compilation modes of the source code file a.c are determined, and the a.c is compiled by using the compilation parameters of the 4 compilation modes respectively:
#gcc–O1a.c–o a1.o
#gcc–O2a.c–o a2.o
#gcc–O3a.c–o a3.o
#gcc–O4a.c–o a4.o
in practical application, different mirror image target software generation schemes can be formulated by combining with a preset link rule, and the embodiment of the invention at least comprises any one of the following steps:
(1) the preset linking rule may only define one linking order, and only generate the mirror image target software through different compiling modes of any source code file, for example:
#gcc a1.o b.o c.o d.o–o app01.exe
#gcc a2.o b.o c.o d.o–o app02.exe
#gcc a3.o b.o c.o d.o–o app03.exe
#gcc a4.o b.o c.o d.o–o app04.exe
……
(2) the preset linking rule may only define one linking sequence, and different compiling manners are respectively adopted for combining a plurality of source code files to generate mirror image target software, for example:
#gcc a1.o b1.o c.o d.o–o app01.exe
#gcc a1.o b2.o c.o d.o–o app02.exe
#gcc a1.o b3.o c.o d.o–o app03.exe
#gcc a2.o b1.o c.o d.o–o app04.exe
#gcc a2.o b2.o c.o d.o–o app05.exe
#gcc a2.o b3.o c.o d.o–o app06.exe
……
(3) the preset linking rule defines a plurality of linking sequences, but each source code file only adopts one compiling mode to generate the mirror image target software, for example:
#gcc a.o b.o c.o d.o–o app01.exe
#gcc b.o a.o c.o d.o–o app02.exe
#gcc a.o c.o b.o d.o–o app03.exe
#gcc a.o b.o d.o c.o–o app04.exe
……
(4) the preset linking rule defines a plurality of linking sequences, and any source code file is combined to generate mirror image target software by adopting different compiling modes, for example:
#gcc a1.o b.o c.o d.o–o app01.exe
#gcc a2.o b.o c.o d.o–o app02.exe
#gcc b.o a1.o c.o d.o–o app03.exe
#gcc b.o a2.o c.o d.o–o app04.exe
……
(5) the preset linking rule defines a plurality of linking sequences, and the source code files are combined to generate mirror image target software in different compiling modes, for example:
#gcc a1.o b1.o c.o d.o–o app01.exe
#gcc a1.o b2.o c.o d.o–o app02.exe
#gcc a2.o b1.o c.o d.o–o app02.exe
……
#gcc d.o c.o b2.o a2.o–o appN.exe
……
the quantity and the content of the mirror image target software generated by the various schemes are different, but the APT attacker can be confused and confused when attacking the target software to different degrees, cannot find the law, and cannot effectively compare the target software. Even if the APT attacker tamps some instructions after successfully reverse-engineering one executable file to achieve the purpose of attack, the same tampering strategy cannot be applied to all executable files of the target software.
In another preferred embodiment of the present invention, the redundant files may also be randomly inserted during the linking, that is, in step S130, at least one redundant file is inserted at any position of the plurality of binary files arranged according to any linking order, and linked to an executable file of the target software.
Illustratively, redundant files X.o are inserted and linked in the sequential arrangement of one executable file by binary files a.o, b.o, c.o, d.o:
#gcc a.o b.o c.o X.o d.o–o app.exe
where redundant files are not actually executed, but serve the purpose of confusing an attacker.
Specifically, the redundant file may be further derived from any one of the aforementioned mirror target software generation schemes, and the specific redundant file insertion manner includes, but is not limited to, setting the number of redundant files, the content of the redundant files, the location where the redundant files are inserted, and the like.
According to the generation method of the mirror image software, provided by the embodiment of the invention, each source code file forming target software is compiled into a corresponding binary file respectively; determining a plurality of link sequences of the binary files according to a preset link rule; linking the plurality of binary files according to any link sequence to generate an executable file of the target software; therefore, the binary image executable files with multiple versions and consistent target software functions are generated, APT attackers are difficult to find attack rules and give up, and even if APT attackers obtain a certain binary executable file and successfully attack the binary executable file by adopting reverse engineering, other binary executable files of the same target software cannot be referred to, the same attack method is prevented from spreading, the reverse APT attack difficulty is effectively increased, and the safety of various levels of networks and terminal equipment is improved.
In order to further increase the difficulty of APT attack, an embodiment of the present invention further provides an update method of an executable file, including:
and when a preset updating condition is met, updating the original executable file of the target software based on any executable file of the target software generated by the method.
Wherein the predetermined update condition includes: a sensitive time window and/or a predetermined time period.
With the short-term inability of APT attackers to achieve ultimate attack goals, previous partial attack efforts are defeated by changing the binary structure (even if the functional logic is unchanged).
According to the generation method of the image software, a compiling system is comprehensively established, the system can directly generate binary images of multi-version target software based on homologous codes, and the binary images are the same target software and belong to different product individuals. And updating and upgrading according to a preset updating condition, so that part of attack achievements of attackers can be continuously invalidated, the threat of reverse engineering in the APT attack is finally hindered, and the severity and the danger of the reverse engineering are completely eradicated.
An embodiment of the present invention further provides a device for generating mirror image software, as shown in fig. 3, including:
the compiling module 310 is configured to compile each source code file constituting the target software into a corresponding binary file;
a determining module 320, configured to determine multiple link sequences of multiple binary files according to a preset link rule;
the generating module 330 is configured to link the plurality of binary files according to any link order to generate an executable file of the target software.
The preset linking rule comprises linking according to the arrangement combination mode of a plurality of binary files.
Further, the compiling module 310 is specifically configured to determine, for any source code file, compiling parameters of a plurality of compiling manners associated with the source code file;
the compiling module 310 is specifically configured to compile the source code file according to the compiling parameter of any compiling mode to obtain a binary file corresponding to any compiling mode.
Optionally, the compiling module 310 is specifically configured to determine an optimization level of the source code file;
and the compiling module 310 is specifically configured to obtain the compiling parameters of the corresponding compiling mode according to the optimization level.
Further, the generating module 330 is specifically configured to insert at least one redundant file at any position of the plurality of binary files arranged according to any link order, and link the redundant file into an executable file of the target software.
An embodiment of the present invention further provides an executable file updating apparatus, including:
and the updating module is used for updating the original executable file of the target software based on any executable file of the target software generated by the method when a preset updating condition is met.
The apparatus provided by the embodiment of the present invention may be specific hardware on the device, or software or firmware loaded on the device, etc. The device provided by the embodiment of the present invention has the same implementation principle and technical effect as the method embodiments, and for the sake of brief description, no part of the device embodiments is mentioned, and reference may be made to the corresponding contents in the method embodiments, and no further description is given here.
The generation device of the mirror image software provided by the embodiment of the invention compiles each source code file forming the target software into corresponding binary files respectively; determining a plurality of link sequences of the binary files according to a preset link rule; linking the plurality of binary files according to any link sequence to generate an executable file of the target software; therefore, the binary image executable files with multiple versions and consistent target software functions are generated, APT attackers are difficult to find attack rules and give up, and even if APT attackers obtain a certain binary executable file and successfully attack the binary executable file by adopting reverse engineering, other binary executable files of the same target software cannot be referred to, the same attack method is prevented from spreading, the reverse APT attack difficulty is effectively increased, and the safety of various levels of networks and terminal equipment is improved.
The embodiment of the present invention further provides a terminal, which includes a memory, a processor, and a computer program stored in the memory and capable of running on the processor, and when the processor executes the computer program, the method described in any of the above embodiments is implemented.
The terminal may be any terminal device including a computer, a mobile phone, a tablet computer, a PDA (Personal Digital Assistant), a POS (Point of Sales), a vehicle-mounted computer, and the like.
The memory may be used to store software programs and modules, and the processor may execute various functional applications and data processing by operating the software programs and modules stored in the memory. The memory may mainly include a program storage area and a data storage area. Further, the memory may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The processor is a control center, connects various parts of the whole terminal by using various interfaces and lines, and executes various functions and processes data by operating or executing software programs and/or modules stored in the memory and calling data stored in the memory, thereby integrally monitoring the terminal. Alternatively, the processor may include one or more processing units; preferably, the processor may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor.
It will be understood by those within the art that each block of the block diagrams and/or flowchart illustrations, and combinations of blocks in the block diagrams and/or flowchart illustrations, can be implemented by computer program instructions. Those skilled in the art will appreciate that the computer program instructions may be implemented by a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, implement the features specified in the block or blocks of the block diagrams and/or flowchart illustrations of the present disclosure.
Those of skill in the art will appreciate that various operations, methods, steps in the processes, acts, or solutions discussed in the present application may be alternated, modified, combined, or deleted. Further, various operations, methods, steps in the flows, which have been discussed in the present application, may be interchanged, modified, rearranged, decomposed, combined, or eliminated. Further, steps, measures, schemes in the various operations, methods, procedures disclosed in the prior art and the present invention can also be alternated, changed, rearranged, decomposed, combined, or deleted.
The foregoing is only a partial embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (9)
1. A generation method of mirror image software is characterized by comprising the following steps:
compiling each source code file forming the target software into corresponding binary files respectively;
determining a plurality of link sequences of the binary files according to a preset link rule;
linking a plurality of binary files according to any one link sequence to generate an executable file of the target software;
the preset linking rule comprises linking according to the arrangement combination mode of a plurality of binary files.
2. The method of claim 1, wherein the step of compiling each source code file constituting the target software into a corresponding binary file comprises:
for any source code file, determining the compiling parameters corresponding to various compiling modes of the source code file respectively;
and compiling the source code file according to the compiling parameters of any compiling mode to obtain a binary file corresponding to any compiling mode.
3. The method according to claim 2, wherein the step of determining, for any source code file, the compiling parameters corresponding to the plurality of compiling modes of the source code file respectively comprises:
determining an optimization level of the source code file;
and acquiring the compiling parameters of the corresponding compiling mode according to the optimization level.
4. The method according to claim 1, wherein the step of linking the plurality of binary files according to any of the link orders to generate the executable file of the target software comprises:
and inserting at least one redundant file at any position of a plurality of binary files arranged according to any link sequence, and linking the redundant file into an executable file of the target software.
5. An updating method of an executable file, comprising:
updating the original executable file of the target software based on any executable file of the target software generated by the method of any one of claims 1-4 when a predetermined update condition is satisfied.
6. An apparatus for generating mirrored software, comprising:
the compiling module is used for compiling each source code file forming the target software into corresponding binary files respectively;
the determining module is used for determining a plurality of link sequences of the binary files according to a preset link rule; the preset linking rule comprises linking according to the arrangement combination mode of a plurality of binary files;
and the generating module is used for linking the binary files according to any link sequence to generate the executable file of the target software.
7. The apparatus according to claim 6, wherein the compiling module is specifically configured to determine, for any source code file, compiling parameters of a plurality of compiling modes associated with the source code file; and the number of the first and second groups,
the compiling module is specifically configured to compile the source code file according to the compiling parameter of any compiling mode to obtain a binary file corresponding to any compiling mode.
8. The apparatus according to claim 6, wherein the generating module is specifically configured to insert at least one redundant file at any position of the plurality of binary files arranged according to any linking order, and link the redundant file into the executable file of the target software.
9. A terminal comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of any of claims 1-5 when executing the program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711262346.9A CN108021792B (en) | 2017-12-04 | 2017-12-04 | Mirror image software generation method and device and corresponding terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711262346.9A CN108021792B (en) | 2017-12-04 | 2017-12-04 | Mirror image software generation method and device and corresponding terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108021792A CN108021792A (en) | 2018-05-11 |
| CN108021792B true CN108021792B (en) | 2021-05-28 |
Family
ID=62078488
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711262346.9A Active CN108021792B (en) | 2017-12-04 | 2017-12-04 | Mirror image software generation method and device and corresponding terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108021792B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109067713A (en) * | 2018-07-17 | 2018-12-21 | 北京元心科技有限公司 | Software security means of defence, device, electronic equipment and computer storage medium |
| CN108875320B (en) * | 2018-07-17 | 2021-10-08 | 北京元心科技有限公司 | Software security protection method and device, electronic equipment and computer storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103544414A (en) * | 2013-10-25 | 2014-01-29 | 苏州通付盾信息技术有限公司 | Deep code obfuscation method for Android system applications |
| CN103713933A (en) * | 2013-12-31 | 2014-04-09 | 华为技术有限公司 | Method, device and system for converging hotspot functions and variables in computer programs |
| CN104346150A (en) * | 2013-07-30 | 2015-02-11 | 华为技术有限公司 | Multiple instance business executable file generating method and device |
| CN106126981A (en) * | 2016-08-30 | 2016-11-16 | 电子科技大学 | The software security means of defence replaced based on virtual function table |
| CN106775912A (en) * | 2016-12-15 | 2017-05-31 | 广州视源电子科技股份有限公司 | Software release method and system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7430670B1 (en) * | 1999-07-29 | 2008-09-30 | Intertrust Technologies Corp. | Software self-defense systems and methods |
| US8955043B2 (en) * | 2010-01-27 | 2015-02-10 | Microsoft Corporation | Type-preserving compiler for security verification |
-
2017
- 2017-12-04 CN CN201711262346.9A patent/CN108021792B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104346150A (en) * | 2013-07-30 | 2015-02-11 | 华为技术有限公司 | Multiple instance business executable file generating method and device |
| CN103544414A (en) * | 2013-10-25 | 2014-01-29 | 苏州通付盾信息技术有限公司 | Deep code obfuscation method for Android system applications |
| CN103713933A (en) * | 2013-12-31 | 2014-04-09 | 华为技术有限公司 | Method, device and system for converging hotspot functions and variables in computer programs |
| CN106126981A (en) * | 2016-08-30 | 2016-11-16 | 电子科技大学 | The software security means of defence replaced based on virtual function table |
| CN106775912A (en) * | 2016-12-15 | 2017-05-31 | 广州视源电子科技股份有限公司 | Software release method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108021792A (en) | 2018-05-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Sharma et al. | Advanced persistent threats (apt): evolution, anatomy, attribution and countermeasures | |
| ES2794624T3 (en) | Systems and methods for tracking malicious behavior across multiple software entities | |
| Sood et al. | Targeted cyber attacks: multi-staged attacks driven by exploits and malware | |
| Jackson et al. | Diversifying the software stack using randomized NOP insertion | |
| Hobson et al. | On the challenges of effective movement | |
| Zeng et al. | Resilient decentralized android application repackaging detection using logic bombs | |
| Zeng et al. | Resilient user-side android application repackaging and tampering detection using cryptographically obfuscated logic bombs | |
| Cicala et al. | Analysis of encryption key generation in modern crypto ransomware | |
| Ruan et al. | Survey of return‐oriented programming defense mechanisms | |
| EP3918494A1 (en) | Systems, methods, and storage media for obfuscating a computer program by representing the control flow of the computer program as data | |
| Weidler et al. | Return-oriented programming on a resource constrained device | |
| CN108021792B (en) | Mirror image software generation method and device and corresponding terminal | |
| JP2010541086A (en) | Tamper resistant technology | |
| Ceccato et al. | Codebender: Remote software protection using orthogonal replacement | |
| Hawkins et al. | Dynamic canary randomization for improved software security | |
| Anderson et al. | Subversion as a threat in information warfare | |
| Day et al. | Protecting against address space layout randomisation (ASLR) compromises and return-to-libc attacks using network intrusion detection systems | |
| Marco-Gisbert et al. | SSPFA: effective stack smashing protection for Android OS | |
| Zhang et al. | SAFTE: A Self-injection based anti-fuzzing technique | |
| Bilar et al. | Using a novel behavioral stimuli-response framework to defend against adversarial cyberspace participants | |
| Banescu et al. | Dynamic Taint Analysis versus Obfuscated Self-Checking | |
| Hua et al. | Mmguard: Automatically protecting on-device deep learning models in android apps | |
| Sarath et al. | Malware Forensics Analysis and Detection in Cyber Physical Systems | |
| Ajmal et al. | Defeating modern day anti-viruses for defense evaluation | |
| Dube et al. | Hindering reverse engineering: Thinking outside the box |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210720 Address after: 100080 room 401-3, 4th floor, building 1, yard 1, Danling street, Haidian District, Beijing Patentee after: Beijing Yuanxin Junsheng Technology Co.,Ltd. Address before: 100176 room 2222, building D, building 33, 99 Kechuang 14th Street, Beijing Economic and Technological Development Zone, Beijing Patentee before: BEIJING YUANXIN SCIENCE & TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20180511 Assignee: Yuanxin Information Technology Group Co.,Ltd. Assignor: Beijing Yuanxin Junsheng Technology Co.,Ltd. Contract record no.: X2021110000024 Denomination of invention: Generation method, device and corresponding terminal of image software Granted publication date: 20210528 License type: Common License Record date: 20210804 |
|
| EE01 | Entry into force of recordation of patent licensing contract |