CN110059456B - Code protection method, code protection device, storage medium and electronic equipment - Google Patents
Code protection method, code protection device, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN110059456B CN110059456B CN201910319634.6A CN201910319634A CN110059456B CN 110059456 B CN110059456 B CN 110059456B CN 201910319634 A CN201910319634 A CN 201910319634A CN 110059456 B CN110059456 B CN 110059456B
- Authority
- CN
- China
- Prior art keywords
- function
- code
- type
- intermediate code
- compiling
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- 230000006870 function Effects 0.000 claims description 228
- 238000013507 mapping Methods 0.000 claims description 20
- 238000000605 extraction Methods 0.000 claims description 3
- 238000004590 computer program Methods 0.000 claims description 2
- 230000008569 process Effects 0.000 description 14
- 238000012545 processing Methods 0.000 description 10
- 230000003068 static effect Effects 0.000 description 6
- 230000004048 modification Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Abstract
The disclosure provides a code protection method, a code protection device, a computer readable storage medium and an electronic device, and belongs to the technical field of information security. The method comprises the following steps: compiling a source code into an intermediate code, and extracting a first function and a second function in the intermediate code; generating a self-defined function for calling the first type of function according to the first type of function; replacing, in the intermediate code, a call instruction for the first class of function in the second class of function with the custom function; and recompiling the replaced intermediate code to obtain an object code file. The method can prevent the source code from being decoded by reverse compiling, realizes effective protection of the source code, does not influence the normal operation of a code program, and has higher applicability.
Description
Technical Field
The present disclosure relates to the field of information security technologies, and in particular, to a code protection method, a code protection apparatus, a computer-readable storage medium, and an electronic device.
Background
Software development often requires a significant investment of labor and material resources, and software code is a valuable intangible asset for an enterprise, organization, or individual performing the software development. Currently, due to the advent of some decompilation tools, software codes are easily decompilated, so that source codes of the software codes are mastered and even disclosed by attackers, and the benefits of software developers are damaged. Therefore, how to effectively protect the software code is a problem to be solved urgently in the prior art.
It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present disclosure, and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
The present disclosure provides a code protection method, a code protection apparatus, a computer-readable storage medium, and an electronic device, thereby overcoming, at least to some extent, the problem in the prior art that a software code is easily reverse-compiled.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of the disclosure.
According to an aspect of the present disclosure, there is provided a code protection method including: compiling a source code into an intermediate code, and extracting a first function and a second function in the intermediate code; generating a self-defined function for calling the first type of function according to the first type of function; replacing, in the intermediate code, a call instruction for the first class of function in the second class of function with the custom function; and recompiling the replaced intermediate code to obtain an object code file.
In an exemplary embodiment of the present disclosure, the first class of functions includes declaration functions, and the second class of functions includes implementation functions.
In an exemplary embodiment of the present disclosure, the compiling the source code into the intermediate code and extracting the first class function and the second class function in the intermediate code includes: compiling the source code into the intermediate code using LLVM; compiling the source code of the LLVM to obtain a dynamic library of the LLVM; and analyzing the intermediate code by using the dynamic library to traverse the functions in the intermediate code and dividing each function into a first type of function or a second type of function.
In an exemplary embodiment of the present disclosure, the call instruction in the second type of function includes a calllnst instruction and/or an InvokeInst instruction.
In an exemplary embodiment of the present disclosure, the generating, according to the first class of functions, a custom function for calling the first class of functions includes: and for each first type of function, correspondingly generating a self-defined function, and storing the mapping relation between the first type of function and the self-defined function.
In an exemplary embodiment of the present disclosure, the recompiling the replaced intermediate code to obtain an object code file includes: and recompiling the replaced intermediate code, and adding a link according to the mapping relation to obtain the object code file.
In an exemplary embodiment of the present disclosure, the function name of the custom function is randomly generated.
According to an aspect of the present disclosure, there is provided a code protection apparatus including: the first compiling module is used for compiling the source code into an intermediate code and extracting a first type of function and a second type of function in the intermediate code; the function generation module is used for generating a self-defined function for calling the first type of function according to the first type of function; the instruction replacing module is used for replacing the calling instruction of the first class of function in the second class of function with the self-defined function in the intermediate code; and the second compiling module is used for recompiling the replaced intermediate code to obtain an object code file.
In an exemplary embodiment of the present disclosure, the first class of functions includes declaration functions, and the second class of functions includes implementation functions.
In an exemplary embodiment of the present disclosure, the first compiling module includes: a source code compiling unit for compiling the source code into the intermediate code by using the LLVM; a dynamic library obtaining unit, configured to compile a source code of the LLVM to obtain a dynamic library of the LLVM; and the function extraction unit is used for analyzing the intermediate code by using the dynamic library so as to traverse the functions in the intermediate code and divide each function into a first type of function or a second type of function.
In an exemplary embodiment of the present disclosure, the call instruction in the second type of function includes a calllnst instruction and/or an InvokeInst instruction.
In an exemplary embodiment of the disclosure, the function generating module is configured to generate a custom function for each first class function, and store a mapping relationship between the first class function and the custom function.
In an exemplary embodiment of the disclosure, the second compiling module is configured to recompile the replaced intermediate code, and add a link according to the mapping relationship, so as to obtain the object code file.
In an exemplary embodiment of the present disclosure, the function name of the custom function is randomly generated.
According to an aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the method of any one of the above.
According to an aspect of the present disclosure, there is provided an electronic device including: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to perform the method of any one of the above via execution of the executable instructions.
Exemplary embodiments of the present disclosure have the following advantageous effects:
and generating a self-defined function according to the first type of function based on the intermediate code compiled by the source code, replacing the calling instruction of the first type of function in the second type of function with the self-defined function so as to modify the intermediate code, and finally compiling the modified intermediate code into a target code file again. On one hand, based on the modification of the intermediate code, the instruction content in the original second type function is hidden, the association mode between the first type function and the second type function is changed, and the modified content does not belong to compiling logic, so that the modified content cannot be decoded by reverse compiling, and the source code is effectively protected. On the other hand, the modification of the intermediate code in the exemplary embodiment does not affect the logic and implementation of the code operation, the target code file obtained by final compilation can be normally executed by the computer, the processing of the code by the whole method flow is simpler, and excessive resources do not need to be occupied, so that the exemplary embodiment has higher applicability.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure. It is to be understood that the drawings in the following description are merely exemplary of the disclosure, and that other drawings may be derived from those drawings by one of ordinary skill in the art without the exercise of inventive faculty.
FIG. 1 is a flow chart illustrating a method of code protection in the exemplary embodiment;
FIG. 2 is a sub-flow step diagram of a method of code protection in the present exemplary embodiment;
FIG. 3 is a flowchart illustrating a method of code protection in the exemplary embodiment;
fig. 4 is a block diagram showing the structure of a code protection apparatus in the present exemplary embodiment;
FIG. 5 illustrates a computer-readable storage medium for implementing the above-described method in the present exemplary embodiment;
fig. 6 shows an electronic device for implementing the above method in the present exemplary embodiment.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the subject matter of the present disclosure can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and the like. In other instances, well-known technical solutions have not been shown or described in detail to avoid obscuring aspects of the present disclosure.
Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus their repetitive description will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the steps. For example, some steps may be decomposed, and some steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
The exemplary embodiment of the present disclosure first provides a code protection method, which may be run on a server, a server cluster, a cloud server, or the like, and may also be run on a terminal device of a developer, such as a personal computer. Application scenarios of the present exemplary embodiment include, but are not limited to: in developing an iOS-based software project or an Android JNI (Java Native Interface, i.e., Java Native Interface) project, the method of the present exemplary embodiment is used to protect codes, which can prevent the codes from being stolen. Fig. 1 shows a method flow of the present exemplary embodiment, which may include the following steps S110 to S140:
step S110, compiling the source code into an intermediate code, and extracting a first function and a second function in the intermediate code.
The intermediate code is also called an intermediate language, and is an internal representation of the source code in the process of compiling the source code into another form of target code. The source code may be compiled into the intermediate code by a compiler tool, and in the present exemplary embodiment, a corresponding compiler may be adopted according to a language type of the source code, and a compiler with higher compatibility, such as an LLVM (Low level virtual Machine, a bottom layer virtual Machine, a framework system of a compiler), may also be adopted to compile the source code of various languages, which is not limited in this disclosure.
In this exemplary embodiment, the first type of function may be a definition or declaration function, the second type of function may be an implementation function, and generally, the second type of function includes an instruction for executing a certain first type of function, which may be regarded as having an association therebetween. The exemplary embodiment may traverse the intermediate code to extract all the first-class functions and the second-class functions, or may extract a part or a certain first-class function and its associated second-class function, for example, may extract a first-class function a, and then extract B, C, D a second-class function having an association with the function a.
And step S120, generating a self-defined function for calling the first type of function according to the first type of function.
In this exemplary embodiment, a corresponding custom function may be generated for each extracted first-class function, for example: and generating a custom function A' for the first type of function A to call the function A. The custom function may be regarded as encapsulation for calling the first type of function, and the function name may be defined in advance by a developer or may be generated randomly.
Step S130, in the intermediate code, replacing the call instruction related to the first type function in the second type function with the above-mentioned custom function.
For example, the custom function a 'is equal to the instruction for calling the function a, and if the instruction for calling the function a is found in the second type of function B, C, D, the code of the instruction part may be replaced by the custom function a', and the implemented function is not changed, which does not affect the normal implementation of the function B, C, D. Through the processing, the instruction content in the original second-class function can be hidden.
It should be noted that the type of the intermediate code is different, and the specific call instruction in the second type of function is also different, for example: in the LLVM compiling environment, the call instructions in the second class of functions thereof may include calllnst instructions and InvokeInst instructions.
Step S140, recompiling the replaced intermediate code to obtain the target code file.
The object code file is a compiled file, and the object code is a computer binary code corresponding to the source code, for example, the object code file may be an o file. The compiling in step S140 is a process of compiling the intermediate code into a binary code, and may be a process of assembling. In the exemplary embodiment, the process of compiling the source code into the object code may be split into two processes: the source code becomes an intermediate code through the compiling process of step S110, and the intermediate code becomes an object code through the compiling process of step S140. In the conventional compiling method, two compiling processes are realized based on logic of a compiler and are easy to be cracked by reverse compiling. In the exemplary embodiment, part of the call instruction of the intermediate code is replaced by the custom function, such a replacement mode does not belong to the compiling logic, and the decompiling tool cannot understand the code logic of the replaced part, so that the source code cannot be obtained through the reverse compiling.
In an exemplary embodiment, if the source code has more contents, for example, the source code of a large software item, and can be split into a plurality of parts, and steps S110 to S140 are performed respectively, each part generates an object code file, and finally, the object code files can be linked to generate a complete executable file.
Based on the above description, in the present exemplary embodiment, based on the intermediate code obtained after the source code is compiled, the custom function is generated according to the first type function, the call instruction related to the first type function in the second type function is replaced by the custom function, so that the intermediate code is modified, and finally, the modified intermediate code is recompiled into the target code file. On one hand, based on the modification of the intermediate code, the instruction content in the original second type function is hidden, the association mode between the first type function and the second type function is changed, and the modified content does not belong to compiling logic, so that the modified content cannot be decoded by reverse compiling, and the source code is effectively protected. On the other hand, the modification of the intermediate code in the exemplary embodiment does not affect the logic and implementation of the code operation, the target code file obtained by final compilation can be normally executed by the computer, the processing of the code by the whole method flow is simpler, and excessive resources do not need to be occupied, so that the exemplary embodiment has higher applicability.
In an exemplary embodiment, if the method of fig. 1 is applied under the LLVM framework, step S110 can be implemented by steps S111 to S113 in fig. 2:
step S111, compiling the source code into an intermediate code by using the LLVM;
step S112, compiling the source code of the LLVM to obtain a dynamic library of the LLVM;
step S113, parsing the intermediate code by using the dynamic library to traverse the functions in the intermediate code, and dividing each function into a first type of function or a second type of function.
In the code compiling process, a static library and a dynamic library are usually generated, and the libraries are essentially existing binary codes which can be multiplexed. In the linking stage of compiling, the generated object code file (which may be, for example, an o file) needs to be linked and packaged into an executable file together with the referenced library, so the corresponding linking mode is called static linking, and the referenced library is a static library. However, the static library has a problem of space waste caused by multiple copies of different programs, the static library is not easy to update, and a small change of the static library can cause the whole amount of the whole program code to be updated, so that the deployment and the release are inconvenient, therefore, the library which needs to be quoted when the program code runs is taken as the dynamic library to be deployed independently, and the corresponding link mode is dynamic link.
In the exemplary embodiment, the function of the source code has mapping in the intermediate code through dynamic linking, after the source code based on the LLVM is compiled into the dynamic library, the dynamic library can be mapped from the intermediate code to the function of the source code in a reverse manner, so that after the intermediate code is traversed, all functions in the intermediate code can be extracted, if the code type of the function is a definition or a declaration, the function is divided into a first type of function, and if the code type of the function is an implementation, the function is divided into a second type of function.
The following illustrates the steps in FIG. 2: compiling the source code of the LLVM to generate a libLLVM.dylib dynamic library; then finding a compiling command in the compiling project for compiling the source code to generate an object code file (for example, an o file); adding a compiling parameter-emit-llvm into the compiling command to generate an intermediate code (for example, bc file); and finally, after the intermediate code is obtained, analyzing the intermediate code by integrating a libLLVM.dylib dynamic library, and traversing functions in the intermediate code to extract the first type of function and the second type of function.
As can be seen from the foregoing, the purpose of the present exemplary embodiment is to replace a corresponding call instruction in a second class of function according to a custom function corresponding to a first class of function, so as to hide a part of original content in an intermediate code, thereby implementing code protection. Theoretically, the more contents in the intermediate code are replaced, the more difficulty in the inverse compilation of the finally obtained target code file. Based on this, in an exemplary embodiment, the call instruction corresponding to the second type of function in each first type of function may be replaced, and step S120 may specifically include:
and for each first type of function, correspondingly generating a self-defined function, and storing the mapping relation between the first type of function and the self-defined function.
That is, the first type of function and the custom function are in one-to-one mapping relationship, and all instructions for calling the first type of function by the second type of function appear in the intermediate code are replaced by the corresponding custom function. The mapping relationship between the first type of function and the custom function may be stored as a mapping table, and stored in a local or program item folder, so as to facilitate subsequent viewing and use, or when a new source code is subsequently added, the method of the present exemplary embodiment may also be executed according to the mapping table, thereby ensuring the logical consistency of the entire program item in the code.
Further, in an exemplary embodiment, the step S140 may specifically include:
and recompiling the replaced intermediate code, and adding links according to the mapping relation to obtain an object code file.
The mapping relationship between the first type of function and the custom function may generate a corresponding link, the link may be added to an object code file obtained by compiling the intermediate code, or another object code file may be generated to store the link of the mapping relationship, and a link between different object code files is added to the object code file corresponding to the intermediate code.
It should be added that the mapping relationship may be added to a dynamic library of a compiler, so that the first type of function in the source code may be called by calling the dynamic library when the object code file runs.
The above-mentioned method of adding links according to the mapping relationship can reserve a way of obtaining the source code by the target code file through the reverse compiling and the reverse mapping after the source code is compiled, and can restore the source code according to the target code file under the condition that the source code is lost, and realizes two methods of program code execution: by logical execution of the source code, and by logical execution of the code after the replacement call instruction.
Fig. 3 shows a method flow of the present exemplary embodiment, comprising the steps of: step S111, compiling the source code by using the LLVM to obtain an intermediate code; step S112, compiling the source code of the LLVM to obtain a libLLVM.dylib dynamic library of the LLVM; step S113, analyzing the intermediate code by using a dynamic library to traverse the intermediate code, and extracting all the first type functions and the second type functions; step S120, generating a self-defined function for calling the first type of function according to the first type of function; step S130, searching an instruction for calling the first type of function from a second type of function, and replacing the instruction with a custom function; step S140, recompile the replaced intermediate code, and add the relevant links to obtain the object code file. Therefore, the code is effectively protected in the process of compiling the code. In an exemplary embodiment, a corresponding script may be written according to the method flow of fig. 3, and the script is placed under a program item requiring code protection to run, so as to implement code protection on the whole program item.
An exemplary embodiment of the present disclosure also provides a code protection apparatus, as shown in fig. 4, the apparatus 400 may include: the first compiling module 410 is configured to compile the source code into an intermediate code, and extract a first type of function and a second type of function in the intermediate code; a function generating module 420, configured to generate a custom function for calling the first type of function according to the first type of function; the instruction replacing module 430 is configured to replace, in the intermediate code, a call instruction regarding the first type of function in the second type of function with a custom function; and a second compiling module 440, configured to recompile the replaced intermediate code to obtain an object code file.
In an exemplary embodiment, the first type of function may be a declaration function and the second type of function may be an implementation function.
In an exemplary embodiment, the first compiling module 410 may include: a source code compiling unit for compiling the source code into an intermediate code by using the LLVM; the dynamic library acquisition unit is used for compiling the source code of the LLVM to obtain a dynamic library of the LLVM; and the function extraction unit is used for analyzing the intermediate code by using the dynamic library so as to traverse the functions in the intermediate code and divide each function into a first type of function or a second type of function.
In an exemplary embodiment, based on the LLVM compiling framework, the call instruction in the second type of function may include a calllnst instruction and/or an invokelnst instruction.
In an exemplary embodiment, the function generating module 420 may be configured to generate a custom function for each first-class function, and store a mapping relationship between the first-class function and the custom function.
In an exemplary embodiment, the second compiling module 440 may be configured to recompile the replaced intermediate code and add a link according to the mapping relationship to obtain the object code file.
In an exemplary embodiment, the function name of the custom function may be randomly generated.
The details of each module/unit in the above-mentioned apparatus have been described in detail in the embodiments of the method section, and thus are not described again.
Exemplary embodiments of the present disclosure also provide a computer-readable storage medium having stored thereon a program product capable of implementing the above-described method of the present specification. In some possible embodiments, various aspects of the disclosure may also be implemented in the form of a program product comprising program code for causing a terminal device to perform the steps according to various exemplary embodiments of the disclosure described in the above-mentioned "exemplary methods" section of this specification, when the program product is run on the terminal device.
Referring to fig. 5, a program product 500 for implementing the above method according to an exemplary embodiment of the present disclosure is described, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present disclosure is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A computer readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
Exemplary embodiments of the present disclosure also provide an electronic device capable of implementing the above method.
As will be appreciated by one skilled in the art, aspects of the present disclosure may be embodied as a system, method or program product. Accordingly, various aspects of the present disclosure may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
An electronic device 600 according to such an exemplary embodiment of the present disclosure is described below with reference to fig. 6. The electronic device 600 shown in fig. 6 is only an example and should not bring any limitations to the function and scope of use of the embodiments of the present disclosure.
As shown in fig. 6, the electronic device 600 is embodied in the form of a general purpose computing device. The components of the electronic device 600 may include, but are not limited to: the at least one processing unit 610, the at least one memory unit 620, a bus 630 connecting different system components (including the memory unit 620 and the processing unit 610), and a display unit 640.
Wherein the storage unit 620 stores program code that may be executed by the processing unit 610, such that the processing unit 610 performs the steps according to various exemplary embodiments of the present disclosure described in the above-mentioned "exemplary methods" section of this specification. For example, processing unit 610 may perform the method steps shown in fig. 1, fig. 2, or fig. 3, among others.
The storage unit 620 may include readable media in the form of volatile memory units, such as a random access memory unit (RAM)621 and/or a cache memory unit 622, and may further include a read only memory unit (ROM) 623.
The storage unit 620 may also include a program/utility 624 having a set (at least one) of program modules 625, such program modules 625 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
The electronic device 600 may also communicate with one or more external devices 700 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 600, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 600 to communicate with one or more other computing devices. Such communication may occur via an input/output (I/O) interface 650. Also, the electronic device 600 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via the network adapter 660. As shown, the network adapter 660 communicates with the other modules of the electronic device 600 over the bus 630. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 600, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a terminal device, or a network device, etc.) to execute the method according to the exemplary embodiments of the present disclosure.
Furthermore, the above-described figures are merely schematic illustrations of processes included in methods according to exemplary embodiments of the present disclosure, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functions of two or more modules or units described above may be embodied in one module or unit according to an exemplary embodiment of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is to be limited only by the terms of the appended claims.
Claims (8)
1. A method of code protection, comprising:
compiling a source code into an intermediate code, and extracting a first function and a second function in the intermediate code; the first class of functions comprises declaration functions, and the second class of functions comprises implementation functions;
generating a self-defined function for calling the first type of function according to the first type of function;
replacing, in the intermediate code, a call instruction for the first class of function in the second class of function with the custom function;
recompiling the replaced intermediate code to obtain an object code file;
compiling the source code into an intermediate code, and extracting a first function and a second function in the intermediate code, wherein the compiling the source code into the intermediate code comprises:
compiling the source code into the intermediate code using LLVM;
compiling the source code of the LLVM to obtain a dynamic library of the LLVM;
and analyzing the intermediate code by using the dynamic library to traverse the functions in the intermediate code, and dividing each function into a first type of function or a second type of function.
2. The method of claim 1, wherein the call instructions in the second class of functions comprise calllnst instructions and/or invokelnst instructions.
3. The method of claim 1, wherein generating a custom function for calling the first class of functions according to the first class of functions comprises:
and for each first type of function, correspondingly generating a self-defined function, and storing the mapping relation between the first type of function and the self-defined function.
4. The method of claim 3, wherein said recompiling said intermediate code after replacing to obtain an object code file comprises:
and recompiling the replaced intermediate code, and adding a link according to the mapping relation to obtain the object code file.
5. The method of claim 1, wherein the function name of the custom function is randomly generated.
6. A code protection device, comprising:
the first compiling module is used for compiling the source code into an intermediate code and extracting a first type of function and a second type of function in the intermediate code; the first class of functions comprises declaration functions, and the second class of functions comprises implementation functions;
the function generation module is used for generating a self-defined function for calling the first type of function according to the first type of function;
the instruction replacing module is used for replacing the calling instruction of the first class of function in the second class of function with the self-defined function in the intermediate code;
the second compiling module is used for recompiling the replaced intermediate code to obtain an object code file;
wherein the first compiling module includes:
a source code compiling unit for compiling the source code into the intermediate code by using the LLVM;
a dynamic library obtaining unit, configured to compile a source code of the LLVM to obtain a dynamic library of the LLVM;
and the function extraction unit is used for analyzing the intermediate code by using the dynamic library so as to traverse the functions in the intermediate code and divide each function into a first type of function or a second type of function.
7. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method of any one of claims 1-5.
8. An electronic device, comprising:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform the method of any of claims 1-5 via execution of the executable instructions.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910319634.6A CN110059456B (en) | 2019-04-19 | 2019-04-19 | Code protection method, code protection device, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910319634.6A CN110059456B (en) | 2019-04-19 | 2019-04-19 | Code protection method, code protection device, storage medium and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110059456A CN110059456A (en) | 2019-07-26 |
| CN110059456B true CN110059456B (en) | 2020-06-05 |
Family
ID=67319919
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910319634.6A Active CN110059456B (en) | 2019-04-19 | 2019-04-19 | Code protection method, code protection device, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110059456B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110750266A (en) * | 2019-09-20 | 2020-02-04 | 平安普惠企业管理有限公司 | Program compiling method, program compiling device, computer equipment and storage medium |
| CN110717150A (en) * | 2019-10-08 | 2020-01-21 | 北京顶象技术有限公司 | Code protection method, device, protection equipment and readable storage medium |
| CN110990797A (en) * | 2019-11-29 | 2020-04-10 | 珠海豹趣科技有限公司 | Data processing method and device and computer readable storage medium |
| CN111400675A (en) * | 2020-03-16 | 2020-07-10 | 同盾(广州)科技有限公司 | Object obfuscation method, device, electronic equipment and computer readable medium |
| CN111475152B (en) * | 2020-04-14 | 2023-03-14 | 中国人民解放军战略支援部队信息工程大学 | Code processing method and device |
| CN111723002A (en) * | 2020-05-18 | 2020-09-29 | 五八有限公司 | Code debugging method and device, electronic equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101853357A (en) * | 2010-04-28 | 2010-10-06 | 北京飞天诚信科技有限公司 | Software protection method |
| CN107092518A (en) * | 2017-04-17 | 2017-08-25 | 上海红神信息技术有限公司 | A kind of Compilation Method for protecting mimicry system of defense software layer safe |
| CN107992307A (en) * | 2017-12-11 | 2018-05-04 | 北京奇虎科技有限公司 | A kind of function Compilation Method and device |
| CN109101237A (en) * | 2018-08-01 | 2018-12-28 | 北京顶象技术有限公司 | The encryption Compilation Method and device of code |
-
2019
- 2019-04-19 CN CN201910319634.6A patent/CN110059456B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101853357A (en) * | 2010-04-28 | 2010-10-06 | 北京飞天诚信科技有限公司 | Software protection method |
| CN107092518A (en) * | 2017-04-17 | 2017-08-25 | 上海红神信息技术有限公司 | A kind of Compilation Method for protecting mimicry system of defense software layer safe |
| CN107992307A (en) * | 2017-12-11 | 2018-05-04 | 北京奇虎科技有限公司 | A kind of function Compilation Method and device |
| CN109101237A (en) * | 2018-08-01 | 2018-12-28 | 北京顶象技术有限公司 | The encryption Compilation Method and device of code |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110059456A (en) | 2019-07-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110059456B (en) | Code protection method, code protection device, storage medium and electronic equipment | |
| US10620926B2 (en) | Linking optimized entry points for local-use-only function pointers | |
| US10223087B2 (en) | Comparisons in function pointer localization | |
| US10585652B2 (en) | Compiling optimized entry points for local-use-only function pointers | |
| US10209972B2 (en) | Executing optimized local entry points | |
| US10360005B2 (en) | Local function call tailoring for function pointer calls | |
| CN108932406A (en) | Virtualization software guard method and device | |
| US10534594B2 (en) | Optimized entry points and local function call tailoring for function pointers | |
| US10579353B2 (en) | Loading optimized local entry points for local-use-only function pointers | |
| US10268465B2 (en) | Executing local function call site optimization | |
| CN100492387C (en) | Method and system for software protected development based on Keil C51 | |
| CN110955431A (en) | Processing method and device of compiling environment | |
| CN110140108B (en) | Handling sibling calls | |
| CN111832014A (en) | Dynamic loading-based Java SDK code encryption and decryption method and terminal | |
| US11036527B2 (en) | Class splitting in object-oriented environments | |
| KR20180131009A (en) | System and method for converting large scale application | |
| CN110018831B (en) | Program processing method, program processing apparatus, and computer-readable storage medium | |
| CN114174983B (en) | Method and system for optimized automatic verification of advanced constructs | |
| US20190065161A1 (en) | Supporting compiler variable instrumentation for uninitialized memory references | |
| US9612808B1 (en) | Memory use for string object creation | |
| CN114579135B (en) | Installation package generation method and device | |
| US11630655B2 (en) | Merging data structure definitions | |
| CN114547559A (en) | Symbol obfuscation method, apparatus, medium, and computing device | |
| CN116755703A (en) | Method, device, computer equipment and storage medium for flexibly deploying SDK package | |
| CN114185556A (en) | Intelligent contract deployment method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210913 Address after: 311121 room 607-609, building 18, No. 998, Wenyi West Road, Wuchang Street, Yuhang District, Hangzhou City, Zhejiang Province Patentee after: Tongdun Network Technology Co.,Ltd. Address before: Room 704, building 18, No. 998, Wenyi West Road, Wuchang Street, Yuhang District, Hangzhou City, Zhejiang Province Patentee before: TONGDUN HOLDINGS Co.,Ltd. |
|
| TR01 | Transfer of patent right |