WO2017008431A1 - Compiling method and device for program linking - Google Patents

Compiling method and device for program linking Download PDF

Info

Publication number
WO2017008431A1
WO2017008431A1 PCT/CN2015/096591 CN2015096591W WO2017008431A1 WO 2017008431 A1 WO2017008431 A1 WO 2017008431A1 CN 2015096591 W CN2015096591 W CN 2015096591W WO 2017008431 A1 WO2017008431 A1 WO 2017008431A1
Authority
WO
WIPO (PCT)
Prior art keywords
section
input
file
index value
linked
Prior art date
Application number
PCT/CN2015/096591
Other languages
French (fr)
Chinese (zh)
Inventor
谢宝友
王德强
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2017008431A1 publication Critical patent/WO2017008431A1/en

Links

Images

Landscapes

  • Devices For Executing Special Programs (AREA)
  • Stored Programmes (AREA)

Abstract

Provided are a compiling method and device for program linking, the compiling method comprising: obtaining a file to be linked, and splitting, according to a function or variable symbol in the file, sections in the file to obtain a plurality of input sections (S10); randomly assigning an index value to each of the input sections (S11); and merging, according to the index value of each of the input sections, the corresponding function or variable symbol into a link output file (S12). The compiling method for program linking can further improve randomness of a function and variable symbol in a program by splitting the function and variable symbol in a file and then performing randomization thereon, thereby reducing a possibility of a program being successfully attacked, and improving program security.

Description

程序链接的编译方法及装置Program link compiling method and device 技术领域Technical field
本发明涉及计算机技术领域,具体而言,涉及一种程序链接的编译方法及装置。The present invention relates to the field of computer technologies, and in particular, to a method and apparatus for compiling a program link.
背景技术Background technique
随着信息技术的高速发展,利用广泛开放的网络环境进行通信已经成为时代发展的趋势。网络在提供开发和共享资源的同时,也不可避免的存在安全风险,如果计算机软件系统(操作系统、共享库、中间件、应用程序)存在漏洞,熟悉系统的攻击者就可以通过网络利用这些漏洞来执行恶意代码,并进行非法操作。With the rapid development of information technology, communication using a widely open network environment has become a trend of the times. While the network provides development and shared resources, there are inevitably security risks. If there are loopholes in the computer software system (operating system, shared libraries, middleware, and applications), attackers familiar with the system can exploit these vulnerabilities through the network. To execute malicious code and perform illegal operations.
对系统进行攻击的一个前提是攻击者对系统尤其是程序的代码地址空间分布有一定的了解,然后才能通过精心构造的代码使得进程执行攻击者预先设置好的攻击代码来控制系统。应对这种攻击,一般采用地址随机化的方法来进行保护。软件代码地址随机化后,攻击者无法将程序的执行流程跳转到预期的地址来执行攻击代码,从而有效的降低攻击者攻击成功的概率。如图1所示为现有技术中随机分配程序地址的过程状态示意图,将输入文件的代码节Func1、One premise of attacking the system is that the attacker has a certain understanding of the spatial distribution of the code address of the system, especially the program, and then the carefully constructed code allows the process to execute the attack code preset by the attacker to control the system. In response to this attack, address randomization is generally used for protection. After the software code address is randomized, the attacker cannot jump to the expected address to execute the attack code, thus effectively reducing the probability of the attacker's attack success. FIG. 1 is a schematic diagram of a process state of randomly assigning a program address in the prior art, and the code section Fun1 of the input file is shown.
Func2、Func3和Func4合并至输出文件的代码节,将输入文件的数据节Var1、Var2、Var3和Var4合并至输出文件的数据节。Func2, Func3, and Func4 are merged into the code section of the output file, and the data sections Var1, Var2, Var3, and Var4 of the input file are merged into the data section of the output file.
传统的地址随机化工作通常在系统层面来完成。系统在启动程序时,将程序中的各个组件(主程序、动态库、堆栈)的基地址进行随机化处理,这样的随机化过程虽然实现简单、额外开销较小,但也存在如下问题:①粒度较粗,组件内部的地址分布仍然是固定的,攻击者仍然可以调用操作系统接口,获得各组件的起始地址,结合暴力破解和相对地址来实施攻击。由于大量的开源代码在商业项目的应用,攻击者可以使用预先编译好的程序来获取这些开源代码组件内部的地址分布。②不够灵活,要么系统内所有的程序均采用地址随机化,要么都不采用地址随机化,无法根据应用程序自身的特点和安全需求来自行开启该项功能。③随机数的选取由系统决定,部分随机数的生成还与系统时间相关,攻击者在获取了系统的随机数生成规则和系统时间后较容易进行破解。Traditional address randomization is usually done at the system level. When the system starts the program, the base address of each component (main program, dynamic library, stack) in the program is randomized. Although the randomization process is simple and the overhead is small, the following problems exist: The granularity is coarse, and the address distribution inside the component is still fixed. The attacker can still invoke the operating system interface to obtain the starting address of each component, and combine the brute force crack and the relative address to implement the attack. Because of the large amount of open source code used in commercial projects, attackers can use pre-compiled programs to obtain the address distribution within these open source code components. 2 is not flexible enough, or all programs in the system use address randomization, or do not use address randomization, can not open this function according to the application's own characteristics and security requirements. 3 The selection of random numbers is determined by the system. The generation of some random numbers is also related to the system time. The attacker can easily crack after obtaining the random number generation rules and system time of the system.
发明内容Summary of the invention
本发明实施例的目的在于提供一种程序链接的编译方法及装置,可以进一步提高 程序内函数和变量符号的随机性,从而降低了程序被成功攻击的可能性,提高程序的安全性。An object of the embodiments of the present invention is to provide a method and a device for compiling a program link, which can be further improved. The randomness of the function and variable symbols in the program, which reduces the possibility of the program being successfully attacked and improves the security of the program.
为了实现上述目的,本发明实施例提供一种程序链接的编译方法,所述编译方法包括:In order to achieve the above object, an embodiment of the present invention provides a method for compiling a program link, where the compiling method includes:
获取待链接文件,依据所述待链接文件中的函数或变量符号,将所述待链接文件中的节进行拆分,获得多个输入节;Obtaining a file to be linked, splitting a section in the file to be linked according to a function or a variable symbol in the file to be linked, and obtaining a plurality of input sections;
对每一所述输入节随机化地分配索引值;Randomly assigning an index value to each of the input sections;
依据每一所述输入节的所述索引值,将相应的函数或变量符号合并至一链接输出文件中。The corresponding function or variable symbol is merged into a linked output file according to the index value of each of the input sections.
可选地,所述依据所述待链接文件中的函数或变量符号,将所述待链接文件中的节进行拆分,获得多个输入节,具体包括:Optionally, the section in the file to be linked is split according to a function or a variable symbol in the file to be linked, and multiple input sections are obtained, which specifically includes:
读取所述待链接文件中当前所处理节的符号表信息;Reading symbol table information of a currently processed section in the file to be linked;
依据所述符号表信息,查找当前所处理节的函数或变量符号,依次选定当前所处理节中预设数量的函数或变量符号作为一组,为每一组创建新节,获得与当前所处理节相对应的多个所述输入节。According to the symbol table information, searching for a function or a variable symbol of the currently processed section, sequentially selecting a preset number of functions or variable symbols in the currently processed section as a group, creating a new section for each group, obtaining and current Processing a plurality of the input sections corresponding to the sections.
可选地,所述依次选定当前所处理节中预设数量的函数或变量符号作为一组,为每一组创建新节之后,所述方法还包括:Optionally, the method sequentially selects a preset number of functions or variable symbols in the currently processed section as a group, and after creating a new section for each group, the method further includes:
读取所述待链接文件中所有的节信息,判断所述待链接文件中的所有节是否拆分完毕,当未拆分完毕时,则继续读取待链接文件中下一个未处理节的符号表信息,依次选定下一个未处理节中预设数量的函数或变量符号作为一组,为每一组创建新节,获得多个所述输入节;Reading all the section information in the file to be linked, determining whether all the sections in the file to be linked are split, and when not splitting, continuing to read the symbol of the next unprocessed section in the file to be linked Table information, which in turn selects a preset number of functions or variable symbols in the next unprocessed section as a group, creates a new section for each group, and obtains a plurality of the input sections;
依次选定每一个未处理节中预设数量的函数或变量符号作为一组,为每一组创建新节,获得多个所述输入节。A preset number of functions or variable symbols in each unprocessed section is selected in turn as a group, and a new section is created for each group to obtain a plurality of the input sections.
可选地,所述对每一所述输入节随机化地分配索引值,具体包括:Optionally, the randomly assigning an index value to each of the input sections includes:
获取多个随机事件的数值参数,根据所述数值参数,生成随机种子,其中所述随机事件包括:当前编译主机发生中断、当前用户终端输入或者读取当前编译主机的系统时间,相应的,所述数值参数包括:当前编译主机发生中断的次数数值、当前用户终端输入的数值或者所读取的当前编译主机的系统时间数值;Obtaining a numerical parameter of a plurality of random events, and generating a random seed according to the numerical parameter, where the random event includes: an interruption of the current compiled host, a current user terminal input, or a system time of reading the currently compiled host, correspondingly, The numerical parameters include: the number of times the current compiled host is interrupted, the value input by the current user terminal, or the system time value of the currently compiled host that is read;
根据所述随机种子生成随机序列; Generating a random sequence based on the random seed;
获取所述待链接文件中拆分后的每一所述输入节,根据所述随机序列为拆分后的每一个所述输入节分配索引值。Obtaining each of the input sections after the split in the file to be linked, and assigning an index value to each of the split sections after the split according to the random sequence.
可选地,所述根据所述随机序列为拆分后的每一个所述输入节分配索引值,具体包括:Optionally, the assigning an index value to each of the input sections after the split according to the random sequence includes:
为当前所述输入节选定一索引值;Selecting an index value for the currently input section;
检测为当前所述输入节所选定的索引值是否已经被使用,如果已被使用,再次调用所述随机序列为所述输入节分配一新索引值;Detecting whether an index value selected for the current input section has been used, and if it has been used, calling the random sequence again to assign a new index value to the input section;
若为当前所述输入节所选定的索引值未被使用,则标记选定的索引值已被使用,并将选定的索引值赋予相应的所述输入节。If the index value selected for the currently described input section is not used, the selected index value is marked for use and the selected index value is assigned to the corresponding input section.
可选地,所述依据每一所述输入节的所述索引值,将相应的函数或变量符号合并至一链接输出文件中,具体为:Optionally, the corresponding function or variable symbol is combined into a link output file according to the index value of each of the input sections, specifically:
根据所述输入节的索引值确定所述输入节在链接输出文件中的偏移地址,根据所述偏移地址将所述输入节合并至链接输出文件中的一确定位置。Determining an offset address of the input section in the link output file according to an index value of the input section, and combining the input section to a determined location in the link output file according to the offset address.
本发明实施例还提供一种程序链接的编译装置,所述编译装置包括:The embodiment of the invention further provides a program linking device, the compiling device comprising:
处理模块,设置为获取待链接文件,依据所述待链接文件中的函数或变量符号,将所述待链接文件中的节进行拆分,获得多个输入节;a processing module, configured to obtain a file to be linked, and split a section in the file to be linked according to a function or a variable symbol in the file to be linked to obtain a plurality of input sections;
分配模块,设置为对每一所述输入节随机化地分配索引值;An allocation module configured to randomly assign an index value to each of the input sections;
合并模块,设置为依据每一所述输入节的所述索引值,将相应的函数或变量符号合并至一链接输出文件中。The merging module is configured to merge the corresponding function or variable symbol into a link output file according to the index value of each of the input sections.
可选地,所述处理模块包括:Optionally, the processing module includes:
读取子模块,设置为读取所述待链接文件中当前所处理节的符号表信息;Reading a sub-module, configured to read symbol table information of a currently processed section in the file to be linked;
创建子模块,设置为依据所述符号表信息,查找当前所处理节的函数或变量符号,依次选定当前所处理节中预设数量的函数或变量符号作为一组,为每一组创建新节,获得与当前所处理节相对应的多个所述输入节。Create a sub-module, set to find a function or a variable symbol of the currently processed section according to the symbol table information, and sequentially select a preset number of functions or variable symbols in the currently processed section as a group, and create a new one for each group. Section, obtaining a plurality of said input sections corresponding to the currently processed section.
可选地,所述处理模块还包括:Optionally, the processing module further includes:
第一处理子模块,设置为在所述创建子模块依次选定当前所处理节中预设数量的函数或变量符号作为一组,为每一组创建新节之后,读取所述待链接文件中所有的节信息,判断所述待链接文件中的所有节是否拆分完毕,当未拆分完毕时,则继续读取 待链接文件中下一个未处理节的符号表信息,依次选定下一个未处理节中预设数量的函数或变量符号作为一组,为每一组创建新节,获得多个所述输入节;a first processing submodule, configured to sequentially select a preset number of functions or variable symbols in the currently processed section as a group in the creating submodule, and after creating a new section for each group, reading the to-be-linked file All the section information in the middle, determining whether all the sections in the file to be linked are split, and when the splitting is completed, continuing to read The symbol table information of the next unprocessed section in the file to be linked, sequentially selects a preset number of functions or variable symbols in the next unprocessed section as a group, creates a new section for each group, and obtains a plurality of the input sections. ;
第二处理子模块,设置为依次选定每一个未处理节中预设数量的函数或变量符号作为一组,为每一组创建新节,获得多个所述输入节。The second processing sub-module is configured to sequentially select a preset number of functions or variable symbols in each unprocessed section as a group, create a new section for each group, and obtain a plurality of the input sections.
可选地,所述分配模块包括:Optionally, the allocation module includes:
第一生成子模块,设置为获取多个随机事件的数值参数,根据所述数值参数,生成随机种子,其中所述随机事件包括:当前编译主机发生中断、当前用户终端输入或者读取当前编译主机的系统时间,相应的,所述数值参数包括:当前编译主机发生中断的次数数值、当前用户终端输入的数值或者所读取的当前编译主机的系统时间数值;The first generating submodule is configured to obtain a numerical parameter of the plurality of random events, and generate a random seed according to the numerical parameter, where the random event includes: the current compiled host is interrupted, the current user terminal inputs or reads the currently compiled host The system time, correspondingly, the numerical parameter includes: the number of times the current compiled host is interrupted, the value input by the current user terminal, or the system time value of the currently compiled host that is read;
第二生成子模块,设置为根据所述随机种子生成随机序列;a second generation submodule, configured to generate a random sequence according to the random seed;
分配子模块,设置为获取所述待链接文件中拆分后的每一所述输入节,根据所述随机序列为拆分后的每一个所述输入节分配索引值。And an allocation sub-module, configured to acquire each of the input sections after the splitting in the file to be linked, and assign an index value to each of the split sections after the split according to the random sequence.
可选地,所述分配子模块包括:Optionally, the allocation submodule includes:
选定子单元,设置为为当前所述输入节选定一索引值;The selected subunit is set to select an index value for the currently input section;
第一处理子单元,设置为检测为当前所述输入节所选定的索引值是否已经被使用,如果已被使用,再次调用所述随机序列为所述输入节分配一新索引值;a first processing sub-unit, configured to detect whether an index value selected for the current input section has been used, and if it has been used, again calling the random sequence to assign a new index value to the input section;
第二处理子单元,设置为若为当前所述输入节所选定的索引值未被使用,则标记选定的索引值已被使用,并将选定的索引值赋予相应的所述输入节。a second processing sub-unit, configured to flag the selected index value to be used if the index value selected for the current input section is not used, and assign the selected index value to the corresponding input section .
可选地,所述合并模块进一步设置为:Optionally, the merging module is further configured to:
根据所述输入节的索引值确定所述输入节在链接输出文件中的偏移地址,根据所述偏移地址将所述输入节合并至链接输出文件中的一确定位置。Determining an offset address of the input section in the link output file according to an index value of the input section, and combining the input section to a determined location in the link output file according to the offset address.
本发明实施例的上述技术方案的有益效果如下:The beneficial effects of the above technical solutions of the embodiments of the present invention are as follows:
通过在待链接文件的各个节中依次选定预设数量的函数或变量符号作为一组,为每一组创建新节,获得多个输入节,根据预先生成的随机序列,为每一个输入节随机化分配索引值,依据索引值将相应的函数或变量符号合并至一链接输出文件中,可以进一步提高程序内函数和变量符号的随机性,从而降低了程序被成功攻击的可能性,提高程序的安全性。 By selecting a preset number of functions or variable symbols as a group in each section of the file to be linked, a new section is created for each group, and a plurality of input sections are obtained, and each input section is obtained according to a pre-generated random sequence. Randomly assigning the index value and merging the corresponding function or variable symbol into a link output file according to the index value, can further improve the randomness of the function and the variable symbol in the program, thereby reducing the possibility that the program is successfully attacked, and improving the program. Security.
附图说明DRAWINGS
此处所说明的附图用来提供对本发明的进一步理解,构成本申请的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The drawings described herein are intended to provide a further understanding of the invention, and are intended to be a part of the invention. In the drawing:
图1为现有技术中随机分配程序地址的过程状态示意图;1 is a schematic diagram of a process state of randomly assigning a program address in the prior art;
图2为本发明实施例程序链接的编译方法步骤示意图;2 is a schematic diagram of steps of a method for compiling a program link according to an embodiment of the present invention;
图3为采用本发明实施例的方法后随机分配程序地址的过程状态示意图;3 is a schematic diagram showing a process state of randomly assigning a program address after adopting the method of the embodiment of the present invention;
图4为本发明实施例的拆分待链接文件中节的过程示意图;4 is a schematic diagram of a process of splitting a section in a file to be linked according to an embodiment of the present invention;
图5为本发明实施例的随机分配索引的流程示意图;FIG. 5 is a schematic flowchart of a random allocation index according to an embodiment of the present invention; FIG.
图6为本发明实施例的程序链接的编译方法整体流程示意图;6 is a schematic overall flow chart of a method for compiling a program link according to an embodiment of the present invention;
图7为本发明实施例的程序链接的编译装置示意图。FIG. 7 is a schematic diagram of a device for compiling a program link according to an embodiment of the present invention.
具体实施方式detailed description
为使本发明要解决的技术问题、技术方案和优点更加清楚,下面将结合附图及具体实施例进行详细描述。The technical problems, the technical solutions, and the advantages of the present invention will be more clearly described in the following description.
本发明实施例提供一种程序链接的编译方法,如图2所示,所述编译方法包括:An embodiment of the present invention provides a method for compiling a program link. As shown in FIG. 2, the compiling method includes:
步骤S10、获取待链接文件,依据所述待链接文件中的函数或变量符号,将所述待链接文件中的节进行拆分,获得多个输入节;Step S10: Obtain a file to be linked, and split a section in the file to be linked according to a function or a variable symbol in the file to be linked to obtain a plurality of input sections;
步骤S11、对每一所述输入节随机化地分配索引值;Step S11: Randomly assign an index value to each of the input sections;
步骤S12、依据每一所述输入节的所述索引值,将相应的函数或变量符号合并至一链接输出文件中。Step S12: Combine the corresponding function or variable symbol into a link output file according to the index value of each of the input sections.
获取待链接文件后,将待链接文件的各个节进行拆分,获得拆分后的输入节,拆分后获得的输入节中所包含的函数或变量符号的数量小于原节中函数或变量符号的数量,拆分后的输入节中函数或变量符号的数量可以预先设定,输入节中的函数或变量符号的数量越少,拆分所得的输入节的数量越多。输入节中的函数或变量符号的数量越少,输入节的数量越多时,在对每一输入节随机化地分配索引值时,函数或变量符 号的随机性越大,可以降低程序被成功攻击的可能性,进而提高程序的安全性。在获取拆分后的各个输入节后,需要为输入节随机化地分配索引值,然后依据每一输入节的索引值,将相应的函数或变量符号合并至一链接输出文件中。After the file to be linked is obtained, the sections of the file to be linked are split to obtain the input section after the split, and the number of functions or variable symbols included in the input section obtained after the split is smaller than the function or variable symbol in the original section. The number of functions or variable symbols in the input section after splitting can be preset. The smaller the number of functions or variable symbols in the input section, the greater the number of input sections that are split. The fewer the number of functions or variable symbols in the input section, the more the number of input sections, the function or variable when the index value is randomly assigned to each input section. The greater the randomness of the number, the lower the probability that the program will be successfully attacked, thereby improving the security of the program. After obtaining the split input sections, the index values need to be randomly assigned to the input section, and then the corresponding function or variable symbol is merged into a link output file according to the index value of each input section.
如图3所示,为采用本发明实施例的方法后随机分配程序地址的过程状态示意图,将输入文件的合并的代码节Func1、Func2拆分成独立的Func1和Func2;将合并的代码节Func3、Func4拆分成独立的Func3和Func4;将输入文件的合并的数据节Var1、Var2拆分成独立的Var1和Var2;将合并的数据节Var3、Var4拆分成独立的Var3和Var4。最后将输入文件中的代码节Func1、Func2、Func3和Func4合并至输出文件的代码节,将输入文件的数据节Var1、Var2、Var3和Var4合并至输出文件的数据节。As shown in FIG. 3, a schematic diagram of a process state of randomly assigning a program address after adopting the method of the embodiment of the present invention splits the merged code sections Func1 and Func2 of the input file into independent Func1 and Func2; the merged code section Func3 Func4 is split into independent Func3 and Func4; the merged data sections Var1 and Var2 of the input file are split into independent Var1 and Var2; the merged data sections Var3 and Var4 are split into independent Var3 and Var4. Finally, the code sections Func1, Func2, Func3, and Func4 in the input file are merged into the code section of the output file, and the data sections Var1, Var2, Var3, and Var4 of the input file are merged into the data section of the output file.
通过在待链接文件的各个节中依次选定预设数量的函数或变量符号作为一组,为每一组创建新节,获得多个输入节,根据预先生成的随机序列,为每一个输入节随机化分配索引值,依据索引值将相应的函数或变量符号合并至一链接输出文件中,可以进一步提高程序内函数和变量符号的随机性,从而降低了程序被成功攻击的可能性,提高程序的安全性。By selecting a preset number of functions or variable symbols as a group in each section of the file to be linked, a new section is created for each group, and a plurality of input sections are obtained, and each input section is obtained according to a pre-generated random sequence. Randomly assigning the index value and merging the corresponding function or variable symbol into a link output file according to the index value, can further improve the randomness of the function and the variable symbol in the program, thereby reducing the possibility that the program is successfully attacked, and improving the program. Security.
在本发明上述实施例中,步骤S10依据所述待链接文件中的函数或变量符号,将所述待链接文件中的节进行拆分,获得多个输入节,具体包括:In the above-mentioned embodiment of the present invention, the step S10 splits the sections in the file to be linked according to the function or the variable symbol in the file to be linked, and obtains a plurality of input sections, which specifically includes:
步骤S101、读取所述待链接文件中当前所处理节的符号表信息;Step S101: Read symbol table information of a currently processed section in the file to be linked;
步骤S102、依据所述符号表信息,查找当前所处理节的函数或变量符号,依次选定当前所处理节中预设数量的函数或变量符号作为一组,为每一组创建新节,获得与当前所处理节相对应的多个所述输入节。Step S102: Searching for a function or a variable symbol of a currently processed section according to the symbol table information, sequentially selecting a preset number of functions or variable symbols in the currently processed section as a group, and creating a new section for each group, obtaining A plurality of said input sections corresponding to the currently processed sections.
具体的,在对待链接文件中的节进行拆分时,首先读取待链接文件中当前正处理节的符号表信息,依据获取的符号表信息,查找到相应的函数或变量符号。然后对当前所处理节进行拆分,在拆分时,按照预先设定的每组中所包含的函数或变量符号的数量对当前所处理节的函数或变量符号进行分组,然后为每一组创建一新节,获得多个输入节。Specifically, when the section in the link file is split, the symbol table information of the currently processed section in the file to be linked is first read, and the corresponding function or variable symbol is found according to the obtained symbol table information. Then, the currently processed sections are split. When splitting, the function or variable symbol of the currently processed section is grouped according to the number of functions or variable symbols included in each group set in advance, and then for each group. Create a new section and get multiple input sections.
在本发明上述实施例中,步骤S102依次选定当前所处理节中预设数量的函数或变量符号作为一组,为每一组创建新节之后,所述方法还包括:In the above embodiment of the present invention, step S102 sequentially selects a preset number of functions or variable symbols in the currently processed section as a group, and after creating a new section for each group, the method further includes:
步骤S103、读取所述待链接文件中所有的节信息,判断所述待链接文件中的所有节是否拆分完毕,当未拆分完毕时,则继续读取待链接文件中下一个未处理节的符号表信息,依次选定下一个未处理节中预设数量的函数或变量符号作为一组,为每一 组创建新节,获得多个所述输入节;Step S103: Read all the section information in the file to be linked, and determine whether all the sections in the file to be linked are split. If the split is not completed, continue to read the next unprocessed file in the to-be-linked file. The symbol table information of the section, which in turn selects the preset number of functions or variable symbols in the next unprocessed section as a group, for each The group creates a new section and obtains a plurality of the input sections;
步骤S104、依次选定每一个未处理节中预设数量的函数或变量符号作为一组,为每一组创建新节,获得多个所述输入节。Step S104: sequentially select a preset number of functions or variable symbols in each unprocessed section as a group, create a new section for each group, and obtain a plurality of the input sections.
具体的,在将当前所处理节拆分为多个输入节后,需要判断待链接文件中的所有的节是否都已经拆分完毕,在判断时需要依据待链接文件中所有的节信息进行判断。如果未拆分完毕,需要读取待链接文件中下一个未处理节的符号表信息,在下一个未处理节中依次选定预设数量的函数或变量符号作为一组,为每一组创建新节,获得多个输入节。当下一个未处理节拆分完毕后,需要继续对待链接文件中剩余的其他未处理节进行拆分,直至将每一个未处理节全部拆分完毕。在拆分过程中,每一组中所包含的函数或变量符号都是预先设置的,可以根据程序的安全性的需求,对每组中所包含的函数或变量符号的数量进行变更,当一组中所包含的函数或变量符号的数量越少,程序内函数和变量符号的随机性越大,程序被成功攻击的可能性就越低,进而可以提高程序的安全性。Specifically, after splitting the currently processed section into multiple input sections, it is necessary to determine whether all the sections in the file to be linked have been split, and judged according to all the section information in the file to be linked. . If it is not split, you need to read the symbol table information of the next unprocessed section in the file to be linked, and select a preset number of functions or variable symbols as a group in the next unprocessed section to create a new one for each group. Section, get multiple input sections. After the next unprocessed section is split, you need to continue to split the remaining unprocessed sections in the linked file until all unprocessed sections have been split. During the splitting process, the functions or variable symbols contained in each group are pre-set, and the number of functions or variable symbols contained in each group can be changed according to the security requirements of the program. The fewer the number of functions or variable symbols contained in a group, the greater the randomness of the function and variable symbols in the program, and the lower the probability that the program will be successfully attacked, which can improve the security of the program.
如图4所示,为本发明实施例拆分待链接文件中节的过程示意图:As shown in FIG. 4, it is a schematic diagram of a process of splitting a section in a file to be linked according to an embodiment of the present invention:
步骤S201、获取所有待链接文件的信息;Step S201: Obtain information about all files to be linked;
步骤S202、判断所有待链接文件是否处理完毕,若处理完毕则结束流程,若未处理完毕,进入下一步骤;Step S202: determining whether all the files to be linked are processed, and if the processing is completed, ending the process; if not, the process proceeds to the next step;
步骤S203、读取待链接文件的节信息和符号表信息;Step S203, reading section information and symbol table information of the file to be linked;
步骤S204、判断该待链接文件的所有节是否处理完毕;如果处理完毕则返回步骤S202,如果未处理完毕,则进入步骤S205;Step S204, it is determined whether all the sections of the file to be linked are processed; if the processing is completed, the process returns to step S202, and if not, the process proceeds to step S205;
步骤S205、查找所有位于该节的符号,这里的符号可以是函数或者变量符号;Step S205, searching for all symbols located in the section, where the symbols may be functions or variable symbols;
步骤S206、判断该节的符号是否处理完毕,若处理完毕,则进入步骤S208删除该节;若未处理完毕,则进入步骤S207为该符号创建一个新节。In step S206, it is determined whether the symbol of the section is processed. If the processing is completed, the process proceeds to step S208 to delete the section; if not, the process proceeds to step S207 to create a new section for the symbol.
在本发明上述实施例中,步骤S11对每一所述输入节随机化地分配索引值,具体包括:In the above embodiment of the present invention, step S11 randomly assigns an index value to each of the input sections, specifically including:
步骤S110、获取多个随机事件的数值参数,根据所述数值参数,生成随机种子,其中所述随机事件包括:当前编译主机发生中断、当前用户终端输入或者读取当前编译主机的系统时间,相应的,所述数值参数包括:当前编译主机发生中断的次数数值、当前用户终端输入的数值或者所读取的当前编译主机的系统时间数值; Step S110: Acquire a numerical parameter of a plurality of random events, and generate a random seed according to the numerical parameter, where the random event includes: a current compiled host interrupt, a current user terminal input, or a system time of reading the currently compiled host, corresponding The numerical parameter includes: the number of times the current compiled host is interrupted, the value input by the current user terminal, or the system time value of the currently compiled host that is read;
步骤S111、根据所述随机种子生成随机序列;Step S111, generating a random sequence according to the random seed;
步骤S112、获取所述待链接文件中拆分后的每一所述输入节,根据所述随机序列为拆分后的每一个所述输入节分配索引值。Step S112: Obtain each input section that is split in the file to be linked, and assign an index value to each of the split sections after the split according to the random sequence.
具体的,首先获取多个随机事件的数值参数,然后根据获取的数值参数生成随机种子,再根据随机种子生成随机序列。获得随机序列后,根据随机序列Specifically, first, the numerical parameters of the plurality of random events are obtained, and then the random seed is generated according to the obtained numerical parameters, and then the random sequence is generated according to the random seed. After obtaining a random sequence, according to a random sequence
为拆分后的每一输入节分配一索引值。具体的,是为输入节中的函数或变量符号分配索引值,输入节中可以包含一个函数或变量符号,也可以包括多个函数或变量符号,需要说明的是,这里的多个函数或变量符号的数量小于待链接文件的节中所包含的函数或变量符号的数量。当输入节中仅包含一个函数或变量符号时,此时待链接文件中的节拆分的最为彻底,一个函数或变量符号对应一索引值,此时程序内函数和变量符号的随机性也相应增大,程序被成功攻击的可能性就会随之降低,进而程序的安全性也相对提高。当输入节中包含三个函数或变量符号时,相对于输入节中仅包含一个函数或变量符号而言,此时程序内函数和变量符号的随机性相应减小,程序被成功攻击的可能性就会随之增加,进而程序的安全性也相对减弱,这时三个函数或变量符号形成的一组,对应一索引值。Assign an index value to each input section after splitting. Specifically, an index value is assigned to a function or a variable symbol in an input section. The input section may include a function or a variable symbol, and may also include multiple functions or variable symbols. It should be noted that multiple functions or variables herein are included. The number of symbols is less than the number of functions or variable symbols contained in the section of the file to be linked. When the input section contains only one function or variable symbol, the section split in the file to be linked is the most thorough, and a function or variable symbol corresponds to an index value. At this time, the randomness of the function and variable symbol in the program is corresponding. As the number increases, the probability of a successful attack on the program decreases, and the security of the program increases. When the input section contains three functions or variable symbols, compared to the input section containing only one function or variable symbol, the randomness of the function and variable symbols in the program is reduced accordingly, and the possibility of the program being successfully attacked It will increase, and the security of the program will be relatively weak. At this time, a set of three functions or variable symbols corresponds to an index value.
在本发明上述实施例中,步骤S112根据所述随机序列为拆分后的每一个所述输入节分配索引值,具体包括:In the above embodiment of the present invention, the step S112 assigns an index value to each of the input sections after the split according to the random sequence, which specifically includes:
为当前所述输入节选定一索引值;Selecting an index value for the currently input section;
检测为当前所述输入节所选定的索引值是否已经被使用,如果已被使用,再次调用所述随机序列为所述输入节分配一新索引值;Detecting whether an index value selected for the current input section has been used, and if it has been used, calling the random sequence again to assign a new index value to the input section;
若为当前所述输入节所选定的索引值未被使用,则标记选定的索引值已被使用,并将选定的索引值赋予相应的所述输入节。If the index value selected for the currently described input section is not used, the selected index value is marked for use and the selected index value is assigned to the corresponding input section.
具体的,首先为当前的输入节选定一索引值,然后对选定的索引值进行检测,判定当前选定的索引值是否已经被使用,如果检测结果表明选定的索引值已经被使用,则需要调用随机序列为当前输入节分配一新的索引值;如果检测结果表明选定的索引值未被使用,则需要对选定的索引值进行标记,表明选定的索引值已经被占用,避免其他输入节对该索引值的占用,并将选定的索引值赋予当前输入节中。Specifically, an index value is first selected for the current input section, and then the selected index value is detected to determine whether the currently selected index value has been used. If the detection result indicates that the selected index value has been used, Then, the random sequence needs to be called to assign a new index value to the current input section; if the detection result indicates that the selected index value is not used, the selected index value needs to be marked, indicating that the selected index value is already occupied. Avoid the use of this index value by other input sections and assign the selected index value to the current input section.
如图5所示,为本发明实施例随机分配索引的流程示意图;As shown in FIG. 5, it is a schematic flowchart of randomly assigning an index according to an embodiment of the present invention;
步骤S301、统计所有的输出节的信息; Step S301: Statistics information of all output sections;
步骤S302、判断输出节是否处理完毕,若处理完毕则结束流程,否则进入下一步骤;Step S302, determining whether the output section is processed, and if the processing is completed, ending the process; otherwise, proceeding to the next step;
步骤S303、读取输出节对应的所有输入节的信息,并进行数目统计;Step S303, reading information of all input sections corresponding to the output section, and performing number statistics;
步骤S304、判断所有的输入节是否处理完毕,若处理完毕则返回判断输出节是否处理完毕的步骤S302,若未处理完毕,则进入步骤S305;Step S304, determining whether all the input sections have been processed, and if the processing is completed, returning to step S302 of determining whether the output section has been processed, if not, then proceeding to step S305;
步骤S305、生成对应数目的随机数;Step S305, generating a corresponding number of random numbers;
步骤S306、选定一随机数,并判断选定的随机数是否已经分配给其他输入节,若分配了,则继续生成新的随机数,若未分配,则进行下一步骤;Step S306, selecting a random number, and determining whether the selected random number has been allocated to other input sections, and if yes, continuing to generate a new random number, if not, proceeding to the next step;
步骤S307、将该随机数作为当前输入节的索引,然后返回判断所有输入节是否处理完毕的步骤S304。Step S307, the random number is used as an index of the current input section, and then returns to step S304 of determining whether all the input sections have been processed.
在本发明上述实施例中,步骤S12具体为:In the above embodiment of the present invention, step S12 is specifically:
根据所述输入节的索引值确定所述输入节在链接输出文件中的偏移地址,根据所述偏移地址将所述输入节合并至链接输出文件中的一确定位置。Determining an offset address of the input section in the link output file according to an index value of the input section, and combining the input section to a determined location in the link output file according to the offset address.
具体的,在将相应的函数或变量符号合并至一链接输出文件中时,首先需要确定相应的函数或变量符号所在的输入节所对应的索引值,根据相应的索引值确定输入节在链接输出文件中的偏移地址,然后根据偏移地址,将输入节,确切的说是将输入节中的函数或变量符号合并至链接输出文件中的一确定位置。Specifically, when the corresponding function or variable symbol is merged into a link output file, it is first necessary to determine an index value corresponding to the input section where the corresponding function or variable symbol is located, and determine the input section in the link output according to the corresponding index value. The offset address in the file, and then according to the offset address, the input section, specifically the function or variable symbol in the input section is merged into a certain position in the link output file.
如图6所示,为本发明实施例程序链接的编译方法整体流程示意图:FIG. 6 is a schematic diagram showing the overall flow of a method for compiling a program link according to an embodiment of the present invention:
步骤S401、重新拆分待链接文件中的节,保证一个节中只有少量的函数或者变量符号,保证节合入的规则不变;Step S401, re-split the section in the file to be linked, and ensure that there are only a small number of functions or variable symbols in a section, and the rules for ensuring the join are unchanged;
其中少量的函数或者变量符号,是与原节进行比较而言,拆分后的每个节中所包含的函数或者变量符号的数量小于原节中函数或变量符号的数量,进一步的,拆分后的节中所包含的函数或者变量符号的数量越少,那么程序的安全性也相对提高。A small number of functions or variable symbols are compared with the original section. The number of functions or variable symbols contained in each section after splitting is smaller than the number of functions or variable symbols in the original section. Further, splitting The fewer the number of functions or variable symbols included in the following sections, the greater the security of the program.
步骤S402、对需要合并到同一个输出节中的所有输入节,建立索引并进行随机化处理;Step S402, establishing an index and performing randomization processing on all input sections that need to be merged into the same output section;
步骤S403、确定每个输入节的索引后,根据其索引值及所有索引值的排序大小,确认每个输入节在输出节中的偏移;Step S403, after determining the index of each input section, confirm the offset of each input section in the output section according to the index value and the sorting size of all the index values;
步骤S404、合并所有输入节到输出节中,结束流程。 Step S404, merge all input sections into the output section, and end the process.
本发明实施例提供一种程序链接的编译装置,如图7所示,所述编译装置包括:An embodiment of the present invention provides a device for compiling a program. As shown in FIG. 7, the compiling device includes:
处理模块20,设置为获取待链接文件,依据所述待链接文件中的函数或变量符号,将所述待链接文件中的节进行拆分,获得多个输入节;The processing module 20 is configured to obtain a file to be linked, and split a section in the file to be linked according to a function or a variable symbol in the file to be linked to obtain a plurality of input sections;
分配模块30,设置为对每一所述输入节随机化地分配索引值;An allocating module 30, configured to randomly assign an index value to each of the input sections;
合并模块40,设置为依据每一所述输入节的所述索引值,将相应的函数或变量符号合并至一链接输出文件中。The merging module 40 is configured to merge the corresponding function or variable symbol into a link output file according to the index value of each of the input sections.
在本发明上述实施例中,所述处理模块20包括:In the above embodiment of the present invention, the processing module 20 includes:
读取子模块21,设置为读取所述待链接文件中当前所处理节的符号表信息;The reading sub-module 21 is configured to read symbol table information of a currently processed section in the file to be linked;
创建子模块22,设置为依据所述符号表信息,查找当前所处理节的函数或变量符号,依次选定当前所处理节中预设数量的函数或变量符号作为一组,为每一组创建新节,获得与当前所处理节相对应的多个所述输入节。The creating sub-module 22 is configured to search for a function or a variable symbol of the currently processed section according to the symbol table information, and sequentially select a preset number of functions or variable symbols in the currently processed section as a group, and create for each group. In the new section, a plurality of said input sections corresponding to the currently processed sections are obtained.
在本发明上述实施例中,所述处理模块20还包括:In the above embodiment of the present invention, the processing module 20 further includes:
第一处理子模块23,设置为在所述创建子模块22依次选定当前所处理节中预设数量的函数或变量符号作为一组,为每一组创建新节之后,读取所述待链接文件中所有的节信息,判断所述待链接文件中的所有节是否拆分完毕,当未拆分完毕时,则继续读取待链接文件中下一个未处理节的符号表信息,依次选定下一个未处理节中预设数量的函数或变量符号作为一组,为每一组创建新节,获得多个所述输入节;The first processing sub-module 23 is configured to sequentially select, in the creating sub-module 22, a preset number of functions or variable symbols in the currently processed section as a group, and after creating a new section for each group, reading the waiting Linking all the section information in the file, determining whether all the sections in the file to be linked are split, and when the splitting is completed, continuing to read the symbol table information of the next unprocessed section in the file to be linked, and sequentially selecting Determining a preset number of functions or variable symbols in an unprocessed section as a group, creating a new section for each group, obtaining a plurality of said input sections;
第二处理子模块24,设置为依次选定每一个未处理节中预设数量的函数或变量符号作为一组,为每一组创建新节,获得多个所述输入节。The second processing sub-module 24 is arranged to sequentially select a preset number of functions or variable symbols in each unprocessed section as a group, create a new section for each group, and obtain a plurality of the input sections.
在本发明上述实施例中,所述分配模块30包括:In the above embodiment of the present invention, the distribution module 30 includes:
第一生成子模块31,设置为获取多个随机事件的数值参数,根据所述数值参数,生成随机种子,其中所述随机事件包括:当前编译主机发生中断、当前用户终端输入或者读取当前编译主机的系统时间,相应的,所述数值参数包括:当前编译主机发生中断的次数数值、当前用户终端输入的数值或者所读取的当前编译主机的系统时间数值;The first generation sub-module 31 is configured to acquire a numerical parameter of a plurality of random events, and generate a random seed according to the numerical parameter, where the random event includes: an interruption of the current compiled host, a current user terminal input, or a current compilation The system time of the host, correspondingly, the numerical parameter includes: the number of times the current compiled host is interrupted, the value input by the current user terminal, or the system time value of the currently compiled host that is read;
第二生成子模块32,设置为根据所述随机种子生成随机序列;a second generation submodule 32, configured to generate a random sequence according to the random seed;
分配子模块33,设置为获取所述待链接文件中拆分后的每一所述输入节,根据所述随机序列为拆分后的每一个所述输入节分配索引值。 The distribution sub-module 33 is configured to acquire each of the input sections after the split in the file to be linked, and assign an index value to each of the split sections after the split according to the random sequence.
在本发明上述实施例中,所述分配子模块33包括:In the above embodiment of the present invention, the distribution sub-module 33 includes:
选定子单元331,设置为为当前所述输入节选定一索引值;The selected subunit 331 is configured to select an index value for the current input section;
第一处理子单元332,设置为检测为当前所述输入节所选定的索引值是否已经被使用,如果已被使用,再次调用所述随机序列为所述输入节分配一新索引值;The first processing sub-unit 332 is configured to detect whether the index value selected for the current input section has been used, and if it has been used, call the random sequence again to allocate a new index value to the input section;
第二处理子单元333,设置为若为当前所述输入节所选定的索引值未被使用,则标记选定的索引值已被使用,并将选定的索引值赋予相应的所述输入节。The second processing sub-unit 333 is configured to mark the selected index value as used if the index value selected for the current input section is not used, and assign the selected index value to the corresponding input Section.
在本发明上述实施例中,所述合并模块40进一步设置为:In the above embodiment of the present invention, the merging module 40 is further configured to:
根据所述输入节的索引值确定所述输入节在链接输出文件中的偏移地址,根据所述偏移地址将所述输入节合并至链接输出文件中的一确定位置。Determining an offset address of the input section in the link output file according to an index value of the input section, and combining the input section to a determined location in the link output file according to the offset address.
本发明实施例程序链接的编译方法,通过在待链接文件的各个节中依次选定预设数量的函数或变量符号作为一组,为每一组创建新节,获得多个输入节,根据预先生成的随机序列,为每一个输入节随机化分配索引值,依据索引值将相应的函数或变量符号合并至一链接输出文件中,可以进一步提高程序内函数和变量符号的随机性,从而降低了程序被成功攻击的可能性,提高程序的安全性。The compiling method of the program link in the embodiment of the present invention, by sequentially selecting a preset number of functions or variable symbols as a group in each section of the file to be linked, creating a new section for each group, obtaining a plurality of input sections, according to the advance The generated random sequence is randomly assigned an index value for each input section, and the corresponding function or variable symbol is merged into a link output file according to the index value, thereby further improving the randomness of the function and the variable symbol in the program, thereby reducing the randomness. The possibility that the program is successfully attacked, improving the security of the program.
需要说明的是,本发明实施例提供的程序链接的编译装置是应用上述方法的装置,则上述方法的所有实施例均适用于该装置,且均能达到相同或相似的有益效果。It should be noted that the device for compiling the program link provided by the embodiment of the present invention is the device applying the above method, and all the embodiments of the foregoing method are applicable to the device, and all of the same or similar beneficial effects can be achieved.
以上所述是本发明的优选实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明所述原理的前提下,还可以作出若干改进和润饰,这些改进和润饰也应视为本发明的保护范围。The above is a preferred embodiment of the present invention, and it should be noted that those skilled in the art can also make several improvements and retouchings without departing from the principles of the present invention. It should be considered as the scope of protection of the present invention.
工业实用性Industrial applicability
通过本发明实施例在待链接文件的各个节中依次选定预设数量的函数或变量符号作为一组,为每一组创建新节,获得多个输入节,根据预先生成的随机序列,为每一个输入节随机化分配索引值,依据索引值将相应的函数或变量符号合并至一链接输出文件中,可以进一步提高程序内函数和变量符号的随机性,从而降低了程序被成功攻击的可能性,提高程序的安全性。 In the embodiments of the present invention, a preset number of functions or variable symbols are sequentially selected as a group in each section of the file to be linked, and a new section is created for each group, and multiple input sections are obtained, according to the pre-generated random sequence. Each input section randomly allocates an index value, and combines the corresponding function or variable symbol into a link output file according to the index value, thereby further improving the randomness of the function and the variable symbol in the program, thereby reducing the possibility that the program is successfully attacked. Sex, improve the security of the program.

Claims (12)

  1. 一种程序链接的编译方法,所述编译方法包括:A method for compiling a program link, the compilation method comprising:
    获取待链接文件,依据所述待链接文件中的函数或变量符号,将所述待链接文件中的节进行拆分,获得多个输入节;Obtaining a file to be linked, splitting a section in the file to be linked according to a function or a variable symbol in the file to be linked, and obtaining a plurality of input sections;
    对每一所述输入节随机化地分配索引值;Randomly assigning an index value to each of the input sections;
    依据每一所述输入节的所述索引值,将相应的函数或变量符号合并至一链接输出文件中。The corresponding function or variable symbol is merged into a linked output file according to the index value of each of the input sections.
  2. 如权利要求1所述的方法,其中,所述依据所述待链接文件中的函数或变量符号,将所述待链接文件中的节进行拆分,获得多个输入节,具体包括:The method of claim 1, wherein the splitting the sections in the file to be linked according to a function or a variable symbol in the file to be linked, to obtain a plurality of input sections, specifically includes:
    读取所述待链接文件中当前所处理节的符号表信息;Reading symbol table information of a currently processed section in the file to be linked;
    依据所述符号表信息,查找当前所处理节的函数或变量符号,依次选定当前所处理节中预设数量的函数或变量符号作为一组,为每一组创建新节,获得与当前所处理节相对应的多个所述输入节。According to the symbol table information, searching for a function or a variable symbol of the currently processed section, sequentially selecting a preset number of functions or variable symbols in the currently processed section as a group, creating a new section for each group, obtaining and current Processing a plurality of the input sections corresponding to the sections.
  3. 如权利要求2所述的方法,其中,所述依次选定当前所处理节中预设数量的函数或变量符号作为一组,为每一组创建新节之后,所述方法还包括:The method of claim 2, wherein the sequentially selecting a preset number of functions or variable symbols in the currently processed section as a group, after creating a new section for each group, the method further comprises:
    读取所述待链接文件中所有的节信息,判断所述待链接文件中的所有节是否拆分完毕,当未拆分完毕时,则继续读取待链接文件中下一个未处理节的符号表信息,依次选定下一个未处理节中预设数量的函数或变量符号作为一组,为每一组创建新节,获得多个所述输入节;Reading all the section information in the file to be linked, determining whether all the sections in the file to be linked are split, and when not splitting, continuing to read the symbol of the next unprocessed section in the file to be linked Table information, which in turn selects a preset number of functions or variable symbols in the next unprocessed section as a group, creates a new section for each group, and obtains a plurality of the input sections;
    依次选定每一个未处理节中预设数量的函数或变量符号作为一组,为每一组创建新节,获得多个所述输入节。A preset number of functions or variable symbols in each unprocessed section is selected in turn as a group, and a new section is created for each group to obtain a plurality of the input sections.
  4. 如权利要求1所述的方法,其中,所述对每一所述输入节随机化地分配索引值,具体包括:The method of claim 1, wherein the randomly assigning an index value to each of the input sections comprises:
    获取多个随机事件的数值参数,根据所述数值参数,生成随机种子,其中所述随机事件包括:当前编译主机发生中断、当前用户终端输入或者读取当前编译主机的系统时间,相应的,所述数值参数包括:当前编译主机发生中断的次数数值、当前用户终端输入的数值或者所读取的当前编译主机的系统时间数值;Obtaining a numerical parameter of a plurality of random events, and generating a random seed according to the numerical parameter, where the random event includes: an interruption of the current compiled host, a current user terminal input, or a system time of reading the currently compiled host, correspondingly, The numerical parameters include: the number of times the current compiled host is interrupted, the value input by the current user terminal, or the system time value of the currently compiled host that is read;
    根据所述随机种子生成随机序列;Generating a random sequence based on the random seed;
    获取所述待链接文件中拆分后的每一所述输入节,根据所述随机序列为拆分 后的每一个所述输入节分配索引值。Obtaining each of the input sections after splitting in the file to be linked, and splitting according to the random sequence Each of the subsequent input sections is assigned an index value.
  5. 如权利要求4所述的方法,其中,所述根据所述随机序列为拆分后的每一个所述输入节分配索引值,具体包括:The method of claim 4, wherein the assigning an index value to each of the input sections after the split according to the random sequence comprises:
    为当前所述输入节选定一索引值;Selecting an index value for the currently input section;
    检测为当前所述输入节所选定的索引值是否已经被使用,如果已被使用,再次调用所述随机序列为所述输入节分配一新索引值;Detecting whether an index value selected for the current input section has been used, and if it has been used, calling the random sequence again to assign a new index value to the input section;
    若为当前所述输入节所选定的索引值未被使用,则标记选定的索引值已被使用,并将选定的索引值赋予相应的所述输入节。If the index value selected for the currently described input section is not used, the selected index value is marked for use and the selected index value is assigned to the corresponding input section.
  6. 如权利要求1所述的方法,其中,所述依据每一所述输入节的所述索引值,将相应的函数或变量符号合并至一链接输出文件中,具体为:The method of claim 1, wherein the respective functions or variable symbols are combined into a link output file according to the index value of each of the input sections, specifically:
    根据所述输入节的索引值确定所述输入节在链接输出文件中的偏移地址,根据所述偏移地址将所述输入节合并至链接输出文件中的一确定位置。Determining an offset address of the input section in the link output file according to an index value of the input section, and combining the input section to a determined location in the link output file according to the offset address.
  7. 一种程序链接的编译装置,所述编译装置包括:A program linking compiling device, the compiling device comprising:
    处理模块,设置为获取待链接文件,依据所述待链接文件中的函数或变量符号,将所述待链接文件中的节进行拆分,获得多个输入节;a processing module, configured to obtain a file to be linked, and split a section in the file to be linked according to a function or a variable symbol in the file to be linked to obtain a plurality of input sections;
    分配模块,设置为对每一所述输入节随机化地分配索引值;An allocation module configured to randomly assign an index value to each of the input sections;
    合并模块,设置为依据每一所述输入节的所述索引值,将相应的函数或变量符号合并至一链接输出文件中。The merging module is configured to merge the corresponding function or variable symbol into a link output file according to the index value of each of the input sections.
  8. 如权利要求7所述的装置,其中,所述处理模块包括:The apparatus of claim 7 wherein said processing module comprises:
    读取子模块,设置为读取所述待链接文件中当前所处理节的符号表信息;Reading a sub-module, configured to read symbol table information of a currently processed section in the file to be linked;
    创建子模块,设置为依据所述符号表信息,查找当前所处理节的函数或变量符号,依次选定当前所处理节中预设数量的函数或变量符号作为一组,为每一组创建新节,获得与当前所处理节相对应的多个所述输入节。Create a sub-module, set to find a function or a variable symbol of the currently processed section according to the symbol table information, and sequentially select a preset number of functions or variable symbols in the currently processed section as a group, and create a new one for each group. Section, obtaining a plurality of said input sections corresponding to the currently processed section.
  9. 如权利要求8所述的装置,其中,所述处理模块还包括:The apparatus of claim 8 wherein said processing module further comprises:
    第一处理子模块,设置为在所述创建子模块依次选定当前所处理节中预设数量的函数或变量符号作为一组,为每一组创建新节之后,读取所述待链接文件中所有的节信息,判断所述待链接文件中的所有节是否拆分完毕,当未拆分完毕时,则继续读取待链接文件中下一个未处理节的符号表信息,依次选定下一个未处理 节中预设数量的函数或变量符号作为一组,为每一组创建新节,获得多个所述输入节;a first processing submodule, configured to sequentially select a preset number of functions or variable symbols in the currently processed section as a group in the creating submodule, and after creating a new section for each group, reading the to-be-linked file All the section information in the middle, determining whether all the sections in the file to be linked are split, and when the splitting is completed, continuing to read the symbol table information of the next unprocessed section in the file to be linked, and then selecting the next One unprocessed a preset number of functions or variable symbols in a section as a group, creating a new section for each group, obtaining a plurality of the input sections;
    第二处理子模块,设置为依次选定每一个未处理节中预设数量的函数或变量符号作为一组,为每一组创建新节,获得多个所述输入节。The second processing sub-module is configured to sequentially select a preset number of functions or variable symbols in each unprocessed section as a group, create a new section for each group, and obtain a plurality of the input sections.
  10. 如权利要求7所述的装置,其中,所述分配模块包括:The apparatus of claim 7 wherein said assigning module comprises:
    第一生成子模块,设置为获取多个随机事件的数值参数,根据所述数值参数,生成随机种子,其中所述随机事件包括:当前编译主机发生中断、当前用户终端输入或者读取当前编译主机的系统时间,相应的,所述数值参数包括:当前编译主机发生中断的次数数值、当前用户终端输入的数值或者所读取的当前编译主机的系统时间数值;The first generating submodule is configured to obtain a numerical parameter of the plurality of random events, and generate a random seed according to the numerical parameter, where the random event includes: the current compiled host is interrupted, the current user terminal inputs or reads the currently compiled host The system time, correspondingly, the numerical parameter includes: the number of times the current compiled host is interrupted, the value input by the current user terminal, or the system time value of the currently compiled host that is read;
    第二生成子模块,设置为根据所述随机种子生成随机序列;a second generation submodule, configured to generate a random sequence according to the random seed;
    分配子模块,设置为获取所述待链接文件中拆分后的每一所述输入节,根据所述随机序列为拆分后的每一个所述输入节分配索引值。And an allocation sub-module, configured to acquire each of the input sections after the splitting in the file to be linked, and assign an index value to each of the split sections after the split according to the random sequence.
  11. 如权利要求10所述的装置,其中,所述分配子模块包括:The apparatus of claim 10 wherein said assigning sub-module comprises:
    选定子单元,设置为为当前所述输入节选定一索引值;The selected subunit is set to select an index value for the currently input section;
    第一处理子单元,设置为检测为当前所述输入节所选定的索引值是否已经被使用,如果已被使用,再次调用所述随机序列为所述输入节分配一新索引值;a first processing sub-unit, configured to detect whether an index value selected for the current input section has been used, and if it has been used, again calling the random sequence to assign a new index value to the input section;
    第二处理子单元,设置为若为当前所述输入节所选定的索引值未被使用,则标记选定的索引值已被使用,并将选定的索引值赋予相应的所述输入节。a second processing sub-unit, configured to flag the selected index value to be used if the index value selected for the current input section is not used, and assign the selected index value to the corresponding input section .
  12. 如权利要求7所述的装置,其中,所述合并模块进一步设置为:The apparatus of claim 7 wherein said merging module is further configured to:
    根据所述输入节的索引值确定所述输入节在链接输出文件中的偏移地址,根据所述偏移地址将所述输入节合并至链接输出文件中的一确定位置。 Determining an offset address of the input section in the link output file according to an index value of the input section, and combining the input section to a determined location in the link output file according to the offset address.
PCT/CN2015/096591 2015-07-16 2015-12-07 Compiling method and device for program linking WO2017008431A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510418582.X 2015-07-16
CN201510418582.XA CN106708593B (en) 2015-07-16 2015-07-16 Compiling method and device for program linkage

Publications (1)

Publication Number Publication Date
WO2017008431A1 true WO2017008431A1 (en) 2017-01-19

Family

ID=57756779

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/096591 WO2017008431A1 (en) 2015-07-16 2015-12-07 Compiling method and device for program linking

Country Status (2)

Country Link
CN (1) CN106708593B (en)
WO (1) WO2017008431A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101621498A (en) * 2008-06-30 2010-01-06 成都市华为赛门铁克科技有限公司 Method, device and equipment for defending against network attacks
CN101697131A (en) * 2009-11-04 2010-04-21 中兴通讯股份有限公司 Method and device for dynamically loading relocatable file
CN102880461A (en) * 2012-08-29 2013-01-16 华为技术有限公司 Compiling and linking method and device

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7516442B2 (en) * 2003-10-23 2009-04-07 Microsoft Corporation Resource manifest
US7631292B2 (en) * 2003-11-05 2009-12-08 Microsoft Corporation Code individualism and execution protection
CN101782860B (en) * 2009-01-21 2013-10-09 华为技术有限公司 Method and device for linking program
CN101650664B (en) * 2009-06-30 2012-06-27 飞天诚信科技股份有限公司 Link method and linker
US20130113809A1 (en) * 2011-11-07 2013-05-09 Nvidia Corporation Technique for inter-procedural memory address space optimization in gpu computing compiler
US8793528B2 (en) * 2011-11-30 2014-07-29 Oracle International Corporation Dynamic hypervisor relocation
CN104267999B (en) * 2014-09-26 2018-09-18 浙江中控技术股份有限公司 A kind of method and apparatus that control program is compiled

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101621498A (en) * 2008-06-30 2010-01-06 成都市华为赛门铁克科技有限公司 Method, device and equipment for defending against network attacks
CN101697131A (en) * 2009-11-04 2010-04-21 中兴通讯股份有限公司 Method and device for dynamically loading relocatable file
CN102880461A (en) * 2012-08-29 2013-01-16 华为技术有限公司 Compiling and linking method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
BHATKAR, S. ET AL.: "Efficient Techniques for Comprehensive Protection from Memory Error Exploits", PROCEEDINGS OF THE 14 TH USENIX SECURITY SYMPOSIUM (2005), 31 December 2005 (2005-12-31), pages 256 - 263, XP007910303 *

Also Published As

Publication number Publication date
CN106708593B (en) 2020-12-08
CN106708593A (en) 2017-05-24

Similar Documents

Publication Publication Date Title
EP3123311B1 (en) Malicious code protection for computer systems based on process modification
Octeau et al. Effective {Inter-Component} communication mapping in android: An essential step towards holistic security analysis
KR102107872B1 (en) Compiler based obfuscation
JP5647360B2 (en) System and method for supporting JIT in a secure system with randomly allocated memory ranges
US10102373B2 (en) Method and apparatus for capturing operation in a container-based virtualization system
CN107563201B (en) Associated sample searching method and device based on machine learning and server
CN108121594B (en) Process management method and device
US10867050B2 (en) Method and apparatus for generating dynamic security module
KR102271545B1 (en) Systems and Methods for Domain Generation Algorithm (DGA) Malware Detection
US11762987B2 (en) Systems and methods for hardening security systems using data randomization
US7992156B1 (en) Determining the address of a system call table to perform antivirus tasks in a computer
US10055579B2 (en) System resources for sandboxing
JP5965059B2 (en) Information processing apparatus and identification method
JP2018152061A (en) Secure just-in-time (jit) code generation
CN108776633B (en) Method for monitoring process operation, terminal equipment and computer readable storage medium
US10459851B2 (en) Method and apparatus for executing a process on a device using memory privileges
US20180129490A1 (en) Object ordering preservation during lto link stage
WO2017008431A1 (en) Compiling method and device for program linking
CN108733990B (en) Block chain-based file protection method and terminal equipment
CN110753060A (en) Process operation control method and device, electronic equipment and storage medium
CN112395603A (en) Vulnerability attack identification method and device based on instruction execution sequence characteristics and computer equipment
JP5766650B2 (en) Information processing apparatus, monitoring method, and monitoring program
CN114139079A (en) API request processing method, device, equipment and storage medium
KR20200111909A (en) A method and apparatus for efficiently detecting a vulnerability in a memory of a heap area
CN112541188B (en) Method and device for preventing application program code from being statically analyzed

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15898157

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15898157

Country of ref document: EP

Kind code of ref document: A1