CN103413074A - Method and device for protecting software through API - Google Patents
Method and device for protecting software through API Download PDFInfo
- Publication number
- CN103413074A CN103413074A CN2013102843801A CN201310284380A CN103413074A CN 103413074 A CN103413074 A CN 103413074A CN 2013102843801 A CN2013102843801 A CN 2013102843801A CN 201310284380 A CN201310284380 A CN 201310284380A CN 103413074 A CN103413074 A CN 103413074A
- Authority
- CN
- China
- Prior art keywords
- software
- protecting equipment
- programming interface
- application programming
- protected
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a method and device for protecting software through an API. According to the method, codes of the platform API are all or partially transplanted to a software encrypting device, operation of the API used by the software is achieved, software codes do not need transplanting, potential safety hazards generated after the platform API is called by the software in the executing process are avoided, analyzing difficulties of crackers are increased, and software safety is improved.
Description
Technical field
The present invention relates to information security field, particularly a kind of method and device of realizing software protection by API.
Background technology
API (Application Programming Interface) is application programming interface, refers to that computer operating system (Operating system) or routine library offer the code that application call is used.Its fundamental purpose is to allow the Application developer be called one group of routine function, and why or understand the details of its internal work mechanism the source code that need not consider its bottom.API itself is abstract, and it has only defined an interface, and does not involve in the details how application program realizes.For example, WINDOWS operating system provides WINDOWS API, and WINDOWS API is the System Programming interface for Microsoft WINDOWS operating system family.It is the outward appearance of a set of all parts that is used for controlling WINDOWS and a set of predefined WINDOWS function of behavior.Each action of user can cause the operation of one or several function to tell what has occurred WINDOWS.This is the natural code of similar WINDOWS to a certain extent, and other language only is to provide the method for the automatic and easier access API of a kind of energy.Every application program in the underground execution of WINDOWS working environment can be called WINDOWS API.
In all instructions of CPU, it is breakneck that some instructions are arranged, if misuse, will cause the whole system collapse.Such as: clear internal memory, clock etc. is set.So CPU is divided into privileged instruction and nonprivileged instruction by instruction, for those dangerous instructions, only allow operating system and correlation module thereof to use, common application program can only be used those can not cause the instruction of disaster.The CPU of Intel is divided into 4 rank: RING0, RING1, RING2, RING3 by privilege level.WINDOWS can only be used RING0 and RING3, and RING0 is only used to operating system, and RING3 can be for operating system and application program.
In software analysis and the process that cracks, if the cracker can understand the interface between modules and title in software, the cracking difficulty and will greatly reduce of software so, a kind of analytical approach commonly used is to analyze at the API place of operating system platform at present in the process that software cracks.
In practical application, many times protected software all needs call operation system API or carries out mutual to complete specific function with the function of other modules of software.The means that a lot of software protections are arranged are that partial code is transplanted in hardware encipher device (calling encryption lock in the following text), and when the software transfer encryption lock, the inner run time version processing procedure of encryption lock, then return to software by result.But need to revise in a large number code when generally transplanting code, not only the code of being transplanted to encryption lock inside must be split into to many independently sub-function module, also to guarantee the correctness of calling and processing between the software code of encryption lock outside and encryption lock internal code, this has just increased workload and the difficulty of transplanting code, also dwindled simultaneously the scope that code is transplanted, and a large amount of alternately running software speed also being had a certain impact between software and encryption lock.
Summary of the invention
For solving software in the process of implementation by corresponding platform application programming interface interface obviously called to the potential safety hazard produced; increase the difficulty that the cracker analyzes, debugs, the invention provides a kind of method that realizes software protection by application programming interface.The code of all or part of application programming interface that the present invention is used by software is transplanted in encryption lock and is carried out; protected software receives the result that encryption lock returns; argument structure is organized; then calling system sysenter(sysenter is an assembly instruction under the WINDOWS platform; for entering the system kernel state; belong to prior art; specifically can be referring to Inter cpu instruction set) carry out operation accordingly; after complete; execution result is returned to encryption lock; after encryption lock is processed, return to protected software.The present invention, without the code of transplanting software, by transplanting and the processing of application programs DLL (dynamic link library), can effectively improve software security.
According to the present invention, provide a kind of and realize method for protecting software by software protecting equipment, described software protecting equipment is connected with main frame, and described method comprises:
Step 1: protected software is carried out to required application programming interface and be transplanted in described software protecting equipment;
Step 2: be the code that calls described software protecting equipment by the code revision of calling described application programming interface in protected software;
Step 3: protected running software when calling described application programming interface, calls described software protecting equipment;
Step 4: described software protecting equipment receives call request, carries out corresponding computing according to call request, after completing, operation result is returned to protected software;
Step 5: protected software is accepted described operation result, carries out corresponding operation system function;
Step 6: complete, return to execution result to protected software, protected software is sequentially carried out follow-up code.
According to an aspect of the present invention, application programs DLL (dynamic link library) function or parameter etc. are encrypted.
According to an aspect of the present invention; be transplanted to the form storage that the application programming interface in described software protecting equipment indexes with the application programming interface list, or with the list of application programming interface function name or the storage of application programming interface code snippet form.
According to an aspect of the present invention, call described software protecting equipment, transport function title and parameter, or delivery applications programming interface index.
According to an aspect of the present invention, described software protecting equipment internal arithmetic comprises according to index functions, function parameter searches function list, finds corresponding application programming interface.
According to an aspect of the present invention, described software protecting equipment internal searching, after respective function, is processed parameter.
According to an aspect of the present invention, parameter is processed and comprised character code conversion, numerical value conversion.
According to an aspect of the present invention, step 3,4 is carried out repeatedly.
According to an aspect of the present invention, the assembly instruction call operation system that in step 5, protected software transfer enters system kernel.
According to another aspect of the present invention, provide a kind of software protecting equipment of realizing software protection, described software protecting equipment is connected with main frame, also comprises in described software protecting equipment:
Memory module, for the application programming interface list information of storage migration to described software protecting equipment;
Communication module, for communicating by letter between protected software and described software protecting equipment;
Computing module, for the execution calculating operation of described software protecting equipment inside;
Wherein, the required application programming interface of protected software execution is transplanted in the memory module of described software protecting equipment;
When protected running software, when calling described application programming interface, call described software protecting equipment;
Described software protecting equipment receives call request by described communication module, by computing module, carries out corresponding computing according to call request, after completing, by communication module, described operation result is returned to described protected software.
According to another aspect of the present invention, memory module is also stored the key that enciphering and deciphering algorithm is used, and/or the partial code fragment.
According to another aspect of the present invention, comprise the arithmetic operations such as encryption and decryption, character code conversion.
According to another aspect of the present invention; be transplanted to the form storage that the application programming interface in described software protecting equipment indexes with the application programming interface list, or with the list of application programming interface function name or the storage of application programming interface code snippet form.
By method provided by the present invention, application programming interface is transplanted in encryption lock and is carried out, solved software in the process of implementation by corresponding platform application programming interface interface obviously called to the potential safety hazard produced, increase the difficulty that the cracker analyzes and debugs, improve the security of software, substantially do not affect the travelling speed of software simultaneously.
The accompanying drawing explanation
Fig. 1 is the fundamental block diagram of the preferred embodiment according to a kind of method and apparatus of realizing software protection of the present invention.
Fig. 2 is the schematic flow sheet of the preferred embodiment according to a kind of method that realizes software protection of the present invention and device.
Embodiment
For making purpose of the present invention, technical scheme and advantage clearer, referring to the accompanying drawing embodiment that develops simultaneously, the present invention is described in more detail.
According to an embodiment of the invention, a kind of method that realizes software protection is provided, concrete steps comprise:
1. protected software being carried out to needed all or part of WINDOWS application programming interface is transplanted in encryption lock.
2. invokes application DLL (dynamic link library) in protected software partly is revised as and calls the encryption lock code.
3. protected running software, to invokes application DLL (dynamic link library) part, calls encryption lock.
4. inner execution of encryption lock processed, and finishes dealing with, and returns results to protected software.
5. protected software reception encryption lock returns results, and calls sysenter and obtains result, and order is carried out the follow-up code of protected software.
According to an embodiment of the invention, step 3-4 carries out repeatedly.
According to an embodiment of the invention, in step 4, the inner execution of encryption lock is processed and is comprised character code conversion, numerical value conversion, encryption and decryption or search the required application programming interface function of execution according to index or function name.Described application programming interface includes but not limited to CreateEventA, CreateMutexA etc.
According to an embodiment of the invention, in step 5, sysenter is the assembly instruction that enters system kernel.
According to an embodiment of the invention, a kind of device of realizing software protection is provided, but referring to inside, described device has the encryption device of execution environment, as encryption lock, described device specifically comprises:
Memory module, for the application programming interface list information of storage migration to encryption lock, can also store the key that enciphering and deciphering algorithm is used, and the partial code fragment.
Communication module, for communicating by letter between protected software and encryption lock.
Computing module, the performance of budget operation for encryption lock inside, comprise encryption and decryption, character code conversion etc.
As shown in Figure 2, provide a kind of method for protecting software, concrete steps comprise:
1. protected software being carried out to required all or part of WINDOWS API is transplanted in encryption lock;
2. by the code revision of calling the API part in protected software, be the code that calls encryption lock;
3. protected running software when calling the API part, calls encryption lock;
4. encryption lock receives call request, searches corresponding API or carries out corresponding computing according to call request, after completing, returns results to protected software;
5. protected software is accepted to return results, and calls sysenter and carries out corresponding operation system function;
6. complete, return results to protected software, protected software is sequentially carried out follow-up code.
According to an aspect of the present invention, be transplanted to the form that the WINDOWS API in encryption lock can index with the API list, can also api function name list or the storage of API code snippet form.
According to an aspect of the present invention, when in step 3, software transfer is encrypted, can transport function title and parameter (namely directly searching respective function by function name in encryption lock) or API index.
According to an aspect of the present invention, in step 4, the encryption lock internal arithmetic comprises according to index functions (and function parameter) and searches function list, finds corresponding A PI, returns to protected software.
According to an aspect of the present invention, the encryption lock internal searching, after respective function, can be processed parameter, comprises character code conversion, numerical value conversion etc.
According to an aspect of the present invention, for improving security, can adopt encryption policy, api function or parameter etc. is encrypted.
According to an aspect of the present invention; in step 4, can the execution character code conversion operate; according to protected software transfer request, character conversion is carried out in inside, and (as ANSI, turn Unicode, (there are numerical value conversion list or transfer algorithm in encryption lock inside in the numerical value conversion; according to the numerical value imported into; return to result after computing, such as 1, convert 40 to; 2 convert 41 to), after converting, return to protected software.
According to an aspect of the present invention, step 3-4 carries out repeatedly.
According to an aspect of the present invention, in step 5, sysenter is the assembly instruction that enters system kernel.
According to an aspect of the present invention, after in step 5, software reception encryption lock returns results, can organize the function parameter structure.Be exactly below simplified example, example and false code explanation are hereinafter arranged.
According to an aspect of the present invention, the function parameter structure is organized, specifically such as WINDOWS API Fun1(a, b) call Fun2(a, b, c), wherein Fun1, Fun2 are expressed as respectively two functions, and c is preset parameter 400, and Fun2 calls sysenter needs parameter a ', b ' c, finally complete whole function.At first, by Fun1, the code of Fun2 is implanted in encryption lock, then passes through sysenter a ' the most at last, b ', and the parameter value of c returns to protected software, and protected software is pressed into parameter a ', b ', c, then call the complete whole process of sysenter.
As shown in Figure 1, provide a kind of device of realizing software protection, specifically comprise:
Memory module, for the WINDOWS API list information of storage migration to encryption lock.According to one embodiment of present invention, list can be document form, such as CreateEventA.bin.In addition, memory module can also be stored the key that enciphering and deciphering algorithm is used, and the partial code fragment.
Communication module, for communicating by letter between protected software and encryption lock.
Computing module, the performance of budget operation for encryption lock inside, comprise the arithmetic operations such as encryption and decryption, character code conversion.
In the present invention, at first that protected software is required all or part of WINDOWS API is transplanted in the memory module of encryption lock.
Then, the API in memory module, transplanting come stores by forms such as list, list+index or code snippets.According to one embodiment of present invention, the form of list, index can be document form, such as CreateEventA.bin, thereby can directly carry out by title.
Then, by the code revision of calling API part in protected software code, be the code that calls encryption lock, when protected running software, when calling the API part, call encryption lock, to encryption lock, send call request.According to one embodiment of present invention, in call request, can comprise API index or API Name.
Encryption lock is searched corresponding WINDOWS API according to API index or API Name after receiving request, then carries out corresponding operation.According to one embodiment of present invention, such as can directly returning to WINDOWS API to protected software, or the api function parameter is processed to (character, numeric coding conversion etc.), then return to protected software.
Software receives the result that encryption lock returns; as required argument structure is organized to (being mainly that the arrangement that parameter is carried out order is passed to sysenter); then call sysenter and carry out corresponding operation system function; after completing, return results to protected software, protected software is sequentially carried out follow-up code.
Embodiment 1
With this function of WINDOWS API CreateEventA(under WINDOWS 7 platforms, be a WINDOWS API relatively more commonly used, its effect is the event object that creates or open a name or there is no name) be example.According to one embodiment of present invention, in the present embodiment, only simply the character string conversion is put into to encryption lock.This embodiment, only as example, is not construed as limiting the invention.Those skilled in the art can essence according to the present invention modify or additions and deletions to this embodiment fully, and it can not depart from the scope of the present invention.Particularly, the implementation process of this embodiment is as follows:
(1) the WINDOWS API CreateEventA and other the required API that application program are needed are transplanted in the memory module of encryption device;
(2) encryption lock inside realizes that the ANSI character string is converted to Unicode character string function A; Wherein, the ANSI that simply writes an English turns Unicode demonstration code, and the demonstration code adds one 0 by each monocase back, then usings two 0 as finishing.The demonstration code sees below.The demonstration code is only a kind of embodiment, is not construed as limiting the invention.
(3) during the software transfer encryption lock, transport function (comprise function name and parameter, parameter is the ASNI form);
(4) encryption lock receives the request of calling the encryption lock inner function of being sent by the host side be attached thereto, in described request with function name, parameter.Encryption lock is searched the corresponding WINDOWS API CreateEventA stored in encryption lock according to function name, the function A called in encryption lock in above-mentioned steps carries out character conversion to the function parameter in request, returns to the Unicode character string.
(5) (this structure has been specified the attribute of object handle to this API of software application InitializeObjectAttributes(, uses the InitializeObjectAttributes deinitialization for the following POBJECT_ATTRIBUTES structure of initialization.It draws 6000 help from WDK, and WDK refers to Windows Driver Kit, be a kind of fully-integrated Driver Development system, it comprises Windows Driver Device Kit (DDK), be used to testing the reliability and stability of Windows driver.)
(6) API is to provide to this structure of POBJECT_ATTRIBUTES(that (this function is the realization certainly to existing function to the ZwCreateEvent function, code sees below) one of the parameter used) carry out initialization, call and from the ZwCreateEvent that realizes (protected software realization), parameter is imported into to (ZwCreateEvent function inside realizes that content is that 0x40 function SEQ.XFER is put into to eax register, calling sysenter interrupts, it is a WINDOWS API after returning, to call RtlSetLastWin32Error(, for improper value is set, the LastError value, facilitate the user to check mistake).
In the present embodiment, WINDOWS API CreateEventA is deposited in encryption lock; character conversion is carried out to function parameter in inside; and protected software inhouse is from realizing ZwCreateEvent Transfer Parameters (in step 4); so; the cracker can not find api interface; can't debug and analyze, therefore increased the security of software.
Below the false code of calling of host side:
#include "WINDOWS.h"
typedef DWORD NTSTATUS;
#define DEF_FUNCTION_EX(RetType, FunName, FunID, RetN, ...) \
__declspec(naked) RetType __stdcall FunName(__VA_ARGS__) \
{ \
__asm mov eax, FunID \
__asm mov edx, SystemEnter \
__asm call edx \
__asm retn RetN \
}
__declspec(naked) void SystemEnter()
{
_asm
{
mov edx, esp
_emit 0x0F //sysenter
_emit 0x34
retn
}
}
// here from realizing ZwCreateEvent
DEF_FUNCTION_EX(NTSTATUS, ZwCreateEvent, 0x40, 0x14,
OUT PHANDLE EventHandle,
IN ACCESS_MASK DesiredAccess,
IN DWORD ObjectAttributes OPTIONAL,
IN DWORD EventType,
IN BOOLEAN InitialState)
void AnsiStringToUnicodeString (char* pcInMutiBytes, UINT uiBytesCount,
unsigned char* pucWideChar, UINT uiWideCharCount, UINT* puiRetBytes)
{
// with encryption device, communicate by letter here, such as we use function name as filename CreateEventA.bin
// transmit CreateEventA, parameter p cInMutiBytes, uiBytesCount is to encryption lock
// encryption lock converts character string to return, and result store is at pucWideChar, in puiRetBytes
}
HANDLE WINAPI _CreateEvent(
__in LPSECURITY_ATTRIBUTES lpEventAttributes,
__in BOOL bManualReset,
__in BOOL bInitialState,
__in LPCTSTR lpName
)
{
UINT uiRet = 0;
unsigned char* pucEventName = NULL;
UINT uiLen, uiRetLen;
HANDLE hEvent;
UINT uiLastErrorCode = 0;
if (lpName != NULL)
{
// apply for possibly some internal memories here
// call encryption device to generate the Unicode character string
AnsiStringToUnicodeString (lpName, uiLen, pucEventName, (uiLen + 1) * 2, &uiRetLen);
// initialization POBJECT_ATTRIBUTES is used InitializeObjectAttributes
}
// according to following parameter, pass to the ZwCreateEvent that we realize
/*
OUT PHANDLE EventHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN EVENT_TYPE EventType,
IN BOOLEAN InitialState
*/
uiRet = ZwCreateEvent(&hEvent, 0x001F0003, 0, 1, 0);
// LastError is set
if ((int)uiRet < 0)
{
uiLastErrorCode = RtlNtStatusToDosError(uiRet);
}
else
{
switch (uiRet)
{
case 0x40000000:
uiLastErrorCode = 0x0B7;
break;
default:
uiLastErrorCode = 0;
}
}
RtlSetWin32LastError(uiLastErrorCode);
if (lpName != NULL)
{
// to discharge the internal memory of application here
}
return hEvent;
}
It is below bin file in encryption device.CreateEventA.bin internal code (the c code is simply two bytes by a byte expansion)
for(i = 0, j=0; i < len; j+=2, i++)
{
pucUnicode[j] = pucAnsi[i];
pucUnicode[j+1] = 0;
}
if (pucAnsi[len-1] != 0)
{
pucUnicode[j] = 0;
pucUnicode[j+1] = 0;
len++;
}
Embodiment 2
With this function of WINDOWS API CreateMutexA(under WINDOWS 7 platforms, be a WINDOWS API relatively more commonly used, its effect is the Mutex object that creates or open a name or do not name) be example, this embodiment, only as example, is not construed as limiting the invention.Those skilled in the art can essence according to the present invention modify or additions and deletions to this embodiment fully, and it can not depart from the scope of the present invention.Particularly, the implementation process of this embodiment is as follows:
(1) just the WINDOWS API CreateMutexA of application program needs is transplanted in the memory module of encryption device;
(2), in encryption device, realize that the ANSI character string is converted to Unicode character string function A;
(3) application program that will call CreateMutextA is communicated by letter with encryption lock, calls the function A in encryption device, returns to the Unicode character string.
(4) use this API of InitializeObjectAttributes(for the following POBJECT_ATTRIBUTES structure of initialization) API is to provide one of parameter of using to the ZwCreateEvent function to this structure of POBJECT_ATTRIBUTES() carry out initialization, call the function that needs the programming personnel to realize from the ZwCreateMutant(realized, function of the same name is also arranged in system, this function is the function of the more deep layer of CreateMutexA), parameter is imported into and (0x4A function SEQ.XFER is put into to eax register, call interruption), after returning, call RtlSetLastWin32Error(be used to improper value is set, facilitate the user to check mistake) the LastError value is set.
The foregoing is only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of doing, be equal to and replace and improvement etc., within all should being included in protection scope of the present invention.
Claims (13)
1. by software protecting equipment, realize method for protecting software for one kind, described software protecting equipment is connected with main frame, it is characterized in that, described method comprises:
Step 1: protected software is carried out to required application programming interface and be transplanted in described software protecting equipment;
Step 2: be the code that calls described software protecting equipment by the code revision of calling described application programming interface in protected software;
Step 3: protected running software when calling described application programming interface, calls described software protecting equipment;
Step 4: described software protecting equipment receives call request, carries out corresponding computing according to call request, after completing, operation result is returned to protected software;
Step 5: protected software is accepted described operation result, carries out corresponding operation system function;
Step 6: complete, return to execution result to protected software, protected software is sequentially carried out follow-up code.
2. method according to claim 1, is characterized in that, application programs DLL (dynamic link library) function or parameter etc. are encrypted.
3. method according to claim 1; it is characterized in that; be transplanted to the form storage that the application programming interface in described software protecting equipment indexes with the application programming interface list, or with the list of application programming interface function name or the storage of application programming interface code snippet form.
4. method according to claim 1, is characterized in that, calls described software protecting equipment, transport function title and parameter, or delivery applications programming interface index.
5. method according to claim 1, is characterized in that, described software protecting equipment internal arithmetic comprises according to index functions, function parameter searches function list, finds corresponding application programming interface.
6. method according to claim 1, is characterized in that, described software protecting equipment internal searching, after respective function, is processed parameter.
7. method according to claim 6, is characterized in that, parameter is processed and comprised character code conversion, numerical value conversion.
8. method according to claim 1, is characterized in that, step 3,4 is carried out repeatedly.
9. method according to claim 1, is characterized in that, in step 5, protected software transfer enters the assembly instruction call operation system of system kernel.
10. software protecting equipment of realizing software protection, described software protecting equipment is connected with main frame, and its spy is, also comprises in described software protecting equipment:
Memory module, for the application programming interface list information of storage migration to described software protecting equipment;
Communication module, for communicating by letter between protected software and described software protecting equipment;
Computing module, for the execution calculating operation of described software protecting equipment inside;
Wherein, the required application programming interface of protected software execution is transplanted in the memory module of described software protecting equipment;
When protected running software, when calling described application programming interface, call described software protecting equipment;
Described software protecting equipment receives call request by described communication module, by computing module, carries out corresponding computing according to call request, after completing, by communication module, described operation result is returned to described protected software.
11. device according to claim 10, is characterized in that, memory module is also stored the key that enciphering and deciphering algorithm is used, and/or the partial code fragment.
12. device according to claim 10, is characterized in that, comprises the arithmetic operations such as encryption and decryption, character code conversion.
13. device according to claim 10; it is characterized in that; be transplanted to the form storage that the application programming interface in described software protecting equipment indexes with the application programming interface list, or with the list of application programming interface function name or the storage of application programming interface code snippet form.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310284380.1A CN103413074B (en) | 2013-07-08 | 2013-07-08 | A kind of method and apparatus being realized software protection by API |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310284380.1A CN103413074B (en) | 2013-07-08 | 2013-07-08 | A kind of method and apparatus being realized software protection by API |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103413074A true CN103413074A (en) | 2013-11-27 |
| CN103413074B CN103413074B (en) | 2016-03-16 |
Family
ID=49606085
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310284380.1A Active CN103413074B (en) | 2013-07-08 | 2013-07-08 | A kind of method and apparatus being realized software protection by API |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103413074B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103646205A (en) * | 2013-12-24 | 2014-03-19 | 飞天诚信科技股份有限公司 | Method for controlling operation of encryption lock |
| CN104504336A (en) * | 2014-12-30 | 2015-04-08 | 大连楼兰科技股份有限公司 | Method and device for preventing embedded system from being maliciously debugged online |
| CN105303073A (en) * | 2015-11-26 | 2016-02-03 | 北京深思数盾科技有限公司 | Protecting method for software codes |
| CN108965930A (en) * | 2017-12-29 | 2018-12-07 | 北京视联动力国际信息技术有限公司 | A kind of method and apparatus of video data processing |
| CN109558183A (en) * | 2018-11-30 | 2019-04-02 | 北京数聚鑫云信息技术有限公司 | A kind of method and device of automatic realization API application |
| CN111104668A (en) * | 2019-12-23 | 2020-05-05 | 江苏恒宝智能***技术有限公司 | Implementation method and application of return value of security authentication function |
| CN108536427B (en) * | 2017-03-06 | 2021-05-14 | 北京小米移动软件有限公司 | Compiling method and device of application program |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040153661A1 (en) * | 2003-01-31 | 2004-08-05 | Graunke Gary L. | Implementing portable content protection to secure secrets |
| CN101908119A (en) * | 2010-08-12 | 2010-12-08 | 浙江中控软件技术有限公司 | Method and device for processing dynamic link library (DLL) file |
| CN102043932A (en) * | 2010-12-31 | 2011-05-04 | 中国航空工业集团公司第六三一研究所 | Method for preventing Java program from being decompiled |
| CN102890758A (en) * | 2012-10-11 | 2013-01-23 | 北京深思洛克软件技术股份有限公司 | Method and system for protecting executable file |
-
2013
- 2013-07-08 CN CN201310284380.1A patent/CN103413074B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040153661A1 (en) * | 2003-01-31 | 2004-08-05 | Graunke Gary L. | Implementing portable content protection to secure secrets |
| CN101908119A (en) * | 2010-08-12 | 2010-12-08 | 浙江中控软件技术有限公司 | Method and device for processing dynamic link library (DLL) file |
| CN102043932A (en) * | 2010-12-31 | 2011-05-04 | 中国航空工业集团公司第六三一研究所 | Method for preventing Java program from being decompiled |
| CN102890758A (en) * | 2012-10-11 | 2013-01-23 | 北京深思洛克软件技术股份有限公司 | Method and system for protecting executable file |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103646205A (en) * | 2013-12-24 | 2014-03-19 | 飞天诚信科技股份有限公司 | Method for controlling operation of encryption lock |
| CN103646205B (en) * | 2013-12-24 | 2016-04-06 | 飞天诚信科技股份有限公司 | A kind of method controlling operation of encryption lock |
| CN104504336A (en) * | 2014-12-30 | 2015-04-08 | 大连楼兰科技股份有限公司 | Method and device for preventing embedded system from being maliciously debugged online |
| CN104504336B (en) * | 2014-12-30 | 2018-01-19 | 大连楼兰科技股份有限公司 | Prevent embedded system by the method and apparatus of malice on-line debugging |
| CN105303073A (en) * | 2015-11-26 | 2016-02-03 | 北京深思数盾科技有限公司 | Protecting method for software codes |
| CN105303073B (en) * | 2015-11-26 | 2018-07-06 | 北京深思数盾科技股份有限公司 | Software code guard method |
| CN108536427B (en) * | 2017-03-06 | 2021-05-14 | 北京小米移动软件有限公司 | Compiling method and device of application program |
| CN108965930A (en) * | 2017-12-29 | 2018-12-07 | 北京视联动力国际信息技术有限公司 | A kind of method and apparatus of video data processing |
| CN108965930B (en) * | 2017-12-29 | 2021-05-28 | 视联动力信息技术股份有限公司 | Video data processing method and device |
| CN109558183A (en) * | 2018-11-30 | 2019-04-02 | 北京数聚鑫云信息技术有限公司 | A kind of method and device of automatic realization API application |
| CN111104668A (en) * | 2019-12-23 | 2020-05-05 | 江苏恒宝智能***技术有限公司 | Implementation method and application of return value of security authentication function |
| CN111104668B (en) * | 2019-12-23 | 2022-03-01 | 恒宝股份有限公司 | Implementation method and application of return value of security authentication function |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103413074B (en) | 2016-03-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103413074B (en) | A kind of method and apparatus being realized software protection by API | |
| TWI648648B (en) | Protection method of executable program on android platform | |
| WO2017107706A1 (en) | Elf file protection method and system based on arm instruction virtualization | |
| US11120018B2 (en) | Spark query method and system supporting trusted computing | |
| CN106096338B (en) | A kind of virtualization software guard method obscured with data flow | |
| US10592263B2 (en) | Emulating mixed-code programs using a virtual machine instance | |
| CN108932406B (en) | Virtualization software protection method and device | |
| CN102831342B (en) | A kind of method improving application program protection intensity in Android system | |
| EP2962193B1 (en) | Compiler based obfuscation | |
| US8468600B1 (en) | Handling instruction received from a sandboxed thread of execution | |
| US8090959B2 (en) | Method and apparatus for protecting .net programs | |
| WO2016078130A1 (en) | Dynamic loading method for preventing reverse of apk file | |
| CN103761475A (en) | Method and device for detecting malicious code in intelligent terminal | |
| CN111240654B (en) | Python code reinforcement protection method and system | |
| CN103761476A (en) | Characteristic extraction method and device | |
| CN107577925B (en) | Based on the virtual Android application program guard method of dual ARM instruction | |
| CN114462044B (en) | UEFI firmware vulnerability static detection method and device based on stain analysis | |
| CN112052433B (en) | Virtual protection method, terminal and storage medium for Jar file | |
| CN106557350B (en) | JAVA byte code conversion method, device and equipment in application program installation package | |
| US20190102279A1 (en) | Generating an instrumented software package and executing an instance thereof | |
| CN111381816A (en) | Application program acquisition method, device, equipment and storage medium | |
| KR101436741B1 (en) | The method and system for applying security solution program | |
| Guo et al. | A survey of obfuscation and deobfuscation techniques in android code protection | |
| CN104751026A (en) | Software protection method and software application method of android system, and related devices | |
| CN114756833A (en) | Code obfuscation method, apparatus, device, medium, and program product |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee | ||
| CP03 | Change of name, title or address |
Address after: 100193 Beijing, Haidian District, East West Road, No. 10, East Hospital, building No. 5, floor 5, layer 510 Patentee after: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. Address before: 100872 room 1706, building 59, Zhongguancun street, Haidian District, Beijing Patentee before: BEIJING SHENSI SHUDUN TECHNOLOGY Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee after: Beijing Shendun Technology Co.,Ltd. Address before: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee before: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder |