CN108932407B - Program safety protection method and device - Google Patents
Program safety protection method and device Download PDFInfo
- Publication number
- CN108932407B CN108932407B CN201810493964.2A CN201810493964A CN108932407B CN 108932407 B CN108932407 B CN 108932407B CN 201810493964 A CN201810493964 A CN 201810493964A CN 108932407 B CN108932407 B CN 108932407B
- Authority
- CN
- China
- Prior art keywords
- function
- called
- index
- column
- row
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 63
- 230000006870 function Effects 0.000 claims abstract description 728
- 238000012545 processing Methods 0.000 claims description 31
- 238000004590 computer program Methods 0.000 claims description 16
- 230000008569 process Effects 0.000 description 23
- 238000010586 diagram Methods 0.000 description 11
- 230000014509 gene expression Effects 0.000 description 11
- 238000012216 screening Methods 0.000 description 8
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000012546 transfer Methods 0.000 description 4
- 238000007596 consolidation process Methods 0.000 description 3
- 230000002787 reinforcement Effects 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 239000000969 carrier Substances 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003014 reinforcing effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000008685 targeting Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 230000001131 transforming effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a program safety protection method and a device, wherein the method comprises the following steps: acquiring M called functions from a source program file edited by a user; establishing a function lookup table containing M called functions, wherein M is an integer greater than 1; replacing the function call instruction of each called function in the M called functions with a table look-up operation instruction so as to obtain a new program file, wherein the table look-up operation instruction is used for obtaining the current called function from a function look-up table; an executable program file corresponding to the new program file is generated.
Description
Technical Field
The invention relates to the technical field of software development, in particular to a program safety protection method and device.
Background
The source program file written by the high-level language is compiled into an executable program file for machine execution, and the decompilation is the reverse process of the executable program file, and the readable source program file can be obtained by decompilation of the executable program file. Computer software reverse engineering (also called computer software recovery engineering) refers to work such as "reverse analysis, research" and the like on executable program files of other people's software to deduce design elements such as ideas, principles, structures, algorithms, processing procedures, operation methods and the like used by other people's software products, so that the design elements are used as references when the software is developed by the computer software or are directly used in own software products.
Therefore, a software product autonomously developed by a user is easily known by a competitor through reverse engineering and decompiling of computer software to know the idea, principle, structure, algorithm, processing process and operation method used by the software product, so that the software product is imitated and even stolen. Therefore, the security of current software products is not high.
Disclosure of Invention
The embodiment of the invention provides a program safety protection method and device, and solves the technical problem that the safety of software products is not high.
In a first aspect, an embodiment of the present invention provides a program security protection method, including:
acquiring M called functions from a source program file edited by a user;
establishing a function lookup table containing the M called functions, wherein M is an integer greater than 1;
replacing the function call instruction of each called function in the M called functions with a table look-up operation instruction so as to obtain a new program file, wherein the table look-up operation instruction is used for obtaining the current called function from the function look-up table;
and generating an executable program file corresponding to the new program file.
Optionally, the establishing a function lookup table including the M called functions includes:
establishing a function lookup table containing M columns and N rows by using a single called function corresponding to one column of the function lookup table, wherein N is an integer greater than 1;
and establishing an index of the called function in each column of the function lookup table.
Optionally, the obtaining M called functions from the source program file edited by the user includes:
and scanning the source program file to obtain each called function existing in the source program file or called functions meeting preset conditions.
Optionally, the establishing, in each column of the function lookup table, an index of a called function in which the column is located includes:
distributing a column index to each called function, wherein the column index is used for determining the column of the called function in the function lookup table;
and under the column index of each called function, establishing a row index for the called function of the current column in the function lookup table, wherein the row index is used for acquiring the called function in the current column in the function lookup table.
Optionally, the allocating a column index to each of the called functions includes:
randomly assigning each of the called functions an integer value as a column index;
encrypting the column index of each called function to obtain an encrypted column index of each called function;
and constructing a first decryption function aiming at each encrypted column index, wherein the first decryption function is used for decrypting each encrypted column index to obtain the column index corresponding to the encrypted column index.
Optionally, the establishing a row index for the called function of the current column in the function lookup table includes:
and establishing N levels of row indexes for the called function of the current column, wherein the row index of the current row is the table look-up result of the previous row, and the table look-up result corresponding to the last level of row indexes is the called function of the current column.
Optionally, the establishing N-level row indexes for the called function of the current column includes:
encrypting one or more row indexes in the N-level row indexes to obtain corresponding encrypted row indexes;
and constructing a second decryption function aiming at each encryption row index, wherein the second decryption function is used for decrypting each encryption row index to obtain a corresponding row index.
Optionally, after replacing the function call instruction of each of the M called functions with a table lookup operation instruction, the method further includes:
processing the table look-up operation instruction corresponding to the middle row of the function look-up table into recursive call of a table look-up function in the table look-up operation instruction; or
And processing the table look-up operation instruction corresponding to the middle row of the function look-up table into mutual recursive call of the table look-up functions in the plurality of table look-up operation instructions.
In a second aspect, an embodiment of the present invention provides a program security protection apparatus, including:
the function acquiring unit is used for acquiring M called functions from a source program file edited by a user;
a lookup table establishing unit, configured to establish a function lookup table including the M called functions, where M is an integer greater than 1;
the instruction replacing unit is used for replacing the function calling instruction of each called function in the M called functions with a table look-up operation instruction so as to obtain a new program file, wherein the table look-up operation instruction is used for obtaining the current called function from the function look-up table;
and the file generating unit is used for generating an executable program file corresponding to the new program file.
Optionally, the lookup table establishing unit includes:
the table building subunit is used for building a function lookup table comprising M columns and N rows by using a single called function corresponding to one column of the function lookup table, wherein N is an integer greater than 1;
and the index establishing subunit is used for establishing an index of the called function in each column of the function lookup table.
Optionally, the function obtaining unit includes:
and scanning the source program file to obtain each called function existing in the source program file or called functions meeting preset conditions.
Optionally, the indexing subunit is specifically configured to:
distributing a column index to each called function, wherein the column index is used for determining the column of the called function in the function lookup table;
and under the column index of each called function, establishing a row index for the called function of the current column in the function lookup table, wherein the row index is used for acquiring the called function in the current column in the function lookup table.
Optionally, the indexing subunit is specifically configured to:
randomly assigning each of the called functions an integer value as a column index;
encrypting the column index of each called function to obtain an encrypted column index of each called function;
and constructing a first decryption function aiming at each encrypted column index, wherein the first decryption function is used for decrypting each encrypted column index to obtain the column index corresponding to the encrypted column index.
Optionally, the indexing subunit is specifically configured to:
and establishing N levels of row indexes for the called function of the current column, wherein the row index of the current row is the table look-up result of the previous row, and the table look-up result corresponding to the last level of row indexes is the called function of the current column.
Optionally, the indexing subunit is specifically configured to:
encrypting one or more row indexes in the N-level row indexes to obtain corresponding encrypted row indexes;
and constructing a second decryption function aiming at each encryption row index, wherein the second decryption function is used for decrypting each encryption row index to obtain a corresponding row index.
Optionally, the apparatus further includes a table lookup instruction processing unit, configured to:
processing the table look-up operation instruction corresponding to the middle row of the function look-up table into recursive call of a table look-up function in the table look-up operation instruction; or
And processing the table look-up operation instruction corresponding to the middle row of the function look-up table into mutual recursive call of the table look-up functions in the plurality of table look-up operation instructions.
In a third aspect, an embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps described in any possible implementation manner of the first aspect.
In a fourth aspect, an embodiment of the present invention provides a computer device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps described in any possible implementation manner of the first aspect when executing the program.
One or more technical solutions provided in the embodiments of the present invention have at least the following technical effects or advantages:
acquiring M called functions from a source program file edited by a user; establishing a function lookup table containing M called functions, and replacing the function call instruction of each called function in the M called functions with a lookup operation instruction so as to obtain a new program file, wherein the lookup operation instruction is used for obtaining the current called function from the function lookup table; an executable program file corresponding to the new program file is generated. The direct function call instruction is changed into a table look-up operation instruction of the called function in the function look-up table, and the function call in the program can be completely hidden in the table, so that the finally generated executable program file is not the direct function call any more, but the called function can be obtained only by looking up the table, and the function call by looking up the table is realized. The mode of calling the function by looking up the table makes it difficult for a reverse engineer to find out the real calling function from the program obtained by decompiling the executable program file, thereby improving the reverse difficulty and further improving the safety of the software product.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
FIG. 1 is a flowchart of a method for protecting program security according to an embodiment of the present invention;
FIG. 2 is a block diagram of a program protection device according to an embodiment of the present invention;
fig. 3 is a block diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The embodiment of the invention provides a program safety protection method and a device, solves the technical problem of low safety of software products, and has the following general idea:
acquiring M called functions from a source program file edited by a user; establishing a function lookup table containing M called functions, and replacing the function call instruction of each called function in the M called functions with a lookup operation instruction so as to obtain a new program file, wherein the lookup operation instruction is used for obtaining the current called function from the function lookup table; an executable program file corresponding to the new program file is generated.
Through the technical scheme, the direct function call instruction is changed into the table look-up operation instruction of the called function in the function look-up table, and the function call in the program can be completely hidden in the table, so that the finally generated executable program file is not the direct function call any more, but the called function can be obtained only by looking up the table, and the table look-up call function is realized. The mode of calling the function by looking up the table makes it difficult for a reverse engineer to find out the real calling function from the program obtained by decompiling the executable program file, thereby improving the reverse difficulty and further improving the safety of the software product.
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the invention are shown in the drawings, it should be understood that the invention can be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. It should be noted that, unless otherwise specified, the various embodiments provided by the embodiments of the present invention may be combined with each other.
And generating an executable program file by the source program file edited by the user through a compiling step and a linking step. It should be noted that, steps S101 to S104 provided in the embodiment of the present invention are just applied to the compiling step performed on the source program file, and therefore, in the compiling step performed on the source program file, except for the steps provided in the present invention, other processing details that need to be performed may refer to the prior art, and are not described herein for brevity of the specification.
Referring to fig. 1, a method for protecting program security according to an embodiment of the present invention includes the following steps:
step S101: and acquiring M called functions from the source program file edited by the user.
Specifically, M called functions in the source program file are obtained by scanning the source program file. The obtaining of the M called functions in the source program file may be: and acquiring each called function existing in the source program file or called functions meeting preset conditions.
The called function meeting the preset condition may be a called function defined by a user in the source program file, or a called function belonging to a library function in the source program file, or a called function belonging to a preset list.
Step S102, establishing a function lookup table containing the M called functions, wherein M is an integer larger than 1.
In a specific implementation process, a source program edited by a user may be imported into a program reinforcement tool, and a function lookup table may be established by the program reinforcement tool.
The function lookup table is specifically a function lookup table with M columns by N rows, and N is an integer greater than 1.
It should be noted that the number of columns of the function lookup table is determined according to the number of the called functions obtained from the source program file, and the number of rows of the function lookup table is at least two, because when the height of the number of rows of the function lookup table exceeds 1, it is more difficult to analyze the target function of each real call.
In a specific implementation process, the implementation process of step S102 is: establishing a function lookup table containing M columns and N rows by using a single called function corresponding to one column of the function lookup table, wherein N is an integer greater than 1; and establishing an index of the called function in each column of the function lookup table.
Specifically, each called function is stored in a column of the function lookup table, so that each column of the function lookup table is used for: a calling function performs a called function lookup for a called function. For example, 2 called functions are obtained from the source program file, and the established function lookup table has 2 columns, for example, a main () function calls a for () function and a bar () function in sequence, and the function lookup table has two columns, one column for the call of the for () function and the other column for the call of the bar () function.
In the specific implementation process, establishing an index to the called function where the column is located may have various implementation manners:
can be as follows: and directly randomly distributing an index value for each called function to form a one-to-one direct index relation between the called function and the index value, and directly finding the called function based on the index value. The index value may be an int value, for example, the index value is a random number 1, corresponding to the called function a; the index value is a random number 2, corresponding to the called function B. However, the difficulty of reversing the method is low, and in order to improve the reversing difficulty, the method can be realized based on the following procedures:
step 1: and allocating a column index to each called function, wherein the column index is used for determining the column of the called function in the function lookup table.
Specifically, in step 1, each called function is randomly assigned an integer value int as a column index. Encrypting the column index of each called function to obtain an encrypted column index of each called function; and constructing a first decryption function aiming at each encrypted column index, wherein the first decryption function is used for decrypting each encrypted column index to obtain an integer value which is corresponding to the encrypted column index and is used as the column index.
Specifically, the column index may be encrypted based on any hash encryption algorithm, and the first decryption function is implemented based on a corresponding hash decryption algorithm.
After step 1, step 2 is then performed: and under the column index of each called function, establishing a row index for the called function of the current column in the function lookup table, wherein the row index is used for acquiring the called function in the current column in the function lookup table.
In step 2, a row index is established for the called function of the current column in the function lookup table, which may specifically be: and establishing N levels of row indexes for the called function of the current column, wherein the row index of the current row is the table look-up result of the previous row, and the table look-up result corresponding to the last level of row indexes is the called function of the current column. The number of levels of the row index is the same as the number of rows of the function lookup table.
It should be noted that, the table lookup result corresponding to the column index is a first-level row index, the table lookup result corresponding to the first-level row index is a second-level row index, the table lookup is performed based on the second-level row index to obtain the row index of the next row, and the steps are sequentially performed until the table lookup result of the last row is obtained, that is: and obtaining the called function hidden in the last row.
In a specific implementation process, in order to improve the reverse difficulty, one or more row indexes in the N-level row indexes are encrypted to obtain corresponding encrypted row indexes; and constructing a second decryption function aiming at each encryption row index, wherein the second decryption function is used for decrypting each encryption row index to obtain a corresponding row index.
Through the steps 1-2, the corresponding column of the function to be called in the function lookup table and the row index of the next row can be searched through the table lookup operation of the table lookup function table () each time until the last row of the current column of the function lookup table is searched, and the true function to be called is just hidden in the last row of the function lookup table.
Specifically, the line index may be encrypted based on any hash encryption algorithm, and the second decryption function is implemented based on a corresponding hash decryption algorithm.
By encrypting and decrypting the row index, the row index of the next row cannot be directly obtained based on the column index, but the row index of the next row can be obtained based on a corresponding hash decryption algorithm, and then the row index of the last row can be obtained, and then the called function can be obtained, so that the table lookup and the function calling are realized.
After step S102, step S103 is then performed: and replacing the function call instruction of each called function in the M called functions with a table look-up operation instruction to obtain a new program file, wherein the table look-up operation instruction is used for obtaining the current called function from the function look-up table.
Note that the table lookup operation instruction is an instruction using a table lookup function table (). Specifically, the table lookup function table () used in the table lookup operation instruction is not directly called by each function corresponding to the index value because the index encryption/decryption processing is performed at least once in step S102, so that the reverse difficulty of the table lookup function itself is increased.
In order to further increase the difficulty of reverse direction, besides the first row and the last row of the function lookup table, the table lookup operation instruction of the middle row is processed as a recursive call of the table lookup function itself or a mutual recursive call among a plurality of table lookup functions. The implementation process is that the table look-up operation instruction corresponding to the middle row of the function look-up table is processed as the recursive call of the table look-up function in the table look-up operation instruction; or processing the table look-up operation instruction corresponding to the middle row of the function look-up table into mutual recursive call of the table look-up functions in the plurality of table look-up operation instructions.
In the following, taking the source program file including the following function calls as an example: main () { foo (); bar (); explaining the implementation process of steps S101 to S103, the established function lookup table includes two columns, one column is an index to the foo () function, and the other column is an index to the bar () function.
And distributing a random int value for the foo () function and encrypting the random int value to obtain an encrypted column index as encode _ range _1, distributing a random int value for the foo () function and encrypting the random int value to obtain an encrypted column index as encode _ range _ 2. When the foo () function needs to be called, the first column of the function lookup table where the foo () function is located can be indexed based on the column index encode _ range _1, and when the bar () function needs to be called, the second column of the function lookup table where the bar () function is located can be indexed based on the column index encode _ range _ 2. And establishing the row index of the foo () function and the bar () function.
The original function call instruction { foo (); bar (); replacing a lookup operation instruction for lookup in a function lookup table, specifically: { table (encode _ rand _ 1); table (encode _ rand _ 2); }
Processing the table look-up operation instruction corresponding to the middle row of the function look-up table into recursive call of a table look-up function in the table look-up operation instruction; or processing the table look-up operation instruction corresponding to the middle row of the function look-up table into mutual recursive call of the table look-up functions in the plurality of table look-up operation instructions.
Based on the above implementation process, a new procedure is finally obtained as follows:
the function lookup table is built as follows:
| index_1_1—>encoded_index_2_1 | index_1_2—>encoded_index_2_2 |
| index_2_1—>foo() | index_2_2—>bar() |
after step S103, step S104 is executed to generate an executable program file corresponding to the new program file.
Specifically, an executable program file corresponding to the new program is generated through the linking step.
It should be noted that the technical solution provided in the embodiment of the present invention may be applied to a scenario where a white box consolidation tool consolidates a program, where the white box consolidation tool is a tool for testing and consolidating the program, and the white box consolidation tool is specifically performed in a process of processing a source program edited by a user into an executable program file, where the executable program file is a Binary file (Binary). The black box is a program testing and reinforcing process performed during the process of processing the formed executable program file into the executable program file.
It should be further noted that the above technical solutions provided by the embodiments of the present invention can be applied to the generation of software products (executable program files) under various platforms: an ELF file based on an android operating system, an application program based on an apple mobile phone operating system, an application program based on an apple computer operating system, software and a loaded Library file based on a Linux system, an executable program based on a Windows operating system and a DLL (Dynamic Link Library) file. It should be noted that the above technical solution provided by the embodiment of the present invention may be based on the following execution set types: x86, X86_64, ARM 64.
Further, in order to further increase the reverse difficulty and thus increase the program security, the embodiment of the present invention, on the premise of the foregoing implementation process, before obtaining a new program, includes the following steps:
first, step a1 is performed: determining N target functions from a source program file edited by a user, wherein the source program file at least consists of the N functions, and N is an integer larger than 1.
It should be noted that the source program file edited by the user specifically refers to an uncompiled code of the most original program written by the user according to a certain programming language specification, and the source program file is a readable text file. Often written in high level languages such as: c language, C + + language, Java language, etc., the source program files may be in the form of books or tapes or other carriers, but the most common format is text files. Moreover, the function in the source program file is a self-contained series of instructions that perform certain related functions.
Specifically, the source program file edited by the user is composed of a plurality of functions, which may include functions in a function library and also may include functions customized by the user. The source program file includes a main function and respective sub-functions, each having a respective function name.
Specifically, step a1 specifically includes: and scanning the source program file edited by the user to obtain all functions existing in the source program, and determining all functions in the source program file as target functions by scanning all functions in the source program file.
The step a1 specifically includes: and determining all functions in the source program file, screening one or more functions from all functions in the source program file, and determining the functions as the target functions. In the specific implementation process, there may be a plurality of screening rules, which are exemplified as follows:
screening rule one: a function list is established in advance, and function names which can be determined as target functions are written in the function list. The step a1 specifically includes: scanning a source program file to obtain function names of all functions existing in a source process, judging whether the function name of each function existing in the source process is in a function list, if so, determining the function as a target function, otherwise, determining the function as not the target function.
Specifically, the function list is the function names of some functions which complete specific functions, so that function call confusion can be performed more specifically.
And a second screening rule: and randomly screening a plurality of functions from all functions of the source program file, and determining the functions as target functions respectively.
And (3) screening rule three: and determining all functions in the source program file, screening out functions with function calls from all functions in the source program file, and determining the functions as target functions.
After step A1, step A2 is then performed: an unreachable branch is created within each objective function of the N objective functions.
It should be noted that the unreachable branch is a path that cannot be executed by an input, and therefore, the program that is unreachable is not executed. The reachable branch is a path that can be executed under a certain input, relative to the unreachable branch which is a reachable branch, so that the program in the reachable branch is executed under a certain input when the program is actually executed.
Specifically, an unreachable branch is created in each of the N objective functions, and the implementation is as follows:
creating a conditional call statement within each of the target functions, wherein the conditional call statement within each of the target functions includes a reachable branch and the unreachable branch; and writing the real function call of the target function in the reachable branch of the conditional call statement of each target function.
In a specific implementation, there may be one or more real function calls in each target function. It should be noted that, the actual function call of the target function refers to: the function call of the target function, which already exists before the source program file is not subjected to program reinforcement, is: which function or functions the target function calls. Specifically, if there is a real function call in the target function, a conditional call statement is created at the target function call instruction, and the function call instruction for implementing the real function call of the target function is moved to the reachable branch of the conditional call statement.
In a specific implementation process, creating a conditional call statement in each target function may be: and transforming a function call instruction for realizing the real function call of the target function to obtain a conditional call statement aiming at the target function.
Thus, if there are multiple consecutive real function calls within the target function, a conditional call statement may be created within the target function, writing the multiple consecutive real function calls in the reachable branch of the conditional call statement within the target function. It is also possible to create a plurality of conditional call statements in each of which a real function call is written one-to-one.
Specifically, the conditional call statement in each target function may be: based on the mathematical expression setting with the unique result, when the unique result of the mathematical expression is obtained, executing the instruction in the reachable branch of the conditional call statement, namely executing: function call instructions for a true function call that implements the target function, while instructions in the unreachable branch of the conditional call statement are not executed to when actually executed. Thus, a conditional call statement is formed having a reachable branch and an unreachable branch.
Specifically, in different objective functions of the N objective functions, the mathematical expressions used to have unique results may be the same, or there may be multiple mathematical expressions, one of which is randomly determined when targeting the current objective function.
In the specific implementation process, the used mathematical expression is a more complex mathematical expression, so that the reverse difficulty is improved.
In a specific embodiment, the conditional call statement may be an if statement, specifically: if (a mathematical expression with a unique result) { chunk A } else { chunk B }. Specifically, the mathematical expression is a boolean variable with a unique result, the reachable branch of the if statement is an execution block a, the unreachable branch is an execution block B, and the block a is a function call instruction for a real function call of the target function. When a unique result is obtained, the instructions in the reachable branches of the conditional call statement are executed. The program block B is a function call relation that does not exist in the source program file, and is used for obfuscating a real function call relation of the target function, for the added call of the target function to other functions.
In the specific implementation process, a conditional call statement may be created for each real function call of the target function, or one conditional call statement may be created for a plurality of consecutive real function calls of the target function.
The real function calling relation of the function A existing in the source program file is as follows: function a → call function B1, call function B2, to illustrate:
the following may be used:
int A()
{ if (mathematical expression with unique result) { call to function B1 } else { call to other function };
if (mathematical expression with unique result) { call to function B2 } else { call to other function };
the following may also be used: int a () { if (mathematical expression with unique result) { call to function B1, call to function B2 } else { call to other function };
of course, in the specific implementation process, the conditional call statement may also be in other forms, and if the programming language of the source program file is different, the used conditional call statement may also be different.
After step A2, step A3 is then performed: and adding the call of the target function to other functions in the unreachable branch of each target function to obtain a new program, wherein the other functions belong to the source program file.
It should be noted that the other functions are for the target function, specifically, the other functions are functions different from the functions called in the reachable branch of the conditional call statement of the target function, and the other functions for the target function may include the target function, that is, call the target function itself.
For example, the source program file includes a function a, a function a calling a function B and a function C, the function B calls a function D, the function D calls a function E, and there is a real function call in the reachable branch of the conditional call statement of the target function a: function B and function C are called, moving the call to function B, C into the reachable branch of the conditional call statement for the target function a. In the unreachable branch of the conditional call statement of the target function a, calls to one or more of functions D, E may be added.
Specifically, in step a3, adding the target function to call other functions in the unreachable branch of each target function may be implemented in various ways, which are described below:
the first implementation mode comprises the following steps:
respectively executing the following steps for each objective function: and adding random calls of the target function to other functions in the unreachable branch of the conditional call statement of the target function.
Specifically, random calls of the target function to functions different from the called functions in the reachable branch are added to the reachable branch of the conditional call statement of the target function.
For example, the source program file includes function 1, function 1 calls functions 2, 3, and 4, function 3 calls functions 2 and 5, and function 4 calls functions 6 and 7.
A target function 1 (i.e., in function 1) creates a conditional call statement 1, in the reachable branch of which call statement 1 function 1 calls functions 2, 3, 4 are written, in the unreachable branch of which call statement 1 random calls of function 1 to functions 1, 5, 6, 7 are added, in a target function 3 (i.e., in function 3) creates a conditional call statement 2, in the reachable branch of which call statement 2 function 3 calls functions 2, 5 are written, and in the unreachable branch of which call statement 2 random calls of function 3 to functions 1, 3, 4, 6, 7 are added. A conditional call statement 3 is created in a target function 4 (i.e. in function 1), in the reachable branch of which conditional call statement 3 functions 4 are written to call functions 6, 7, and in the unreachable branch of which conditional call statement 3 random calls of functions 1, 2, 3, 4, 5 by function 4 are written.
More specifically, the random call is a call in which one or more functions are randomly selected from among functions different from the function called in the reachable branch of the conditional call statement of the target function, and then the call to the randomly selected one or more functions is written in the unreachable branch.
By means of the first embodiment, the unexecutable function call relation which confuses the real function call logic in the target function can be written in each target function.
Since there may be many functions contained in the source program file edited by the user, in this case, the implementation method may greatly increase the code amount for generating the executable program file, and increase the size of the software product, for which, the following second implementation method is given:
for each of the objective functions, performing the steps of: scanning the source program file and determining the number of functions in the source program file; judging whether the number of functions in the source program file is larger than a preset value or not; if yes, adding random calling of the target function to other functions in an unreachable branch of a conditional calling statement of the target function; otherwise, adding one-to-one calling of the target function to other functions in an unreachable branch of the conditional calling statement of the target function.
Through the second embodiment, the code amount and the reverse difficulty of the executable program file which is generated finally can be considered at the same time.
In the first and second embodiments, the random call of the target function to other functions may be implemented as follows:
determining more than one candidate called function from all functions of the source program file; adding, in an unreachable branch of a conditional call statement of the target function, a one-to-one call of the target function to the more than one candidate callee function.
Further, the candidate called function is different from the function called in the reachable branch of the conditional call statement of the target function.
It should be noted that the candidate called function for the target function is only different from the function called in the reachable branch of the conditional call statement of the target function, but may be the same as the function called in other functions (including other target functions in the N target functions).
There are various ways to determine more than one candidate called function from all the functions of the source program file, which are described below:
in the first mode, a function different from the function called in the reachable branch of the conditional call statement of the target function is randomly selected from all functions of the source program file and determined as the candidate called function.
The second method comprises the following steps: and screening out functions meeting preset function conditions from all functions of the source program file, and determining the functions as the candidate called functions. For example, a user-defined function may be screened from all functions of the source program file as a candidate called function, so that the candidate called function may not be a library function, thereby increasing the difficulty of interpretation by a reverse engineer.
In a specific implementation process, in order to add a one-to-one call of the target function to the more than one candidate called functions in the unreachable branch of the conditional call statement of the target function.
Adding the target function to call the candidate called function, wherein the specific implementation mode is as follows:
firstly, scanning a source program file edited by a user, acquiring function names of all functions in the source program file, and recording the function names of all functions in the source program file; adding a function call instruction in an unreachable branch of a conditional call statement of the target function; acquiring function names of the candidate called functions from function names of all functions in the source program file; and writing the function name of the candidate called function in the function calling instruction.
Further, the candidate called function may be a parameter function or a parameter-free function, and if the candidate called function is a parameter function, after writing a function name of the candidate called function in the function call instruction, the method further includes the following steps: generating random transfer parameters for the candidate called functions; and writing the random transfer parameter into the function call instruction.
For example, writing the random transfer parameter after the function call instruction may be represented as follows:
int _ stdcall function (random delivery parameter x, random delivery parameter y).
Because instructions in the unreachable branch are not executed, the transfer parameters written in the unreachable branch for the candidate called function can be randomly generated without affecting the function of the program itself.
Based on the same inventive concept, an embodiment of the present invention provides a program security protection apparatus, which is shown in fig. 2 and includes:
a function obtaining unit 201, configured to obtain M called functions from a source program file edited by a user;
a lookup table establishing unit 202, configured to establish a function lookup table including the M called functions, where M is an integer greater than 1;
an instruction replacing unit 203, configured to replace the function call instruction of each of the M called functions with a table lookup operation instruction, so as to obtain a new program file, where the table lookup operation instruction is used to obtain a current called function from the function lookup table;
a file generating unit 204, configured to generate an executable program file corresponding to the new program file.
In a specific embodiment, the lookup table creating unit 202 includes:
the table building subunit is used for building a function lookup table comprising M columns and N rows by using a single called function corresponding to one column of the function lookup table, wherein N is an integer greater than 1;
and the index establishing subunit is used for establishing an index of the called function in each column of the function lookup table.
In a specific embodiment, the function obtaining unit 201 includes:
and scanning the source program file to obtain each called function existing in the source program file or called functions meeting preset conditions.
In a specific embodiment, the indexing subunit is specifically configured to:
distributing a column index to each called function, wherein the column index is used for determining the column of the called function in the function lookup table;
and under the column index of each called function, establishing a row index for the called function of the current column in the function lookup table, wherein the row index is used for acquiring the called function in the current column in the function lookup table.
In a specific embodiment, the indexing subunit is specifically configured to:
randomly assigning each of the called functions an integer value as a column index;
encrypting the column index of each called function to obtain an encrypted column index of each called function;
and constructing a first decryption function aiming at each encrypted column index, wherein the first decryption function is used for decrypting each encrypted column index to obtain the column index corresponding to the encrypted column index.
In a specific embodiment, the indexing subunit is specifically configured to:
and establishing N levels of row indexes for the called function of the current column, wherein the row index of the current row is the table look-up result of the previous row, and the table look-up result corresponding to the last level of row indexes is the called function of the current column.
In a specific embodiment, the indexing subunit is specifically configured to:
encrypting one or more row indexes in the N-level row indexes to obtain corresponding encrypted row indexes;
and constructing a second decryption function aiming at each encryption row index, wherein the second decryption function is used for decrypting each encryption row index to obtain a corresponding row index.
In a specific embodiment, the apparatus further includes a table lookup instruction processing unit, configured to:
processing the table look-up operation instruction corresponding to the middle row of the function look-up table into recursive call of a table look-up function in the table look-up operation instruction; or
And processing the table look-up operation instruction corresponding to the middle row of the function look-up table into mutual recursive call of the table look-up functions in the plurality of table look-up operation instructions.
Based on the same inventive concept, as an implementation of the above method, an embodiment of the present invention provides a computer device 30, fig. 3 is a schematic structural diagram of the computer device 30 in the embodiment of the present invention, and referring to fig. 3, the computer device 30 includes: a memory 301, a processor 302 and a computer program 303 stored on the memory 301 and executable on the processor 302, the processor implementing the steps as described in any of the embodiments of the program protection method described above when executing the program 303.
Based on the same inventive concept, the embodiment of the present invention provides a computer storage medium, on which a computer program is stored, and the above-mentioned instructions can be executed by the processor 302 of the computer device 30 shown in fig. 3 to implement the above-mentioned method. The computer storage medium is specifically a non-transitory computer readable storage medium, and specifically may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
The technical scheme in the embodiment of the invention at least has the following technical effects or advantages:
acquiring M called functions from a source program file edited by a user; establishing a function lookup table containing M called functions, and replacing the function call instruction of each called function in the M called functions with a lookup operation instruction so as to obtain a new program file, wherein the lookup operation instruction is used for obtaining the current called function from the function lookup table; an executable program file corresponding to the new program file is generated. The direct function call instruction is changed into a table look-up operation instruction of the called function, the function call relation in the program can be completely hidden in the table, and a reverse engineer can hardly find out the real function call according to the decompiled program, so that the difficulty of reversing each real call function is improved, and the safety of a software product is further improved.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
The invention discloses an A1 program safety protection method, which comprises the following steps:
acquiring M called functions from a source program file edited by a user;
establishing a function lookup table containing the M called functions, wherein M is an integer greater than 1;
replacing the function call instruction of each called function in the M called functions with a table look-up operation instruction so as to obtain a new program file, wherein the table look-up operation instruction is used for obtaining the current called function from the function look-up table;
and generating an executable program file corresponding to the new program file.
A2, the program safety protection method recited in A1, said creating a function lookup table containing the M called functions, comprising:
establishing a function lookup table containing M columns and N rows by using a single called function corresponding to one column of the function lookup table, wherein N is an integer greater than 1;
and establishing an index of the called function in each column of the function lookup table.
A3, the program security protection method of A2, wherein the obtaining M called functions from a source program file edited by a user, comprises:
and scanning the source program file to obtain each called function existing in the source program file or called functions meeting preset conditions.
A4, the method for protecting program security as described in a2 or A3, wherein, in each column of the function lookup table, establishing an index to a called function in which the column is located includes:
distributing a column index to each called function, wherein the column index is used for determining the column of the called function in the function lookup table;
and under the column index of each called function, establishing a row index for the called function of the current column in the function lookup table, wherein the row index is used for acquiring the called function in the current column in the function lookup table.
A5, the program safety protection method as in A4, wherein said assigning a column index to each said called function, comprises:
randomly assigning each of the called functions an integer value as a column index;
encrypting the column index of each called function to obtain an encrypted column index of each called function;
and constructing a first decryption function aiming at each encrypted column index, wherein the first decryption function is used for decrypting each encrypted column index to obtain the column index corresponding to the encrypted column index.
A6, the program security protection method of A4, the establishing a row index for a called function of a current column in the function lookup table, comprising:
and establishing N levels of row indexes for the called function of the current column, wherein the row index of the current row is the table look-up result of the previous row, and the table look-up result corresponding to the last level of row indexes is the called function of the current column.
A7, the program safety protection method according to A6, wherein the establishing N-level row indexes for the called functions of the current column includes:
encrypting one or more row indexes in the N-level row indexes to obtain corresponding encrypted row indexes;
and constructing a second decryption function aiming at each encryption row index, wherein the second decryption function is used for decrypting each encryption row index to obtain a corresponding row index.
A8, wherein the method for protecting program security as recited in a2 or A3, after the replacing the function call instruction of each of the M called functions with a table lookup operation instruction, further comprises:
processing the table look-up operation instruction corresponding to the middle row of the function look-up table into recursive call of a table look-up function in the table look-up operation instruction; or
And processing the table look-up operation instruction corresponding to the middle row of the function look-up table into mutual recursive call of the table look-up functions in the plurality of table look-up operation instructions.
The invention also discloses a B9, a program safety protection device, comprising:
the function acquiring unit is used for acquiring M called functions from a source program file edited by a user;
a lookup table establishing unit, configured to establish a function lookup table including the M called functions, where M is an integer greater than 1;
the instruction replacing unit is used for replacing the function calling instruction of each called function in the M called functions with a table look-up operation instruction so as to obtain a new program file, wherein the table look-up operation instruction is used for obtaining the current called function from the function look-up table;
and the file generating unit is used for generating an executable program file corresponding to the new program file.
B10, the program safety protection device as described in B9, the lookup table creating unit comprising:
the table building subunit is used for building a function lookup table comprising M columns and N rows by using a single called function corresponding to one column of the function lookup table, wherein N is an integer greater than 1;
and the index establishing subunit is used for establishing an index of the called function in each column of the function lookup table.
B11, the program safety protection device as claimed in a10, the function obtaining unit, comprising:
and scanning the source program file to obtain each called function existing in the source program file or called functions meeting preset conditions.
B12, the program safety protection device as described in B10 or B11, wherein the indexing subunit is specifically configured to:
distributing a column index to each called function, wherein the column index is used for determining the column of the called function in the function lookup table;
and under the column index of each called function, establishing a row index for the called function of the current column in the function lookup table, wherein the row index is used for acquiring the called function in the current column in the function lookup table.
B13, the program safety protection device of B12, wherein the indexing subunit is specifically configured to:
randomly assigning each of the called functions an integer value as a column index;
encrypting the column index of each called function to obtain an encrypted column index of each called function;
and constructing a first decryption function aiming at each encrypted column index, wherein the first decryption function is used for decrypting each encrypted column index to obtain the column index corresponding to the encrypted column index.
B14, as in the program safety protection device of B12, the index creating subunit is specifically configured to:
and establishing N levels of row indexes for the called function of the current column, wherein the row index of the current row is the table look-up result of the previous row, and the table look-up result corresponding to the last level of row indexes is the called function of the current column.
B15, as in the program safety protection apparatus of B14, the index creating subunit is specifically configured to:
encrypting one or more row indexes in the N-level row indexes to obtain corresponding encrypted row indexes;
and constructing a second decryption function aiming at each encryption row index, wherein the second decryption function is used for decrypting each encryption row index to obtain a corresponding row index.
B16, the device for protecting program safety as described in B10 or B11, further comprising a table lookup command processing unit for:
processing the table look-up operation instruction corresponding to the middle row of the function look-up table into recursive call of a table look-up function in the table look-up operation instruction; or
And processing the table look-up operation instruction corresponding to the middle row of the function look-up table into mutual recursive call of the table look-up functions in the plurality of table look-up operation instructions.
The invention also discloses C17, a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of any of a1-a 8.
The invention also discloses D18, a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of any one of A1-A8 when executing the program.
Claims (12)
1. A method for program security protection, comprising:
acquiring M called functions from a source program file edited by a user;
establishing a function lookup table containing the M called functions, wherein M is an integer greater than 1;
replacing the function call instruction of each called function in the M called functions with a table look-up operation instruction so as to obtain a new program file, wherein the table look-up operation instruction is used for obtaining the current called function from the function look-up table;
generating an executable program file corresponding to the new program file;
the establishing a function lookup table containing the M called functions includes:
establishing a function lookup table containing M columns and N rows by using a single called function corresponding to one column of the function lookup table, wherein N is an integer greater than 1;
establishing an index of a called function where the column is located in each column of the function lookup table;
the establishing, at each column of the function lookup table, an index to the called function in which the column is located includes:
distributing a column index to each called function, wherein the column index is used for determining the column of the called function in the function lookup table;
under the column index of each called function, establishing a row index for the called function of the current column in the function lookup table, wherein the row index is used for acquiring the called function from the current column in the function lookup table;
the establishing a row index for the called function of the current column in the function lookup table includes:
and establishing N levels of row indexes for the called function of the current column, wherein the row index of the current row is the table look-up result of the previous row, and the table look-up result corresponding to the last level of row indexes is the called function of the current column.
2. The program security protection method of claim 1, wherein the obtaining M called functions from a source program file edited by a user comprises:
and scanning the source program file to obtain each called function existing in the source program file or called functions meeting preset conditions.
3. The program security protection method of claim 1, wherein said assigning a column index to each of said called functions comprises:
randomly assigning each of the called functions an integer value as a column index;
encrypting the column index of each called function to obtain an encrypted column index of each called function;
and constructing a first decryption function aiming at each encrypted column index, wherein the first decryption function is used for decrypting each encrypted column index to obtain the column index corresponding to the encrypted column index.
4. The program security protection method of claim 1, wherein the establishing an N-level row index for the called function of the current column comprises:
encrypting one or more row indexes in the N-level row indexes to obtain corresponding encrypted row indexes;
and constructing a second decryption function aiming at each encryption row index, wherein the second decryption function is used for decrypting each encryption row index to obtain a corresponding row index.
5. The program security protection method of claim 1 or 2, wherein after replacing the function call instruction of each of the M called functions with a table lookup operation instruction, further comprising:
processing the table look-up operation instruction corresponding to the middle row of the function look-up table into recursive call of a table look-up function in the table look-up operation instruction; or
And processing the table look-up operation instruction corresponding to the middle row of the function look-up table into mutual recursive call of the table look-up functions in the plurality of table look-up operation instructions.
6. A program safety protection device, comprising:
the function acquiring unit is used for acquiring M called functions from a source program file edited by a user;
a lookup table establishing unit, configured to establish a function lookup table including the M called functions, where M is an integer greater than 1;
the instruction replacing unit is used for replacing the function calling instruction of each called function in the M called functions with a table look-up operation instruction so as to obtain a new program file, wherein the table look-up operation instruction is used for obtaining the current called function from the function look-up table;
a file generating unit for generating an executable program file corresponding to the new program file;
the lookup table establishing unit includes:
the table building subunit is used for building a function lookup table comprising M columns and N rows by using a single called function corresponding to one column of the function lookup table, wherein N is an integer greater than 1;
the index establishing subunit is used for establishing an index of the called function in each column of the function lookup table;
the indexing subunit is specifically configured to:
distributing a column index to each called function, wherein the column index is used for determining the column of the called function in the function lookup table;
under the column index of each called function, establishing a row index for the called function of the current column in the function lookup table, wherein the row index is used for acquiring the called function from the current column in the function lookup table;
the indexing subunit is specifically configured to:
and establishing N levels of row indexes for the called function of the current column, wherein the row index of the current row is the table look-up result of the previous row, and the table look-up result corresponding to the last level of row indexes is the called function of the current column.
7. The program security protection apparatus of claim 6, wherein the function obtaining unit includes:
and scanning the source program file to obtain each called function existing in the source program file or called functions meeting preset conditions.
8. The program safety protection device of claim 6, wherein the indexing subunit is specifically configured to:
randomly assigning each of the called functions an integer value as a column index;
encrypting the column index of each called function to obtain an encrypted column index of each called function;
and constructing a first decryption function aiming at each encrypted column index, wherein the first decryption function is used for decrypting each encrypted column index to obtain the column index corresponding to the encrypted column index.
9. The program safety protection device of claim 6, wherein the indexing subunit is specifically configured to:
encrypting one or more row indexes in the N-level row indexes to obtain corresponding encrypted row indexes;
and constructing a second decryption function aiming at each encryption row index, wherein the second decryption function is used for decrypting each encryption row index to obtain a corresponding row index.
10. The program security protection device of claim 6 or 7, further comprising a table lookup instruction processing unit for:
processing the table look-up operation instruction corresponding to the middle row of the function look-up table into recursive call of a table look-up function in the table look-up operation instruction; or
And processing the table look-up operation instruction corresponding to the middle row of the function look-up table into mutual recursive call of the table look-up functions in the plurality of table look-up operation instructions.
11. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, carries out the steps of any of claims 1-5.
12. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the steps of any of claims 1-5 are implemented when the program is executed by the processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810493964.2A CN108932407B (en) | 2018-05-22 | 2018-05-22 | Program safety protection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810493964.2A CN108932407B (en) | 2018-05-22 | 2018-05-22 | Program safety protection method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108932407A CN108932407A (en) | 2018-12-04 |
| CN108932407B true CN108932407B (en) | 2022-01-25 |
Family
ID=64449188
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810493964.2A Active CN108932407B (en) | 2018-05-22 | 2018-05-22 | Program safety protection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108932407B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109918872B (en) * | 2019-01-28 | 2021-06-29 | 中国科学院数据与通信保护研究教育中心 | Android application reinforcing method |
| CN110717150A (en) * | 2019-10-08 | 2020-01-21 | 北京顶象技术有限公司 | Code protection method, device, protection equipment and readable storage medium |
| CN113791838B (en) * | 2021-08-20 | 2024-04-23 | 深圳市元征科技股份有限公司 | Program file calling method, device and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103186730A (en) * | 2013-03-26 | 2013-07-03 | 北京深思数盾科技有限公司 | Method and device for protecting.NET software security |
| CN103246848A (en) * | 2013-03-26 | 2013-08-14 | 北京深思数盾科技有限公司 | Software security protection method and equipment |
| CN106934298A (en) * | 2017-03-06 | 2017-07-07 | 戴林 | A kind of Universal Database transparent encryption system |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1230744C (en) * | 2002-08-16 | 2005-12-07 | 华为技术有限公司 | realization of isertion type system soft ware patch and control method |
| CN103309683B (en) * | 2012-03-07 | 2016-08-03 | 京信通信***(中国)有限公司 | The software patch embedding grammar of hardware device and device |
| CN103559450B (en) * | 2013-10-11 | 2016-01-13 | 南京邮电大学 | A kind of electronic tag data guard method based on kernel-driven Hook Technique |
-
2018
- 2018-05-22 CN CN201810493964.2A patent/CN108932407B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103186730A (en) * | 2013-03-26 | 2013-07-03 | 北京深思数盾科技有限公司 | Method and device for protecting.NET software security |
| CN103246848A (en) * | 2013-03-26 | 2013-08-14 | 北京深思数盾科技有限公司 | Software security protection method and equipment |
| CN106934298A (en) * | 2017-03-06 | 2017-07-07 | 戴林 | A kind of Universal Database transparent encryption system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108932407A (en) | 2018-12-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102132289B (en) | Method and device for code obfuscation | |
| CN108932407B (en) | Program safety protection method and device | |
| CN110598379B (en) | Method, equipment and storage medium for realizing character string confusion | |
| CN105022936A (en) | Class file encryption and decryption method and class file encryption and decryption device | |
| KR101861341B1 (en) | Deobfuscation apparatus of application code and method of deobfuscating application code using the same | |
| CN107632832B (en) | Dalvik byte code oriented control flow confusion method | |
| CN112839036B (en) | Software running environment generation method and system based on mimicry defense theory | |
| US11119741B2 (en) | Compiling device and method | |
| CN108134673A (en) | A kind of method and device for generating whitepack library file | |
| CN111324591B (en) | Block chain bifurcation detection method and related device | |
| CN112434266A (en) | Shell code control flow flattening confusion method | |
| CN114611074A (en) | Method, system, equipment and storage medium for obfuscating source code of solid language | |
| CN113031967B (en) | Code conversion method and device | |
| JP6919973B2 (en) | Computer-aided obfuscation of program code | |
| CN113626773B (en) | Code protection method based on intermediate language | |
| JP2021530057A (en) | Compiler device with mask function | |
| JP2017509942A (en) | How to protect secret data when used in cryptographic algorithms | |
| CN117093964A (en) | Encryption method and device of source code, storage medium and electronic equipment | |
| US10140436B1 (en) | Program obfuscation by reorganizing execution paths | |
| CN107506644B (en) | Security protection method for implicit constant threat in dynamically generated code | |
| CN108846265B (en) | Program reinforcing method and device | |
| CN112115428B (en) | Code file confusion method, device, electronic equipment and storage medium | |
| CN111428209B (en) | Application program confusion method, device and storage medium | |
| CN113946804B (en) | Source code obfuscation method and device | |
| CN105095698A (en) | Program code obfuscation based upon recently executed program code |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |