CN108021790B - File protection method and device, computing equipment and computer storage medium - Google Patents
File protection method and device, computing equipment and computer storage medium Download PDFInfo
- Publication number
- CN108021790B CN108021790B CN201711455906.2A CN201711455906A CN108021790B CN 108021790 B CN108021790 B CN 108021790B CN 201711455906 A CN201711455906 A CN 201711455906A CN 108021790 B CN108021790 B CN 108021790B
- Authority
- CN
- China
- Prior art keywords
- instruction
- syntax tree
- abstract syntax
- processed
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000012545 processing Methods 0.000 claims description 95
- 238000012546 transfer Methods 0.000 claims description 71
- 230000008439 repair process Effects 0.000 claims description 24
- 238000004891 communication Methods 0.000 claims description 13
- 230000008859 change Effects 0.000 claims description 7
- 238000006243 chemical reaction Methods 0.000 claims description 5
- 238000011084 recovery Methods 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 6
- 230000008901 benefit Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 101150083561 nop-1 gene Proteins 0.000 description 3
- 101100082911 Schizosaccharomyces pombe (strain 972 / ATCC 24843) ppp1 gene Proteins 0.000 description 2
- 238000005336 cracking Methods 0.000 description 2
- 101150102685 nop7 gene Proteins 0.000 description 2
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003014 reinforcing effect Effects 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a file protection method, a file protection device, a computing device and a computer storage medium, wherein the file protection method comprises the following steps: generating a first abstract syntax tree corresponding to an instruction to be protected in an original program file; hiding at least one instruction to be processed in the first abstract syntax tree to obtain a second abstract syntax tree after hiding; repairing the header file corresponding to the second abstract syntax tree to obtain a third abstract syntax tree after repairing; a program file corresponding to the third abstract syntax tree is generated. According to the technical scheme, the abstract syntax tree corresponding to the instruction to be protected is generated, the instruction to be processed in the abstract syntax tree is hidden, the decompilation difficulty is increased, the instruction in the program file is effectively prevented from being maliciously acquired by other people, and the safety of the program file is guaranteed.
Description
Technical Field
The invention relates to the technical field of internet, in particular to a file protection method, a file protection device, a computing device and a computer storage medium.
Background
With the continuous development of technology, users using smart terminals are growing explosively, and many applications installed on the smart terminals are becoming an indispensable part of daily life of the users. Therefore, how to secure the application used by the user has become the biggest problem when using the application. In the prior art, protection of an application program in an intelligent terminal can be generally realized by reinforcing the application program, and the method can prevent a code of the application program from being decompiled and analyzed to a certain extent, so that the safety of the application program is guaranteed. Specifically, the original code of the program file may be hidden, for example, all the original codes in the program file may be hidden. However, when the original code of the program file is to be hidden, the original code of the program file needs to be obtained in advance, and if the hiding is performed by another person, the original code of the program file is equivalently directly exposed to the other person, which causes a very great security risk; in addition, the original code of the program file is hidden in the prior art in a single mode and is easy to crack. Therefore, the file protection mode in the prior art has the problems of low cracking difficulty and easy decompilation analysis.
Disclosure of Invention
In view of the above, the present invention has been made to provide a file protection method, apparatus, computing device and computer storage medium that overcome or at least partially address the above-mentioned problems.
According to an aspect of the present invention, there is provided a file protection method, including:
generating a first abstract syntax tree corresponding to an instruction to be protected in an original program file;
hiding at least one instruction to be processed in the first abstract syntax tree to obtain a second abstract syntax tree after hiding;
repairing the header file corresponding to the second abstract syntax tree to obtain a third abstract syntax tree after repairing;
a program file corresponding to the third abstract syntax tree is generated.
According to another aspect of the present invention, there is provided a file protection apparatus, including:
the first generation module is used for generating a first abstract syntax tree corresponding to the instruction to be protected in the original program file;
the first processing module is used for hiding at least one instruction to be processed in the first abstract syntax tree to obtain a second abstract syntax tree after hiding;
the header file repairing module is used for repairing the header file corresponding to the second abstract syntax tree to obtain a third abstract syntax tree after repairing;
and the second generating module is used for generating a program file corresponding to the third abstract syntax tree.
According to yet another aspect of the present invention, there is provided a computing device comprising: the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation corresponding to the file protection method.
According to still another aspect of the present invention, a computer storage medium is provided, in which at least one executable instruction is stored, and the executable instruction causes a processor to execute operations corresponding to the file protection method.
According to the technical scheme provided by the invention, a first abstract syntax tree corresponding to a command to be protected in an original program file is generated, then at least one command to be processed in the first abstract syntax tree is subjected to hiding processing to obtain a second abstract syntax tree after the hiding processing, then a header file corresponding to the second abstract syntax tree is subjected to repairing processing to obtain a third abstract syntax tree after the repairing processing, and a program file corresponding to the third abstract syntax tree is generated. The technical scheme provided by the invention can generate the abstract syntax tree corresponding to the instruction to be protected in the original program file, and hide the instruction to be processed in the abstract syntax tree to obtain the processed program file, thereby increasing the difficulty of decompilation, effectively preventing the instruction in the program file from being maliciously acquired by other people and ensuring the safety of the program file.
The above description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 shows a schematic flowchart of a first embodiment of a file protection method provided by the present invention;
FIG. 2 is a flowchart illustrating a second embodiment of a file protection method according to the present invention;
FIG. 3 is a block diagram of a first embodiment of a file protection apparatus according to the present invention;
FIG. 4 is a block diagram illustrating a second embodiment of a file protection device according to the present invention;
fig. 5 is a schematic structural diagram of an embodiment of a computing device provided by the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
The invention can protect the program files in the application program, the program files are executable files, and the types of the program files can be so files, Linux platform executable files, ios platform executable files, osx platform executable files, android platform executable files and the like, and the invention is not limited to the protection method.
Fig. 1 shows a schematic flow diagram of a first embodiment of a file protection method provided by the present invention, and as shown in fig. 1, the method includes the following steps:
step S100, generating a first abstract syntax tree corresponding to the instruction to be protected in the original program file.
The original program file refers to an original program file in the application program, the original program file includes a plurality of instructions, and in order to prevent malicious acquisition by others, part or all of the instructions in the original program file need to be protected. In the invention, the instruction needing protection in the original program file is called the instruction to be protected. In step S100, the file content of the original program file may be parsed to generate an abstract syntax tree corresponding to the instruction to be protected in the original program file. The abstract syntax tree is a tree-like representation of the abstract syntax structure of the instructions to be protected. A grammar is said to be "abstract" in that the grammar in the abstract syntax tree does not represent every detail that appears in the real grammar, and every node on the abstract syntax tree represents a structure.
In order to facilitate the distinction of the abstract syntax trees in different processing stages, in the present invention, the generated abstract syntax tree corresponding to the instruction to be protected in the original program file and not subjected to the hiding processing is referred to as a first abstract syntax tree, and hereinafter, the abstract syntax tree after the environment is hidden is referred to as a second abstract syntax tree, and the abstract syntax tree obtained after the header file is subjected to the repairing processing is referred to as a third abstract syntax tree.
Step S101, hiding at least one instruction to be processed in the first abstract syntax tree to obtain a second abstract syntax tree after hiding.
The instructions in the first abstract syntax tree correspond to the instructions to be protected in the original program file, and the instructions in the first abstract syntax tree and the instructions to be protected in the original program file substantially represent the same instruction content through different expression forms. In order to distinguish from the instruction to be protected in the original program file, in the present invention, the instruction that needs to be hidden in the first abstract syntax tree is referred to as the instruction to be processed in the first abstract syntax tree.
In step S101, at least one instruction to be processed in the first abstract syntax tree is hidden, so as to obtain a second abstract syntax tree after the hiding. In this embodiment, a person skilled in the art may select one or more to-be-processed instructions that need to be hidden according to actual needs from the first abstract syntax tree, or may hide all to-be-processed instructions in the first abstract syntax tree, which is not limited herein.
And step S102, repairing the header file corresponding to the second abstract syntax tree to obtain a third abstract syntax tree after repairing.
In order to facilitate a user to smoothly run an application program, after hiding at least one instruction to be processed in the first abstract syntax tree, a header file corresponding to the second abstract syntax tree needs to be repaired to obtain a repaired third abstract syntax tree. Specifically, a new loading segment may be added to the header file corresponding to the second abstract syntax tree to repair the header file.
In step S103, a program file corresponding to the third abstract syntax tree is generated.
Specifically, after the third abstract syntax tree after the repair process is obtained, the third abstract syntax tree after the repair process may be compiled, so as to generate a program file corresponding to the third abstract syntax tree. Wherein, the program file corresponding to the third abstract syntax tree may be a binary file. Because the program file corresponding to the third abstract syntax tree is generated according to the third abstract syntax tree after the hiding processing, the generated program file corresponding to the third abstract syntax tree has higher difficulty in decryption, when other people perform decompilation processing on the program file, the program file needs to be identified and hidden for multiple times, the decompilation difficulty is increased, and the safety of the program file is effectively ensured.
According to the file protection method provided by this embodiment, a first abstract syntax tree corresponding to an instruction to be protected in an original program file is generated, at least one instruction to be processed in the first abstract syntax tree is then hidden to obtain a second abstract syntax tree after the hiding, a header file corresponding to the second abstract syntax tree is then repaired to obtain a third abstract syntax tree after the repairing, and a program file corresponding to the third abstract syntax tree is generated. The technical scheme provided by the invention can generate the abstract syntax tree corresponding to the instruction to be protected in the original program file, and hide the instruction to be processed in the abstract syntax tree to obtain the processed program file, thereby increasing the difficulty of decompilation, effectively preventing the instruction in the program file from being maliciously acquired by other people and ensuring the safety of the program file.
Fig. 2 shows a schematic flow diagram of a second embodiment of the file protection method provided by the present invention, and as shown in fig. 2, the method includes the following steps:
and step S200, performing decompilation processing on the instruction to be protected in the original program file to obtain a decompilation result.
Specifically, a decompilation tool can be used to perform decompilation processing on the instruction to be protected in the original program file to obtain a decompilation result. The decompilation tool can be selected by those skilled in the art according to actual needs, and is not limited herein.
Step S201, according to the decompilation result, generating a first abstract syntax tree corresponding to the instruction to be protected.
After the decompilation result is obtained, a tree representation of the abstract syntax structure of the instruction to be protected, that is, a first abstract syntax tree corresponding to the instruction to be protected, can be generated according to the decompilation result.
Step S202, at least one instruction to be processed is determined and obtained from the first abstract syntax tree.
The first abstract syntax tree comprises a plurality of instructions, and at least one instruction to be processed can be determined from the instructions in the first abstract syntax tree according to instruction types or random functions and the like. It is to be understood that all instructions in the first abstract syntax tree may also be determined as pending instructions.
In step S203, at least one instruction to be processed is converted into a control transfer instruction and a fill instruction with a preset number.
The preset number, the control transfer instruction and the stuff instruction can be set by those skilled in the art according to actual needs, and are not limited herein. Specifically, the control transfer instruction may be a call instruction, and the stuff instruction may be a nop instruction or an instruction that does not change the execution environment.
In one embodiment, each of the at least one instruction to be processed in the first abstract syntax tree may be converted into a call instruction and a plurality of nop instructions, or into a call instruction and a plurality of instructions that do not change the execution environment.
In another embodiment, when the number of the instructions to be processed is multiple, the multiple instructions to be processed may also be converted according to each group of instructions to be processed obtained by dividing the multiple instructions to be processed according to a preset division rule, and for one group of instructions to be processed, the one group of instructions to be processed is converted into the multiple control transfer instructions and the multiple padding instructions. In this embodiment, a person skilled in the art may set the preset partitioning rule according to actual needs, which is not limited herein. For example, the preset dividing rule may be to divide every n instructions to be processed, where n is a fixed preset number or a random number. Assuming that a group of instructions to be processed includes 3 instructions to be processed, where the 3 instructions to be processed are instruction 1 to be processed, instruction 2 to be processed, and instruction 3 to be processed, respectively, the group of instructions to be processed may be converted into a nop1 instruction, a nop2 instruction, a call1 instruction, a nop3 instruction, a nop4 instruction, a nop5 instruction, a call2 instruction, a nop6 instruction, a nop7 instruction, and a call3 instruction, where instruction 1 to be processed is converted into a nop1 instruction, a nop2 instruction, and a call1 instruction, instruction 2 to be processed is converted into a nop3 instruction, a nop4 instruction, a nop5 instruction, and a call2 instruction, and instruction 3 to be processed is converted into a nop6 instruction, a nop7 instruction, and a call3 instruction.
Step S204, at least one instruction to be processed is set at a preset position in the first abstract syntax tree, and the set and processed first abstract syntax tree is obtained.
In order for the user to smoothly run the application program, after converting the at least one instruction to be processed into the preset number of control transfer instructions and stuff instructions, the at least one instruction to be processed is further required to be disposed at a preset position in the first abstract syntax tree. The preset position may be a tail portion of the first abstract syntax tree, or may be some useless gap portions in the first abstract syntax tree, for example, a portion used for debugging program information in the written instruction. Taking the preset position as an example of the ending part of the first abstract syntax tree, in step S204, the instruction to be processed is set at the ending part of the first abstract syntax tree.
In step S205, the physical address corresponding to the preset position is used as an operand of the control transfer instruction obtained by the conversion, so as to obtain the second abstract syntax tree after the hiding processing.
After at least one instruction to be processed is set at a preset position in the first abstract syntax tree, the operand of the control transfer instruction obtained through conversion needs to be determined, so that a second abstract syntax tree after hidden processing is obtained. Assuming that the instruction 1 to be processed is converted into a nop1 instruction, a nop2 instruction, and a call1 instruction, and the instruction 1 to be processed is set at position 1 in the first abstract syntax tree, the physical address corresponding to position 1 is used as an operand of the call1 instruction. Similarly, for the case of converting a group of instructions to be processed into a plurality of control transfer instructions and a plurality of stuff instructions, the same manner as described above is adopted to use the physical address of the setting position corresponding to each instruction to be processed in the group of instructions to be processed as the operand of the converted control transfer instruction corresponding to the instruction to be processed. Taking the example given in step S203 as an example, the physical address of the setting position corresponding to the instruction 1 to be processed is used as the operand of the call1 instruction, the physical address of the setting position corresponding to the instruction 2 to be processed is used as the operand of the call2 instruction, and the physical address of the setting position corresponding to the instruction 3 to be processed is used as the operand of the call3 instruction.
Step S206, determining a physical address of at least one instruction to be processed, and using the physical address of the at least one instruction to be processed as a target virtual address.
After the at least one instruction to be processed is set at the preset position in the first abstract syntax tree, the physical address of the at least one instruction to be processed is determined, and the physical address of the at least one instruction to be processed is taken as the target virtual address.
Step S207, load the target virtual address in the header file corresponding to the second abstract syntax tree, and obtain a third abstract syntax tree after the repair processing.
After the target virtual address is determined, the target virtual address is loaded in the header file corresponding to the second abstract syntax tree, so that the header file corresponding to the second abstract syntax tree is repaired, the instruction to be processed is quickly found according to the target virtual address loaded by the header file, and the normal use of the application program by a user is not influenced after the instruction to be processed is subjected to hiding processing.
And step S208, saving the running environment of at least one instruction to be processed in the third abstract syntax tree to obtain the third abstract syntax tree after the environment is saved.
In order to increase the difficulty of decompilation, after step S207, at least one instruction to be processed in the third abstract syntax tree may be obfuscated. In order to keep the execution environment before and after the obfuscation processing consistent, the execution environment of at least one instruction to be processed in the third abstract syntax tree needs to be saved before the obfuscation processing is performed on at least one instruction to be processed in the third abstract syntax tree. Specifically, a register in which at least one instruction to be processed in the third abstract syntax tree is located may be determined, and then the variable value in the register may be saved, for example, the variable value in the register may be saved into a memory of a computing device such as a computer.
Step S209, performing obfuscation processing on at least one instruction to be processed in the third abstract syntax tree to obtain an obfuscated third abstract syntax tree.
Specifically, an obfuscating instruction may be added to each of the at least one to-be-processed instruction in the third abstract syntax tree, so as to change a variable value corresponding to the to-be-processed instruction and/or a variable value in a register, and obtain the obfuscated third abstract syntax tree.
In one embodiment, an obfuscating instruction is added to each of the at least one to-be-processed instruction in the third abstract syntax tree, and due to the addition of the obfuscating instruction, a variable value corresponding to the to-be-processed instruction is changed in the same instruction processing logic, so that an obfuscating function is performed to obfuscate a program breaker. For example, instruction 1 and instruction 2 are both in the same instruction processing logic, where instruction 1 is a to-be-processed instruction, in this embodiment, the execution environment of instruction 1 may be saved, and it is determined which register is used by instruction 1, the variable value in the register used by instruction 1 is saved, in the case that the variable value in the register is saved, an obfuscating instruction is added to the variable in the current register, and after the obfuscating instruction is added, the execution environment of instruction 1 is restored, so that it is ensured that even after the obfuscating program breaker is obfuscated by adding the obfuscating instruction, the variable value in instruction 2 is not changed, and thus obfuscating is performed. In the present invention, a logic implemented by combining a plurality of instructions having a preset association relationship is referred to as an instruction processing logic. Specifically, the obfuscated instruction may be an instruction that performs operation processing on a variable value corresponding to the instruction to be processed, where the operation processing includes, but is not limited to: arithmetic operations (e.g., addition, subtraction, multiplication, division, etc.), shift operations, and exclusive-or operations, among others.
In another embodiment, for each of the at least one pending instruction in the third abstract syntax tree, an obfuscating instruction is added to the pending instruction. The method can perform corresponding environment saving processing and environment restoring processing on other registers except the register corresponding to the instruction to be processed, and after the environment saving processing is performed, add an obfuscating instruction to the other registers except the register corresponding to the instruction to be processed so as to change variable values in the other registers except the register corresponding to the instruction to be processed. For example: instruction 1 and instruction 2 are both in the same instruction processing logic, where instruction 1 is the pending instruction, then in this embodiment, the execution environment of instruction 1 may be saved, and it may be determined which register is used by instruction 1, and the variable value in the register used by instruction 1 is saved, and in case the variable value in the register is saved, save the variable values in other registers than the register corresponding to instruction 1, and add the obfuscated instruction to the variables in the other registers, after adding the obfuscated instruction, the variable values in the other registers than the register corresponding to instruction 1 are restored, and the execution environment of instruction 1 is restored, thereby ensuring that the variable value in instruction 2 is not changed even after the obfuscating instruction is added to obfuscate the program interpreter, thereby acting as an obfuscation. Specifically, the obfuscated instruction may be an instruction that performs operation processing on variable values in other registers, including but not limited to: arithmetic operations (e.g., addition, subtraction, multiplication, division, etc.), shift operations, and exclusive-or operations, among others.
And after each instruction to be processed is subjected to the obfuscation processing, obtaining an obfuscated third abstract syntax tree according to the obfuscated instruction to be processed.
In addition, in order to increase the difficulty of decompiling, after step S209, the method may further include: generating a private key corresponding to the instruction to be processed and an encryption code mapped with the private key for each instruction to be processed in at least one instruction to be processed in the third abstract syntax tree; and encrypting the instruction to be processed by using the private key and the encryption code to obtain an instruction encryption ciphertext corresponding to the instruction to be processed.
Specifically, for each instruction to be processed in the at least one instruction to be processed, a corresponding private key and an encryption code mapped to the private key are generated. The generated private key may be an encryption key such as a random number, and a person skilled in the art may set the private key according to actual needs, which is not limited herein. Optionally, the generated private key and encrypted code may be different for different instructions to be processed, thereby helping to increase decompilation difficulty. For example, for the instruction 1 to be processed, the generated private key corresponding to the instruction 1 to be processed and the encrypted code mapped to the private key are the private key 1 and the encrypted code 1, respectively; for the instruction to be processed 2, the generated private key corresponding to the instruction to be processed 2 and the generated encrypted code mapped with the private key are the private key 2 and the encrypted code 2, respectively, where the private key 1 is different from the private key 2, and the encrypted code 1 is also different from the encrypted code 2.
And encrypting each instruction to be processed in at least one instruction to be processed by using the corresponding private key and the corresponding encryption code, so as to obtain an instruction encryption ciphertext corresponding to the instruction to be processed. Specifically, the private key may be input into an encryption code mapped with the private key, and then the instruction to be processed is encrypted to obtain an instruction encryption ciphertext corresponding to the instruction to be processed. In the invention, the instruction to be processed corresponds to the encrypted ciphertext of the encrypted instruction through a private key. For example, for a private key and an encryption code generated by the instruction to be processed 1, respectively, the private key 1 and the encryption code 1, and for a private key and an encryption code generated by the instruction to be processed 2, respectively, the private key 2 and the encryption code 2, then the instruction to be processed 1 is encrypted by using the private key 1 and the encryption code 1, and an instruction encryption ciphertext 1 corresponding to the instruction to be processed 1 is obtained; and encrypting the instruction 2 to be processed by using the private key 2 and the encryption code 2 to obtain an instruction encryption ciphertext 2 corresponding to the instruction 2 to be processed.
Further, after the encryption processing is performed, in order to facilitate a user to smoothly run an application program, a public key corresponding to the private key and a decryption code mapped to the public key may be generated for each instruction to be processed in at least one instruction to be processed, where the public key and the decryption code are used to decrypt an instruction encrypted ciphertext, and in this case, each instruction to be processed has a corresponding public key and a corresponding decryption code, so that there are multiple public keys and decryption codes, which may have a certain influence on the running speed of the application program.
In an alternative embodiment, the public key and the decryption code may also be generated from all private keys and encryption codes, in which case only one decryption code is required.
Specifically, the public key can be used for processing the decryption code to obtain a code, and the command encryption ciphertext is decrypted to obtain a command in a plaintext form, so that the user can be ensured to smoothly run the application program, and the normal use of the application program by the user is not influenced.
And step S210, recovering the running environment of at least one instruction to be processed in the third abstract syntax tree to obtain the third abstract syntax tree after the environment is recovered.
In order to keep the running environment before and after the obfuscating process consistent, so that the user can smoothly run the application program, in step S210, the register in which the at least one instruction to be processed is located may be restored, so that the variable value in the register can be used and changed, thereby implementing the restoration of the running environment of the at least one instruction to be processed in the third abstract syntax tree.
In step S211, a program file corresponding to the third abstract syntax tree is generated.
Specifically, the third abstract syntax tree after the environment is restored may be compiled, so as to generate a program file corresponding to the third abstract syntax tree. The program file is generated according to the third abstract syntax tree after hiding, obfuscating and encrypting, so that the program file has higher cracking difficulty, and when other people perform decompilation processing on the program file, the hidden processing, the obfuscating processing and the decryption processing need to be recognized for multiple times, so that the decompilation difficulty is greatly increased, and the safety of the program file is effectively guaranteed.
In step S212, repair processing is performed on the execution logic of the control transfer instruction in the program file corresponding to the third abstract syntax tree.
Since the content of the program file corresponding to the third abstract syntax tree is changed (for example, the code length is changed) compared with the original program file, the execution logic of the control transfer instruction in the program file corresponding to the third abstract syntax tree is changed, wherein the control transfer instruction includes but is not limited to: since jcc instructions, jmp instructions, ret instructions, call instructions, and the like are required, repair processing needs to be performed on the execution logic of the control transfer instructions in the program file corresponding to the third abstract syntax tree.
Specifically, it is detected whether a control transfer instruction exists in a program file corresponding to the third abstract syntax tree. If it is detected that the program file corresponding to the third abstract syntax tree does not have the control transfer instruction, the execution logic may not be repaired. If the control transfer instruction exists in the program file corresponding to the third abstract syntax tree, analyzing the control transfer instruction in the program file corresponding to the third abstract syntax tree to obtain the own address of the control transfer instruction and the own jump address corresponding to the control transfer instruction, determining the own jump address as the target virtual address of the control transfer instruction, and then calculating the offset between the target virtual address of the control transfer instruction and the own address of the control transfer instruction, wherein the offset can be the difference between the target virtual address of the control transfer instruction and the own address of the control transfer instruction, and then taking the offset as the operand of the control transfer instruction, thereby completing the repair processing of the execution logic of the control transfer instruction.
Taking the control branch instruction existing in the program file corresponding to the third abstract syntax tree as an example of a jmp instruction, assuming that the jmp instruction is analyzed to find that the own address of the jmp instruction is 10, the own jump address of the jmp instruction is 30, that is, the control branch instruction target virtual address is 30, then the offset between the control branch instruction target virtual address of the jmp instruction and the control branch instruction own address is 20, so 20 is used as the operand of the jmp instruction, and the repair processing on the execution logic of the jmp instruction is completed, so that the jmp instruction can jump according to the original execution logic.
Optionally, when performing obfuscation processing on the to-be-processed instruction, the present invention may further add a control transfer instruction to each of at least one to-be-processed instruction in the third abstract syntax tree. The obfuscation is effected by the added control transfer instruction. Specifically, one or more control transfer instructions may be added to the instruction to be processed, where the added control transfer instruction may be a jmp instruction, a call instruction, and the like, and a person skilled in the art may set the added control transfer instruction according to an actual need, which is not limited herein. In one embodiment, a jump may be made in the same instruction processing logic by adding a control transfer instruction to the instruction to be processed; in another embodiment, by adding a control transfer instruction to the instruction to be processed, a jump can be made in different instruction processing logic, thereby performing a confusing function and increasing the difficulty of decompilation.
The file protection method provided by the embodiment of the invention can generate the abstract syntax tree corresponding to the instruction to be protected in the original program file, and can perform hiding processing and confusing processing on the instruction to be processed in the abstract syntax tree, and optionally can perform encryption processing on the instruction to be processed, so that when other people perform decompilation processing on the processed program file, multiple times of identification hiding processing and confusing processing and multiple times of decryption processing are required, the decompilation difficulty is greatly increased, the instruction in the program file is effectively prevented from being maliciously acquired by other people, and the safety of the program file is ensured; in addition, the technical scheme also carries out repair processing on the execution logic of the control transfer instruction in the processed program file, and effectively ensures that the execution logic of the control transfer instruction before and after processing is unchanged.
Fig. 3 shows a block diagram of a first embodiment of a file protection device provided in the present invention, as shown in fig. 3, the device includes: a first generation module 310, a first processing module 320, a header file repair module 330, and a second generation module 340.
The first generating module 310 is configured to: and generating a first abstract syntax tree corresponding to the instruction to be protected in the original program file.
The first processing module 320 is configured to: and hiding at least one instruction to be processed in the first abstract syntax tree to obtain a second abstract syntax tree after hiding.
The header file repair module 330 is configured to: and repairing the header file corresponding to the second abstract syntax tree to obtain a third abstract syntax tree after repairing.
The second generation module 340 is configured to: a program file corresponding to the third abstract syntax tree is generated.
According to the file protection device provided by this embodiment, the first generation module generates a first abstract syntax tree corresponding to a command to be protected in an original program file, the first processing module performs hiding processing on at least one command to be processed in the first abstract syntax tree to obtain a second abstract syntax tree after the hiding processing, the header file repair module performs repair processing on a header file corresponding to the second abstract syntax tree to obtain a third abstract syntax tree after the repair processing, and the second generation module generates a program file corresponding to the third abstract syntax tree. The technical scheme provided by the invention can generate the abstract syntax tree corresponding to the instruction to be protected in the original program file, and hide the instruction to be processed in the abstract syntax tree to obtain the processed program file, thereby increasing the difficulty of decompilation, effectively preventing the instruction in the program file from being maliciously acquired by other people and ensuring the safety of the program file.
Fig. 4 shows a block diagram of a second embodiment of the file protection apparatus provided in the present invention, and as shown in fig. 4, the apparatus includes: a first generation module 410, a determination module 420, a first processing module 430, a header repair module 440, an environment saving module 450, a second processing module 460, an environment restoration module 470, a second generation module 480, and a logical repair module 490.
The first generation module 410 is configured to: performing decompiling processing on the instruction to be protected in the original program file to obtain a decompiling result; and generating a first abstract syntax tree corresponding to the instruction to be protected according to the decompilation result.
The determination module 420 is configured to: at least one instruction to be processed is determined from the first abstract syntax tree.
The first processing module 430 is configured to: converting at least one instruction to be processed into a preset number of control transfer instructions and filling instructions; setting at least one instruction to be processed at a preset position in a first abstract syntax tree to obtain a first abstract syntax tree after setting and processing; and taking the physical address corresponding to the preset position as an operand of the control transfer instruction obtained by conversion to obtain the second abstract syntax tree after the hiding processing. Wherein, the control transfer instruction may be a call instruction.
The header file repair module 440 is configured to: determining a physical address of at least one instruction to be processed, and taking the physical address of the at least one instruction to be processed as a target virtual address; and loading the target virtual address in the header file corresponding to the second abstract syntax tree to obtain a repaired third abstract syntax tree.
The environment saving module 450 is configured to: and saving the running environment of at least one instruction to be processed in the third abstract syntax tree to obtain the third abstract syntax tree after the environment is saved. Specifically, the environment saving module 450 determines a register in which at least one instruction to be processed is located; and saving the variable value in the register to obtain a second abstract syntax tree after the environment is saved.
The second processing module 460 is configured to: and performing confusion processing on at least one instruction to be processed in the third abstract syntax tree to obtain the third abstract syntax tree after the confusion processing.
Optionally, the second processing module 460 is configured to: adding an obfuscating instruction to each of the at least one instruction to be processed in the third abstract syntax tree to change a variable value corresponding to the instruction to be processed and/or a variable value in a register; and/or adding a control transfer instruction to each instruction to be processed in the at least one instruction to be processed in the third abstract syntax tree.
To increase the difficulty of decompilation, the second processing module 460 is further adapted to: generating a private key corresponding to the instruction to be processed and an encryption code mapped with the private key for each instruction to be processed in at least one instruction to be processed in the third abstract syntax tree; and encrypting the instruction to be processed by using the private key and the encryption code to obtain an instruction encryption ciphertext corresponding to the instruction to be processed.
After the encryption process, in order to facilitate the user to smoothly run the application, the second processing module 460 is further configured to: and generating a public key corresponding to the private key and a decryption code mapped with the public key, wherein the public key and the decryption code are used for decrypting the instruction encryption ciphertext.
The environment recovery module 470 is used to: and recovering the running environment of at least one instruction to be processed in the third abstract syntax tree to obtain the third abstract syntax tree after the environment is recovered.
The second generating module 480 is configured to: a program file corresponding to the third abstract syntax tree is generated.
The logic repair module 490 is configured to: and repairing the execution logic of the control transfer instruction in the program file corresponding to the third abstract syntax tree.
Specifically, the logic repair module 490 is further configured to: detecting whether a control transfer instruction exists in a program file corresponding to the third abstract syntax tree; if so, analyzing the control transfer instruction in the program file corresponding to the third abstract syntax tree to obtain the self address of the control transfer instruction and the self jump address corresponding to the control transfer instruction, and determining the self jump address as the control transfer instruction target virtual address; calculating the offset between the control transfer instruction target virtual address and the control transfer instruction self address; the offset is used as an operand of the control transfer instruction.
According to the file protection device provided by the embodiment of the invention, the abstract syntax tree corresponding to the instruction to be protected in the original program file can be generated, the hiding processing and the obfuscation processing can be carried out on the instruction to be processed in the abstract syntax tree, and optionally, the instruction to be processed can be encrypted, so that when other people carry out decompilation processing on the processed program file, the hiding processing and the obfuscation processing need to be identified for many times and the decryption processing needs to be carried out for many times, the decompilation difficulty is greatly increased, the instruction in the program file is effectively prevented from being maliciously acquired by other people, and the safety of the program file is ensured; in addition, the technical scheme also carries out repair processing on the execution logic of the control transfer instruction in the processed program file, and effectively ensures that the execution logic of the control transfer instruction before and after processing is unchanged.
The invention also provides a nonvolatile computer storage medium, and the computer storage medium stores at least one executable instruction which can execute the file protection method in any method embodiment.
Fig. 5 is a schematic structural diagram of an embodiment of a computing device provided in the present invention, and a specific embodiment of the present invention does not limit a specific implementation of the computing device.
As shown in fig. 5, the computing device may include: a processor (processor)502, a Communications Interface 504, a memory 506, and a communication bus 508.
Wherein:
the processor 502, communication interface 504, and memory 506 communicate with one another via a communication bus 508.
A communication interface 504 for communicating with network elements of other devices, such as clients or other servers.
The processor 502 is configured to execute the program 510, and may specifically perform the relevant steps in the above-described embodiment of the file protection method.
In particular, program 510 may include program code comprising computer operational instructions.
The processor 502 may be a central processing unit CPU, or an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits configured to implement an embodiment of the invention. The computing device includes one or more processors, which may be the same type of processor, such as one or more CPUs; or may be different types of processors such as one or more CPUs and one or more ASICs.
And a memory 506 for storing a program 510. The memory 506 may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The program 510 may specifically be configured to cause the processor 502 to execute a file protection method in any of the above-described method embodiments. For specific implementation of each step in the program 510, reference may be made to corresponding steps and corresponding descriptions in units in the above file protection embodiments, which are not described herein again. It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described devices and modules may refer to the corresponding process descriptions in the foregoing method embodiments, and are not described herein again.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual system, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the above description. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and placed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Moreover, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than others, the combination of features of different embodiments is intended to be within the scope of the invention and form part of different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
Claims (22)
1. A method of file protection, comprising:
generating a first abstract syntax tree corresponding to an instruction to be protected in an original program file;
hiding at least one instruction to be processed in the first abstract syntax tree to obtain a second abstract syntax tree after hiding;
repairing the header file corresponding to the second abstract syntax tree to obtain a third abstract syntax tree after repairing;
generating a program file corresponding to the third abstract syntax tree;
wherein, the hiding at least one instruction to be processed in the first abstract syntax tree to obtain a second abstract syntax tree after the hiding further comprises: converting the at least one instruction to be processed into a preset number of control transfer instructions and filling instructions; setting the at least one instruction to be processed at a preset position in the first abstract syntax tree to obtain a first abstract syntax tree after setting and processing; and taking the physical address corresponding to the preset position as an operand of the control transfer instruction obtained by conversion to obtain a second abstract syntax tree after the hiding processing.
2. The file protection method according to claim 1, wherein the generating of the first abstract syntax tree corresponding to the instruction to be protected in the original program file further comprises:
performing decompiling processing on the instruction to be protected in the original program file to obtain a decompiling result;
and generating a first abstract syntax tree corresponding to the instruction to be protected according to the decompilation result.
3. The file protection method according to claim 1, wherein the repairing the header file corresponding to the second abstract syntax tree to obtain a third abstract syntax tree after the repairing further comprises:
determining a physical address of the at least one instruction to be processed, and taking the physical address of the at least one instruction to be processed as a target virtual address;
and loading the target virtual address in a header file corresponding to the second abstract syntax tree to obtain a repaired third abstract syntax tree.
4. The file protection method according to any one of claims 1 to 3, wherein after the header file corresponding to the second abstract syntax tree is repaired to obtain a repaired third abstract syntax tree, the method further comprises:
saving the running environment of at least one instruction to be processed in the third abstract syntax tree to obtain a third abstract syntax tree after the environment is saved;
performing obfuscation processing on at least one instruction to be processed in the third abstract syntax tree to obtain an obfuscated third abstract syntax tree;
and recovering the operating environment of at least one instruction to be processed in the third abstract syntax tree to obtain the third abstract syntax tree after the environment is recovered.
5. The file protection method of claim 4, wherein the saving the runtime environment of the at least one pending instruction in the third abstract syntax tree further comprises:
determining a register in which at least one instruction to be processed in the third abstract syntax tree is located;
the variable value in the register is saved.
6. The file protection method of claim 5, wherein obfuscating at least one instruction to be processed in the third abstract syntax tree further comprises:
adding an obfuscating instruction to each of at least one to-be-processed instruction in the third abstract syntax tree to change a variable value corresponding to the to-be-processed instruction and/or a variable value in the register; and/or the presence of a gas in the gas,
adding a control transfer instruction to each instruction to be processed in at least one instruction to be processed in the third abstract syntax tree.
7. The file protection method according to claim 4, wherein after obfuscating at least one instruction to be processed in the third abstract syntax tree to obtain an obfuscated third abstract syntax tree, the method further comprises:
generating a private key corresponding to the instruction to be processed and an encrypted code mapped with the private key for each instruction to be processed in at least one instruction to be processed in the third abstract syntax tree; and encrypting the instruction to be processed by using the private key and the encryption code to obtain an instruction encryption ciphertext corresponding to the instruction to be processed.
8. The file protection method of claim 7, wherein after the generating a private key corresponding to the instruction to be processed and an encrypted code mapped to the private key, the method further comprises:
and generating a public key corresponding to the private key and a decryption code mapped with the public key, wherein the public key and the decryption code are used for decrypting the instruction encrypted ciphertext.
9. The file protection method of any of claims 1-3, wherein after generating the program file corresponding to the third abstract syntax tree, the method further comprises:
and repairing execution logic of the control transfer instruction in the program file corresponding to the third abstract syntax tree.
10. The file protection method of claim 9, wherein repairing execution logic of the control transfer instruction in the program file corresponding to the third abstract syntax tree further comprises:
detecting whether a control transfer instruction exists in a program file corresponding to the third abstract syntax tree;
if so, analyzing the control transfer instruction in the program file corresponding to the third abstract syntax tree to obtain a self address of the control transfer instruction and a self jump address corresponding to the control transfer instruction, and determining the self jump address as a control transfer instruction target virtual address;
calculating the offset between the control branch instruction target virtual address and the control branch instruction self address;
the offset is used as an operand of the control transfer instruction.
11. A file protection device, comprising:
the first generation module is used for generating a first abstract syntax tree corresponding to the instruction to be protected in the original program file;
the first processing module is used for hiding at least one instruction to be processed in the first abstract syntax tree to obtain a second abstract syntax tree after hiding;
a header file repairing module, configured to repair the header file corresponding to the second abstract syntax tree to obtain a third abstract syntax tree after repair processing;
a second generating module for generating a program file corresponding to the third abstract syntax tree;
wherein the first processing module is further configured to: converting the at least one instruction to be processed into a preset number of control transfer instructions and filling instructions; setting the at least one instruction to be processed at a preset position in the first abstract syntax tree to obtain a first abstract syntax tree after setting and processing; and taking the physical address corresponding to the preset position as an operand of the control transfer instruction obtained by conversion to obtain a second abstract syntax tree after the hiding processing.
12. The file protection device of claim 11, wherein the first generation module is further configured to:
performing decompiling processing on the instruction to be protected in the original program file to obtain a decompiling result;
and generating a first abstract syntax tree corresponding to the instruction to be protected according to the decompilation result.
13. The file protection device of claim 11, wherein the header file repair module is further configured to:
determining a physical address of the at least one instruction to be processed, and taking the physical address of the at least one instruction to be processed as a target virtual address;
and loading the target virtual address in a header file corresponding to the second abstract syntax tree to obtain a repaired third abstract syntax tree.
14. The file protection device according to any one of claims 11-13, wherein the device further comprises:
the environment storage module is used for storing the running environment of at least one instruction to be processed in the third abstract syntax tree to obtain the third abstract syntax tree after the environment is stored;
the second processing module is used for performing obfuscation processing on at least one instruction to be processed in the third abstract syntax tree to obtain an obfuscated third abstract syntax tree;
and the environment recovery module is used for recovering the running environment of at least one instruction to be processed in the third abstract syntax tree to obtain the third abstract syntax tree after the environment is recovered.
15. The file protection apparatus of claim 14, wherein the environment saving module is further configured to:
determining a register in which at least one instruction to be processed in the third abstract syntax tree is located;
the variable value in the register is saved.
16. The file protection device of claim 15, wherein the second processing module is further adapted to:
adding an obfuscating instruction to each of at least one to-be-processed instruction in the third abstract syntax tree to change a variable value corresponding to the to-be-processed instruction and/or a variable value in the register; and/or the presence of a gas in the gas,
adding a control transfer instruction to each instruction to be processed in at least one instruction to be processed in the third abstract syntax tree.
17. The file protection device of claim 14, wherein the second processing module is further adapted to:
generating a private key corresponding to the instruction to be processed and an encrypted code mapped with the private key for each instruction to be processed in at least one instruction to be processed in the third abstract syntax tree; and encrypting the instruction to be processed by using the private key and the encryption code to obtain an instruction encryption ciphertext corresponding to the instruction to be processed.
18. The file protection device of claim 17, wherein the second processing module is further configured to:
and generating a public key corresponding to the private key and a decryption code mapped with the public key, wherein the public key and the decryption code are used for decrypting the instruction encrypted ciphertext.
19. The file protection device according to any one of claims 11-13, wherein the device further comprises: and the logic repairing module is used for repairing the execution logic of the control transfer instruction in the program file corresponding to the third abstract syntax tree.
20. The file protection device of claim 19, wherein the logical repair module is further configured to:
detecting whether a control transfer instruction exists in a program file corresponding to the third abstract syntax tree;
if so, analyzing the control transfer instruction in the program file corresponding to the third abstract syntax tree to obtain a self address of the control transfer instruction and a self jump address corresponding to the control transfer instruction, and determining the self jump address as a control transfer instruction target virtual address;
calculating the offset between the control branch instruction target virtual address and the control branch instruction self address;
the offset is used as an operand of the control transfer instruction.
21. A computing device, comprising: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction causes the processor to execute the operation corresponding to the file protection method according to any one of claims 1-10.
22. A computer storage medium having stored therein at least one executable instruction for causing a processor to perform operations corresponding to the file protection method of any one of claims 1-10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711455906.2A CN108021790B (en) | 2017-12-28 | 2017-12-28 | File protection method and device, computing equipment and computer storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711455906.2A CN108021790B (en) | 2017-12-28 | 2017-12-28 | File protection method and device, computing equipment and computer storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108021790A CN108021790A (en) | 2018-05-11 |
| CN108021790B true CN108021790B (en) | 2020-09-08 |
Family
ID=62072163
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711455906.2A Active CN108021790B (en) | 2017-12-28 | 2017-12-28 | File protection method and device, computing equipment and computer storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108021790B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109660542A (en) * | 2018-12-25 | 2019-04-19 | 百度在线网络技术(北京)有限公司 | Data processing method, device and terminal |
| CN110673852B (en) * | 2019-09-20 | 2023-06-23 | 北京智游网安科技有限公司 | Method, system and equipment for realizing control flow flattening based on front end of compiler |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103699820A (en) * | 2013-12-25 | 2014-04-02 | 北京深思数盾科技有限公司 | Obfuscating method for relative jump instruction |
| US9241004B1 (en) * | 2014-03-11 | 2016-01-19 | Trend Micro Incorporated | Alteration of web documents for protection against web-injection attacks |
| CN106096338A (en) * | 2016-06-07 | 2016-11-09 | 西北大学 | A kind of have the virtualization software guard method that data stream is obscured |
| CN106650340A (en) * | 2016-11-16 | 2017-05-10 | 中国人民解放军国防科学技术大学 | Binary software protection method by means of dynamic fine-grained code hiding and obfuscating technology |
-
2017
- 2017-12-28 CN CN201711455906.2A patent/CN108021790B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103699820A (en) * | 2013-12-25 | 2014-04-02 | 北京深思数盾科技有限公司 | Obfuscating method for relative jump instruction |
| US9241004B1 (en) * | 2014-03-11 | 2016-01-19 | Trend Micro Incorporated | Alteration of web documents for protection against web-injection attacks |
| CN106096338A (en) * | 2016-06-07 | 2016-11-09 | 西北大学 | A kind of have the virtualization software guard method that data stream is obscured |
| CN106650340A (en) * | 2016-11-16 | 2017-05-10 | 中国人民解放军国防科学技术大学 | Binary software protection method by means of dynamic fine-grained code hiding and obfuscating technology |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108021790A (en) | 2018-05-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108345773B (en) | Code protection method and device based on virtual machine, electronic equipment and storage medium | |
| CN105683990B (en) | Method and apparatus for protecting dynamic base | |
| RU2439669C2 (en) | Method to prevent reverse engineering of software, unauthorised modification and data capture during performance | |
| CN104680039B (en) | A kind of data guard method and device of application program installation kit | |
| KR101328012B1 (en) | Apparatus for tamper protection of application code and method thereof | |
| JP7154365B2 (en) | Methods for securing software code | |
| EP3038004A1 (en) | Method for providing security for common intermediate language-based program | |
| US20080271001A1 (en) | Method of generating program, information processing device and microcomputer | |
| CN108399319B (en) | Source code protection method, application server and computer readable storage medium | |
| CN109598107B (en) | Code conversion method and device based on application installation package file | |
| JP7285850B2 (en) | Compilation device and method | |
| CN109614772B (en) | Code conversion method and device based on application installation package file | |
| CN107273723B (en) | So file shell adding-based Android platform application software protection method | |
| CN105074712A (en) | Code processing device and program | |
| CN108182358B (en) | File protection method and device, computing equipment and computer storage medium | |
| EP2937803B1 (en) | Control flow flattening for code obfuscation where the next block calculation needs run-time information | |
| CN108021790B (en) | File protection method and device, computing equipment and computer storage medium | |
| CN106295327B (en) | Executable file reinforcing method and device | |
| JP2009104589A (en) | Information processor and its method, program, and recording medium | |
| CN108052806B (en) | File protection method and device, computing equipment and computer storage medium | |
| EP2947590B1 (en) | Program code obfuscation based upon recently executed program code | |
| JP3949105B2 (en) | How to protect the software against its unauthorized use using the "Rename" principle | |
| JP3949108B2 (en) | How to protect software against unauthorized use with the “temporary separation” principle | |
| Kumar et al. | A thorough investigation of code obfuscation techniques for software protection | |
| JP3949103B2 (en) | How to protect software against unauthorized use with the "conditional branching" principle |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20200724 Address after: 4f, building C2, Suzhou 2.5 Industrial Park, 88 Dongchang Road, Suzhou Industrial Park, Jiangsu Province Applicant after: JIANGSU TONGFUDUN INFORMATION SECURITY TECHNOLOGY Co.,Ltd. Applicant after: JIANGSU PAY EGIS TECHNOLOGY Co.,Ltd. Address before: Suzhou City, Jiangsu province 215021 East Road, Suzhou Industrial Park, No. 88 Suzhou 2.5 Industrial Park C2 building room 3F-301 Applicant before: JIANGSU TONGFUDUN INFORMATION SECURITY TECHNOLOGY Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |