Font Size: a A A

Researching And Implementation Of PE File Encryption Shell Protection

Posted on:2010-09-28Degree:MasterType:Thesis
Country:ChinaCandidate:Z H ZhangFull Text:PDF
GTID:2178360275450002Subject:Control Engineering
Abstract/Summary:PDF Full Text Request
PE (Portable Executable) file format is a 32-bit Windows operating system, the introduction of the executable file format, which is the Windows platform, the main executable format. PE files using a flat address space, all code and data are combined to form a structure, which is a lot of data structure, the contents of the documents being cut into different sections, the section that contains the code or data Each page section of the border alignment, which are pointed out in the first PE file. PE is not a document as single memory-mapped files to be included in the memory of it by the PE loader for the first PE according to data included in the value of the structure of memory, and then handed over control of the proceedings.With the development of computer technology, all walks of life have a greater or lesser extent with computer links, for various applications or software industry needs constant nurturing and Health. However, the current rampant piracy industry, making the software industry can not get their income, dealt a blow to the development of software, is not conducive to social progress. Although all countries in the world are cracking down on piracy carried out, but the software's author but also to a certain degree of protection software to increase the difficulty of piracy.At present, the software protection to a major software encryption and hardware encryption in two ways, hardware encryption effect, but the high cost for large software companies. Encryption software is also due to facilitate the rapid development of the economy, and the software has two main forms of encryption, an author in the interior design of complex software algorithms to carry out anti-crack, in this manner and software combination of anti-crack close, anti-crack effects, and But the software's author to spend a lot of energy in the anti-crack on. Another way is using third-party software for software protection, the so-called shell protection. The full name of shell executable program resources should be compressed, is to protect a common means of executable files. Shell actually use a special algorithm, on the EXE,DLL file code and resources encryption compression, to protect the executable program purposes.This article first analysis of the PE file format, an analysis of software protection and shell way to use software protection, a detailed analysis of the increase took command, SEH (Structured Exception Handling) technology and IAT (Import Address Table) encryption to protect the three shell means, and gives the relevant principles of the introduction and implementation of major. And then by analyzing the well-known open source software shell compressed UPX (Ultimate Packer for eXecutables) to work out a shell program, which in addition to the adoption of procedures to reduce the volume of compression also uses a number of anti-shell, anti-debugging tools. And VC ++ 6.0 achieved shell program.
Keywords/Search Tags:PE file, encryption shell protection, junk instruction, SEH, IAT
PDF Full Text Request
Related items