| Software is the crystallization of people's wisdom;it is also a kind of special commodity.If its core technology is cracked,it will be a great loss,so software protection is very important.Packing is the most common way to protect software,but once the shell is taken off,the software will have no protection measures.In order to solve this problem, this paper combined object code obfuscation and packing technology,implemented a packing method that makes the unpacked program hard to restore.At the same time designed and analyzed some key problems.In order to disassemble object code maximum correctly,this paper used mixed scan algorithm and scanned the result to calibrate.If a block of disassembly code calibrates correctly,then analyzes and records the information about transfer instruction.After calibration,outputs the transfer instruction records.This paper used an irreversible control obfuscation method to modify the transfer instructions of object code,that makes the transfer instructions must pass the shell when they are running.This method controls the transfer instructions effectively,and also prevents from tracing back instructions.After reading the transfer instructions(the disassembly result),calculates every instruction's new destination address and modifies the original program.Finally creates the new correct jump instruction in shell section and outputs the obfuscation data.Puts the output obfuscation data into shell section,and compresses it and code section. These measures can protect obfuscation data and prevent static disassembly analysis.Even shell is taken off,the program can not run normally.This irreversible jump makes the program hard to restore after shelling off,so as to protect software.This paper finally implements a hard repair packing system using by object code obfuscation.The system integrates disassembly,object code obfuscation,packing and portable executable file's information comparison functions. |
PDF Full Text Request