| With the rapid development of software reverse engineering for the analysis of crack technology, more and more reverse hackers began to learn profession static disassemble and dynamic debug technology. Under such circumstances, the software directly in binary form of storage must have corresponding software protection technology, then it will guarantee the software would not be cracked, theft or directly authorized the preparation of a pirated system by the reverse hackers.This paper presents a new model of systematic software protection, the system contains debugging behavior detection subsystem for dynamic anti-debugging and dynamic code obfuscator subsystem used to reduce code readability. This model make a combination of the existing two kinds of software protection concept, ensures active and passive protection on the target software at the same time. The DBDS which uses a number of new windows operating system kernel-based anti-debugging technology, from three aspects: the debugger features, interrupt handling routines and debugging breakpoints tested, including some of the undocument windows kernel technologies can effectively detect and prevent software dynamic debugging. The DCOS uses the code confusion to reduce the readability of disassembly code, at the same time it embedded software to interact with the kernel module to load the dynamic code routines, to ensure dynamic generation of confused code to further enhance the protection intensity.This article also includes cutting-edge research and pseudo-code implement for a variety of detection techniques, for its special characteristics of the function modules, also makes the basis of analysis of technology to prove its feasibility. |
PDF Full Text Request