Research On Software Protection Scheme Based On Shell Technology

With the rapid development of computer technology and network technology, software plays a more and more important role in people's life and work, and has already penetrated into every field of society. Software as an information transmission carrier, which contains many important private information, is facing increasingly serious security threats. Common software attack methods such as reversing program, anti static analysis of assembly code, dynamic tracking and positioning program debugging key code often be used by malicious attackers, while PEiD, OllyDbg, IDA Pro and other common crack debugging tools can be found everywhere. Attackers are through the reverse technology to steal core algorithm in the program or illegal modify key code information, brute force program, and tamper with the software copyright information, and by means of copying, network sharing to spread the cracked software, which seriously damage to the interests of developers.Therefore, the design of a more secure and reliable software protection program is of great significance to the development of the whole industry.Firstly, the article introduces on the current mainstream software protection technology, focusing on the analysis of objects of protection of PE file format and the principle of packing; Secondly, analyzes the principle of software reverse engineering, and describes the procedures for the reverse way of both static analysis and dynamic analysis in detail,as well as the principle of hulling technology. At present, most developers work with the existing shell of software protection, but the protection effect is unsatisfactory, their main defect as follows: 1. shell and the original program is not closely linked, packing information clearly, which can easily be stripped; 2. the program is often encrypted blocks as a unit,after the shell program is executed, the final code and data stored in clear text in memory, which is easy dump; 3. shell module integrity check is too simple, which is easy to be bypassed. In view of the disadvantages of the existing shell protection software, this paper proposes a new software protection model, which cleverly combined the shell, dynamic encryption and decryption, with serial number protection, through mutual restraint to play the role of software protection. The procedures related to the core technology of the key to the code segment is divided into blocks, followed by calculation of each basic block the hash value by the model, a front basic block hash with the correct sequence number of XOR as the next basic block encryption and decryption key, at the same time, the control program and the decryption controller put in the module shell. Serial number of the error, the key to the code segment has been tampered with or program been shelling in as long as there is a situation, the software will can not operate normally.The protection system adopts a modular design, which can be divided into pre-processing module, disassembly module, dynamic encryption and decryption modules, shelling protection module, and flower instruction encryption module. The main shell program uses APLIB engine compression to compress the block and resources, and the input table is deformed to dump into the housing. In order to improve the safety of the shell, the protection system joins the anti debugging technology, which can resist the common debugger loading program.Finally, the protection system of the design is realized through the C++ object-oriented language, and the performance of the system is tested through various aspects. Experiments show that the system can greatly enhance the protection of the software to improve the ability of self protection, with the characteristics of static anti disassembly,dynamic anti-debugging, and malicious tampering with the program.