Software protection method based on API (Application Program Interface) security attribute hiding and attack threat monitoring

Abstract

The invention discloses a software protection method based on API (Application Program Interface) security attribute hiding and attack threat monitoring. The software protection method comprises the following steps: obtaining the original input information record chart of a file to be protected, extracting the execution control flow graph of the file, extracting an API calling point, extracting an API parameter passing code block, extracting an API returned value decryption point, dumping a DLL (Dynamic Link Library), calculating a new API entry address, constructing a springboard function block, inserting an exception instruction in the returned value decryption point, constructing a node, generating a node library, deploying a node network, constructing a node background, constructing a returned value decryption processing function, and reconstructing a PE (Portable Executable) file. From internal and external aspects, software is protected so as to analyze the function of API boundary information in a reverse analysis process from an angle of the reverse engineering of the attackers, the API security attribute which needs to be hidden and a detection node library are put in a program new node, and a new node entry is subjected to encryption processing to further prevent the attackers from carrying out reverse analysis on the protected PE file.

Description

technical field [0001] The invention belongs to the field of computer software security, in particular to summarizing and classifying potential attack threats faced by software for hiding API security attributes in target binary codes on Windows systems and combining attack examples, and designing an effective detection box for these attack threats The processing method is a software protection method that increases the attack difficulty. Background technique [0002] The software industry has become the main driving force to promote social development, and has penetrated into all aspects of human life. According to Maslow's hierarchy of needs theory, safety needs are the second largest needs after physiological needs. Therefore, software security is not only the basic requirement for the healthy development of the software industry, but also an important guarantee for the national economy and national security. Since cracking technology and tools are readily available, so...

AI Technical Summary

Problems solved by technology

However, there are still deficiencies in the above methods: method ① After the program is loaded and running, if the attacker dumps the input table, the information such as the API name used by the program can be obtained; method ② cannot resist the attacker using some dynamic collection tools ( Such as SoftSnoop) to obtain other information about the API

However, at present, the types of attack threats processed in software are relatively single, and the threat processing fragments are easy to be removed. At the same time, there is a lack of theoretical analysis and in-depth research cases on the information available for software that can be used by reverse analysis.

Images