Function level packing-oriented unpacking method and system

A level and function technology, applied in the field of unpacking methods and systems for function level packing, can solve the problems of anti-debugging technology obstacles, relying on hook technology, etc., to achieve good adaptability and accuracy, and solve the effect of generality problems

Active Publication Date: 2016-10-05
WUHAN ANTIY MOBILE SECURITY
View PDF3 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] Disadvantages: The way of memory dump when the existing solution is running is more dependent on hook technology, and is easily hindered by various

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Function level packing-oriented unpacking method and system
  • Function level packing-oriented unpacking method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] In order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purposes, features and advantages of the present invention more obvious and easy to understand, the technical solutions in the present invention will be further detailed below in conjunction with the accompanying drawings illustrate.

[0043]The present invention starts the emulator, initializes the application program Activity, calls the unpacking code body, loads the Dex file of the application program and saves it to the hash_tables of gDvm, retrieves the class_defs class definition list in the DexFile structure, and judges the loaded Dalvik virtual machine Whether the Method object in the method object is different from the AccessFlags and insn code segments in the method structure in the class_defs class definition list, so that active decryption can be achieved when calling from the system level, and s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a function level packing-oriented unpacking method and system. The method comprises the following steps: starting a simulator, initiating an application program and calling OnCreate of the application program; loading and storing a Dex file of the application program and searching a DexFile structural body; and retrieving a class-defs class definition list, judging whether a loaded Method object in a Dalvik virtual machine is different from a specific code segment in the class definition list or not, and judging whether a code address exceeds a range or not. According to the function level packing-oriented unpacking method and system, initiative decryption can be realized when calling is carried out from the system layer; and meanwhile, for the similar reinforcing technologies, similar unpacking methods can be used, so that the universality problem is effectively solved.

Description

technical field [0001] The present invention relates to the technical field of information security, in particular to an unpacking method and system for function-level packing. Background technique [0002] Code is the core of a program, whether it is for confidentiality and security considerations, or to hide behavior, packing technology is the most common and most effective method. In order to hide the core code and ensure the security of the core process of the system, developers generally obfuscate and encrypt the code. On the other hand, in order to hide itself and avoid the detection of security software, malicious applications will also encrypt their own codes. [0003] The detection of malicious code by security software relies heavily on known code, and encryption undoubtedly adds a lock to programmatic security detection. And with the passage of time, Android applications have changed from a small number of applications and simple encryption at the beginning to n...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/12G06F21/56
CPCG06F21/12G06F21/56
Inventor 唐浩马志远潘宣辰
Owner WUHAN ANTIY MOBILE SECURITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap