[go: up one dir, main page]

CN114707124B - .NET platform code protection method and system based on code virtualization - Google Patents

.NET platform code protection method and system based on code virtualization Download PDF

Info

Publication number
CN114707124B
CN114707124B CN202210284350.XA CN202210284350A CN114707124B CN 114707124 B CN114707124 B CN 114707124B CN 202210284350 A CN202210284350 A CN 202210284350A CN 114707124 B CN114707124 B CN 114707124B
Authority
CN
China
Prior art keywords
code
msil
net platform
flow graph
control flow
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210284350.XA
Other languages
Chinese (zh)
Other versions
CN114707124A (en
Inventor
刘兰
伍文煌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Polytechnic Normal University
Original Assignee
Guangdong Polytechnic Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Polytechnic Normal University filed Critical Guangdong Polytechnic Normal University
Priority to CN202210284350.XA priority Critical patent/CN114707124B/en
Publication of CN114707124A publication Critical patent/CN114707124A/en
Application granted granted Critical
Publication of CN114707124B publication Critical patent/CN114707124B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Technology Law (AREA)
  • Multimedia (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Devices For Executing Special Programs (AREA)

Abstract

本发明提出一种基于代码虚拟化的.NET平台代码保护方法,包括构建关于.NET平台程序中每个过程的控制流图,并根据所述控制流图构建数据流图;根据所述控制流图和数据流图,将.NET平台程序中待保护的MSIL代码进行反编译,得到MSIL语法树;将所述MSIL语法树编译为虚拟中间语言。将.NET平台程序中待保护的MSIL代码转换为具有可自定义性、动态性和可转换性,以及难以被分析的虚拟中间语言,可以有效阻碍各类反编译器将被保护的MSIL代码转换为高级语言,使得.NET平台程序的关键代码不被篡改,能够安全运行。

Figure 202210284350

The present invention proposes a .NET platform code protection method based on code virtualization, including constructing a control flow graph about each process in a .NET platform program, and constructing a data flow graph according to the control flow graph; according to the control flow Figure and data flow diagram, the MSIL code to be protected in the .NET platform program is decompiled to obtain the MSIL syntax tree; the MSIL syntax tree is compiled into a virtual intermediate language. Convert the MSIL code to be protected in the .NET platform program into a virtual intermediate language that is customizable, dynamic and convertible, and difficult to be analyzed, which can effectively prevent various decompilers from converting the MSIL code to be protected It is a high-level language, so that the key code of the .NET platform program cannot be tampered with and can run safely.

Figure 202210284350

Description

基于代码虚拟化的.NET平台代码保护方法和系统Method and system for code protection of .NET platform based on code virtualization

技术领域technical field

本发明涉及软件安全技术领域,更具体地,涉及一种基于代码虚拟化的.NET平台代码保护方法和系统。The invention relates to the technical field of software security, and more specifically, to a code protection method and system for a .NET platform based on code virtualization.

背景技术Background technique

目前许多商业软件经常由于被攻击者通过逆向工程破解,窃取软件中的核心算法和机密信息,导致许多开发者的软件著作权收到侵害。因此,在许多场景下,对于软件代码保护的需求日益增多,例如.NET平台、安卓应用和某些物联网设备上的应用都有如何保障应用代码不被逆向破解的安全需求。.NET平台下所有语言均基于公共语言运行时(CommonLanguage Runtime和遵循公共语言架构的标准,统一被编译为MSIL代码,并由公共语言运行时执行编译后的MSIL代码。MSIL代码为公开基础架构,攻击者可使用各类反编译器将底层的MSIL代码转换回对应的.NET语言,如C#和VB.NET等,从而窃取其中的软件代码信息,侵犯了开发者的权益。At present, many commercial software are often cracked by attackers through reverse engineering, stealing the core algorithms and confidential information in the software, resulting in infringement of software copyrights of many developers. Therefore, in many scenarios, the demand for software code protection is increasing. For example, applications on the .NET platform, Android applications, and some IoT devices all have security requirements on how to protect application codes from reverse cracking. All languages under the .NET platform are based on the common language runtime (CommonLanguage Runtime) and follow the standards of the common language architecture, and are uniformly compiled into MSIL codes, and the compiled MSIL codes are executed by the common language runtime. MSIL codes are public infrastructure, Attackers can use various decompilers to convert the underlying MSIL code back to the corresponding .NET language, such as C# and VB.NET, etc., thereby stealing the software code information and infringing on the rights and interests of developers.

现有对于.NET平台下的MSIL代码保护方案大多使用常量保护技术,即对常量进行加密,在运行对常量解密,或使用控制流混淆技术,通过混淆MSIL代码执行顺序以让静态分析失效。上述方法尽管能增加MSIL代码的复杂度,难以对MSIL代码进行静态分析,但是通过动态调试的方式,依然可以了解程序内部执行流程,进一步获取到MSIL代码信息。Most of the existing MSIL code protection schemes under the .NET platform use constant protection technology, that is, encrypt constants and decrypt constants during operation, or use control flow obfuscation technology to confuse the execution order of MSIL codes to make static analysis invalid. Although the above method can increase the complexity of the MSIL code, it is difficult to statically analyze the MSIL code, but through dynamic debugging, it is still possible to understand the internal execution process of the program and further obtain MSIL code information.

发明内容Contents of the invention

本发明为解决被保护的.NET平台程序代码容易被反向编译为高级语言的缺陷,提供一种基于代码虚拟化的.NET平台代码保护方法和系统。In order to solve the defect that the protected .NET platform program code is easily reverse-compiled into a high-level language, the invention provides a .NET platform code protection method and system based on code virtualization.

为解决上述技术问题,本发明的技术方案如下:In order to solve the problems of the technologies described above, the technical solution of the present invention is as follows:

第一个方面,本发明提出一种基于代码虚拟化的.NET平台代码保护方法,包括以下步骤:In the first aspect, the present invention proposes a code protection method for .NET platform based on code virtualization, comprising the following steps:

S1:构建关于.NET平台程序中每个过程的控制流图,并根据所述控制流图构建数据流图;S1: Construct a control flow graph about each process in the .NET platform program, and construct a data flow graph according to the control flow graph;

S2:根据所述控制流图和数据流图,将.NET平台程序中待保护的MSIL代码进行反编译,得到MSIL语法树;S2: According to the control flow graph and the data flow graph, decompile the MSIL code to be protected in the .NET platform program to obtain the MSIL syntax tree;

S3:将所述MSIL语法树编译为虚拟中间语言。S3: Compile the MSIL syntax tree into a virtual intermediate language.

作为优选方案,S1具体包括以下步骤:As a preferred solution, S1 specifically includes the following steps:

S1.1:解析.NET平台程序的元数据,获取.NET平台程序中需要进行虚拟化的方法体,并提取出所述方法体的MSIL代码和异常处理子句;S1.1: Analyze the metadata of the .NET platform program, obtain the method body that needs to be virtualized in the .NET platform program, and extract the MSIL code and exception handling clause of the method body;

S1.2:对所述MSIL代码的指令进行解码,将MSIL代码堆栈中的堆栈元素分配到局部变量;S1.2: Decoding the instructions of the MSIL code, and assigning stack elements in the MSIL code stack to local variables;

S1.3:根据MSIL代码的跳转指令和异常处理子句,构建控制流图;S1.3: Construct a control flow graph according to the jump instructions and exception handling clauses of the MSIL code;

S1.4:基于所述控制流图和局部变量,对.NET平台程序进行数据流分析,构建数据流图。S1.4: Based on the control flow graph and local variables, analyze the data flow of the program on the .NET platform, and construct a data flow graph.

作为优选方案,S1.2具体包括以下步骤:As a preferred solution, S1.2 specifically includes the following steps:

S1.2.1:从MSIL代码头部开始,按照偏移顺序向后遍历MSIL代码的每一条指令,为每一条指令保存其执行前的堆栈信息;S1.2.1: Starting from the head of the MSIL code, traverse each instruction of the MSIL code backwards according to the offset order, and save the stack information before execution for each instruction;

S1.2.2:根据所述堆栈信息,将MSIL代码堆栈中的每一个堆栈元素分配到局部变量,并按堆栈顺序为所述局部变量分配名称。S1.2.2: According to the stack information, allocate each stack element in the MSIL code stack to a local variable, and assign names to the local variables in stack order.

作为优选方案,S1.2.2中,在将MSIL代码的堆栈中的每一个堆栈元素分配到局部变量时,通过融合程序的入节点的信息,如果入节点存在64位整数类型的局部变量,则将32位整数类型的局部变量转换为64位整数类型的局部变量;如果数据流图的入节点是引用类型,则将局部变量设置为基类Object类型。As a preferred solution, in S1.2.2, when assigning each stack element in the stack of MSIL code to a local variable, by fusing the information of the in-node of the program, if there is a local variable of 64-bit integer type in the in-node, then the Local variables of 32-bit integer type are converted to local variables of 64-bit integer type; if the entry node of the data flow graph is a reference type, the local variable is set to the base class Object type.

作为优选方案,S1.3中,以MSIL代码的跳转指令和异常处理子句为边界,划分出控制流图的基本块,并将所述跳转指令的跳转源和跳转目标分别设置为控制流图的前驱节点和后继节点,得到控制流图。As a preferred solution, in S1.3, the basic block of the control flow graph is divided with the jump instruction and the exception handling clause of the MSIL code as the boundary, and the jump source and the jump target of the jump instruction are respectively set is the predecessor node and the successor node of the control flow graph, and the control flow graph is obtained.

作为优选方案,还包括对所述方法体、方法体的MSIL代码和异常处理子句进行验证操作,具体包括以下步骤:As a preferred solution, it also includes verifying the method body, the MSIL code of the method body and the exception handling clause, specifically including the following steps:

验证方法体内所有操作码的支持状态;Verify the support status of all opcodes in the method body;

验证MSIL代码的堆栈平衡状态;Verify the stack balance status of MSIL code;

验证异常处理子句的顺序排列状态。Verify the ordering status of the exception handling clauses.

作为优选方案,S1.4中,所述对.NET平台程序进行数据流分析包括对局部变量进行分析;As a preferred solution, in S1.4, the data flow analysis of the .NET platform program includes analysis of local variables;

若局部变量存在取地址操作,则为所述局部变量生成虚拟的引用类型;若局部变量进行取地址操作后得到的指针被执行了数学运算,则在分配局部变量时抛出错误。If there is an address fetch operation for the local variable, a virtual reference type is generated for the local variable; if a mathematical operation is performed on the pointer obtained after the address fetch operation of the local variable, an error is thrown when the local variable is allocated.

作为优选方案,S3中,将所述MSIL语法树编译为基于虚拟中间语言的语法树,然后将所述基于虚拟中间语言的语法树编译为虚拟中间语言。As a preferred solution, in S3, the MSIL syntax tree is compiled into a virtual intermediate language-based syntax tree, and then the virtual intermediate language-based syntax tree is compiled into a virtual intermediate language.

作为优选方案,所述虚拟化保护方法还包括:将所述MSIL语法树编译为虚拟中间语言之后,将所述虚拟中间语言转化为可序列化的形式;将可序列化的虚拟中间语言保存为十六进制数组写进文件中。As a preferred solution, the virtualization protection method also includes: after compiling the MSIL syntax tree into a virtual intermediate language, converting the virtual intermediate language into a serializable form; saving the serializable virtual intermediate language as The hex array is written to the file.

第二个方面,本发明还提出一种.NET平台代码虚拟化保护系统,应用于上述任一方案上述的基于代码虚拟化的.NET平台代码保护方法,包括:In the second aspect, the present invention also proposes a .NET platform code virtualization protection system, which is applied to the .NET platform code protection method based on code virtualization in any of the above schemes, including:

控制流图构建模块,用于构建.NET平台程序中每个过程的控制流图;The control flow graph building block is used to construct the control flow graph of each process in the .NET platform program;

数据流图构建模块,用于根据所述控制流图构建数据流图;A data flow graph building module, configured to construct a data flow graph according to the control flow graph;

反编译模块,用于根据所述控制流图和数据流图,将.NET平台程序中待保护的MSIL代码进行反编译,得到MSIL语法树;The decompilation module is used to decompile the MSIL code to be protected in the .NET platform program according to the control flow graph and the data flow graph to obtain the MSIL syntax tree;

编译模块,用于将所述MSIL语法树编译为虚拟中间语言。The compiling module is used for compiling the MSIL syntax tree into a virtual intermediate language.

与现有技术相比,本发明技术方案的有益效果是:将.NET平台程序中待保护的MSIL代码转换为具有可自定义性、动态性和可转换性,以及难以被分析的虚拟中间语言,可以有效阻碍各类反编译器将被保护的MSIL代码转换为高级语言,使得.NET平台程序的关键代码不被篡改,能够安全运行。Compared with the prior art, the beneficial effect of the technical solution of the present invention is: convert the MSIL code to be protected in the .NET platform program into a virtual intermediate language that is customizable, dynamic and convertible, and difficult to be analyzed , which can effectively prevent various decompilers from converting the protected MSIL code into a high-level language, so that the key code of the .NET platform program cannot be tampered with and can run safely.

附图说明Description of drawings

图1为实施例1中基于代码虚拟化的.NET平台代码保护方法的流程图。FIG. 1 is a flow chart of the code protection method for the .NET platform based on code virtualization in Embodiment 1.

图2为实施例3中实现虚拟中间语言的运行时的流程图。Fig. 2 is a flow chart of implementing the runtime of the virtual intermediate language in the third embodiment.

图3为实施例4中.NET平台代码虚拟化保护系统的架构图。FIG. 3 is an architecture diagram of the .NET platform code virtualization protection system in Embodiment 4.

具体实施方式Detailed ways

附图仅用于示例性说明,不能理解为对本专利的限制;The accompanying drawings are for illustrative purposes only and cannot be construed as limiting the patent;

下面结合附图和实施例对本发明的技术方案做进一步的说明。The technical solutions of the present invention will be further described below in conjunction with the accompanying drawings and embodiments.

实施例1Example 1

本实施例提出一种基于代码虚拟化的.NET平台代码保护方法,如图1所示,图1为本实施例中基于代码虚拟化的.NET平台代码保护方法的流程图,包括以下步骤:This embodiment proposes a .NET platform code protection method based on code virtualization, as shown in FIG. 1 , and FIG. 1 is a flow chart of the .NET platform code protection method based on code virtualization in this embodiment, including the following steps:

S1:构建关于.NET平台程序中每个过程的控制流图,并根据所述控制流图构建数据流图。S1: Build a control flow graph for each process in the .NET platform program, and build a data flow graph based on the control flow graph.

S2:根据所述控制流图和数据流图,将.NET平台程序中待保护的MSIL代码进行反编译,得到MSIL语法树。S2: According to the control flow graph and the data flow graph, decompile the MSIL code to be protected in the .NET platform program to obtain the MSIL syntax tree.

S3:将所述MSIL语法树编译为虚拟中间语言。S3: Compile the MSIL syntax tree into a virtual intermediate language.

在具体实施过程中,通过对.NET平台程序中每个过程进行控制流分析,确定.NET平台程序的执行过程,得到控制流图,并在控制流图的基础上进行数据流分析,得到数据流图。根据控制流图和数据流图,将.NET平台程序中待保护的基于堆栈的MSIL代码进行反编译,将MSIL代码转换到基于局部变量的形式,得到MSIL语法树。MSIL语法树具有与MISL代码相同的语义,不依赖堆栈,其表达形式类似于高级语言,相较于MSIL代码,MSIL语法树具有更便于分析的优点。最后将所述MSIL语法树编译为基于虚拟中间语言的语法树,然后将所述基于虚拟中间语言的语法树编译为虚拟中间语言,让虚拟中间语言安全运行在虚拟语言运行时上。In the specific implementation process, through the control flow analysis of each process in the .NET platform program, the execution process of the .NET platform program is determined, the control flow graph is obtained, and the data flow analysis is performed on the basis of the control flow graph to obtain the data. flow graph. According to the control flow graph and data flow graph, decompile the stack-based MSIL code to be protected in the .NET platform program, convert the MSIL code into a form based on local variables, and obtain the MSIL syntax tree. MSIL syntax tree has the same semantics as MISL code, does not depend on the stack, and its expression form is similar to high-level language. Compared with MSIL code, MSIL syntax tree has the advantage of being easier to analyze. Finally, the MSIL syntax tree is compiled into a virtual intermediate language-based syntax tree, and then the virtual intermediate language-based syntax tree is compiled into a virtual intermediate language, so that the virtual intermediate language can safely run on the virtual language runtime.

将.NET平台程序中待保护的MSIL代码转换为具有可自定义性、动态性和可转换性,以及难以被分析的虚拟中间语言,可以有效阻碍各类反编译器将被保护的MSIL代码转换为高级语言,使得.NET平台程序的关键代码不被篡改,能够安全运行在虚拟语言运行时上,适用于对程序关键代码,如验证授权等的代码的保护。Convert the MSIL code to be protected in the .NET platform program into a virtual intermediate language that is customizable, dynamic and convertible, and difficult to be analyzed, which can effectively prevent various decompilers from converting the MSIL code to be protected It is a high-level language, so that the key code of the .NET platform program cannot be tampered with, and can run safely on the virtual language runtime, and is suitable for the protection of the key code of the program, such as the code of authentication and authorization.

实施例2Example 2

本实施例提出一种基于代码虚拟化的.NET平台代码保护方法,包括以下步骤:This embodiment proposes a code protection method for the .NET platform based on code virtualization, including the following steps:

S1:构建关于.NET平台程序中每个过程的控制流图,并根据所述控制流图构建数据流图。具体包括以下步骤:S1: Build a control flow graph for each process in the .NET platform program, and build a data flow graph based on the control flow graph. Specifically include the following steps:

S1.1:解析.NET平台程序的元数据,获取.NET平台程序中需要进行虚拟化的方法体,并提取出所述方法体的MSIL代码和异常处理子句。S1.1: Analyze the metadata of the .NET platform program, obtain the method body that needs to be virtualized in the .NET platform program, and extract the MSIL code and exception handling clause of the method body.

本实施例中,通过用户传入的保护参数,标记获取需要进行虚拟化的方法体。In this embodiment, the method bodies that need to be virtualized are marked and acquired through the protection parameters passed in by the user.

本实施例中,对所述方法体、方法体的MSIL代码和异常处理子句进行验证操作,具体包括以下步骤:In this embodiment, the method body, the MSIL code of the method body and the exception handling clause are verified, which specifically includes the following steps:

验证方法体内所有操作码的支持状态,确保方法体内所有操作码都是受支持的。如果方法体内存在不支持的操作码,则抛出异常。Verify the support status of all opcodes in the method body to ensure that all opcodes in the method body are supported. An exception is thrown if there is an unsupported opcode in the method body.

验证MSIL代码的堆栈平衡状态,确定MSIL代码的堆栈是否平衡,防止不正确的MSIL代码进入后续处理。如果MSIL代码堆栈不平衡,则抛出异常。Verify the stack balance status of MSIL code, determine whether the stack of MSIL code is balanced, and prevent incorrect MSIL code from entering subsequent processing. An exception is thrown if the MSIL code stack is unbalanced.

验证异常处理子句的顺序排列状态,确定异常处理子句是否按顺序排列,确保语言的正确。如果异常处理子句排列无效,则抛出异常。Verify the ordering status of the exception handling clauses, determine whether the exception handling clauses are in order, and ensure the correctness of the language. An exception is thrown if the exception-handling clause permutation is invalid.

S1.2:对所述MSIL代码的指令进行解码,将MSIL代码堆栈中的堆栈元素分配到局部变量。具体包括以下步骤:S1.2: Decode the instructions of the MSIL code, and allocate the stack elements in the MSIL code stack to local variables. Specifically include the following steps:

S1.2.1:从MSIL代码头部开始,按照偏移顺序向后遍历MSIL代码的每一条指令,为每一条指令保存其执行前的堆栈信息;S1.2.1: Starting from the head of the MSIL code, traverse each instruction of the MSIL code backwards according to the offset order, and save the stack information before execution for each instruction;

S1.2.2:根据所述堆栈信息,将MSIL代码的堆栈中的每一个堆栈元素分配到局部变量,并按堆栈顺序为所述局部变量分配名称。将MSIL代码的堆栈中的堆栈元素转化为局部变量,使得MSIL代码从基于堆栈的架构转换为基于局部变量的架构,便于后续调试。S1.2.2: According to the stack information, allocate each stack element in the stack of the MSIL code to a local variable, and assign names to the local variables in stack order. The stack elements in the stack of the MSIL code are converted into local variables, so that the MSIL code is converted from a stack-based architecture to a local variable-based architecture, which is convenient for subsequent debugging.

本实施例中,在将MSIL代码的堆栈中的每一个堆栈元素分配到局部变量时,需要通过融合所有入节点的信息得出一个兼容的局部变量类型。In this embodiment, when allocating each stack element in the stack of the MSIL code to a local variable, it is necessary to obtain a compatible local variable type by fusing information of all in-nodes.

对于32位整数类型的局部变量,需要将其转换为本机大小的整数类型的局部变量或64位整数类型的局部变量,以满足入节点值的分配。对于引用类型局部变量,统一转换为基类Object局部变量,不需要计算公共基类,因为所有引用类型在运行时都是指向GC(Garbage Collection,垃圾收集)堆的指针,大小等同于本机整数。通过上述转换处理,可以得到基于变量的中间代码形式,在分析时会比原来的基于堆栈的中间代码更加便捷高效。For a local variable of 32-bit integer type, it needs to be converted to a local variable of native size integer type or a local variable of 64-bit integer type to satisfy the allocation of in-node values. For reference type local variables, they are uniformly converted to the base class Object local variables, and there is no need to calculate the common base class, because all reference types are pointers to the GC (Garbage Collection, garbage collection) heap at runtime, and the size is equivalent to the native integer . Through the above conversion process, a variable-based intermediate code form can be obtained, which is more convenient and efficient than the original stack-based intermediate code during analysis.

S1.3:根据MSIL代码的跳转指令和所述异常处理子句,构建控制流图。S1.3: Construct a control flow graph according to the jump instruction of the MSIL code and the exception handling clause.

本实施例中,以MSIL代码的跳转指令和所述异常处理子句为边界,划分出控制流图的基本块,并将所述跳转指令的跳转源和跳转目标分别设置为控制流图的前驱节点和后继节点,得到控制流图。所述跳转指令为MSIL代码的分支语句。In this embodiment, the basic block of the control flow graph is divided with the jump instruction of the MSIL code and the exception handling clause as the boundary, and the jump source and the jump target of the jump instruction are respectively set as control The predecessor node and the successor node of the flow graph get the control flow graph. The jump instruction is a branch statement of MSIL code.

S1.4:基于所述控制流图和局部变量,对.NET平台程序进行数据流分析,构建数据流图。S1.4: Based on the control flow graph and local variables, analyze the data flow of the program on the .NET platform, and construct a data flow graph.

本实施例中,在控制流图的基础上,结合堆栈局部变量信息,进行数据流分析,表示局部变量在何处赋值、取值和取地址。数据流分析是对控制流图中数据流的分析,即确定有关程序中数据的定义和使用的信息的分析。使用数据流分析可以得到变量值的传播过程,数据流分析的结果表示可用于编译和优化的信息,指示了程序执行时数据的流动,这些数据流信息可以被用于将MSIL代码编译为虚拟中间语言。In this embodiment, on the basis of the control flow graph, combined with stack local variable information, data flow analysis is performed to indicate where local variables are assigned, valued and addressed. Data flow analysis is the analysis of the flow of data in a control flow graph, that is, analysis that determines information about the definition and use of data in a program. The propagation process of variable values can be obtained using data flow analysis. The results of data flow analysis represent information that can be used for compilation and optimization, indicating the flow of data during program execution. These data flow information can be used to compile MSIL code into a virtual intermediate. language.

S2:根据所述控制流图和数据流图,将.NET平台程序中待保护的MSIL代码进行反编译,得到MSIL语法树;S2: According to the control flow graph and the data flow graph, decompile the MSIL code to be protected in the .NET platform program to obtain the MSIL syntax tree;

S3:将所述MSIL语法树编译为虚拟中间语言。S3: Compile the MSIL syntax tree into a virtual intermediate language.

本实施例中,将所述MSIL语法树编译为虚拟中间语言之后,将所述虚拟中间语言转化为可序列化的形式;将可序列化的虚拟中间语言保存为十六进制数组写进文件中,用于虚拟机的执行,实现虚拟中间语言的运行时。In this embodiment, after the MSIL syntax tree is compiled into a virtual intermediate language, the virtual intermediate language is converted into a serializable form; the serializable virtual intermediate language is saved as a hexadecimal array and written into a file In, it is used for the execution of the virtual machine and realizes the runtime of the virtual intermediate language.

本实施例中,在将MSIL语法树编译为虚拟中间语言的过程中,遇到不支持的MSIL语法节点时,选择抛出异常阻止,继续编译。由于虚拟中间语言由安全的托管语言编写的虚拟机执行,存在部分不可模拟的操作,如对GC堆引用的操作,而这类操作在MSIL语言层面与指针操作是一样的。为避免出现数据损坏,需要进行数据流分析,得出变量在何处被取值和幅值,以及在何处被取地址。In this embodiment, when an unsupported MSIL syntax node is encountered during the process of compiling the MSIL syntax tree into a virtual intermediate language, an exception is thrown to stop and continue compiling. Since the virtual intermediate language is executed by a virtual machine written in a safe managed language, there are some operations that cannot be simulated, such as operations on GC heap references, and such operations are the same as pointer operations at the MSIL language level. In order to avoid data corruption, data flow analysis is required to obtain where variables are fetched, their magnitudes, and where their addresses are fetched.

若局部变量存在取地址操作,则为所述局部变量生成虚拟的引用类型,虚拟的引用类型抽象所有指针操作,但是不能获取指针的原始地址;若局部变量进行取地址操作后得到的指针被执行了数学运算,由于虚拟的引用类型不能获取指针的原始地址,数学运算将会无效,即这类MSIL语言不能被编译到虚拟中间语言上,需要在分配变量时抛出错误。If there is an address fetch operation for the local variable, a virtual reference type is generated for the local variable. The virtual reference type abstracts all pointer operations, but cannot obtain the original address of the pointer; if the local variable is obtained after the address fetch operation, the pointer is executed Mathematical operations, because the virtual reference type cannot obtain the original address of the pointer, the mathematical operations will be invalid, that is, this type of MSIL language cannot be compiled into the virtual intermediate language, and an error needs to be thrown when assigning variables.

实施例3Example 3

本实施例在实施例2提出的基于代码虚拟化的.NET平台代码保护方法的基础上作出改进,包括将虚拟中间语言用于虚拟机的执行,实现虚拟中间语言的运行时,如图2所示,图2为本实施例中实现虚拟中间语言的运行时的流程图,具体包括以下步骤:This embodiment makes improvements on the basis of the .NET platform code protection method based on code virtualization proposed in Embodiment 2, including using the virtual intermediate language for the execution of the virtual machine to realize the runtime of the virtual intermediate language, as shown in FIG. 2 Shown, Fig. 2 is the flow chart that realizes the runtime of virtual intermediate language in the present embodiment, specifically comprises the following steps:

虚拟运行时在程序入口点执行初始化操作,初始化虚拟运行时需要的变量,加载所有虚拟操作码的执行接口,并虚拟操作码的原始值和执行接口映射到到字典中。The virtual runtime executes the initialization operation at the program entry point, initializes the variables required by the virtual runtime, loads the execution interface of all virtual opcodes, and maps the original value of the virtual opcode and the execution interface to the dictionary.

解析方法入口存根传入的参数,得到虚拟中间语言的位置,将虚拟中间语言加载到虚拟机内部,创建虚拟执行上下文。The parameters passed in by the method entry stub are analyzed to obtain the location of the virtual intermediate language, and the virtual intermediate language is loaded into the virtual machine to create a virtual execution context.

为当前虚拟操作码调用对应的执行接口,设置下一条虚拟指令的位置,重复此步骤直到方法运行结束。如果执行中出现异常,模拟栈回溯,判断异常是否可被捕获,若异常可捕获,则执行异常处理子句,否则抛出异常,退出虚拟机。Call the corresponding execution interface for the current virtual opcode, set the position of the next virtual instruction, and repeat this step until the method finishes running. If an exception occurs during execution, simulate stack backtracking to determine whether the exception can be caught. If the exception can be caught, execute the exception handling clause, otherwise throw an exception and exit the virtual machine.

实施例4Example 4

本实施例提出一种.NET平台代码虚拟化保护系统,如图3所示,图3为.NET平台代码虚拟化保护系统的架构图,包括控制流图构建模块、数据流图构建模块、反编译模块和编译模块。This embodiment proposes a .NET platform code virtualization protection system, as shown in FIG. 3 , and FIG. Compile modules and compile modules.

在具体实施过程中,控制流图构建模块构建关于.NET平台程序中每个过程的控制流图,数据流图构建模块根据所述控制流图构建数据流图,具体包括以下步骤:In the specific implementation process, the control flow graph construction module constructs a control flow graph about each process in the .NET platform program, and the data flow graph construction module constructs a data flow graph according to the control flow graph, which specifically includes the following steps:

控制流图构建模块解析.NET平台程序的元数据,获取.NET平台程序中需要进行虚拟化的方法体,并提取出所述方法体的MSIL代码和异常处理子句。对所述MSIL代码的指令进行解码,将MSIL代码的堆栈中的堆栈元素分配到局部变量。根据MSIL代码的跳转指令和所述异常处理子句,构建控制流图。The control flow graph building module parses the metadata of the .NET platform program, obtains the method body that needs to be virtualized in the .NET platform program, and extracts the MSIL code and exception handling clauses of the method body. The instructions of the MSIL code are decoded, and the stack elements in the stack of the MSIL code are allocated to local variables. A control flow graph is constructed according to the jump instruction of the MSIL code and the exception handling clause.

数据流图构建模块基于所述控制流图和局部变量,对.NET平台程序进行数据流分析,构建数据流图。本实施例中,在控制流图的基础上,结合堆栈局部变量信息,进行数据流分析,表示局部变量在何处赋值、取值和取地址。The data flow graph construction module analyzes the data flow of the .NET platform program based on the control flow graph and local variables, and constructs the data flow graph. In this embodiment, on the basis of the control flow graph, combined with stack local variable information, data flow analysis is performed to indicate where local variables are assigned, valued and addressed.

反编译模块根据所述控制流图和数据流图,将.NET平台程序中待保护的MSIL代码进行反编译,将MSIL代码转换到基于局部变量的形式,得到MSIL语法树。The decompilation module decompiles the MSIL code to be protected in the .NET platform program according to the control flow graph and the data flow graph, converts the MSIL code into a form based on local variables, and obtains an MSIL syntax tree.

编译模块将所述MSIL语法树编译为基于虚拟中间语言的语法树,然后将所述基于虚拟中间语言的语法树编译为虚拟中间语言。The compilation module compiles the MSIL syntax tree into a virtual intermediate language-based syntax tree, and then compiles the virtual intermediate language-based syntax tree into a virtual intermediate language.

将.NET平台程序中待保护的MSIL代码转换为具有可自定义性、动态性和可转换性,以及难以被分析的虚拟中间语言,可以有效阻碍各类反编译器将被保护的MSIL代码转换为高级语言,使得.NET平台程序的关键代码不被篡改,能够安全运行在虚拟语言运行时上,适用于对程序关键代码,如验证授权等的代码的保护。Convert the MSIL code to be protected in the .NET platform program into a virtual intermediate language that is customizable, dynamic and convertible, and difficult to be analyzed, which can effectively prevent various decompilers from converting the MSIL code to be protected It is a high-level language, so that the key code of the .NET platform program cannot be tampered with, and can run safely on the virtual language runtime, and is suitable for the protection of the key code of the program, such as the code of authentication and authorization.

附图中描述位置关系的用语仅用于示例性说明,不能理解为对本专利的限制;The terms describing the positional relationship in the drawings are only for illustrative purposes and cannot be interpreted as limitations on this patent;

显然,本发明的上述实施例仅仅是为清楚地说明本发明所作的举例,而并非是对本发明的实施方式的限定。对于所属领域的普通技术人员来说,在上述说明的基础上还可以做出其它不同形式的变化或变动。这里无需也无法对所有的实施方式予以穷举。凡在本发明的精神和原则之内所作的任何修改、等同替换和改进等,均应包含在本发明权利要求的保护范围之内。Apparently, the above-mentioned embodiments of the present invention are only examples for clearly illustrating the present invention, rather than limiting the implementation of the present invention. For those of ordinary skill in the art, other changes or changes in different forms can be made on the basis of the above description. It is not necessary and impossible to exhaustively list all the implementation manners here. All modifications, equivalent replacements and improvements made within the spirit and principles of the present invention shall be included within the protection scope of the claims of the present invention.

Claims (9)

1. NET platform code protection method based on code virtualization is characterized by comprising the following steps:
s1: constructing a control flow diagram of each process in a NET platform program, and constructing a data flow diagram according to the control flow diagram; the method specifically comprises the following steps:
s1.1: analyzing metadata of a NET platform program, acquiring a method body needing virtualization in the NET platform program, and extracting MSIL codes and exception handling clauses of the method body;
s1.2: decoding the instruction of the MSIL code, and distributing stack elements in an MSIL code stack to local variables;
s1.3: constructing a control flow graph according to a jump instruction and an exception handling clause of the MSIL code;
s1.4: performing data flow analysis on the NET platform program based on the control flow graph and the local variable to construct a data flow graph;
s2: according to the control flow diagram and the data flow diagram, decompiling MSIL codes to be protected in a NET platform program, and converting the MSIL codes into a form based on local variables to obtain an MSIL syntax tree;
s3: compiling the MSIL syntax tree into a virtual intermediate language.
2. The code virtualization-based NET platform code protection method of claim 1, wherein S1.2 specifically comprises the steps of:
s1.2.1: traversing each instruction of the MSIL code backwards according to the offset sequence from the head part of the MSIL code, and storing stack information before execution for each instruction;
s1.2.2: and according to the stack information, allocating each stack element in the MSIL code stack to a local variable, and allocating names to the local variables according to the stack sequence.
3. NET platform code protection method based on code virtualization according to claim 2, characterized in that in S1.2.2, when each stack element in the stack of MSIL codes is assigned to a local variable, if the local variable of 64-bit integer type exists in the ingress node, the local variable of 32-bit integer type is converted into the local variable of 64-bit integer type by fusing the information of the ingress node of the program; if the in-node of the dataflow graph is a reference type, then the local variable is set to the base class Object type.
4. The code virtualization-based NET platform code protection method of claim 1, wherein in S1.3, a basic block of a control flow graph is divided by taking a jump instruction and an exception handling clause of an MSIL code as boundaries, and a jump source and a jump target of the jump instruction are respectively set as a predecessor node and a successor node of the control flow graph to obtain the control flow graph.
5. NET platform code protection method based on code virtualization according to claim 1, characterized in that, in S1.1, it further includes verifying the MSIL code and exception handling clause of the method body and method body, specifically including the following steps:
verifying the support states of all operation codes in the method body;
verifying the stack balance state of the MSIL code;
and verifying the sequential arrangement state of the exception handling clauses.
6. The method of claim 1, wherein in S1.4, the analyzing data flow of the.net platform program includes analyzing local variables;
if the local variable has an address fetching operation, generating a virtual reference type for the local variable; if the pointer obtained after the address fetch operation of the local variable is executed with the mathematical operation, an error is thrown when the local variable is allocated.
7. NET platform code protection method based on code virtualization according to claim 1, characterized in that in S3 the MSIL syntax tree is compiled to a virtual intermediate language based syntax tree, which is then compiled to a virtual intermediate language.
8. The method of claim 1, wherein the method further comprises: after the MSIL syntax tree is compiled into a virtual intermediate language, the virtual intermediate language is converted into a serializable form; saving the serializable virtual intermediate language as a hexadecimal array to be written into a file.
NET platform code virtualization protection system for use in a code virtualization based NET platform code protection method according to any one of claims 1 to 8, comprising:
the NET platform program comprises a control flow graph construction module, a control flow graph construction module and a network management module, wherein the control flow graph construction module is used for constructing a control flow graph of each process in the NET platform program;
the data flow graph construction module is used for constructing a data flow graph according to the control flow graph;
the decompiling module is used for decompiling MSIL codes to be protected in the NET platform program according to the control flow graph and the data flow graph to obtain an MSIL syntax tree;
and the compiling module is used for compiling the MSIL grammar tree into a virtual intermediate language.
CN202210284350.XA 2022-03-22 2022-03-22 .NET platform code protection method and system based on code virtualization Active CN114707124B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210284350.XA CN114707124B (en) 2022-03-22 2022-03-22 .NET platform code protection method and system based on code virtualization

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210284350.XA CN114707124B (en) 2022-03-22 2022-03-22 .NET platform code protection method and system based on code virtualization

Publications (2)

Publication Number Publication Date
CN114707124A CN114707124A (en) 2022-07-05
CN114707124B true CN114707124B (en) 2022-11-29

Family

ID=82168612

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210284350.XA Active CN114707124B (en) 2022-03-22 2022-03-22 .NET platform code protection method and system based on code virtualization

Country Status (1)

Country Link
CN (1) CN114707124B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101529436A (en) * 2006-10-27 2009-09-09 微软公司 Virtualization for diversified tamper resistance
CN106096338A (en) * 2016-06-07 2016-11-09 西北大学 A kind of have the virtualization software guard method that data stream is obscured
CN107292131A (en) * 2017-06-21 2017-10-24 北京深思数盾科技股份有限公司 Method for protecting software and device
CN108345773A (en) * 2017-07-27 2018-07-31 江苏通付盾信息安全技术有限公司 Code protection method and device, electronic equipment, storage medium based on virtual machine
CN112114933A (en) * 2020-08-14 2020-12-22 咪咕文化科技有限公司 Application program protection method, electronic device and storage medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7155703B2 (en) * 2003-07-18 2006-12-26 Microsoft Corporation Virtual method protection
CN100474253C (en) * 2007-11-22 2009-04-01 北京飞天诚信科技有限公司 .Net program protection method and device
CN101216775A (en) * 2008-01-03 2008-07-09 北京深思洛克数据保护中心 Software program protection method, device and system
CN113626773B (en) * 2020-05-06 2024-04-02 上海蜚语信息科技有限公司 A code protection method based on intermediate language

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101529436A (en) * 2006-10-27 2009-09-09 微软公司 Virtualization for diversified tamper resistance
CN106096338A (en) * 2016-06-07 2016-11-09 西北大学 A kind of have the virtualization software guard method that data stream is obscured
CN107292131A (en) * 2017-06-21 2017-10-24 北京深思数盾科技股份有限公司 Method for protecting software and device
CN108345773A (en) * 2017-07-27 2018-07-31 江苏通付盾信息安全技术有限公司 Code protection method and device, electronic equipment, storage medium based on virtual machine
CN112114933A (en) * 2020-08-14 2020-12-22 咪咕文化科技有限公司 Application program protection method, electronic device and storage medium

Also Published As

Publication number Publication date
CN114707124A (en) 2022-07-05

Similar Documents

Publication Publication Date Title
Williams-King et al. Egalito: Layout-agnostic binary recompilation
US11966727B2 (en) Load module compiler
Hernandez et al. Firmusb: Vetting usb device firmware using domain informed symbolic execution
Sharif et al. Automatic reverse engineering of malware emulators
CN108345773B (en) Code protection method and device based on virtual machine, electronic equipment and storage medium
CN110245467B (en) Android application program protection method based on Dex2C and LLVM
Octeau et al. Retargeting Android applications to Java bytecode
US8090959B2 (en) Method and apparatus for protecting .net programs
Chen et al. {SelectiveTaint}: Efficient data flow tracking with static binary rewriting
Kim et al. RevARM: A platform-agnostic ARM binary rewriter for security applications
Li et al. Bringing webassembly to resource-constrained iot devices for seamless device-cloud integration
Ben Khadra et al. Speculative disassembly of binary code
CN107729725A (en) A kind of Android applications hardened system and method based on virtual machine instructions modification
CN101446905B (en) Method for compiling and compiler
Hasabnis et al. Extracting instruction semantics via symbolic execution of code generators
Liu et al. Exploring missed optimizations in webassembly optimizers
CN118916886B (en) RISC-V architecture-oriented binary program verification method and system
Spear et al. Solving the starting problem: device drivers as self-describing artifacts
CN114707124B (en) .NET platform code protection method and system based on code virtualization
Ţălu A comparative study of WebAssembly runtimes: performance metrics, integration challenges, application domains, and security features
Karlsen et al. Study, formalisation, and analysis of dalvik bytecode
Pauley et al. Performant binary fuzzing without source code using static instrumentation
Zeng Static analysis on binary code
Golsch WebAssembly: Basics
Räihä Methods to improve debug flow for intellectual property protection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant