CN100468437C - .Net program protection method and system - Google Patents
.Net program protection method and system Download PDFInfo
- Publication number
- CN100468437C CN100468437C CNB2006101697600A CN200610169760A CN100468437C CN 100468437 C CN100468437 C CN 100468437C CN B2006101697600 A CNB2006101697600 A CN B2006101697600A CN 200610169760 A CN200610169760 A CN 200610169760A CN 100468437 C CN100468437 C CN 100468437C
- Authority
- CN
- China
- Prior art keywords
- program
- safety devices
- net
- information safety
- separating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention relates to a . net program protection method and system. It aims to solve the issue of hand modification, large volume of workload, complexity, and long development cycle, high cost, with the program protection tools dividing a part of the program to the coded . Net program, storing to the information safety equipment after conversion, writing the communication order to the separated . Net program for execution. It also provides a . Net program protection system which comprises automatic separation storage module and execution module. Due to the avoidance of hand modification progress, it greatly simplifies the development progress, improves development efficiency, and reduces development cost.
Description
Technical field
The present invention relates to field of information security technology, particularly a kind of method and system of .Net programmed protection.
Background technology
At present, along with development of computer, also more and more receive publicity based on the correlation technique of internet.Wherein, the .Net framework of Microsoft company is the brand-new lingware development platform of striding, and has complied with current software industry Distributed Calculation, facing assembly, enterprise-level application, software serviceization and is megatrend such as center with Web.
Information safety devices is a kind of small hardware device that has processor and storer, can be connected with computing machine by the data communication interface of computing machine, generally links to each other with computing machine by USB interface, is commonly called USB KEY or USB Token.
When utilizing information safety devices protection software, can be written in the information safety devices by the part with program, and needn't keep the copy of this subprogram on main frame, during program run, this part program can not occur in the internal memory of computing machine yet.The program of writing in the information safety devices is called external program, can write a plurality of external programs in the information safety devices.Clearly, the software of installing has on computers left just work normally of information safety devices, thereby realizes the protection to software.
At present; information safety devices than higher-end is programmable; utilize it to realize that programmed protection comprises two parts content; a part is that the key code in the protected program is stored in the information safety devices, and another part is interior protected program of realization computing machine and the communication between the information safety devices.This just requires to write communication instruction; protected program is by calling API (Application Programming Interface; application programming interface) communication of realization and information safety devices; wherein API is exactly the agreement that the different ingredients of system are connected, and is that application program is used for routine interface with hardware system exchange message and order.
Compilation process is meant the process of the source program of certain high level language being translated into the target program of low-level language (assembly language or machine language) of equal value with it, and its process more complicated generally can comprise 6 stages:
1) lexical analysis phase, the morphological rule of language that lexical analysis is based on is promptly described the rule of word structure;
2) syntactic analysis phase is on basis of lexical analysis word sequence to be resolved into all kinds of syntactical units, and the syntax rule of language that grammatical analysis is based on is promptly described the rule of program structure.
3) the semantic analysis stage, be meant that the examination source program has or not semantic error, for the code generation phase is collected type information.For example semantic analysis a job is to carry out the type examination, examines each operator and whether has the operand that linguistic norm allows.
4) intermediate code generation phase, after finishing the work of above-mentioned grammatical analysis and semantic analysis stage, the program compiler that has becomes source program into a kind of internal representation form, and this internal representation form is called intermediate language or intermediate code.So-called " intermediate code " is a kind of simple, mark system that implication is clear and definite.
5) the code optimization stage is that the intermediate code that the last stage produces is carried out conversion or transformed, and purpose is to make the object code of generation more senior, promptly saves time and save space.
6) object code generation phase is that intermediate code is transformed into absolute order code or relocatable instruction code or assembly instruction code on the particular machine, and this is the final stage of compiling, and the structure of its work and hardware system is relevant with the implication of instruction.
Wherein, lexical analysis and grammatical analysis all are that the structure of source program is analyzed in essence; Semantic analysis and intermediate code generate the semantic rules of the language that is based on.
The task in 6 stages of compilation process is finished by following several modules or program respectively with work such as form management and error handling processing: lexical analyzer, syntactic analyser, semantic analyzer, intermediate code generator program, code optimization program, object code generator program, form manager and error handler.
Syntactic analyser is also referred to as syntax analyzer usually, utilize syntax analyzer can realize that the program with a kind of language compilation is transformed into the program of another kind of language compilation, for example can realize at present utilizing that syntax analyzer is transformed into C# language written program code with the program code of C language compilation etc.
Decompiling can be regarded the inverse process of compiling as, is about to translate into process with the code of the assembly language form of its function equivalence or higher level lanquage form with the object code that the machine language form exists.
Instruction map is meant that the logical transition that a kind of target instruction target word of platform is carried out according to program becomes the process of the target instruction target word of another kind of platform.
In object-based Programming Methodology, set up problem model by one group of data abstraction usually, these data abstractions are called as class (class).
Based on .Net framework written program (being called for short the .Net program), for example, C++.net, C#, J#, VB.net etc. can be based on .Net framework codings..Net program at first can be through once compiling, generation is than the metainstruction file of the easier execution of source program, be called IL instruction text, and then on the .Net platform operation this metainstruction, exactly because this specific character, make to obtain 90% above source code based on the application program decompiling of .Net, so the security of .Net program has become very important problem.In case decrypted person obtains, cause very big loss just can for software developer's (being called for short the developer).
So-called virtual machine, can be imagined as a machine of simulating to it with software, various hardware such as processor, internal memory, register are arranged in this machine, the various instructions of Simulation execution, the software that moves on this machine does not have specific (special) requirements to running environment, so virtual machine is transparent to the program of moving on it.For example, what the x86 virtual machine was simulated is the running environment of x86 instruction repertorie, and what the c51 virtual machine was simulated is the running environment of c51 instruction repertorie.
At present, information safety devices manufacturer (being called for short the manufacturer) can realize certain virtual machine function in the hardware device of higher-end, so just, can in information safety devices, directly move code with the corresponding form of realizing of virtual machine, for example, the hardware manufacturer has realized the c51 virtual machine in information safety devices, present application mode is compiled into the c51 code with the C language by KEIL exactly, deposits in the information safety devices and moves.
At present mainly adopt following method at the protection of .Net program:
Utilize the method for pure software to protect, whole process is all finished in computing machine, and the specific implementation step is as follows:
1) the .Net program is generated the IL text through decompiling;
2) developer rewrites the IL text, adds decryption function outside the content that needs protection;
3) revised IL text is generated the binary command that can carry out through compiling on the .Net platform;
4) by software the part that needs protection in the binary command file is encrypted;
By the decryption function that writes in advance the binary command of encrypting is decrypted when 5) moving, thereby realization is to the protection of this .Net program.
The shortcoming of this prior art is: need the programmer to participate in the rewriting program by hand, workload is big, loaded down with trivial details, and the construction cycle is long, cost of development is high; In addition, even the developer adopts very powerful cryptographic algorithm, still can obtain so be easy to decrypted person during still owing to final operation in calculator memory, moving after its deciphering.
Utilize information safety devices to realize the method that the .Net program is protected though also have at present, in security, increase than the pure software method, but but need the programmer to participate in the rewriting program by hand, but also will write the communication instruction with information safety devices, workload is big, loaded down with trivial details; And the construction cycle is long, cost of development is high; In addition, the programmer is by the source code of .Net program is done rewriting, and as a rule, the source code ratio is easier to lose, because generally all can keep the code after the compiling, this also brings a lot not convenient to development.
Therefore in the present protection strategy for the .Net program, for the developer, ubiquity performance history complexity, inefficiency, spended time is longer, the problem that cost of development is high.
Summary of the invention
Need in order to solve in the prior art .Net programmed protection that the programmer participates in the rewriting program by hand, workload is big, loaded down with trivial details and problems such as construction cycle length, cost height, the invention provides a kind of method of .Net programmed protection, described method specifically comprises:
Utilize the programmed protection instrument from compiled .Net program, to isolate qualified program automatically according to class or function name or user's appointment, described programmed protection instrument carries out conversion to the program of separating, generate the order format that the c51 virtual machine supported and also store in the information safety devices that can realize c51 virtual machine function, perhaps generate the order format that the x86 virtual machine supported and store in the information safety devices that can realize x86 virtual machine function; Described programmed protection instrument writes communication instruction in the .Net program after the separation;
Described conversion is specially:
The described program of separating is become higher level lanquage through decompiling with grammatical analysis, be compiled into the order format that the virtual machine that can realize in the described information safety devices is supported again; Or
The described program of separating is decompiled into the IL assembly language, generate c51 assembly language or x86 assembly language through grammatical analysis, compiling generates the order format that the virtual machine that can realize in the described information safety devices is supported again; Or
The described program of separating is decompiled into the IL assembly language, again the order format of supporting through the virtual machine that can realize in the described information safety devices of compiling back generation; Or
The described program of separating is carried out instruction map, generate the order format that the virtual machine that can realize in the described information safety devices is supported;
Carry out the .Net program after separating, set up communication by described communication instruction and described information safety devices, the described program of separating is carried out in described information safety devices inside, and returns the .Net program after execution result is given described separation, and the .Net program after the described separation continues to carry out.
Described programmed protection instrument is write in advance by the information safety devices manufacturer.
Described higher level lanquage comprises C, Pascal, Basic, Fortran, Foxpro or user-defined programming language.
Setting up communication with described information safety devices also comprises afterwards:
.Net routine call API after the described separation, parameter and/or global variable that the described program of separating is needed send to described information safety devices.
The described result who returns comprises:
Function return value and/or global variable in the described program of separating.
Described communication instruction is write in advance by the manufacturer of described information safety devices.
Described information safety devices is connected with computing machine by USB interface.
The present invention also provides a kind of .Net programmed protection system, and described system comprises:
Automatically separate memory module, be used for isolating qualified program from compiled .Net program automatically according to class or function name or user's appointment, also be used for the program of separating is carried out conversion, the order format that generation c51 virtual machine is supported also stores in the information safety devices that can realize c51 virtual machine function, perhaps generate the order format that the x86 virtual machine supported and store in the information safety devices that can realize x86 virtual machine function, also be used for communication instruction is write .Net program after the separation; Described conversion comprises: the described program of separating is become higher level lanquage through decompiling with grammatical analysis, be compiled into the order format that the virtual machine that can realize in the described information safety devices is supported again, or the described program of separating decompiled into the IL assembly language, generate the order format that the virtual machine that can realize in the described information safety devices is supported through grammatical analysis and compiling back again, or the described program of separating decompiled into the IL assembly language, the order format that the virtual machine that can realize in the described information safety devices of generation after process compiles is again supported, or the described program of separating carried out instruction map, generate the order format that the virtual machine that can realize in the described information safety devices is supported;
Execution module, be used to carry out the .Net program after the separation, set up communication by described communication instruction and described information safety devices, the described program of separating is in the inner execution of described information safety devices, and return execution result to the .Net program after the described separation, the .Net program after the described separation continues to carry out.
Beneficial effect of the present invention mainly shows: owing to avoided the process of manual rewriting program, so compare with guard method in the past, simplified development process greatly, improved development efficiency, shortened the construction cycle, reduced cost of development.
Description of drawings
Fig. 1 is the process flow diagram of the method for the embodiment of the invention one .Net programmed protection;
Fig. 2 is the process flow diagram of the method for the embodiment of the invention two .Net programmed protections;
Fig. 3 is the process flow diagram of the method for the embodiment of the invention three .Net programmed protections;
Fig. 4 is the process flow diagram of the method for the embodiment of the invention four .Net programmed protections;
Fig. 5 is the process flow diagram of the method for the embodiment of the invention five .Net programmed protections;
Fig. 6 is the structural drawing of the system of the embodiment of the invention six .Net programmed protections.
Embodiment
The invention will be further described below in conjunction with the drawings and specific embodiments, but the present invention is not limited to the following examples.
Communication instruction among the present invention is write in advance by the information safety devices manufacturer, is used to make between protected .Net program and the information safety devices carry out communication; Information safety devices is connected with computing machine by the .USB interface.
Embodiment one
Information safety devices can be realized c51 virtual machine function in the present embodiment, referring to Fig. 1, the invention provides a kind of method of .Net programmed protection, at first carries out following steps:
Step 101: utilize the programmed protection instrument automatically a part of program in the compiled protected .Net program to be separated;
Described separation is meant according to class or function name automatic searching and separates qualified program segment, and the program segment of separating is the part in the compiled .Net program (wherein comprising IL instruction text); Also can be to select qualified program segment by the user;
Step 102: the programmed protection instrument decompiles into the C# program with the program of separating, and also can decompile into other program based on the .Net framework, as C++.net, J#, VB.net etc.;
Step 103: the programmed protection instrument utilizes syntax analyzer to convert the C# program to the higher level lanquage c program;
Step 104: the programmed protection instrument utilizes keil c51 compiler that c program is compiled into the binary file that contains the c51 instruction, and the file of this form can be carried out on information safety devices;
Step 105: the binary file that the programmed protection instrument will contain the c51 instruction is stored in the information safety devices;
Step 106: the programmed protection instrument writes communication instruction in the protected .Net program after the separation.
After the user obtains information safety devices from the developer, carry out following steps:
Step 107: information safety devices is connected with computing machine;
Step 108: carry out the protected .Net program after separating in computing machine, this program is to move in the internal memory of computing machine;
Step 109: when carrying out communication instruction, protected .Net program and information safety devices after the separation are set up communication; Protected .Net routine call API after separating then, parameter and/or global variable that the program that is separated is needed send to information safety devices;
Step 110: information safety devices is carried out the program be separated, and this process is all moved in information safety devices all the time, after operation finishes, operation result is returned to protected .Net program after the separation; This result comprises the rreturn value and/or the global variable of the function in the program that is separated;
Step 111: the result that communication instruction will move takes out, and the protected .Net program after the separation continues to carry out in the internal memory of computing machine.
Said procedure protection instrument is write in advance by the information safety devices manufacturer.
How to illustrate below with information safety devices and realize the protection of one section .Net program of writing with C# language is supposed to have realized in the information safety devices c51 virtual machine function:
Information safety devices manufacturer can write the instrument that a cover is exclusively used in the .Net programmed protection in advance; offer software developer or user with the information safety equipment; the instrument that the .Net program that software developer or user just can directly will protect this moment utilizes this cover to be exclusively used in the .Net programmed protection is finished program and is separated; conversion and store process in the equipment into; realization is to its protection; thereby avoided software developer or user to participate in the step of program rewriting by hand; greatly reduce the fussy degree of work; and shortened the construction cycle, made information safety devices be applied to the protection field of .Net program more easily.
At first; the .Net program of writing with C# language that is exclusively used in that the instrument of .Net programmed protection will protect is separated; can isolate qualified program segment automatically according to class or function name, also can specify the program segment that will separate by software developer or user.Isolate two sections program segments in this example, because the .Net program is file destination, need decompiling just can obtain source code, the instrument that utilizes the above-mentioned .Net of being exclusively used in programmed protection after decompiling, obtains the C# language program with it, is expressed as follows respectively:
The program segment of from protected program, separating one:
class?a
{
public?int?g_Var;
public?a(int?initVar)
{
g_Var=initVar;
}
public?int?add(int?a,int?b)
{
return?a+b;
}
}
The program segment of from protected program, separating two:
a?var=new?a();
a.add(1,2);
Said procedure section one can be called by program segment two when operation.
Then, the instrument that is exclusively used in the .Net programmed protection utilizes the method for grammatical analysis to convert above-mentioned two sections C# programs to C programmer, and is as follows respectively:
int?a_g_Var;
a_add(int?a,int?b)
{
return?a+b+a_g_Var;
}
With
a_g_Var=initVar;
a_add(1,2);
Wherein parameter a, b and global variable g_Var are the numerical value that above-mentioned two sections program segments need when operation.
The instrument that is exclusively used in the .Net programmed protection then can convert thereof into the form that can carry out in information safety devices; because what realize in the information safety devices is c51 virtual machine function; above-mentioned two sections c program sections can be compiled into the binary file format that contains the c51 instruction by keil c51 compiler so be exclusively used in the instrument of .Net programmed protection, as follows respectively:
MOV A,R7
ADD A,R5
MOV R7,A
MOV A,R6
ADDC A,R4
MOV R6,A
MOV DPTR,#0x0001
MOVX A,@DPTR
ADD A,R7
MOV R7,A
MOV DPTR,#a_g_Var(0x0000)
MOVX A,@DPTR
ADDC A,R6
MOV R6,A
RET
With
MOV DPTR,#a_g_Var(0x0000)
CLR A
MOVX @DPTR,A
A3 INC DPTR
MOV A,#0x0A
MOVX @DPTR,A
MOV R5,#0x02
MOV R4,#a_g_Var(0x00)
MOV R7,#0x01
MOV R6,#a_g_Var(0x00)
LJMP a_add(C:0017)
The binary program section that the instrument that be exclusively used in the .Net programmed protection this moment just can contain two sections after the above-mentioned compiling c51 instruction directly stores in the information safety devices; simultaneously communication instruction is written in the protected .Net program; finish protection, promptly only under the fellowship of this information safety devices, could normally carry out described protected .Net program the .Net program.
Through after the above-mentioned processing, under the fellowship of information safety devices, the process of carrying out protected .Net program is as follows:
With information safety devices with after computing machine is connected by USB interface, the above-mentioned protected .Net program of operation in computing machine.Protected .Net program is moved in calculator memory; when running into communication instruction; by calling API; required suction parameter a and the value of b are passed to information safety devices during with two sections program run of Device memory storage, also can also pass to information safety devices to the value of global variable g_Var together simultaneously.
When the program segment that is stored in advance in the information safety devices receives the value of parameter a and b, and after the value of global variable g_Var, under the c51 of information safety devices virtual machine environment, carry out this program segment.After being finished; the value of its rreturn value and global variable is returned to protected Net program in the computing machine; wherein might change in the implementation of the value of global variable in information safety devices; might not change yet; if changed then the result will have been returned to computing machine; if do not change, then the result can not return.Do not change in the implementation of the value of global variable g_Var in information safety devices in this example, so after above-mentioned two sections program segments were finished, the protected .Net program that only needs operation result is returned in the computing machine got final product.Protected .Net program is upgraded the parameter value that returns in the internal memory of computing machine, continue then to carry out, thereby realized utilizing the protection of information safety devices to the .Net program.
Embodiment two
Information safety devices can be realized x86 virtual machine function in the present embodiment, and referring to Fig. 2, the present invention also provides a kind of method of Net programmed protection, at first carries out following steps:
Step 201: utilize the programmed protection instrument automatically a part of program in the compiled protected .Net program to be separated;
Described separation is meant according to class or function name automatic searching and separates qualified program segment, and the program segment of separating is the part in the compiled .Net program (wherein comprising IL instruction text); Also can be to select qualified program segment by the user;
Step 202: the programmed protection instrument decompiles into the C# program with the program of separating, and also can decompile into other program based on the .Net framework, as C++.net, J#, VB.net etc.;
Step 203: the programmed protection instrument utilizes syntax analyzer to convert the C# program to the higher level lanquage c program;
Step 204: the programmed protection instrument is compiled into the binary file that contains the x86 instruction with c program, and the file of this form can be carried out on information safety devices;
Step 205: the binary file that the programmed protection instrument will contain the x86 instruction is stored in the information safety devices;
Step 206: the programmed protection instrument writes communication instruction in the protected .Net program after the separation.
After the user obtains information safety devices from the developer, carry out following steps:
Step 207: information safety devices is connected with computing machine;
Step 208: carry out the protected .Net program after separating in computing machine, this program is to move in the internal memory of computing machine;
Step 209: when carrying out communication instruction, protected .Net program and information safety devices after the separation are set up communication; Protected .Net routine call API after separating then, parameter and/or global variable that the program that is separated is needed send to information safety devices;
Step 210: information safety devices is carried out the program be separated, and this process is all moved in information safety devices all the time, after operation finishes, operation result is returned to protected .Net program after the separation; This result comprises the rreturn value and/or the global variable of the function in the program that is separated;
Step 211: the result that communication instruction will move takes out, and the protected .Net program after the separation continues to carry out in the internal memory of computing machine.
Said procedure protection instrument is write in advance by the information safety devices manufacturer.
Convert the C# program to c program in the step 203 among step 103 among the embodiment one and the embodiment two, also the C# program can be converted to other higher level lanquage in the practical application, as Pascal, Basic, Fortran, Foxpro or user-defined programming language.
Embodiment three
Information safety devices can be realized c51 virtual machine function in the present embodiment, and referring to Fig. 3, the present invention also provides a kind of method of .Net programmed protection, at first carries out following steps:
Step 301: utilize the programmed protection instrument automatically a part of program in the compiled protected .Net program to be separated;
Described separation is meant according to class or function name automatic searching and separates qualified program segment, and the program segment of separating is the part in the compiled .Net program (wherein comprising IL instruction text); Also can be to select qualified program segment by the user;
Step 302: the programmed protection instrument decompiles into IL assembly instruction file with the program of separating;
Step 303: the programmed protection instrument utilizes syntax analyzer that the file conversion of IL assembly instruction is become c51 assembly instruction file;
Step 304: the programmed protection instrument utilizes keil c51 compiler that c51 assembly instruction file is compiled into the binary file that contains the c51 instruction, and the file of this form can be carried out on information safety devices;
Step 305: the binary file that the programmed protection instrument will contain the c51 instruction is stored in the information safety devices;
Step 306: the programmed protection instrument writes communication instruction in the protected .Net program after the separation.
After the user obtains information safety devices from the developer, carry out following steps:
Step 307: information safety devices is connected with computing machine;
Step 308: carry out the protected .Net program after separating in computing machine, this program is to move in the internal memory of computing machine;
Step 309: when carrying out communication instruction, protected .Net program and information safety devices after the separation are set up communication; Protected .Net routine call API after separating then, parameter and/or global variable that the program that is separated is needed send to information safety devices;
Step 310: information safety devices is carried out the program be separated, and this process is all moved in information safety devices all the time, after operation finishes, operation result is returned to protected .Net program after the separation; This result comprises the rreturn value and/or the global variable of the function in the program that is separated;
Step 311: the result that communication instruction will move takes out, and the protected .Net program after the separation continues to carry out in the internal memory of computing machine.
Said procedure protection instrument is write in advance by the information safety devices manufacturer.
If information safety devices can be realized x86 virtual machine function, then step 303 can be replaced by following step to 305:
The programmed protection instrument utilizes syntax analyzer that the file conversion of IL assembly instruction is become x86 assembly instruction file;
Programmed protection instrument compiling x86 assembly instruction file is the binary file that contains the x86 instruction, and the file of this form can be carried out on information safety devices;
The binary file that the programmed protection instrument will contain the x86 instruction is stored in the information safety devices.
Embodiment four
Information safety devices can be realized c51 virtual machine function in the present embodiment, and referring to Fig. 4, the present invention also provides a kind of method of .Net programmed protection, at first carries out following steps:
Step 401: utilize the programmed protection instrument automatically a part of program in the compiled protected .Net program to be separated;
Described separation is meant according to class or function name automatic searching and separates qualified program segment, and the program segment of separating is the part in the compiled .Net program (wherein comprising IL instruction text); Also can be to select qualified program segment by the user;
Step 402: the programmed protection instrument decompiles into IL assembly instruction file with the program of separating;
Step 403: programmed protection instrument compiling IL assembly instruction file generates the binary file that contains the c51 instruction, and the file of this form can be carried out on information safety devices;
Step 404: the binary file that the programmed protection instrument will contain the c51 instruction is stored in the information safety devices;
Step 405: the programmed protection instrument writes communication instruction in the protected .Net program after the separation.
After the user obtains information safety devices from the developer, carry out following steps:
Step 406: information safety devices is connected with computing machine;
Step 407: carry out the protected .Net program after separating in computing machine, this program is to move in the internal memory of computing machine;
Step 408: when carrying out communication instruction, protected .Net program and information safety devices after the separation are set up communication; Protected .Net routine call API after separating then, parameter and/or global variable that the program that is separated is needed send to information safety devices;
Step 409: information safety devices is carried out the program be separated, and this process is all moved in information safety devices all the time, after operation finishes, operation result is returned to protected .Net program after the separation; This result comprises the rreturn value and/or the global variable of the function in the program that is separated;
Step 410: the result that communication instruction will move takes out, and the protected .Net program after the separation continues to carry out in the internal memory of computing machine.
Said procedure protection instrument is write in advance by the information safety devices manufacturer.
If information safety devices can be realized x86 virtual machine function, then step 403 and step 404 can be replaced by following step:
Programmed protection instrument compiling IL assembly instruction file generates the binary file that contains the x86 instruction, and the file of this form can be carried out on information safety devices;
The binary file that the programmed protection instrument will contain the x86 instruction is stored in the information safety devices.
Embodiment five
Information safety devices can be realized c51 virtual machine function in the present embodiment, and referring to Fig. 5, the present invention also provides a kind of method of .Net programmed protection, at first carries out following steps:
Step 501: utilize the programmed protection instrument automatically a part of program in the compiled protected .Net program to be separated;
Described separation is meant according to class or function name automatic searching and separates qualified program segment, and the program segment of separating is the part in the compiled .Net program (wherein comprising IL instruction text); Also can be to select qualified program segment by the user;
Step 502: the programmed protection instrument generates the binary file that contains the c51 instruction with the program of separating through instruction map, and the file of this form can be carried out on information safety devices;
Step 503: the binary file that the programmed protection instrument will contain the c51 instruction is stored in the information safety devices;
Step 504: the programmed protection instrument writes communication instruction in the protected .Net program after the separation.
After the user obtains information safety devices from the developer, carry out following steps:
Step 505: information safety devices is connected with computing machine;
Step 506: carry out the protected .Net program after separating in computing machine, this program is to move in the internal memory of computing machine;
Step 507: when carrying out communication instruction, protected .Net program and information safety devices after the separation are set up communication; Protected .Net routine call API after separating then, parameter and/or global variable that the program that is separated is needed send to information safety devices;
Step 508: information safety devices is carried out the program be separated, and this process is all moved in information safety devices all the time, after operation finishes, operation result is returned to protected .Net program after the separation; This result comprises the rreturn value and/or the global variable of the function in the program that is separated;
Step 509: the result that communication instruction will move takes out, and the protected .Net program after the separation continues to carry out in the internal memory of computing machine.
Said procedure protection instrument is write in advance by the information safety devices manufacturer.
If information safety devices can be realized x86 virtual machine function, then step 502 and step 503 can be replaced by following step:
The programmed protection instrument generates the binary file that contains the x86 instruction with the program of separating through instruction map, and the file of this form can be carried out on information safety devices;
The binary file that the programmed protection instrument will contain the x86 instruction is stored in the information safety devices.
Embodiment six
Referring to Fig. 6, the present invention also provides a kind of system of .Net programmed protection, realizes the protection of .Net program under the cooperation of information safety devices, comprising:
1) separate memory module automatically, be used for compiled .Net program wherein subprogram separate, the program of separating is carried out storing in the information safety devices after the conversion; And communication instruction write in the .Net program after the separation;
2) execution module, be used to carry out the .Net program after the separation, set up communication by communication instruction and information safety devices, the program of separating is carried out in that information safety devices is inner, and return execution result to the Net program after separating, the .Net program after the separation continues to carry out.
Above-mentioned automatic separation memory module comprises:
Converter unit, the program contravariant that is used for separating changes higher level lanquage into, is compiled into the order format that the virtual machine that can realize in the information safety devices is supported again.
Can store a plurality of program segments in the information safety devices, more safely to protect the .Net program.
Above-described embodiment, the present invention embodiment several more preferably just, the common variation that those skilled in the art carries out in the technical solution of the present invention scope and replacing all should be included in protection scope of the present invention.
Claims (8)
1. the method for a .Net programmed protection is characterized in that, described method specifically comprises:
Utilize the programmed protection instrument from compiled .Net program, to isolate qualified program automatically according to class or function name or user's appointment, described programmed protection instrument carries out conversion to the program of separating, generate the order format that the c51 virtual machine supported and also store in the information safety devices that can realize c51 virtual machine function, perhaps generate the order format that the x86 virtual machine supported and store in the information safety devices that can realize x86 virtual machine function; Described programmed protection instrument writes communication instruction in the .Net program after the separation;
Described conversion is specially:
The described program of separating is become higher level lanquage through decompiling with grammatical analysis, be compiled into the order format that the virtual machine that can realize in the described information safety devices is supported again; Or
The described program of separating is decompiled into the IL assembly language, generate c51 assembly language or x86 assembly language through grammatical analysis, compiling generates the order format that the virtual machine that can realize in the described information safety devices is supported again; Or
The described program of separating is decompiled into the IL assembly language, again the order format of supporting through the virtual machine that can realize in the described information safety devices of compiling back generation; Or
The described program of separating is carried out instruction map, generate the order format that the virtual machine that can realize in the described information safety devices is supported;
Carry out the .Net program after separating, set up communication by described communication instruction and described information safety devices, the described program of separating is carried out in described information safety devices inside, and returns the .Net program after execution result is given described separation, and the .Net program after the described separation continues to carry out.
2. the method for .Net programmed protection according to claim 1 is characterized in that, described programmed protection instrument is write in advance by the information safety devices manufacturer.
3. the method for .Net programmed protection according to claim 1 is characterized in that, described higher level lanquage comprises C, Pascal, Basic, Fortran, Foxpro or user-defined programming language.
4. the method for .Net programmed protection according to claim 1 is characterized in that, sets up communication with described information safety devices and also comprises afterwards:
.Net routine call API after the described separation, parameter and/or global variable that the described program of separating is needed send to described information safety devices.
5. the method for .Net programmed protection according to claim 1 is characterized in that, the described result who returns comprises:
Function return value and/or global variable in the described program of separating.
6. the method for .Net programmed protection according to claim 1 is characterized in that, described communication instruction is write in advance by the manufacturer of described information safety devices.
7. the method for .Net programmed protection according to claim 1 is characterized in that, described information safety devices is connected with computing machine by USB interface.
8. .Net programmed protection system is characterized in that described system comprises:
Automatically separate memory module, be used for isolating qualified program from compiled .Net program automatically according to class or function name or user's appointment, also be used for the program of separating is carried out conversion, the order format that generation c51 virtual machine is supported also stores in the information safety devices that can realize c51 virtual machine function, perhaps generate the order format that the x86 virtual machine supported and store in the information safety devices that can realize x86 virtual machine function, also be used for communication instruction is write .Net program after the separation; Described conversion comprises: the described program of separating is become higher level lanquage through decompiling with grammatical analysis, be compiled into the order format that the virtual machine that can realize in the described information safety devices is supported again, or the described program of separating decompiled into the IL assembly language, generate the order format that the virtual machine that can realize in the described information safety devices is supported through grammatical analysis and compiling back again, or the described program of separating decompiled into the IL assembly language, the order format that the virtual machine that can realize in the described information safety devices of generation after process compiles is again supported, or the described program of separating carried out instruction map, generate the order format that the virtual machine that can realize in the described information safety devices is supported;
Execution module, be used to carry out the .Net program after the separation, set up communication by described communication instruction and described information safety devices, the described program of separating is in the inner execution of described information safety devices, and return execution result to the .Net program after the described separation, the .Net program after the described separation continues to carry out.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006101697600A CN100468437C (en) | 2006-12-28 | 2006-12-28 | .Net program protection method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006101697600A CN100468437C (en) | 2006-12-28 | 2006-12-28 | .Net program protection method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1996336A CN1996336A (en) | 2007-07-11 |
| CN100468437C true CN100468437C (en) | 2009-03-11 |
Family
ID=38251420
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006101697600A Active CN100468437C (en) | 2006-12-28 | 2006-12-28 | .Net program protection method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100468437C (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103106356B (en) * | 2013-02-01 | 2016-03-16 | 北京深思数盾科技有限公司 | A kind of method of generating code raising software protection intensity in security context |
| CN104252355B (en) * | 2013-06-29 | 2017-08-04 | 北京新媒传信科技有限公司 | The method and apparatus of different information between a kind of acquisition Net procedure sets |
| CN104679522B (en) * | 2015-03-13 | 2018-06-22 | 南通大学杏林学院 | Inverse code generation method and system |
| CN107292131A (en) * | 2017-06-21 | 2017-10-24 | 北京深思数盾科技股份有限公司 | Method for protecting software and device |
| CN107341372B (en) * | 2017-07-25 | 2018-12-07 | 北京深思数盾科技股份有限公司 | A kind of method for protecting software and device |
-
2006
- 2006-12-28 CN CNB2006101697600A patent/CN100468437C/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN1996336A (en) | 2007-07-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Leupers | Code optimization techniques for embedded processors: Methods, algorithms, and tools | |
| Carlsson et al. | SICStus Prolog—the first 25 years | |
| Combemale et al. | Reifying concurrency for executable metamodeling | |
| Jeffery et al. | A lightweight architecture for program execution monitoring | |
| CN110059456B (en) | Code protection method, code protection device, storage medium and electronic equipment | |
| CN100468437C (en) | .Net program protection method and system | |
| Andronick et al. | Proof of OS scheduling behavior in the presence of interrupt-induced concurrency | |
| Myreen | Formal verification of machine-code programs | |
| Engelke et al. | Instrew: Leveraging LLVM for high performance dynamic binary instrumentation | |
| CN110333867B (en) | Multiparty secure computing data processing method, device and system | |
| CN103514027A (en) | Method for enhancing usability of software protection | |
| Ravipati et al. | Toward the deconstruction of Dyninst | |
| CN107122184A (en) | A kind of virtual reality software open type developing system and method | |
| Paulweber et al. | CASM-IR: uniform ASM-based intermediate representation for model specification, execution, and transformation | |
| Mitchell et al. | Losing functions without gaining data: another look at defunctionalisation | |
| CN114174983B (en) | Method and system for optimized automatic verification of advanced constructs | |
| Benkner et al. | The PEPPHER approach to programmability and performance portability for heterogeneous many-core architectures | |
| CN101593257B (en) | System and method for protecting software based on.Net virtual machine | |
| CN114707124B (en) | NET platform code protection method and system based on code virtualization | |
| Widemann et al. | On-line synchronous total purely functional data-flow programming on the java virtual machine with sig | |
| McNamara | Rust in Action | |
| Terauchi et al. | Witnessing side effects | |
| Strobel et al. | A backend tool for the integration of memory optimizations into embedded software | |
| Li | Formal verification of programs and their transformations | |
| Jordan et al. | The Development of Lexer and Parser as parts of compiler for GAMA32 processor’s instruction-set using Python |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: FEITIAN CHENGXIN TECHNOLOGIES CO., LTD. Free format text: FORMER NAME: BEIJING FEITIAN CHENGXIN SCIENCE + TECHNOLOGY CO. LTD. |
|
| CP03 | Change of name, title or address |
Address after: 100085 Beijing city Haidian District Xueqing Road No. 9 Ebizal building B block 17 layer Patentee after: Feitian Technologies Co., Ltd. Address before: 100083, Haidian District, Xueyuan Road, No. 40 research, 7 floor, 5 floor, Beijing Patentee before: Beijing Feitian Chengxin Science & Technology Co., Ltd. |