US20060053307A1 - System for obfuscating computer code upon disassembly - Google Patents
System for obfuscating computer code upon disassembly Download PDFInfo
- Publication number
- US20060053307A1 US20060053307A1 US11/264,713 US26471305A US2006053307A1 US 20060053307 A1 US20060053307 A1 US 20060053307A1 US 26471305 A US26471305 A US 26471305A US 2006053307 A1 US2006053307 A1 US 2006053307A1
- Authority
- US
- United States
- Prior art keywords
- instruction
- instructions
- bytes
- code
- software
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 238000000034 method Methods 0.000 claims abstract description 23
- 238000004590 computer program Methods 0.000 claims description 7
- 238000003780 insertion Methods 0.000 claims 1
- 230000037431 insertion Effects 0.000 claims 1
- XKBVRUZEZCXYTN-RXHKLUBKSA-N 4-[[(1r,2r,4as,5r,8as)-2-hydroxy-1,4a-dimethyl-6-methylidene-5-[(2e)-2-(2-oxofuran-3-ylidene)ethyl]-3,4,5,7,8,8a-hexahydro-2h-naphthalen-1-yl]methoxy]-4-oxobutanoic acid;4-[[(1r,2r,4as,5r,8as)-1-(hydroxymethyl)-1,4a-dimethyl-6-methylidene-5-[(2e)-2-(2-oxo Chemical compound C([C@H]1[C@]2(C)CC[C@H]([C@]([C@H]2CCC1=C)(CO)C)OC(=O)CCC(O)=O)\C=C1/C=COC1=O.C([C@H]1[C@]2(C)CC[C@@H](O)[C@]([C@H]2CCC1=C)(COC(=O)CCC(O)=O)C)\C=C1/C=COC1=O XKBVRUZEZCXYTN-RXHKLUBKSA-N 0.000 abstract description 2
- 230000000873 masking effect Effects 0.000 abstract description 2
- RAUWPNXIALNKQM-UHFFFAOYSA-N 4-nitro-1,2-phenylenediamine Chemical compound NC1=CC=C([N+]([O-])=O)C=C1N RAUWPNXIALNKQM-UHFFFAOYSA-N 0.000 description 1
- 241000282412 Homo Species 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
- 230000014616 translation Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Definitions
- This invention relates in general to computer software and more specifically to a system for preventing accurate disassembly of computer programs.
- One barrier to copying computer software is that many forms of software are distributed in a format that is not easily decipherable, or readable, by a human.
- FIG. 1B is an illustration of various forms in the prior art which a computer program, or software, is transformed into during the process of creation, distribution, and ultimate execution of the software on a user's machine.
- human readable source code 10 is developed by a programmer who is the original author, and owner, of the work. Such source code is easily readable and understandable by a human programmer since the source code is written in text that resembles plain English with mathematical and logical equations.
- Assembly code is a form of human-readable code that is closely tied to a specific microprocessor's instruction set. Assembly code has many similarities to source code in terms of the form translations that the assembly code undergoes prior to being executed.
- source code and assembly code can be treated similarly, and terminology and concepts associated with source code and assembly code can be interchanged. For example, as discussed below, compilation and assembly are analogous, as are decompilation and disassembly.
- source code 10 is compiled by compiler 12 .
- Compiler 12 is a software process that translates human-readable source code to a series of numbers which is, for the most part, unreadable by humans.
- Source code 10 is thus transformed, or “compiled,” by compiler 12 to form the human-unreadable object code.
- Object code 14 can be linked by linker 20 with other object code modules as illustrated by object code modules 16 and 18 in FIG. 1B . Once the object code modules are linked by linker 20 , they form executable program 22 .
- Executable program 22 can be loaded by loader 24 into a user's computer to form executing image 26 .
- Executing image 26 represents the actual numerical information that is executed by a microprocessor within an end-user's computer.
- source code 10 that exists after compilation by compiler 12 are, for the most part, unreadable by a human.
- object code modules 14 , 16 and 18 ; executable program 22 ; and executing image 26 are basically unformatted conglomerations of numbers that are extremely difficult to understand.
- Decompiler 28 can accept the unformatted numbers of object code 14 , executable program 22 or executing image 26 and produce a readable version of the original source code program. Such a readable version is referred to as decompiled (or disassembled) code 30 . While the decompiled code is usually not as readable as original source code 10 , it is a very effective tool for allowing an experienced programmer to understand the operation of the computer program and greatly reduces the amount of time required to copy, hack, or otherwise manipulate source code produced by an original programmer.
- the present invention prevents disassembly of computer code. Such prevention includes hiding, masking, or otherwise “obfuscating,” the original code. This helps thwart unwanted parties from making copies of an original author's software, obtaining valuable information from the software for purposes of breaking into the program, stealing secrets, making derivative works, etc.
- the present invention uses special assembly-language instructions to confuse the disassembler to produce results that are not an accurate representation of the original assembly code.
- a method is provided where an interrupt (typically a software interrupt) is used to mask some of the subsequent instructions.
- the instruction used can be any instruction that causes the disassembler to assume that one or more words subsequent to the instruction, are associated with the instruction. The method, instead, jumps directly to the bytes assumed associated with the instruction and executes those bytes to achieve the original functionality of the program.
- a preferred embodiment works with a popular Microsoft “ASM” assembler language and “DASM” disassembler.
- the instructions used to achieve the obfuscation include software interrupt, “INT,” instructions. Using this approach, up to 17 bytes of obfuscation can be achieved with five instructions. Each instruction remains obfuscated until executed and returns to an obfuscated state afterwards.
- the invention provides a method for obfuscating computer program instructions upon disassembly, the method comprising inserting an obfuscating instruction or causing a disassembler to not disassemble one or more bytes subsequent to the obfuscating instruction; and inserting a branch instruction to invoke execution of the one or more bytes subsequent to the obfuscating instruction.
- FIG. 1A illustrates software instructions of the present invention
- FIG. 1B is an illustration of various forms in the prior art into which a computer program, or software, is transformed during the process of creation, distribution, and ultimate execution of the software on a user's machine.
- FIG. 1A illustrates software instructions of the present invention.
- instructions at 100 illustrate the concept of code obfuscation. Such instructions are included within the body of an assembly language program. A larger portion of the program is illustrated by preceding assembly code 102 and succeeding assembly code 104 . Note that the obfuscating instruction, and associated instructions, can be inserted more than once within the program.
- the obfuscating instruction, and associated instructions include obfuscating instruction 110 , jump instruction 112 and hidden code 114 .
- obfuscating instruction 110 During execution of the assembly code, the assembly program operates as intended by the original programmer until jump instruction 112 is executed. When jump instruction 112 is executed then obfuscating instruction 110 is skipped and execution proceeds at hidden instructions 114 . In other words, obfuscating instruction 110 is never executed.
- Hidden instructions 114 are part of the instructions written by the original programmer and, thus, are part of the original program. Only jump instruction 112 and obfuscating instruction 110 need to be inserted into the original program.
- jump instruction 112 need not be immediately adjacent to obfuscating instruction 110 . Any instruction that directs a processor to obtain the next instruction from within the “hidden” instructions 114 can be sufficient. Also, although the invention is discussed with respect to hidden instructions 114 being immediately adjacent to obfuscating instruction 110 , it is possible that obfuscating instructions may act to hide non-adjacent instructions.
- ASM assembly language code in “ASM” format.
- Such format is produced, for example, by the Microsoft VC++ compiler. It should be apparent that the techniques of the present invention can be adapted for any type of assembler, or source code, or other computer languages and syntax which provide a suitable obfuscation instruction.
- a more advanced technique can involve randomly exchanging jump commands in the ASM file with ‘tricky returns.’ This requires pushing the destination address instead of altering the esp register like previous examples. This way, this (intelligent) obfuscation macro would not be competing against other macros. By placing the ‘tricky returns’ where there is already a jump, the byte overhead is reduced.
- the instruction “INT 35” has obfuscation properties. Unlike INT 20, no additional data is displayed. In fact, INT's 34-3A or so have the same ability to totally mask three bytes.
- actual code the debugger window 0 JMP 4 0 JMP 4 2 INT 35h 2 INT 35h 4 NOP 7 XOR EAX,EAX 5 NOP 6 NOP 7 XOR EAX,EAX
Abstract
A system for preventing accurate disassembly of computer code. Such code masking, referred to as “obfuscation,” is useful to prevent unwanted parties from making copies of an original author's software, obtaining valuable information from the software for purposes of breaking into a program, stealing secrets, making derivative works, etc. The present invention uses assembly-language instructions so as to confuse the disassembler to produce results that are not an accurate representation of the original assembly code. In one embodiment, a method is provided where an interrupt, or software exception instruction, is used to mask several subsequent instructions. The instruction used can be any instruction that causes the disassembler to assume that one or more subsequent words, or bytes, are associated with the instruction. The method, instead, jumps directly to the bytes assumed associated with the instruction and executes those bytes for a different purpose. A preferred embodiment works with a popular Microsoft “ASM” assembler language and “DASM” disassembler. The instructions used to achieve the obfuscation include “INT” instructions. Using this approach up to 17 bytes of obfuscation can be achieved with five instructions. Each instruction remains obfuscated until executed and returns to an obfuscated state afterwards.
Description
- A portion of the disclosure recited in the specification contains material which is subject to copyright protection. Specifically, source code instructions are included for a process by which the present invention is practiced in a computer system. The copyright owner has no objection to the facsimile reproduction of the specification as filed in the Patent and Trademark Office. Otherwise all copyright rights are reserved.
- This invention relates in general to computer software and more specifically to a system for preventing accurate disassembly of computer programs.
- Computer software manufacturers have a keen interest in protecting their software. Software can be easily copied, in whole or in part, by making digital copies. Other forms of the copying do not require a competitor to copy the actual digital data, but are based on a knowledgeable programmer viewing the instructions within the software to gain information that can allow the programmer to “break” security systems, obtain valuable programming techniques or trade secrets of the software manufacturer, make derivations, manipulate the operation of the original code, etc.
- One barrier to copying computer software is that many forms of software are distributed in a format that is not easily decipherable, or readable, by a human.
-
FIG. 1B is an illustration of various forms in the prior art which a computer program, or software, is transformed into during the process of creation, distribution, and ultimate execution of the software on a user's machine. - In
FIG. 1B , humanreadable source code 10 is developed by a programmer who is the original author, and owner, of the work. Such source code is easily readable and understandable by a human programmer since the source code is written in text that resembles plain English with mathematical and logical equations. Many different forms of source code exist today based on many different types of computer languages. “Assembly code” is a form of human-readable code that is closely tied to a specific microprocessor's instruction set. Assembly code has many similarities to source code in terms of the form translations that the assembly code undergoes prior to being executed. For purposes of this specification, source code and assembly code can be treated similarly, and terminology and concepts associated with source code and assembly code can be interchanged. For example, as discussed below, compilation and assembly are analogous, as are decompilation and disassembly. - Returning to
FIG. 1B ,source code 10 is compiled by compiler 12. Compiler 12 is a software process that translates human-readable source code to a series of numbers which is, for the most part, unreadable by humans.Source code 10 is thus transformed, or “compiled,” by compiler 12 to form the human-unreadable object code.Object code 14 can be linked by linker 20 with other object code modules as illustrated byobject code modules 16 and 18 inFIG. 1B . Once the object code modules are linked by linker 20, they formexecutable program 22.Executable program 22 can be loaded byloader 24 into a user's computer to form executingimage 26. Executingimage 26 represents the actual numerical information that is executed by a microprocessor within an end-user's computer. - Note that all forms of
source code 10 that exists after compilation by compiler 12 are, for the most part, unreadable by a human. In other words,object code modules executable program 22; and executingimage 26 are basically unformatted conglomerations of numbers that are extremely difficult to understand. - However, tools exist to decompile, or disassemble, these unreadable versions of source code.
Decompiler 28 can accept the unformatted numbers ofobject code 14,executable program 22 or executingimage 26 and produce a readable version of the original source code program. Such a readable version is referred to as decompiled (or disassembled)code 30. While the decompiled code is usually not as readable asoriginal source code 10, it is a very effective tool for allowing an experienced programmer to understand the operation of the computer program and greatly reduces the amount of time required to copy, hack, or otherwise manipulate source code produced by an original programmer. - Thus, it is desirable to produce an invention which prevents, or reduces the effectiveness of decompilation, or disassembly, of compiled or assembled code.
- The present invention prevents disassembly of computer code. Such prevention includes hiding, masking, or otherwise “obfuscating,” the original code. This helps thwart unwanted parties from making copies of an original author's software, obtaining valuable information from the software for purposes of breaking into the program, stealing secrets, making derivative works, etc. The present invention uses special assembly-language instructions to confuse the disassembler to produce results that are not an accurate representation of the original assembly code. In one embodiment, a method is provided where an interrupt (typically a software interrupt) is used to mask some of the subsequent instructions. The instruction used can be any instruction that causes the disassembler to assume that one or more words subsequent to the instruction, are associated with the instruction. The method, instead, jumps directly to the bytes assumed associated with the instruction and executes those bytes to achieve the original functionality of the program.
- A preferred embodiment works with a popular Microsoft “ASM” assembler language and “DASM” disassembler. The instructions used to achieve the obfuscation include software interrupt, “INT,” instructions. Using this approach, up to 17 bytes of obfuscation can be achieved with five instructions. Each instruction remains obfuscated until executed and returns to an obfuscated state afterwards.
- In one embodiment, the invention provides a method for obfuscating computer program instructions upon disassembly, the method comprising inserting an obfuscating instruction or causing a disassembler to not disassemble one or more bytes subsequent to the obfuscating instruction; and inserting a branch instruction to invoke execution of the one or more bytes subsequent to the obfuscating instruction.
-
FIG. 1A illustrates software instructions of the present invention; and -
FIG. 1B is an illustration of various forms in the prior art into which a computer program, or software, is transformed during the process of creation, distribution, and ultimate execution of the software on a user's machine. -
FIG. 1A illustrates software instructions of the present invention. - In
FIG. 1A , instructions at 100 illustrate the concept of code obfuscation. Such instructions are included within the body of an assembly language program. A larger portion of the program is illustrated by precedingassembly code 102 and succeedingassembly code 104. Note that the obfuscating instruction, and associated instructions, can be inserted more than once within the program. - The obfuscating instruction, and associated instructions, include obfuscating
instruction 110,jump instruction 112 andhidden code 114. During execution of the assembly code, the assembly program operates as intended by the original programmer untiljump instruction 112 is executed. Whenjump instruction 112 is executed then obfuscatinginstruction 110 is skipped and execution proceeds athidden instructions 114. In other words, obfuscatinginstruction 110 is never executed.Hidden instructions 114 are part of the instructions written by the original programmer and, thus, are part of the original program.Only jump instruction 112 and obfuscatinginstruction 110 need to be inserted into the original program. - It should be apparent that the program will operate as originally intended with the exception that a few more cycles of processor time are required in order to perform the
jump instruction 112. Also, a few more bytes of information are stored in the program every time the technique of the present invention is used to account forjump instruction 112 and obfuscating instruction (or instructions, as described below). The number of hidden instructions at 114 varies with the specific obfuscating instruction, or instructions, employed, as is discussed in detail, below. - Note that
jump instruction 112 need not be immediately adjacent to obfuscatinginstruction 110. Any instruction that directs a processor to obtain the next instruction from within the “hidden”instructions 114 can be sufficient. Also, although the invention is discussed with respect tohidden instructions 114 being immediately adjacent to obfuscatinginstruction 110, it is possible that obfuscating instructions may act to hide non-adjacent instructions. - The present invention is described with respect to assembly language code in “ASM” format. Such format is produced, for example, by the Microsoft VC++ compiler. It should be apparent that the techniques of the present invention can be adapted for any type of assembler, or source code, or other computer languages and syntax which provide a suitable obfuscation instruction.
- By obfuscating code in different places throughout the program, it is much more difficult for a programmer to obtain useful information. The decompiler loses synchronization with the instructions and can display missing, or incorrect, instructions in place of the actual ones. With enough portions of the code obscured, a would-be hacker is required to trace through all the code, manually. The debugger (or disassembler) is expecting the code to return after a jump to a certain instruction, but the code changes the return location causing the debugger to break out of its gui. Two code examples are provided in Table I and Table II:
TABLE I call $+6 ;Highly efficient! DB OEBh add dword ptr [esp],6 ret -
TABLE II call $+12 ;Not efficient. DB 083h jmp $+10 DB 08Bh Inc [esp] ret - A more advanced technique can involve randomly exchanging jump commands in the ASM file with ‘tricky returns.’ This requires pushing the destination address instead of altering the esp register like previous examples. This way, this (intelligent) obfuscation macro would not be competing against other macros. By placing the ‘tricky returns’ where there is already a jump, the byte overhead is reduced.
- The instruction “INT 35” has obfuscation properties. Unlike
INT 20, no additional data is displayed. In fact, INT's 34-3A or so have the same ability to totally mask three bytes. As an example:actual code the debugger window 0 JMP 4 0 JMP 4 2 INT 35h 2 INT 35h 4 NOP 7 XOR EAX,EAX 5 NOP 6 NOP 7 XOR EAX,EAX - Of course, as much as this is helpful, three bytes of obfuscation is not all that impressive. In tandem with
INT 20 though, it is an entirely other story. This example: -
- jmp $+2
- INT 35h
- jmp $+2
- INT 20h
yielded 14 bytes of obfuscation. Much better! But, then there is this fine example: - jmp $+4
- INT 35h
- INT 20h
only six bytes long, but yielded an incredible 17 bytes of obfuscation over five instructions. Each instruction remains obfuscated until executed and returns to an obfuscated state afterwards.
- Below is some gibberish code that does a fake comparison, then it jumps into the second byte of the compare, which, along with the first byte of the add instruction, cause the program to jump to the byte after the DB. The purpose of this snippet is to confuse the cracker, and in the process obfuscate six bytes. Although unlikely, to avoid collision problems, the me instruction should be switched to jmp.
3B EB cmp ebp,ebx 04 00 add a1,0h 75 FB jne $−5 83 DB 083h - The object of these are only to obfuscate code. They are classified as ‘petty obfuscators’ because it would be more suitable to reuse a ‘great obfuscator.’
- To obfuscate four bytes:
-
- jmp $+4 Note: this may need byteswapping
- DD 0660FBCA3h, BSF SP [REG+4 bytes]
- To obfuscate five bytes:
-
- jmp $+4
- DD 0660FBAA3h; BT WORD PTR [REG+4 bytes], 1 byte
- To obfuscate six bytes:
-
- jmp $+4
- DD 0660FBAA4h; BT WORD PTR [REG*4+REG+4 bytes], 1 byte
- Although the present invention has been discussed with respect to specific embodiments, these embodiments are merely illustrative, and not restrictive, of the invention. The scope of the invention is to be determined solely by the appended claims.
Claims (11)
1. A method for obfuscating computer program instructions upon disassembly, the method comprising:
inserting an interrupt instruction for causing a disassembler to not disassemble one or more bytes subsequent to the interrupt instruction; and
inserting a branch instruction to invoke execution of one or more bytes subsequent to the interrupt instruction.
2. The method of claim 1 and comprising repeating said inserting an interrupt instruction and said inserting a branch instruction.
3. The method of claim 1 , wherein said branch instruction is a jump instruction.
4. The method of claim 1 , wherein the steps are performed manually.
5. The method of claim 1 , wherein the steps are performed by a software process.
6. The method of claim 5 , wherein parameters are supplied to the software process, the method further comprising supplying a parameter to the software process to specify the frequency with which an interrupt instruction is to be inserted in a predetermined program.
7. The method of claim 6 , wherein the frequency is specified as a number of instructions of the predetermined program between each insertion of the [obfuscating] interrupt instruction.
8. A computer-readable media including the following instructions executable by a processor:
an interrupt instruction for causing a disassembler to not disassemble one or more bytes subsequent to the interrupt instruction; and
a branch instruction to invoke execution of one or more bytes subsequent to the interrupt instruction.
9. A computer-readable media including the following obfuscating instructions executable by a processor:
JMP $+4
INT 35h
10. A computer-readable media including the following obfuscating instructions executable by a processor:
JMP $+4
INT 35h
INT 20h
11. An apparatus for obfuscating computer program instructions upon disassembly, the apparatus comprising:
an interrupt instruction for causing a disassembler to not disassemble one or more bytes subsequent to the interrupt instruction; and
a branch instruction to invoke execution of one or more bytes subsequent to the interrupt instruction.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/264,713 US20060053307A1 (en) | 2000-06-21 | 2005-10-31 | System for obfuscating computer code upon disassembly |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/603,575 US7065652B1 (en) | 2000-06-21 | 2000-06-21 | System for obfuscating computer code upon disassembly |
US11/264,713 US20060053307A1 (en) | 2000-06-21 | 2005-10-31 | System for obfuscating computer code upon disassembly |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/603,575 Continuation US7065652B1 (en) | 2000-06-21 | 2000-06-21 | System for obfuscating computer code upon disassembly |
Publications (1)
Publication Number | Publication Date |
---|---|
US20060053307A1 true US20060053307A1 (en) | 2006-03-09 |
Family
ID=24416025
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/603,575 Expired - Fee Related US7065652B1 (en) | 2000-06-21 | 2000-06-21 | System for obfuscating computer code upon disassembly |
US11/264,713 Abandoned US20060053307A1 (en) | 2000-06-21 | 2005-10-31 | System for obfuscating computer code upon disassembly |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/603,575 Expired - Fee Related US7065652B1 (en) | 2000-06-21 | 2000-06-21 | System for obfuscating computer code upon disassembly |
Country Status (4)
Country | Link |
---|---|
US (2) | US7065652B1 (en) |
AU (1) | AU2001272953A1 (en) |
DE (1) | DE10196373T1 (en) |
WO (1) | WO2001099034A2 (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020016918A1 (en) * | 2000-05-12 | 2002-02-07 | David Tucker | Information security method and system |
US20020120854A1 (en) * | 2000-09-22 | 2002-08-29 | Levine Richard B. | Systems and methods for preventing unauthorized use of digital content |
US20050198526A1 (en) * | 2004-03-05 | 2005-09-08 | Microsoft Corporation | Static and run-time anti-disassembly and anti-debugging |
US20080010056A1 (en) * | 2006-07-10 | 2008-01-10 | Microsoft Corporation | Aligning hierarchal and sequential document trees to identify parallel data |
US20090049425A1 (en) * | 2007-08-14 | 2009-02-19 | Aladdin Knowledge Systems Ltd. | Code Obfuscation By Reference Linking |
US20120144371A1 (en) * | 2010-12-01 | 2012-06-07 | Ncr Corporation | Using exception information |
US9092562B2 (en) | 2013-05-16 | 2015-07-28 | International Business Machines Corporation | Controlling access to variables protected by an alias during a debugging session |
US20150294114A1 (en) * | 2012-09-28 | 2015-10-15 | Hewlett-Packard Development Company, L.P. | Application randomization |
US9600672B1 (en) * | 2014-12-04 | 2017-03-21 | Amazon Technologies, Inc. | Dynamic function switching |
CN109189470A (en) * | 2018-08-21 | 2019-01-11 | 北京奇虎科技有限公司 | Code reinforcement means and device |
Families Citing this family (31)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7624277B1 (en) * | 2003-02-25 | 2009-11-24 | Microsoft Corporation | Content alteration for prevention of unauthorized scripts |
US7454323B1 (en) * | 2003-08-22 | 2008-11-18 | Altera Corporation | Method for creation of secure simulation models |
US8220058B2 (en) * | 2003-09-25 | 2012-07-10 | Oracle America, Inc. | Rendering and encryption engine for application program obfuscation |
US7424620B2 (en) * | 2003-09-25 | 2008-09-09 | Sun Microsystems, Inc. | Interleaved data and instruction streams for application program obfuscation |
US20050069138A1 (en) * | 2003-09-25 | 2005-03-31 | Sun Microsystems, Inc., A Delaware Corporation | Application program obfuscation |
US7415618B2 (en) * | 2003-09-25 | 2008-08-19 | Sun Microsystems, Inc. | Permutation of opcode values for application program obfuscation |
US7353499B2 (en) * | 2003-09-25 | 2008-04-01 | Sun Microsystems, Inc. | Multiple instruction dispatch tables for application program obfuscation |
US7363620B2 (en) * | 2003-09-25 | 2008-04-22 | Sun Microsystems, Inc. | Non-linear execution of application program instructions for application program obfuscation |
US8181039B2 (en) * | 2007-04-13 | 2012-05-15 | Microsoft Corporation | Disc drive counterfeiting countermeasure |
US8869109B2 (en) * | 2008-03-17 | 2014-10-21 | Microsoft Corporation | Disassembling an executable binary |
EP2234031A1 (en) * | 2009-03-24 | 2010-09-29 | SafeNet, Inc. | Obfuscation |
US9215225B2 (en) | 2013-03-29 | 2015-12-15 | Citrix Systems, Inc. | Mobile device locking with context |
US20140032733A1 (en) | 2011-10-11 | 2014-01-30 | Citrix Systems, Inc. | Policy-Based Application Management |
US9280377B2 (en) | 2013-03-29 | 2016-03-08 | Citrix Systems, Inc. | Application with multiple operation modes |
US9143529B2 (en) | 2011-10-11 | 2015-09-22 | Citrix Systems, Inc. | Modifying pre-existing mobile applications to implement enterprise security policies |
US9774658B2 (en) | 2012-10-12 | 2017-09-26 | Citrix Systems, Inc. | Orchestration framework for connected devices |
US8726343B1 (en) | 2012-10-12 | 2014-05-13 | Citrix Systems, Inc. | Managing dynamic policies and settings in an orchestration framework for connected devices |
US9516022B2 (en) | 2012-10-14 | 2016-12-06 | Getgo, Inc. | Automated meeting room |
US8910239B2 (en) | 2012-10-15 | 2014-12-09 | Citrix Systems, Inc. | Providing virtualized private network tunnels |
US20140109176A1 (en) | 2012-10-15 | 2014-04-17 | Citrix Systems, Inc. | Configuring and providing profiles that manage execution of mobile applications |
US9606774B2 (en) | 2012-10-16 | 2017-03-28 | Citrix Systems, Inc. | Wrapping an application with field-programmable business logic |
CN104854561B (en) | 2012-10-16 | 2018-05-11 | 思杰系统有限公司 | Application program for application management framework encapsulates |
US9971585B2 (en) | 2012-10-16 | 2018-05-15 | Citrix Systems, Inc. | Wrapping unmanaged applications on a mobile device |
US20140108793A1 (en) | 2012-10-16 | 2014-04-17 | Citrix Systems, Inc. | Controlling mobile device access to secure data |
US8849979B1 (en) | 2013-03-29 | 2014-09-30 | Citrix Systems, Inc. | Providing mobile device management functionalities |
US9985850B2 (en) | 2013-03-29 | 2018-05-29 | Citrix Systems, Inc. | Providing mobile device management functionalities |
US9355223B2 (en) | 2013-03-29 | 2016-05-31 | Citrix Systems, Inc. | Providing a managed browser |
US10284627B2 (en) | 2013-03-29 | 2019-05-07 | Citrix Systems, Inc. | Data management for an application with multiple operation modes |
US9369449B2 (en) | 2013-03-29 | 2016-06-14 | Citrix Systems, Inc. | Providing an enterprise application store |
CN104166822B (en) | 2013-05-20 | 2017-10-13 | 阿里巴巴集团控股有限公司 | A kind of method and apparatus of data protection |
CN110825386B (en) * | 2019-11-01 | 2023-07-14 | 腾讯科技(深圳)有限公司 | Code compiling method and device and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6205550B1 (en) * | 1996-06-13 | 2001-03-20 | Intel Corporation | Tamper resistant methods and apparatus |
US6594761B1 (en) * | 1999-06-09 | 2003-07-15 | Cloakware Corporation | Tamper resistant software encoding |
US6643775B1 (en) * | 1997-12-05 | 2003-11-04 | Jamama, Llc | Use of code obfuscation to inhibit generation of non-use-restricted versions of copy protected software applications |
US6665796B1 (en) * | 1999-08-18 | 2003-12-16 | Sun Microsystems, Inc. | Microprocessor instruction result obfuscation |
US6668325B1 (en) * | 1997-06-09 | 2003-12-23 | Intertrust Technologies | Obfuscation techniques for enhancing software security |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1997004394A1 (en) | 1995-07-14 | 1997-02-06 | Christopher Nathan Drake | Computer software authentication, protection, and security system |
-
2000
- 2000-06-21 US US09/603,575 patent/US7065652B1/en not_active Expired - Fee Related
-
2001
- 2001-06-19 AU AU2001272953A patent/AU2001272953A1/en not_active Abandoned
- 2001-06-19 DE DE10196373T patent/DE10196373T1/en not_active Withdrawn
- 2001-06-19 WO PCT/US2001/019573 patent/WO2001099034A2/en active Application Filing
-
2005
- 2005-10-31 US US11/264,713 patent/US20060053307A1/en not_active Abandoned
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6205550B1 (en) * | 1996-06-13 | 2001-03-20 | Intel Corporation | Tamper resistant methods and apparatus |
US6668325B1 (en) * | 1997-06-09 | 2003-12-23 | Intertrust Technologies | Obfuscation techniques for enhancing software security |
US6643775B1 (en) * | 1997-12-05 | 2003-11-04 | Jamama, Llc | Use of code obfuscation to inhibit generation of non-use-restricted versions of copy protected software applications |
US6594761B1 (en) * | 1999-06-09 | 2003-07-15 | Cloakware Corporation | Tamper resistant software encoding |
US6665796B1 (en) * | 1999-08-18 | 2003-12-16 | Sun Microsystems, Inc. | Microprocessor instruction result obfuscation |
Cited By (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7555780B2 (en) | 2000-05-12 | 2009-06-30 | Symantec Corporation | Information security method and system |
US20050257054A1 (en) * | 2000-05-12 | 2005-11-17 | David Tucker | Information security method and system |
US20050289511A1 (en) * | 2000-05-12 | 2005-12-29 | David Tucker | Information security method and system |
US20060075260A1 (en) * | 2000-05-12 | 2006-04-06 | David Tucker | Information security method and system |
US7171693B2 (en) * | 2000-05-12 | 2007-01-30 | Xtreamlok Pty Ltd | Information security method and system |
US20020016918A1 (en) * | 2000-05-12 | 2002-02-07 | David Tucker | Information security method and system |
US7565697B2 (en) * | 2000-09-22 | 2009-07-21 | Ecd Systems, Inc. | Systems and methods for preventing unauthorized use of digital content |
US20020120854A1 (en) * | 2000-09-22 | 2002-08-29 | Levine Richard B. | Systems and methods for preventing unauthorized use of digital content |
US20050198526A1 (en) * | 2004-03-05 | 2005-09-08 | Microsoft Corporation | Static and run-time anti-disassembly and anti-debugging |
US7383583B2 (en) * | 2004-03-05 | 2008-06-03 | Microsoft Corporation | Static and run-time anti-disassembly and anti-debugging |
US8073679B2 (en) | 2006-07-10 | 2011-12-06 | Microsoft Corporation | Aligning hierarchial and sequential document trees to identify parallel data |
US20080010056A1 (en) * | 2006-07-10 | 2008-01-10 | Microsoft Corporation | Aligning hierarchal and sequential document trees to identify parallel data |
US7805289B2 (en) | 2006-07-10 | 2010-09-28 | Microsoft Corporation | Aligning hierarchal and sequential document trees to identify parallel data |
US20090049425A1 (en) * | 2007-08-14 | 2009-02-19 | Aladdin Knowledge Systems Ltd. | Code Obfuscation By Reference Linking |
US20120144371A1 (en) * | 2010-12-01 | 2012-06-07 | Ncr Corporation | Using exception information |
US9645869B2 (en) * | 2010-12-01 | 2017-05-09 | Ncr Corporation | Using exception information |
US20150294114A1 (en) * | 2012-09-28 | 2015-10-15 | Hewlett-Packard Development Company, L.P. | Application randomization |
US9092562B2 (en) | 2013-05-16 | 2015-07-28 | International Business Machines Corporation | Controlling access to variables protected by an alias during a debugging session |
US9600672B1 (en) * | 2014-12-04 | 2017-03-21 | Amazon Technologies, Inc. | Dynamic function switching |
CN109189470A (en) * | 2018-08-21 | 2019-01-11 | 北京奇虎科技有限公司 | Code reinforcement means and device |
Also Published As
Publication number | Publication date |
---|---|
WO2001099034A3 (en) | 2003-05-08 |
US7065652B1 (en) | 2006-06-20 |
WO2001099034A2 (en) | 2001-12-27 |
AU2001272953A1 (en) | 2002-01-02 |
DE10196373T1 (en) | 2003-09-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7065652B1 (en) | System for obfuscating computer code upon disassembly | |
US7937693B2 (en) | System and method for obfuscation of reverse compiled computer code | |
US7757097B2 (en) | Method and system for tamperproofing software | |
EP2486482B1 (en) | A system and method for aggressive self-modification in dynamic function call systems | |
US10255414B2 (en) | Software self-defense systems and methods | |
US7254586B2 (en) | Secure and opaque type library providing secure data protection of variables | |
US7243340B2 (en) | Method and system for obfuscation of computer program execution flow to increase computer program security | |
US8352929B2 (en) | Method for preventing software reverse engineering, unauthorized modification, and runtime data interception | |
Chang et al. | Protecting software code by guards | |
CN103544414B (en) | A kind of degree of depth Code obfuscation method of android system application | |
US7383583B2 (en) | Static and run-time anti-disassembly and anti-debugging | |
Philippaerts et al. | Code pointer masking: Hardening applications against code injection attacks | |
KR20140058419A (en) | System and method providing dependency networks throughout applications for attack resistance | |
LeDoux et al. | Instruction embedding for improved obfuscation | |
Buzatu | Methods for obfuscating Java programs | |
Memon et al. | Preventing reverse engineering threat in java using byte code obfuscation techniques | |
CN110147238B (en) | Program compiling method, device and system | |
US9239913B2 (en) | Method for obfuscating a computer program | |
Solutions | DashO User's Guide | |
Merckx | Software security through targetted diversification | |
Liang | Software code protection through software obfuscation | |
Basalaj et al. | HIC++ V4. 0–an overview by the authors |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |