Recent years, with the rapid development of the Internet, the technology of software and hardware changes with each passing day. In order to pursue the economic interest, many software systems which contains fatal flaws are always come into use untimely. Although many software developers have involved a tremendous lot of work to make the life cycle of their software systems long enough. However, the law is strong but the outlaws are ten times stronger. In order to be able to illegally use software related charging functions, hackers improve their illegal cracking techniques. in the process of confronting software protection technology As many software developers only focus on the implementation of software system functions, they overlooked the software encryption protection and reverse cracking. Therefore, in the preliminary stage of studying software protection, researchers developed some relatively useful professional software encryption protection program (Shell for short). However, with the development of cracking techniques, even the strong shell ASProtect which uses powerful encryption algorithms such as Twofish, TEA, Blowfish, and the combination of CRC (Cyclic Redundancy Check) and anti-debugging techniques can be removed by using the free OllyDbg dynamic tracking shell after the disassembly code. Using the stack balance principle to find the shell before the program execution entrance, then combining the powerful functions of LoadPE tool to import table, import address table and relocation table. Presently, VMProtect and driver protection technology are two most important ways to protect software. However, VMProtect will need large amount of code in order to build virtual machines which will act as decoders of bytecode - code generated to protect software. For the same reason, efficiency of executing software protected by VMProtect is very low. This article will introduce current state of software protection and give suggestions to limitation found in current application.
| Published in | American Journal of Information Science and Technology (Volume 4, Issue 3) |
| DOI | 10.11648/j.ajist.20200403.12 |
| Page(s) | 46-50 |
| Creative Commons |
This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited. |
| Copyright |
Copyright © The Author(s), 2020. Published by Science Publishing Group |
Driver protection, Kernel Reboot, Encryption, SSDTHOOK
| [1] | Li Ruofeng. Research on Network Intrusion Detection Technology Based on Windows Driver Filtering [D]. China University of Mining and Technology, 2019. |
| [2] | Meng Chenyu, Shi Yuan, Wang Jiawei, Zhou Jie,Kang Xiaofeng. Windows kernel-level protection system [J]. Software, 2016, 37 (03): 16-20+26. |
| [3] | Duan Zhixiu. Study Of Software IP Protection [D]. LanZhou University, 2019. |
| [4] | Chen Xiaoting. Study of Whether To Forbid Reverse Engineer Software Is Legal——Thoughts Derived From AWS Customer Agreement Regarding Dos and Don’ts [J]. Science Publication, 2019, 27 (03): 59-64. |
| [5] | Xu Feng. Design and implementation of security monitoring software in Windows x64 system environment [D]. Beijing University of Posts and telecommunications, 2019. |
| [6] | Dong Jianye. Anti Reverse Engineering In Software Industries [A]. China Institute of Communications Communications Technology Safety Board. 2010 Collections Of Articles Regarding Communication Safety [C]. China Institute of Communications Communications Technology Safety Board: China Institute of Communications, 2010: 5. |
| [7] | Yi Xiangchen. Security software process protection and reinforcement technology based on Windows system [D]. Tianjin University, 2018. |
| [8] | Ma HongLi. Study Of Software Protection Based On Windows Kernel [D]. Huazhong University of Science and Technology, 2012. |
| [9] | Ni Tao. Safety Test On Kernel Drivers Based On Windows Kernel [J]. Informations And Communications, 2017 (01): 183-184. |
| [10] | Meng ChenYu, Shi Yuan, Wang JiaWei, Zhou Jie, Kang XiaoFeng. Protection System Of Windows Kernel [J]. Software, 2016, 37 (03): 16-20+26. |
| [11] | Zhao Xiaohua, Zhao Shusheng. User behavior collection solution based on Windows Kernel [J]. Software engineering, 2018, 21 (07): 28-31. |
| [12] | Wu Jian. Research on 64-bit Windows operating system kernel monitoring [D]. Xiangtan University, 2016. |
| [13] | C. Basile, D. Canavese, L. Regano, P. Falcarin, B. De Sutter. A Meta-model for Software Protections and Reverse Engineering Attacks [J]. The Journal of Systems & Software, 2018. |
| [14] | Principle Of Reverse Engineering [M]. Posts & Telecom Press, (Korean) Licheng Yuan, 2014. |
| [15] | Detailed Analysis Of Windows Kernel [J]. Publishing House of Electronics Industry, Mao DeCao, 2009. |
APA Style
Zhu Hao, Kong Qiongying, Xu Zexin, Chen Jiwei, Li Xian. (2020). Research on Software Protection Technology Based on Driver. American Journal of Information Science and Technology, 4(3), 46-50. https://doi.org/10.11648/j.ajist.20200403.12
ACS Style
Zhu Hao; Kong Qiongying; Xu Zexin; Chen Jiwei; Li Xian. Research on Software Protection Technology Based on Driver. Am. J. Inf. Sci. Technol. 2020, 4(3), 46-50. doi: 10.11648/j.ajist.20200403.12
AMA Style
Zhu Hao, Kong Qiongying, Xu Zexin, Chen Jiwei, Li Xian. Research on Software Protection Technology Based on Driver. Am J Inf Sci Technol. 2020;4(3):46-50. doi: 10.11648/j.ajist.20200403.12
Share This Article
Twitter
Linked In
Facebook
Copy
Download@article{10.11648/j.ajist.20200403.12,
author = {Zhu Hao and Kong Qiongying and Xu Zexin and Chen Jiwei and Li Xian},
title = {Research on Software Protection Technology Based on Driver},
journal = {American Journal of Information Science and Technology},
volume = {4},
number = {3},
pages = {46-50},
doi = {10.11648/j.ajist.20200403.12},
url = {https://doi.org/10.11648/j.ajist.20200403.12},
eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.ajist.20200403.12},
abstract = {Recent years, with the rapid development of the Internet, the technology of software and hardware changes with each passing day. In order to pursue the economic interest, many software systems which contains fatal flaws are always come into use untimely. Although many software developers have involved a tremendous lot of work to make the life cycle of their software systems long enough. However, the law is strong but the outlaws are ten times stronger. In order to be able to illegally use software related charging functions, hackers improve their illegal cracking techniques. in the process of confronting software protection technology As many software developers only focus on the implementation of software system functions, they overlooked the software encryption protection and reverse cracking. Therefore, in the preliminary stage of studying software protection, researchers developed some relatively useful professional software encryption protection program (Shell for short). However, with the development of cracking techniques, even the strong shell ASProtect which uses powerful encryption algorithms such as Twofish, TEA, Blowfish, and the combination of CRC (Cyclic Redundancy Check) and anti-debugging techniques can be removed by using the free OllyDbg dynamic tracking shell after the disassembly code. Using the stack balance principle to find the shell before the program execution entrance, then combining the powerful functions of LoadPE tool to import table, import address table and relocation table. Presently, VMProtect and driver protection technology are two most important ways to protect software. However, VMProtect will need large amount of code in order to build virtual machines which will act as decoders of bytecode - code generated to protect software. For the same reason, efficiency of executing software protected by VMProtect is very low. This article will introduce current state of software protection and give suggestions to limitation found in current application.},
year = {2020}
}
TY - JOUR T1 - Research on Software Protection Technology Based on Driver AU - Zhu Hao AU - Kong Qiongying AU - Xu Zexin AU - Chen Jiwei AU - Li Xian Y1 - 2020/08/18 PY - 2020 N1 - https://doi.org/10.11648/j.ajist.20200403.12 DO - 10.11648/j.ajist.20200403.12 T2 - American Journal of Information Science and Technology JF - American Journal of Information Science and Technology JO - American Journal of Information Science and Technology SP - 46 EP - 50 PB - Science Publishing Group SN - 2640-0588 UR - https://doi.org/10.11648/j.ajist.20200403.12 AB - Recent years, with the rapid development of the Internet, the technology of software and hardware changes with each passing day. In order to pursue the economic interest, many software systems which contains fatal flaws are always come into use untimely. Although many software developers have involved a tremendous lot of work to make the life cycle of their software systems long enough. However, the law is strong but the outlaws are ten times stronger. In order to be able to illegally use software related charging functions, hackers improve their illegal cracking techniques. in the process of confronting software protection technology As many software developers only focus on the implementation of software system functions, they overlooked the software encryption protection and reverse cracking. Therefore, in the preliminary stage of studying software protection, researchers developed some relatively useful professional software encryption protection program (Shell for short). However, with the development of cracking techniques, even the strong shell ASProtect which uses powerful encryption algorithms such as Twofish, TEA, Blowfish, and the combination of CRC (Cyclic Redundancy Check) and anti-debugging techniques can be removed by using the free OllyDbg dynamic tracking shell after the disassembly code. Using the stack balance principle to find the shell before the program execution entrance, then combining the powerful functions of LoadPE tool to import table, import address table and relocation table. Presently, VMProtect and driver protection technology are two most important ways to protect software. However, VMProtect will need large amount of code in order to build virtual machines which will act as decoders of bytecode - code generated to protect software. For the same reason, efficiency of executing software protected by VMProtect is very low. This article will introduce current state of software protection and give suggestions to limitation found in current application. VL - 4 IS - 3 ER -
Information
Email: