公开(公告)号：US08302210B2

公开(公告)日：2012-10-30

申请号：US12546520

申请日：2009-08-24

申请人： Ginger M. Myles ,  Srinivas Vedula ,  Gianpaolo Fasoli ,  Julien Lerouge ,  Tanya Michelle Lattner ,  Augustin J. Farrugia

发明人： Ginger M. Myles ,  Srinivas Vedula ,  Gianpaolo Fasoli ,  Julien Lerouge ,  Tanya Michelle Lattner ,  Augustin J. Farrugia

IPC分类号： G06F21/00

CPC分类号： G06F21/54 ,  G06F9/4484 ,  G06F9/544 ,  G06F9/545

摘要： Disclosed herein are systems, computer-implemented methods, and computer-readable storage media for call path enforcement. The method includes tracking, during run-time, a run-time call order for a series of function calls in a software program, and when executing a protected function call during run-time, allowing or causing proper execution of a protected function call only if the run-time call order matches a predetermined order. The predetermined order can be an expected run-time call order based on a programmed order of function calls in the software program. The method can include maintaining an evolving value associated with the run-time call order and calling the protected function by passing the evolving value and function parameters corrupted based on the evolving value. The protected function uncorrupts the corrupted parameters based on the passed evolving value and an expected predetermined call order. A buffer containing the uncorrupted parameters can replace the corrupted parameters.

摘要翻译： 本文公开了用于呼叫路径实施的系统，计算机实现的方法和计算机可读存储介质。 该方法包括在运行期间跟踪软件程序中一系列函数调用的运行时调用顺序，以及在运行时执行受保护函数调用时，只允许或导致仅受保护函数调用的正确执行 如果运行时间调用顺序与预定顺序相匹配。 预定顺序可以是基于软件程序中的功能调用的编程顺序的期望的运行时呼叫顺序。 该方法可以包括维护与运行时呼叫顺序相关联的演进值，并通过传递基于演进值而破坏的演进值和功能参数来调用受保护功能。 受保护的功能基于传递的演进值和预期的预定呼叫顺序来破坏已损坏的参数。 包含未受损参数的缓冲区可以替换损坏的参数。

公开(公告)号：US07996685B2

公开(公告)日：2011-08-09

申请号：US12135052

申请日：2008-06-06

申请人： Hongxia Jin ,  Jeffrey Bruce Lotspiech ,  Ginger M. Myles

发明人： Hongxia Jin ,  Jeffrey Bruce Lotspiech ,  Ginger M. Myles

IPC分类号： G06F21/00

CPC分类号： G06F21/14

摘要： A system, method, and computer program product for preventing a malicious user from analyzing and modifying software content. The one-way functions used in prior art systems using dynamically evolving audit logs or self-modifying applications are replaced with a one-way function based on group theory. With this modification, untampered key evolution will occur inside a defined mathematical group such that all valid key values form a subgroup. However, if the program is altered, the key will evolve incorrectly and will no longer be a member of the subgroup. Once the key value is outside of the subgroup, it is not possible to return it to the subgroup. The present invention provides a limited total number of valid keys. The key evolution points are not restricted to locations along the deterministic path, so the key can be used in various novel ways to regulate the program's behavior, including in non-deterministic execution paths.

摘要翻译： 一种用于防止恶意用户分析和修改软件内容的系统，方法和计算机程序产品。 使用动态演进的审计日志或自修改应用程序的现有技术系统中使用的单向函数被基于组理论的单向函数所取代。 通过这种修改，无限制的密钥演进将发生在定义的数学组内，使得所有有效的密钥值形成一个子组。 但是，如果程序被更改，则密钥将不正确地发展，不再是该子组的成员。 一旦键值超出了子组，就不可能将其返回到子组。 本发明提供了有限的总数量的有效密钥。 关键演化点不仅限于确定路径上的位置，所以密钥可以以各种新颖的方式用于调节程序的行为，包括在非确定性执行路径中。

公开(公告)号：US20110041183A1

公开(公告)日：2011-02-17

申请号：US12540195

申请日：2009-08-12

申请人： Ginger M. Myles ,  Julien Lerouge ,  Tanya Michelle Lattner ,  Augustin J. Farrugia

发明人： Ginger M. Myles ,  Julien Lerouge ,  Tanya Michelle Lattner ,  Augustin J. Farrugia

IPC分类号： G06F21/22 ,  G06F9/45

CPC分类号： G06F21/14

摘要： Disclosed herein are systems, computer-implemented methods, and computer-readable storage media for obfuscating a function call. The method receives a computer program having an annotated function and determines prolog instructions for setting up a stack frame of the annotated function and epilog instructions for tearing down the stack frame. The method places a first portion of the prolog instructions in the computer program preceding a jump to the annotated function and a second portion of the prolog instructions at a beginning of the annotated function. The method places a first portion of the epilog instructions at an end of the annotated function and a second portion of the epilog instructions in the computer program after the jump. Executing the first and second portions of the prolog instructions together sets up the stack frame. Executing the first and the second portions of the epilog instructions together tears down the stack frame.

摘要翻译： 这里公开的是系统，计算机实现的方法和用于模糊功能调用的计算机可读存储介质。 该方法接收具有注释功能的计算机程序，并且确定用于建立注释功能的堆栈帧的序言指令和用于拆除堆栈帧的epilog指令。 该方法将前导序列指令的第一部分放置在跳转之前的计算机程序中，并且在注释的函数的开始处将序言指令的第二部分放置到注释的函数中。 该方法将epilog指令的第一部分放置在注释功能的末尾，并且在跳转之后在计算机程序中放置epilog指令的第二部分。 执行序言指令的第一和第二部分一起设置堆栈帧。 执行epilog指令的第一部分和第二部分一起撕下堆栈帧。

公开(公告)号：US08645930B2

公开(公告)日：2014-02-04

申请号：US12651953

申请日：2010-01-04

申请人： Christopher Arthur Lattner ,  Tanya Michelle Lattner ,  Julien Lerouge ,  Ginger M. Myles ,  Augustin J. Farrugia ,  Pierre Betouin

发明人： Christopher Arthur Lattner ,  Tanya Michelle Lattner ,  Julien Lerouge ,  Ginger M. Myles ,  Augustin J. Farrugia ,  Pierre Betouin

IPC分类号： G06F9/44 ,  G06F9/45

CPC分类号： G06F8/70 ,  G06F21/14

摘要： Disclosed herein are systems, methods, and computer-readable storage media for obfuscating by a common function. A system configured to practice the method identifies a set of functions in source code, generates a transformed set of functions by transforming each function of the set of functions to accept a uniform set of arguments and return a uniform type, and merges the transformed set of functions into a single recursive function. The single recursive function can allocate memory in the heap. The stack can contain a pointer to the allocated memory in the heap. The single recursive function can include instructions for creating and explicitly managing a virtual stack in the heap. The virtual stack can emulate what would happen to the real stack if one of the set of functions was called. The system can further compile the source code including the single recursive function.

摘要翻译： 本文公开了用于通过共同功能进行混淆的系统，方法和计算机可读存储介质。 被配置为实施该方法的系统识别源代码中的一组函数，通过将函数集合的每个函数变换为接受统一的参数集合并返回统一类型来生成变换的函数集合，并且将经变换的集合 函数转换为单个递归函数。 单个递归函数可以在堆中分配内存。 堆栈可以包含指向堆中分配的内存的指针。 单个递归函数可以包括用于创建和显式管理堆中的虚拟堆栈的说明。 如果调用了一组函数，虚拟堆栈可以模拟真实堆栈将会发生什么。 该系统可以进一步编译包含单个递归函数的源代码。

公开(公告)号：US20100058301A1

公开(公告)日：2010-03-04

申请号：US12198873

申请日：2008-08-26

申请人： Ginger M. MYLES ,  Julien Lerouge ,  Tanya Michelle Lattner ,  Augustin J. Farrugia

发明人： Ginger M. MYLES ,  Julien Lerouge ,  Tanya Michelle Lattner ,  Augustin J. Farrugia

IPC分类号： G06F9/45

CPC分类号： G06F8/41 ,  G06F8/447 ,  G06F9/44521 ,  G06F21/14

摘要： Disclosed herein are systems, methods, and computer readable-media for obfuscating code. The method includes extracting a conditional statement from a computer program, creating a function equivalent to the conditional statement, creating a pointer that points to the function, storing the pointer in an array of pointers, replacing the conditional statement with a call to the function using the pointer at an index in the array, and during runtime of the computer program, dynamically calculating the index corresponding to the pointer in the array. In one aspect, a subset of instructions is extracted from a path associated with the conditional statement and the subset of instructions is placed in the function to evaluate the conditional statement. In another aspect, the conditional statement is replaced with a call to a select function that (1) calculates the index into the array, (2) retrieves the function pointer from the array using the index, and (3) calls the function using the function pointer. Calls can be routed through a select function before the function pointer is used to call the function evaluating the conditional statement. Each step in the method can be applied to source code of the computer program, an intermediate representation of the computer program, and assembly code of the computer program.

摘要翻译： 这里公开了用于模糊代码的系统，方法和计算机可读介质。 该方法包括从计算机程序中提取条件语句，创建等价于条件语句的函数，创建指向函数的指针，将指针存储在指针数组中，使用对函数的调用替换条件语句 数组中的索引处的指针，以及在计算机程序的运行期间，动态地计算与数组中的指针相对应的索引。 在一个方面，从与条件语句相关联的路径中提取指令子集，并将指令子集置于函数中以评估条件语句。 在另一方面，条件语句被替换为select函数的调用，（1）计算数组中的索引，（2）使用索引从数组中检索函数指针，（3）使用 函数指针。 在使用函数指针调用评估条件语句的函数之前，可以通过select函数路由调用。 该方法中的每一步都可以应用于计算机程序的源代码，计算机程序的中间表示和计算机程序的汇编代码。

公开(公告)号：US20080148061A1

公开(公告)日：2008-06-19

申请号：US11613001

申请日：2006-12-19

申请人： HONGXIA JIN ,  Jeffrey Bruce Lotspiech ,  Ginger M. Myles

发明人： HONGXIA JIN ,  Jeffrey Bruce Lotspiech ,  Ginger M. Myles

IPC分类号： G06F11/30

CPC分类号： G06F21/14

摘要： A system, method, and computer program product for preventing a malicious user from analyzing and modifying software content. The one-way functions used in prior art systems using dynamically evolving audit logs or self-modifying applications are replaced with a one-way function based on group theory. With this modification, untampered key evolution will occur inside a defined mathematical group such that all valid key values form a subgroup. However, if the program is altered, the key will evolve incorrectly and will no longer be a member of the subgroup. Once the key value is outside of the subgroup, it is not possible to return it to the subgroup. The present invention provides a limited total number of valid keys. The key evolution points are not restricted to locations along the deterministic path, so the key can be used in various novel ways to regulate the program's behavior, including in non-deterministic execution paths.

摘要翻译： 一种用于防止恶意用户分析和修改软件内容的系统，方法和计算机程序产品。 使用动态演进的审计日志或自修改应用程序的现有技术系统中使用的单向函数被基于组理论的单向函数所取代。 通过这种修改，无限制的密钥演进将发生在定义的数学组内，使得所有有效的密钥值形成一个子组。 但是，如果程序被更改，则密钥将不正确地发展，不再是该子组的成员。 一旦键值超出了子组，就不可能将其返回到子组。 本发明提供了有限的总数量的有效密钥。 关键演化点不仅限于确定路径上的位置，所以密钥可以以各种新颖的方式用于调节程序的行为，包括在非确定性执行路径中。