| Peer-Reviewed

Research on Software Protection Technology Based on Driver

Received: 13 May 2020     Accepted: 5 August 2020     Published: 18 August 2020
Views:       Downloads:
Abstract

Recent years, with the rapid development of the Internet, the technology of software and hardware changes with each passing day. In order to pursue the economic interest, many software systems which contains fatal flaws are always come into use untimely. Although many software developers have involved a tremendous lot of work to make the life cycle of their software systems long enough. However, the law is strong but the outlaws are ten times stronger. In order to be able to illegally use software related charging functions, hackers improve their illegal cracking techniques. in the process of confronting software protection technology As many software developers only focus on the implementation of software system functions, they overlooked the software encryption protection and reverse cracking. Therefore, in the preliminary stage of studying software protection, researchers developed some relatively useful professional software encryption protection program (Shell for short). However, with the development of cracking techniques, even the strong shell ASProtect which uses powerful encryption algorithms such as Twofish, TEA, Blowfish, and the combination of CRC (Cyclic Redundancy Check) and anti-debugging techniques can be removed by using the free OllyDbg dynamic tracking shell after the disassembly code. Using the stack balance principle to find the shell before the program execution entrance, then combining the powerful functions of LoadPE tool to import table, import address table and relocation table. Presently, VMProtect and driver protection technology are two most important ways to protect software. However, VMProtect will need large amount of code in order to build virtual machines which will act as decoders of bytecode - code generated to protect software. For the same reason, efficiency of executing software protected by VMProtect is very low. This article will introduce current state of software protection and give suggestions to limitation found in current application.

Published in American Journal of Information Science and Technology (Volume 4, Issue 3)
DOI 10.11648/j.ajist.20200403.12
Page(s) 46-50
Creative Commons

This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited.

Copyright

Copyright © The Author(s), 2020. Published by Science Publishing Group

Keywords

Driver protection, Kernel Reboot, Encryption, SSDTHOOK

References
[1] Li Ruofeng. Research on Network Intrusion Detection Technology Based on Windows Driver Filtering [D]. China University of Mining and Technology, 2019.
[2] Meng Chenyu, Shi Yuan, Wang Jiawei, Zhou Jie,Kang Xiaofeng. Windows kernel-level protection system [J]. Software, 2016, 37 (03): 16-20+26.
[3] Duan Zhixiu. Study Of Software IP Protection [D]. LanZhou University, 2019.
[4] Chen Xiaoting. Study of Whether To Forbid Reverse Engineer Software Is Legal——Thoughts Derived From AWS Customer Agreement Regarding Dos and Don’ts [J]. Science Publication, 2019, 27 (03): 59-64.
[5] Xu Feng. Design and implementation of security monitoring software in Windows x64 system environment [D]. Beijing University of Posts and telecommunications, 2019.
[6] Dong Jianye. Anti Reverse Engineering In Software Industries [A]. China Institute of Communications Communications Technology Safety Board. 2010 Collections Of Articles Regarding Communication Safety [C]. China Institute of Communications Communications Technology Safety Board: China Institute of Communications, 2010: 5.
[7] Yi Xiangchen. Security software process protection and reinforcement technology based on Windows system [D]. Tianjin University, 2018.
[8] Ma HongLi. Study Of Software Protection Based On Windows Kernel [D]. Huazhong University of Science and Technology, 2012.
[9] Ni Tao. Safety Test On Kernel Drivers Based On Windows Kernel [J]. Informations And Communications, 2017 (01): 183-184.
[10] Meng ChenYu, Shi Yuan, Wang JiaWei, Zhou Jie, Kang XiaoFeng. Protection System Of Windows Kernel [J]. Software, 2016, 37 (03): 16-20+26.
[11] Zhao Xiaohua, Zhao Shusheng. User behavior collection solution based on Windows Kernel [J]. Software engineering, 2018, 21 (07): 28-31.
[12] Wu Jian. Research on 64-bit Windows operating system kernel monitoring [D]. Xiangtan University, 2016.
[13] C. Basile, D. Canavese, L. Regano, P. Falcarin, B. De Sutter. A Meta-model for Software Protections and Reverse Engineering Attacks [J]. The Journal of Systems & Software, 2018.
[14] Principle Of Reverse Engineering [M]. Posts & Telecom Press, (Korean) Licheng Yuan, 2014.
[15] Detailed Analysis Of Windows Kernel [J]. Publishing House of Electronics Industry, Mao DeCao, 2009.
Cite This Article
  • APA Style

    Zhu Hao, Kong Qiongying, Xu Zexin, Chen Jiwei, Li Xian. (2020). Research on Software Protection Technology Based on Driver. American Journal of Information Science and Technology, 4(3), 46-50. https://doi.org/10.11648/j.ajist.20200403.12

    Copy | Download

    ACS Style

    Zhu Hao; Kong Qiongying; Xu Zexin; Chen Jiwei; Li Xian. Research on Software Protection Technology Based on Driver. Am. J. Inf. Sci. Technol. 2020, 4(3), 46-50. doi: 10.11648/j.ajist.20200403.12

    Copy | Download

    AMA Style

    Zhu Hao, Kong Qiongying, Xu Zexin, Chen Jiwei, Li Xian. Research on Software Protection Technology Based on Driver. Am J Inf Sci Technol. 2020;4(3):46-50. doi: 10.11648/j.ajist.20200403.12

    Copy | Download

  • @article{10.11648/j.ajist.20200403.12,
      author = {Zhu Hao and Kong Qiongying and Xu Zexin and Chen Jiwei and Li Xian},
      title = {Research on Software Protection Technology Based on Driver},
      journal = {American Journal of Information Science and Technology},
      volume = {4},
      number = {3},
      pages = {46-50},
      doi = {10.11648/j.ajist.20200403.12},
      url = {https://doi.org/10.11648/j.ajist.20200403.12},
      eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.ajist.20200403.12},
      abstract = {Recent years, with the rapid development of the Internet, the technology of software and hardware changes with each passing day. In order to pursue the economic interest, many software systems which contains fatal flaws are always come into use untimely. Although many software developers have involved a tremendous lot of work to make the life cycle of their software systems long enough. However, the law is strong but the outlaws are ten times stronger. In order to be able to illegally use software related charging functions, hackers improve their illegal cracking techniques. in the process of confronting software protection technology As many software developers only focus on the implementation of software system functions, they overlooked the software encryption protection and reverse cracking. Therefore, in the preliminary stage of studying software protection, researchers developed some relatively useful professional software encryption protection program (Shell for short). However, with the development of cracking techniques, even the strong shell ASProtect which uses powerful encryption algorithms such as Twofish, TEA, Blowfish, and the combination of CRC (Cyclic Redundancy Check) and anti-debugging techniques can be removed by using the free OllyDbg dynamic tracking shell after the disassembly code. Using the stack balance principle to find the shell before the program execution entrance, then combining the powerful functions of LoadPE tool to import table, import address table and relocation table. Presently, VMProtect and driver protection technology are two most important ways to protect software. However, VMProtect will need large amount of code in order to build virtual machines which will act as decoders of bytecode - code generated to protect software. For the same reason, efficiency of executing software protected by VMProtect is very low. This article will introduce current state of software protection and give suggestions to limitation found in current application.},
     year = {2020}
    }
    

    Copy | Download

  • TY  - JOUR
    T1  - Research on Software Protection Technology Based on Driver
    AU  - Zhu Hao
    AU  - Kong Qiongying
    AU  - Xu Zexin
    AU  - Chen Jiwei
    AU  - Li Xian
    Y1  - 2020/08/18
    PY  - 2020
    N1  - https://doi.org/10.11648/j.ajist.20200403.12
    DO  - 10.11648/j.ajist.20200403.12
    T2  - American Journal of Information Science and Technology
    JF  - American Journal of Information Science and Technology
    JO  - American Journal of Information Science and Technology
    SP  - 46
    EP  - 50
    PB  - Science Publishing Group
    SN  - 2640-0588
    UR  - https://doi.org/10.11648/j.ajist.20200403.12
    AB  - Recent years, with the rapid development of the Internet, the technology of software and hardware changes with each passing day. In order to pursue the economic interest, many software systems which contains fatal flaws are always come into use untimely. Although many software developers have involved a tremendous lot of work to make the life cycle of their software systems long enough. However, the law is strong but the outlaws are ten times stronger. In order to be able to illegally use software related charging functions, hackers improve their illegal cracking techniques. in the process of confronting software protection technology As many software developers only focus on the implementation of software system functions, they overlooked the software encryption protection and reverse cracking. Therefore, in the preliminary stage of studying software protection, researchers developed some relatively useful professional software encryption protection program (Shell for short). However, with the development of cracking techniques, even the strong shell ASProtect which uses powerful encryption algorithms such as Twofish, TEA, Blowfish, and the combination of CRC (Cyclic Redundancy Check) and anti-debugging techniques can be removed by using the free OllyDbg dynamic tracking shell after the disassembly code. Using the stack balance principle to find the shell before the program execution entrance, then combining the powerful functions of LoadPE tool to import table, import address table and relocation table. Presently, VMProtect and driver protection technology are two most important ways to protect software. However, VMProtect will need large amount of code in order to build virtual machines which will act as decoders of bytecode - code generated to protect software. For the same reason, efficiency of executing software protected by VMProtect is very low. This article will introduce current state of software protection and give suggestions to limitation found in current application.
    VL  - 4
    IS  - 3
    ER  - 

    Copy | Download

Author Information
  • Qujing No. 1 Middle School, Qujing, China

  • Faculty of Information Engineering and Automation, Kunming University of Science and Technology, Kunming, China

  • Qujing No. 1 Middle School, Qujing, China

  • Faculty of Information Engineering and Automation, Kunming University of Science and Technology, Kunming, China

  • Qujing No. 1 Middle School, Qujing, China

  • Sections