软件安全Shell的实现

The implementation of software security shell

本文基于防止软件被破解与逆向的目的,通过对PE文件导入表、导出表、重定位表的处理实现Shell增加区段的功能。通过将Is Debugger Present与Timing Attacks技术的融合实现Shell自身的反调试,同时采用Shell Code的编码方式存储一些敏感信息以及通过"无效操作码"这一后门接口实现Shell自身的反虚拟机功能。最后通过对Notepad的加Shell试验说明Shell具有反调试与反虚拟机功能,证明了对软件加Shell具有防止被破解与逆向的功能。

The paper is based on the purpose of preventing software from being cracked and reversed. By processing the import table, export table, relocation table in PE files, the shell program achieves the function of adding section. This shell program combines the technology of Is Debugger Present with the technology of Timing Attacks to complete the Shell＇s anti-debugging,and encoding to store the sensitive information of Shell Code and through the ＂invalid opcode＂ backdoor interfaces to achieve the function of anti-virtual machine. Finally, through the test of attaching the shell program to Notepad, it explaines the Shell having functions of anti-debugging and anti-virtual machine, and the software having the functions of preventing from being cracked and reversed by attching the Shell program.