检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
出 处:《计算机应用》2017年第11期3294-3298,3334,共6页journal of Computer Applications
摘 要:在对现有的DEX加固技术和脱壳技术进行系统学习和研究的基础上,提出和实现了一种基于Android ART虚拟机(VM)的DEX脱壳方案。该方案能够从加固的Android应用中还原出原始DEX文件,其核心思想是将静态插桩和模拟运行技术相结合,以通用的方式实现零知识有效脱壳。首先,在ART虚拟机的解释器里插入监测代码来定位脱壳点;然后,在内存中进行模拟运行,解析相应的结构体指针,得到原始DEX文件数据在内存中的位置;最后,收集这些数据,并按照DEX文件的格式对这些数据进行重组,恢复出应用程序的原始DEX文件,实现脱壳。实验结果表明,所提出的基于ART虚拟机的DEX自动化脱壳方案在引入较小启动延迟的情况下,能够很好地实现对加壳的DEX文件的零知识脱壳。Based on the systematic study and research on the existing DEX packing and unpacking technologies, a DEX unpacking scheme based on Android ART Virtual Machine (VM) was proposed and implemented. The method could extract the original DEX file from the enhanced Android application. The core idea is to accomplish the zero-knowledge unpacking in a strong compatible way by combining simulation execution with static instrumentation. Firstly, the unpacking point was achieved by inserting monitoring codes into the interpreter of ART. Then, the memory location of the data belonging to original DEX file was obtained by performing simulation execution and analyzing related struets. Finally, the original DEX file was restored by collecting and reassembling the data according to the format of DEX file. The experimental results indicate that the proposed automatically unpacking method can well perform zero-knowledge unpacking by just bringing in little time delay when application launching.
关 键 词:ART DEX脱壳 解释器 模拟运行 DEX重组
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.179
