Patent Grant
7293266
This application claims priority under 35 USC 119 of United Kingdom Patent Application No. 0124869.9 filed Oct. 17, 2001.
The present invention relates to software loading.
In modern computer systems, application software is usually stored in external memory (such as a hard disk etc.) when not required. The application software will be loaded into the main memory (RAM) when called for execution. The process of loading the software from external memory to the main memory is controlled by a program called a “loader”.
In addition to installing the application software, a loader may execute various other operations. Some of these operations may include initialising various data, registers or the like, as required by the application software. Other operations may involve security, such as checking licence details held within the system.
Attempts have previously been made to circumvent these security checks in order to allow unlicensed copies of software to be used. One style of circumventing the security is known as “riding the loader”. A piece of software similar to a debugger program is used to allow step-by-step execution of the loader while analysing each instruction in the loader and introducing jump instructions or patches when instructions calling for security checks are detected. Consequently, the loader can be made to complete its execution without making security checks, thus allowing the security to be circumvented.
In accordance with the present invention, there is provided a software loader arrangement operable to load a computer program from external memory to an allocated region of the main memory for execution, the arrangement having a plurality of software modules and including a co-ordinator module which, in use, is loaded at a predetermined position of the allocated region and is operable to co-ordinate execution of the or each other module, and at least one loader module operable to perform at least part of the loading operation, the co-ordinator module being further operable to write the or each loader module from the initial location of the loader module to a temporary location for execution, to initiate execution of the module, and to erase the module from the temporary location after execution.
Preferably, a plurality of loader modules are included, providing respective parts of the loading operation. The plurality of loader modules are preferably written in sequence to a temporary location. Each loader module is preferably selected from a group of modules, the modules of each group including sequences of instructions which are different in each module and which achieve the same result when fully executed.
Preferably, a loader part of the allocated region is designated for loader operations, the or each temporary location being within the said loader part. The or each loader module is preferably initially located outside the said loader part. A program part of the allocated region is preferably designated for the computer program, the or each loader module being initially located after the program part.
The co-ordinator module preferably maintains meaningless data within the loader part, except at the location of a loader module which is being executed. The or each loader module is preferably held initially in encrypted form, the co-ordinator module being operable to decrypt while writing a module to a temporary location.
The co-ordinator module, in use, preferably writes the or each loader module to an address which is selected at the time of writing. Selection of the address is preferably pseudo-random.
The invention also provides computer software which, when installed on a computer system, is operable as a software loader arrangement according to any of the preceding definitions.
The invention also provides a data storage medium containing computer software which, when installed on a computer system, is operable as a software loader arrangement according to any of the definitions set out above.
The invention also provides a computer system incorporating a software loader arrangement according to any of the definitions set out above.
The invention also provides a signal carrying information representing a software loader arrangement according to any of the definitions set out above.
In a second aspect the invention provides a computer program which, in use, is loaded from auxiliary memory to an allocated region of the main memory for execution, the program having associated with it a software loader arrangement according to any of the definitions set out above.
In this aspect, the invention also provides a data storage medium containing a computer program as defined in the previous paragraph.
In this aspect, the invention further provides a computer system incorporating a computer program as defined in the first paragraph relating to this aspect of the invention.
In this aspect, the invention further provides a signal carrying information representing a computer program and a software loader arrangement, as defined in the first paragraph relating to this aspect of the invention.
In a third aspect, the invention provides a suite of software modules comprising at least one co-ordinator module of a software loader arrangement as defined in accordance with the first aspect of the invention, and a plurality of loader modules of the loader arrangement, the loader modules forming groups of modules, the modules of each group including sequences of instructions which are different in each module and which achieve the same result when fully executed, whereby a software loader arrangement may be formed by selecting the or one of the co-ordinator modules and one loader module from the or each group of loader modules.
In this aspect, the invention also provides a data storage medium containing a suite of software modules as defined above.
This aspect of the invention also provides a computer system incorporating a suite of software modules as defined in the first paragraph relating to this aspect of the invention.
This aspect also provides a signal carrying information representing a software loader arrangement which includes the or one of the co-ordinator modules of a suite as defined in the first paragraph relating to this aspect of the invention, and one loader module from the or each group of loader modules of the said suite.
In a fourth aspect, the invention provides a method of loading a computer program from external memory to an allocated region of main memory for execution, in which a co-ordinator module is loaded at a predetermined position in the allocated region and is operable to co-ordinate execution of at least one loader module, the or each loader module being operable to perform at least part of the loading operation, the co-ordinator module writing the or each loader module from the initial location of the loader module to a temporary location for execution, initiating execution of the module, and erasing the module from the temporary location after execution.
A plurality of loader modules are preferably provided to perform respective parts of the loading operation. The co-ordinator module preferably writes the loader modules in sequence to a temporary location.
Preferably the co-ordinator module writes the or each loader module to a temporary location which is within a loader part of the allocated region, designated for loader operations.
The co-ordinator module preferably maintains within the loader part, except at the location of a loader module which is being executed, data which has no functionality in relation to the loading operation. The co-ordinator module may decrypt an encrypted version of the loader module while writing the module to a temporary location.
The co-ordinator module preferably selects an address for the temporary location at the time of writing. Selection of the address is preferably pseudo-random.
In this aspect, the invention also provides a computer system operable to load a computer program in accordance with the method of this aspect of the invention.
In a fifth aspect, the invention provides a method of protecting a computer program during loading of the program from external memory to an allocated region of the main memory of a computer, for execution, in which a co-ordinator software module is loaded at a predetermined position in the allocated region and used to co-ordinate execution of at least one loader module operable to perform at least part of the loading operation, the co-ordinator module writing the or each loader module from the initial location of the loader module to a temporary location for execution, initiating execution of the module, and erasing the module from the temporary location after execution.
A plurality of loader modules are preferably provided to perform respective parts of the loading operation. The co-ordinator module preferably writes the loader modules in sequence to a temporary location.
Preferably the co-ordinator module writes the or each loader module to a temporary location which is within a loader part of the allocated region, designated for loader operations.
The co-ordinator module preferably maintains within the loader part, except at the location of a loader module which is being executed, data which has no functionality in relation to the loading operation. The co-ordinator module may decrypt an encrypted version of the loader module while writing the module to a temporary location.
The co-ordinator module preferably selects an address for the temporary location at the time of writing. Selection of the address is preferably pseudo-random.
In this aspect, the invention also provides a computer system operable to load a computer program in accordance with the method of this aspect of the invention.
Examples of the present invention will now be described in more detail, by way of example only, and with reference to the accompanying drawings, in which:
a, 3b and 3c form a simplified flow diagram of the operation of the software loading arrangement for the present invention;
a to 4e illustrates the state of the main memory during a loading operation in accordance with the present invention; and
The computer system 10 is a multi-purpose computer system able to perform a variety of tasks under software control. The system 10 may be of the type known as an IBM compatible personal computer (PC), but the invention can be implemented with other types of computer. Application software (such as word processing software) for controlling the system 10 is conventionally stored in the external memory 16 when not required. When the application is first called, the application must be installed by loading from the external memory 16 to the RAM 14, as indicated by the arrow 21.
The loading operation 21 is conventionally executed under the control of a “loader” program which will incorporate security checks etc., as noted above.
Initially, the region 22 is empty, as indicated by diagonal lines drawn through the loader part 24 and program part 26.
As a first stage of the loading process 21, the operating system of the processor 12 will install, at 24, a loader program associated with the application. Control is then passed to the loader at 24. Execution of the loader will include security checks, initialising etc., following which the application will be read from the external memory 16 and installed in the program part 26. Operation of the loader is then complete and control passes to the application. The application is then ready for use.
It is during this operation of loading that the technique of “riding the loader” can be used to circumvent security being executed by the loader, in the manner described above.
A loading operation according to the present invention, to be carried out on a computer system such as the system 10 of
a illustrates the initial sequence of steps which takes place when an application is called at 30. The operating system allocates memory at 32 for the application (in accordance with the conventional step described above). Whereas conventionally, the operating system would then install a loader associated with the application, the arrangement of the invention will install an associated header, the function of which will be described below, in place of a conventional loader. The header is a program which will be incorporated within the application in the external memory 16 in the manner in which the operating system would expect to find a loader and consequently, the header is installed at 34 and then control is passed to it at 36. This changes the condition of the RAM 14 to the condition shown in
b and 3c form a flow diagram of execution of the header. The symbol X is used to indicate how the two parts of the flow diagram connect to form the complete process. Initially, at 39, the header divides the allocated region 38 to allocate parts as a loader part 42, immediately following the header 40, an application part 44 and a stub part 46.
Stub modules to be described, are then installed at 48 in the stub part 46. In this example, five stub modules are installed, labelled STUB 1, STUB 2, etc. but it will become readily apparent that another number of stubs could a1ternativtely be used. The region 38 is then in the condition illustrated in
The header 40 then co-ordinates the use of the stub modules, sequentially, as follows. A count is initiated at 50 and the appropriate stub is located at 52. At step 54, the header allocates a location within the loader part 42 for the stub. This allocation may follow an algorithm, or be random or pseudo-random.
Following an optional decryption step 56, the stub is then written at 58 to the location allocated at step 54. The RAM is now in a condition shown in
The header 40 calls the stub at step 60 and then waits at 62 (
Once the stub module has successfully executed, the header removes the stub at 64 leaving the corresponding areas of RAM empty, or corrupts the data or overwrites the area with data which is meaningless in relation to the loading operations, i.e. has no functionality in that respect. Removal, corruption and overwriting are referred to, herein, as “erasing” for simplicity. This returns the RAM 14 to the state shown in
The value of N is then incremented at 66 and a decision is made at 68 to determine if further stub modules remain to be executed. This is achieved by comparing the incremented value of N with Nmax, set at the total number of stub modules, repeatedly returning to step 52 until N exceeds Nmax.
Consequently, during the second execution of the loop, the stub module STUB 2 is written into the loader part 42 (
Control is then passed at 70 to the application which is then able to function in the normal manner.
Operation of the software loader arrangement described above provides security against “riding the loader”, as follows. First, the stub modules appear in the loader part 42 only transiently. During most of the loading operation, most of the loader part 42 is empty, or preferably contains data which is meaningless (i.e. non-functional in relation to loading) data. Meaningless data is preferred to leaving the loader part 42 empty, because meaningless data may help to confuse a loader riding program. Secondly, the stub modules, when they do appear in the loader part 42, may occupy a different location on each occasion (according to the location allocated randomly or pseudo-randomly at step 54 (
The success of a loader riding program might be improved if it was possible to determine in advance the location which would be allocated to a particular stub module. Although unlikely in practice, this might in theory be achieved by analysing the algorithm within the header 40, by which stub modules are allocated locations within the loader part 24. Conventional techniques, such as encryption, can be used to protect the header 40 from attack in this manner, but the invention envisages further protection in the following form, effective even if the location allocation algorithm has been analysed.
The software loader arrangement which has been described, consists of a header and five stub modules. The software loader arrangement can therefore be illustrated as a block of software containing these components, as illustrated at the right of
The header and stub modules form an arrangement labelled 72 in
The arrangement 72, illustrated in
This may be achieved by rewriting some of the functions performed by the modules 78, changing the order of instructions within the sequence, or the like. Alternatively, each header 78 could incorporate a different algorithm for generating pseudo-random allocations for stub modules within the loader part 42.
Similarly, the library 74 includes five stub groups 80 (labelled STUB 1 to STUB 5), each containing, in this example, five alternative stub modules 82 labelled STUB 1A to STUB 1E in the first stub group 80. Again, as described in relation to the header modules 78, the stubs within each group are interchangeable to the extent that each, upon execution, will achieve precisely the same results as each other stub module within the same group 80, but the sequences of instructions within each stub module of the same group 80 are not identical in that they differ in their order or in the manner in which they have been written.
The other 5 stub groups 80 also each contain 5 interchangeable stub modules.
The library 74 can be utilised in the following manner. When a copy of application software is to be protected, an arrangement 72 is formed by selecting one block of software from each of the groups 76, 80, to form the arrangement 72. This results in an arrangement 72 which will operate in the manner described above in relation to
The loading operation can be sub-divided in any convenient manner to form stub modules, following which, groups of stub modules forming the library can be written. For example, in addition to the primary process of loading the application into the application part 44, modules could deal with decryption, rebuilding or encrypting the IAT, checking for tampering or signs of unauthorised activity by checking cyclic redundancy check (CRC) signatures, or for the presence of debuggers.
A software loader arrangement of the type described above can be provided in various ways to a potential user, such as a software producer seeking to protect an application in accordance with the invention. For example, a loader arrangement formed as described above, particularly in relation to
Whilst endeavouring in the foregoing specification to draw attention to those features of the invention believed to be of particular importance it should be understood that the Applicant claims protection in respect of any patentable feature or combination of features hereinbefore referred to and/or shown in the drawings whether or not particular emphasis has been placed thereon.
| Number | Date | Country | Kind |
|---|---|---|---|
| 0124869.9 | Oct 2001 | GB | national |
| Number | Name | Date | Kind |
|---|---|---|---|
| 4024504 | Chowning et al. | May 1977 | A |
| 5812848 | Cohen | Sep 1998 | A |
| 5933503 | Schell et al. | Aug 1999 | A |
| 6006190 | Baena-Arnaiz et al. | Dec 1999 | A |
| 6134324 | Bohannon et al. | Oct 2000 | A |
| 6141698 | Krishnan et al. | Oct 2000 | A |
| 6185678 | Arbaugh et al. | Feb 2001 | B1 |
| 6205580 | Hirose | Mar 2001 | B1 |
| 6226747 | Larsson et al. | May 2001 | B1 |
| 6253258 | Cohen | Jun 2001 | B1 |
| 6385567 | Lew et al. | May 2002 | B1 |
| 6405316 | Krishnan et al. | Jun 2002 | B1 |
| 6490722 | Barton et al. | Dec 2002 | B1 |
| 6532451 | Schell et al. | Mar 2003 | B1 |
| 6618769 | Bracha et al. | Sep 2003 | B1 |
| 6618855 | Lindholm et al. | Sep 2003 | B1 |
| 6675201 | Parkkinen | Jan 2004 | B1 |
| 6698017 | Adamovits et al. | Feb 2004 | B1 |
| 6701334 | Ye et al. | Mar 2004 | B1 |
| 6701433 | Schell et al. | Mar 2004 | B1 |
| 6751735 | Schell et al. | Jun 2004 | B1 |
| 6810519 | Hicks | Oct 2004 | B1 |
| 6813762 | Plaxton | Nov 2004 | B1 |
| 6851111 | McGuire et al. | Feb 2005 | B2 |
| 6889376 | Barritz et al. | May 2005 | B1 |
| 6915511 | Susarla et al. | Jul 2005 | B2 |
| 6961852 | Craft | Nov 2005 | B2 |
| 6970960 | Sarfati | Nov 2005 | B1 |
| 7028294 | Cyran et al. | Apr 2006 | B2 |
| 7039923 | Kumar et al. | May 2006 | B2 |
| 7051343 | Bracha et al. | May 2006 | B2 |
| 7069550 | Fraenkel et al. | Jun 2006 | B2 |
| 7082600 | Rau et al. | Jul 2006 | B1 |
| 7099791 | Fritzsche | Aug 2006 | B2 |
| 20020071559 | Christensen et al. | Jun 2002 | A1 |
| Number | Date | Country |
|---|---|---|
| 59231650 | Dec 1984 | JP |
| 4215153 | Aug 1992 | JP |
| 9808163 | Feb 1998 | WO |
| 0206951 | Jan 2002 | WO |
| Number | Date | Country | |
|---|---|---|---|
| 20030093660 A1 | May 2003 | US |
