CN120066668A

CN120066668A - Data processing method and related device

Info

Publication number: CN120066668A
Application number: CN202311634401.8A
Authority: CN
Inventors: 杨君; 祁麟
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2023-11-30
Filing date: 2023-11-30
Publication date: 2025-05-30

Abstract

The application discloses a data processing method and a related device, wherein a target instruction of a virtual machine is firstly acquired, and the target instruction is used for controlling the virtual machine. And then determining the encryption keys corresponding to the target instructions according to the target virtual memory addresses corresponding to the target instructions, wherein the encryption keys corresponding to different virtual memory addresses are different. And according to the encryption key, carrying out instruction encoding on the target instruction through an encoding algorithm to obtain an encoding result, and storing the encoding result as the target instruction in the target virtual memory address. And finally, in the running process of the virtual machine, when a call request aiming at the target instruction is acquired, reading the coding result from the target virtual memory address, and according to the encryption key, performing instruction decoding on the coding result through a decoding algorithm corresponding to the coding algorithm to obtain the target instruction. The encryption key is generated based on the storage address of the instruction, and the instruction is encoded by using the encryption key to realize the specificity of the encoding result, so that the safety of the virtual machine is improved.

Description

Data processing method and related device

Technical Field

The present application relates to the field of data processing, and in particular, to a data processing method and related apparatus.

Background

Virtual machine technology can configure a separate virtual computing program in a computer device to simulate a single computer device providing services to a user. The user can control the virtual machine to realize the corresponding function by instructing such a computer to recognize and execute the operation command.

To improve the security of virtual machines, one key point is to protect the instructions used to control the virtual machines from theft. In the related art, the virtual machine instruction is prevented from being randomly and reversely solved by an attacker by storing the instruction after encoding the instruction.

However, the same instruction or the same data object in the instruction has high consistency after being encoded by the same encoding algorithm, and an attacker can quickly crack all instructions based on the consistency after cracking a certain instruction, so that the security of the virtual machine is difficult to be ensured.

Disclosure of Invention

In order to solve the technical problems, the application provides a data processing method and a related device, which can generate a coding factor based on a storage address of an instruction, and utilize the coding factor to code the instruction to realize the specificity of a coding result, so that the safety of a virtual machine is improved.

The embodiment of the application discloses the following technical scheme:

in one aspect, an embodiment of the present application provides a data processing method, including:

acquiring a target instruction of a virtual machine, wherein the target instruction is used for controlling the virtual machine;

determining an encryption key corresponding to the target instruction according to the target virtual memory address corresponding to the target instruction, wherein the encryption keys corresponding to different virtual memory addresses are different;

According to the encryption key, carrying out instruction encoding on the target instruction through an encoding algorithm to obtain an encoding result, wherein the encoding result is stored in the target virtual memory address as the target instruction;

reading the coding result from the target virtual memory address when a call request for the target instruction is acquired in the running process of the virtual machine;

And according to the encryption key, performing instruction decoding on the coding result through a decoding algorithm corresponding to the coding algorithm to obtain the target instruction.

On the other hand, the embodiment of the application provides a data processing device, which comprises an acquisition module, a determination module, an encoding module, a reading module and a decoding module;

The acquisition module is used for acquiring a target instruction of a virtual machine, wherein the target instruction is used for controlling the virtual machine;

The determining module is used for determining the encryption key corresponding to the target instruction according to the target virtual memory address corresponding to the target instruction, and the encryption keys corresponding to different virtual memory addresses are different;

the encoding module is used for carrying out instruction encoding on the target instruction through an encoding algorithm according to the encryption key to obtain an encoding result, and the encoding result is stored in the target virtual memory address as the target instruction;

the reading module is used for reading the coding result from the target virtual memory address when acquiring a call request aiming at the target instruction in the running process of the virtual machine;

The decoding module is used for decoding the instruction of the coding result through a decoding algorithm corresponding to the coding algorithm according to the encryption key to obtain the target instruction.

In yet another aspect, an embodiment of the present application provides a computer device including a processor and a memory:

The memory is used for storing the computer program and transmitting the computer program to the processor;

the processor is configured to perform the method according to the above aspect according to a computer program.

In yet another aspect. Embodiments of the present application provide a computer readable storage medium storing a computer program for executing the method described in the above aspect.

In yet another aspect, embodiments of the present application provide a computer program product comprising a computer program which, when run on a computer device, causes the computer device to perform the method of the above aspect.

According to the technical scheme, for the target instruction for controlling the virtual machine, in order to better encrypt the target instruction, the corresponding encryption key is determined according to the target virtual content address corresponding to the target instruction, the virtual memory address is a storage position for storing the target instruction when the virtual machine runs, so that the virtual memory addresses of different target instructions are different, and the encryption keys of all target instructions are determined according to the corresponding virtual memory addresses, so that the encryption keys of the target instructions stored in different virtual memory addresses are different. And different target instructions respectively encode the instructions according to the corresponding encryption keys, and the obtained encoding results are stored in the target virtual memory addresses as target instructions for decoding and using when needed. Therefore, based on the instruction coding mode of the encryption key which changes along with the change of the target virtual memory address, when the same target instruction is configured and stored in different virtual memory addresses, corresponding coding results are different, and aiming at different target instructions of different virtual memory addresses, the sub-coding results of the same data object in the respective coding results are also different. Therefore, the decoding cost of the coding result is effectively improved, and the safety of the virtual machine is improved.

Drawings

In order to more clearly illustrate the embodiments of the application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

FIG. 1 is a schematic diagram of a data processing method according to an embodiment of the present application;

FIG. 2 is a flowchart of a data processing method according to an embodiment of the present application;

FIG. 3 is a schematic diagram of a method for generating an encryption key according to an embodiment of the present application;

FIG. 4 is a schematic diagram of another method for generating an encryption key according to an embodiment of the present application;

FIG. 5 is a schematic diagram of another method for generating an encryption key according to an embodiment of the present application;

FIG. 6 is a schematic diagram of another method for generating an encryption key according to an embodiment of the present application;

FIG. 7 is a schematic diagram of instruction encoding during installation package generation according to an embodiment of the present application;

FIG. 8 is a schematic diagram of a target instruction encoding to obtain an encoding result according to an embodiment of the present application;

FIG. 9 is a schematic diagram of a target instruction encoding to obtain an encoding result according to an embodiment of the present application;

fig. 10 is a schematic diagram of instruction encoding in an application scenario according to an embodiment of the present application;

fig. 11 is a schematic diagram of instruction decoding in an application scenario according to an embodiment of the present application;

FIG. 12 is a schematic diagram of a data processing apparatus according to an embodiment of the present application;

Fig. 13 is a block diagram of a terminal device according to an embodiment of the present application;

fig. 14 is a block diagram of a server according to an embodiment of the present application.

Detailed Description

Embodiments of the present application are described below with reference to the accompanying drawings.

A Virtual Machine (Virtual Machine) refers to a complete computer system that runs in a completely isolated environment with complete hardware system functionality through software emulation. When creating a virtual machine in a computer, a part of hard disk and memory capacity of the physical machine are required to be used as the hard disk and memory space of the virtual machine. Each virtual machine has a separate CMOS, hard disk and operating system, which can be operated by instructions like a physical machine, and can also be understood as a subroutine for translating pseudocode and responsible for specific execution.

In guaranteeing the security of the virtual machine, one of the important factors is guaranteeing the security of the instruction for controlling the virtual machine, and avoiding the instruction from being illegally stolen or tampered by an attacker. In the encoding process of the instruction in the related technology, the encoding results generated correspondingly after the instruction is encoded in the memory address have higher consistency, and for the instruction attacker, the encoding results of one instruction can be analytically obtained by utilizing the encoding results of the instruction to the encoding results of other instructions.

Therefore, the embodiment of the application provides a data processing method and a related device, which can enable target instructions with different virtual memory addresses in a memory to have different encryption keys by determining corresponding encryption keys according to target virtual content addresses corresponding to the target instructions. And different target instructions respectively encode the instructions according to the corresponding encryption keys, and the obtained encoding results are stored in the target virtual memory addresses as target instructions for decoding and using when needed. Therefore, the encryption keys of the instructions corresponding to the virtual memory addresses are different, and the encoding results of the instructions encoded by the encryption keys are different, so that the encoding results of the instructions have specificity, the decoding cost of the encoding results is effectively improved, and the safety of the virtual machine is improved.

The data processing method provided by the embodiment of the application can be implemented through computer equipment, wherein the computer equipment can be terminal equipment or a server, and the server can be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server for providing cloud computing service. Terminal devices include, but are not limited to, cell phones, computers, intelligent voice interaction devices, intelligent home appliances, vehicle terminals, aircraft, and the like. The terminal device and the server may be directly or indirectly connected through wired or wireless communication, and the present application is not limited herein.

Several terms which may be involved in the following embodiments of the present application will be explained first.

Virtual machine protection-virtual machine protection technology, also known as code virtualization protection technology. The method is to translate codes into a string of pseudo code word streams which cannot be identified by both robots, and then translate and interpret the pseudo codes one by one in specific execution, gradually restore the pseudo codes into original codes and execute the pseudo codes.

Virtual machine instructions-instructions are operational commands that can be recognized and executed by a computer, and an instruction may contain both opcode and operand contents. The operation codes are generally denoted as OPCODEs, and the operands are generally denoted as op_num1, op_num2, op_num3, and so on.

Instruction encoding refers to the process of encoding the target instructions of the virtual machine into a 0/1 byte stream format.

Instruction decoding, a process of parsing the 0/1 byte stream code back to the target instruction of the virtual machine.

Fig. 1 is a schematic diagram of a data processing method according to an embodiment of the present application, where the foregoing computer device is a server.

As shown in fig. 1, in order to effectively protect a target instruction controlling a virtual machine, a target virtual memory address corresponding to the target instruction needs to be acquired first, and an encryption key of the target instruction may be determined according to the target virtual memory address. It can be understood that the encryption key has an association relationship with the target virtual memory address, and the encryption keys corresponding to the virtual memory addresses are different. After the encryption key corresponding to the target instruction is obtained, the target instruction can be subjected to instruction encoding through an encoding algorithm to obtain an encoding result. And then storing the coding result in the target virtual memory address.

In the running process of the virtual machine, when the server needs to call the target instruction, the server sends a call request of the target instruction to the virtual machine, and when the virtual machine acquires the call request of the target instruction, the stored coding result is read from the target virtual memory address. And then, according to the encryption key and a decoding algorithm corresponding to the encoding algorithm, performing instruction decoding on the read encoding result, and finally obtaining a target instruction and returning the target instruction to the server. Based on this, a complete encoding and decoding process for the target instruction can be achieved.

Fig. 2 is a flowchart of a data processing method according to an embodiment of the present application, where the method may be performed by a computer device, and in this embodiment, the computer device is illustrated as a server.

The method comprises the following steps:

S201, obtaining a target instruction of the virtual machine.

The target instruction is any one of instructions for controlling the virtual machine. The general form of an instruction may be a combination of an opcode and an operand, where the opcode of the instruction may be used to indicate the type of operation of the instruction. Of course, the instructions may have other representations, which are not limited herein.

S202, determining encryption keys corresponding to the target instructions according to target virtual memory addresses corresponding to the target instructions, wherein the encryption keys corresponding to different virtual memory addresses are different.

When the virtual machine is configured on the computer device, the computer device allocates a memory space required by the virtual machine to run, and for the virtual machine, the memory space belongs to a virtual memory space, and can be used for storing instructions related to the virtual machine, wherein the storage position of the instructions in the virtual memory space is marked as a virtual memory address, and in the step, the virtual memory address of a target instruction is marked as a target virtual memory address.

The above-mentioned encryption keys need to be determined according to the target virtual memory address, and there is an association relationship between the target virtual memory address and the encryption keys, so that the encryption keys corresponding to different target virtual memory addresses are different. When the target instruction is coded, an encryption key is needed to be used, the coding algorithm is used for coding the instruction to obtain a coding result, and finally the coding result is used as the target instruction to be stored in the target virtual memory address. Therefore, the encryption key is used when the target instruction is encoded, and the encryption key is required to be determined according to the target virtual memory address, namely, the target instructions corresponding to different target virtual memory addresses are encoded by using different encryption keys in the process of encoding the instruction, so that the final encoding results are different, the encoding results of different target instructions are specific, and are not easy to crack by an attacker.

The encryption key refers to an encryption parameter used in encrypting the target instruction, and the encoding is a means of encryption, and the encryption key is used in encoding the target instruction. Determining the corresponding encryption key based on the target virtual memory address corresponding to the target instruction may be understood as considering the target virtual memory address as a factor associated with generating the encryption key. In S202, the "determining the encryption key corresponding to the target instruction according to the target virtual memory address corresponding to the target instruction" is mentioned, where in the process of generating the encryption key, the target virtual memory address may be directly used as the encryption key, and other factors or information related to the target virtual memory address may be determined as the encryption key according to the target virtual memory address.

The embodiment of the application is specifically described in three cases, namely ① directly taking the target virtual memory address as a factor for generating the encryption key, ② taking the associated virtual memory address related to the target virtual memory address as a factor for generating the encryption key, and ③ taking the character string generated based on the target virtual memory address as the encryption key.

Next, a case where the first target virtual memory address directly acts as a factor for generating the encryption key will be specifically described.

Fig. 3 is a schematic diagram of a method for generating an encryption key according to an embodiment of the present application, as shown in fig. 3, in a possible implementation manner, specifically, according to a target virtual memory address corresponding to a target instruction, a method for determining an encryption key corresponding to the target instruction may be that a fixed field identifier in the target virtual memory address is determined, and the fixed field identifier is used as the encryption key.

The virtual memory space of the virtual machine may include a plurality of memory segments, and each memory segment may include a certain memory space. The fixed field identification mentioned above may be used to identify the corresponding memory segment in which the target instruction is stored. That is, the target virtual memory address corresponding to the target instruction may include a memory segment where the target instruction is stored, and may further include a location where the target instruction is specifically stored in the memory segment. For a target instruction, the memory segment in which the target instruction is stored may be specified, while the particular location in which it is stored in the memory segment may be unfixed. Therefore, in the embodiment of the application, the segment identifier of the memory segment for storing the target instruction is used as the fixed field identifier in the target virtual memory address, and the fixed field identifier is used as the encryption key of the target instruction.

In the process of generating the installation package corresponding to the virtual machine, the virtual machine is not installed at this time, that is, the virtual machine does not have an actual virtual memory address, and at this time, the target virtual memory address needs to be allocated in advance for the target instruction, so that when the virtual machine is not installed, the target instruction can also use the pre-allocated target virtual memory address as a source of the fixed field identifier to determine the encryption key to complete instruction encoding.

For example, the virtual memory of the virtual machine may be divided into memory segments, and it is assumed that the virtual memory is divided into 100 memory segments, and each memory segment may store 100 bytes of content. When storing the target instruction, memory segments may be allocated for the target instruction, for example, the target instruction is allocated to be stored in the third memory segment, and for which byte of the target instruction is stored in the third memory segment, the byte stored in the target instruction may be different for different storage occasions or different virtual machine versions, which has flexibility and is inconvenient to be used as an encryption key of the target instruction. Therefore, in the embodiment of the present application, the corresponding memory segment stored by the target instruction is a fixed field identifier, and the fixed field identifier is used as the encryption key. By using the fixed field identifier as the encryption key, different encoding results corresponding to the target instructions of different target virtual memory addresses can be realized, and different target instructions of different virtual memory addresses can be processed, wherein the sub-encoding results of the same data object in the respective encoding results are also different.

By using the fixed field identifier in the target virtual memory as the encryption key of the target instruction, the encryption key can have an association relationship with the target virtual memory address of the target instruction. Therefore, in the subsequent process of decoding the target instruction, a legal user can successfully finish decoding the target instruction according to the determined fixed field identifier, and meanwhile, the specificity of the coding result of the target instruction can be realized, so that the target instruction is not easy to crack by an attacker.

In S202, the "determining the encryption key corresponding to the target instruction according to the target virtual memory address corresponding to the target instruction" is mentioned, and next, the second case of determining the encryption key corresponding to the target instruction by taking the associated virtual memory address related to the target virtual memory address as a factor for generating the encryption key will be specifically described.

Fig. 4 is a schematic diagram of another method for generating an encryption key according to an embodiment of the present application, as shown in fig. 4, in a possible implementation manner, specifically, according to a target virtual memory address corresponding to a target instruction, a method for determining an encryption key corresponding to the target instruction may be that, in a virtual memory of a virtual machine, an associated virtual memory address having a specified association with the target virtual memory address is determined, and a fixed field identifier in the associated virtual memory address is used as the encryption key.

The first method mentioned above uses the fixed field identifier in the target virtual memory address directly as the encryption key, and uses the associated virtual memory address having the specified association relationship with the target virtual memory address as the encryption key of the target instruction.

Specifically, the specified association relationship between the associated virtual memory address and the target virtual memory address may include establishing an association relationship between the associated virtual memory address and the target virtual memory address through a certain identifier or flag bit, establishing an association relationship between the associated virtual memory address and the target virtual memory address through a certain special byte code, establishing a mapping relationship between the associated virtual memory address and the target virtual memory address through a relationship table, and the like.

When the association between the associated virtual memory address and the target virtual memory address is determined, the fixed field identification in the associated virtual memory address may be used as an encryption key. For example, assuming that the virtual memory is divided into 100 memory segments, the memory segments are identified as fixed fields according to the foregoing, and 100 bytes of content may be stored in each memory segment. When the target instruction is stored, memory segments can be allocated for the target instruction, for example, the target instruction is allocated and stored in a third memory segment. The target virtual memory address of the target instruction includes information of the target instruction stored in the third memory segment. It is assumed that there is an associated virtual memory address having a specified association with the target virtual memory address, and the memory segment stored in the associated virtual memory address is a fifth memory segment, that is, the fixed field identifier is the fifth memory segment. Then the encryption key for the targeted instruction may be selected for the fifth memory segment. That is, the encryption key has an association relationship with the fixed field identifier of the associated virtual memory address, and the corresponding encryption key is changed along with the change of the associated virtual memory address, so that the coding result is differentiated.

When the target instruction needs to be decoded, a legal user can decode the instruction according to the fixed field identification of the associated virtual memory address and the association relation between the associated virtual memory address and the target virtual memory address to obtain the target instruction.

By using the method for taking the associated virtual memory address related to the target virtual memory address as the factor for generating the encryption key, the fixed field identification in other virtual memory addresses of the non-target instruction can be used as the encryption key, so that the encoding complexity of encoding the target instruction by using the encryption key can be improved.

In S202, reference is made to "determining the encryption key corresponding to the target instruction according to the target virtual memory address corresponding to the target instruction", and a third case where the encryption key is determined based on the character string generated by the target virtual memory address will be specifically described below.

Fig. 5 is a schematic diagram of another method for generating an encryption key according to an embodiment of the present application, as shown in fig. 5, in one possible implementation, a method for specifically generating a string based on a target virtual memory address as an encryption key may be that a corresponding string is generated as an encryption key according to the target virtual memory address.

Specifically, the method for generating the corresponding character string according to the target virtual memory address may include, but is not limited to, ① setting a fixed character string generation method, generating the character string according to the generation method according to the difference of the virtual memory addresses, ② setting a random character string generation method, and generating the character string according to the generation method according to the difference of the virtual memory addresses.

The character string generation method comprises the steps of generating a first character string, wherein the character string generated by the first character string generation method has a strong association relation with a virtual memory address, the fixation is strong, and the character string generated by the second character string generation method has a weak association relation with the virtual memory address, and the randomness is strong.

The character string finally generated by the first character string generating method can be directly used as an encryption key of a target instruction, and the code result obtained by the instruction code of the subsequent target instruction is used as the target instruction to be stored in the target virtual memory address.

In the second method for generating character strings, because the generated character strings have strong randomness, when the character strings generated by the method are used as the encryption keys of the target instructions, after the encryption keys are used for the encoding of the instructions of the subsequent target instructions to obtain the encoding results, the encryption keys and the encoding results need to be stored in a correlated manner.

The specific reason that the encryption key and the coding result are required to be associated and stored is that the character strings are randomly generated, the same character strings cannot be generated for decoding in the decoding process, and decoding cannot be achieved, so that the encryption key and the coding result are required to be associated and stored, and when a legal user decoding party needs to obtain the encryption key, the corresponding encryption key can be obtained according to the association relation between the encryption key and the coding result, and decoding of the target instruction is completed.

For the second method for generating a character string, when a target instruction using the character string as an encryption key for instruction encoding needs to be decoded, in one possible implementation manner, before the encoding result is decoded by a decoding algorithm corresponding to the encoding algorithm according to the encryption key to obtain the target instruction, the encryption key stored in association with the encoding result needs to be obtained based on the target virtual memory address. The target instruction is then instruction decoded using the encryption key.

By using the character string generated based on the target virtual memory address as the encryption key, the character string generated regularly or the character string generated randomly can be used as the encryption key for encoding the target instruction, so that the complexity of the encoding result of the target instruction can be improved, the cracking difficulty of an attacker on the target instruction can be further improved, and the safety of the instruction can be improved.

In addition to the above-mentioned three methods for generating encryption keys, in one possible implementation manner, a method for generating encryption keys is also provided in an embodiment of the present application. Specifically, a random character string is generated, and the character string and a fixed field identifier of a target virtual memory address are combined to be used as an encryption key.

Fig. 6 is a schematic diagram of another method for generating an encryption key according to an embodiment of the present application, as shown in fig. 6. Specifically, a fixed field in the target virtual memory address of the target instruction may be identified as one factor of the encryption key, and then a string randomly generated from the target virtual memory address may be identified as another factor of the encryption key. And combining the fixed field identification and the character string in a mode of sequentially splicing the two factors or splicing the two factors in a reverse order. And taking the combined character string as an encryption key of the target instruction, and encoding the target instruction by using the encryption key to obtain an encoding result. It can be appreciated that, since the character strings are randomly generated, the encryption key and the encoding result still need to be associated and stored, so that the description is omitted here.

Similarly, a sequential string may be generated, and the sequential string may be combined with the fixed field identifier of the target virtual memory address as an encryption key. The specific process is similar to the method of combining the random string with the fixed field identifier of the target virtual memory address, except that the encryption key and the encoding result do not need to be associated and stored.

By the method for combining the character string and the fixed field identifier of the target virtual memory address as the encryption key, the complexity of the encryption key can be increased on the basis of taking the single factor as the encryption key, so that the complexity of the encoding result of the target instruction can be increased again, and the cracking difficulty and the safety of the target instruction are further improved.

S203, according to the encryption key, carrying out instruction encoding on the target instruction through an encoding algorithm to obtain an encoding result.

Encoding the target instruction may be encoding the target instruction. The above-mentioned instruction encoding of the target instruction according to the encryption key using an encoding algorithm, and a specific encoding algorithm may be bit manipulation of the target instruction, and common bit manipulation may include cyclic shift, bitwise phase, bitwise or bitwise exclusive or, and the like. Such bit manipulation is reversible, requiring the use of an inverse bit manipulation in the decoding process, for example, assuming that the bit manipulation when encoding the target instruction is to bit-cycle left-shift the binary form of the target instruction, then the corresponding bit manipulation when decoding the target instruction is required is to bit-cycle right-shift the binary form of the target instruction. In addition to the shift operation described above, the binary form of the target instruction may be bit-wise and or bit-wise or equal to a binary form of all 0s or all 1 s (which may be consistent with the target instruction length).

The process of encoding the target instruction in the embodiment of the application can occur in the process of generating the virtual machine installation package, or can occur after the installation of the virtual machine is completed.

The process of encoding the target instruction will be described in detail below in terms of what happens in the process of generating the virtual machine installation package.

Fig. 7 is a schematic diagram of instruction encoding during generation of an installation package according to an embodiment of the present application, as shown in fig. 7. In the step S203, the target instruction is encoded by the encoding algorithm according to the encryption key to obtain the encoding result, and when the installation package of the virtual machine is generated, if the target instruction is to be encoded, the target instruction of the virtual machine needs to be acquired at this time, then the encryption key corresponding to the target instruction is predetermined, and the target instruction is encoded by the encoding algorithm according to the encryption key to obtain the encoding result. The above mentioned method of predetermining the encryption key corresponding to the target instruction may allocate a virtual memory address corresponding to the memory of the virtual machine in future for the target instruction in advance, then determine the encryption key corresponding to the target instruction according to the allocated virtual memory address, and further encode the target instruction by using an encoding algorithm according to the encryption key to obtain an encoding result.

And finally, when the virtual machine is installed by acquiring the installation package, the coding result is stored in a target virtual memory address as a target instruction. When the encoding result is stored as the target instruction, the target instruction may be stored according to the previously allocated virtual memory address. If the partial difference exists between the pre-allocated virtual memory address and the storage address of the actual memory after the virtual machine is installed, the virtual memory address allocated in the storage address of the actual memory is allocated to the corresponding target instruction, and then the encryption key is re-determined by using the newly allocated storage address to perform coding, so that a coding result is stored in the corresponding newly allocated storage address.

By the method for encoding the target instruction in the process of generating the virtual machine installation package, a set of encoding results can be determined in advance in the stage of generating the virtual machine installation package. Therefore, even if the installation package of the virtual machine is cracked, the virtual machine instruction in the installation package can obtain a coding result by coding the instruction in advance, so that the instruction in the installation package is in an encrypted state, and the security of the virtual machine can be improved to a certain extent.

The following process of encoding the target instruction will be specifically described in the case where the process occurs after the installation of the virtual machine is completed.

After the installation of the virtual machine is completed, a version update iteration of the virtual machine may occur, which may cause a change in a storage address (i.e., a virtual memory address) inside the virtual machine. When this occurs, the target virtual memory address corresponding to the target instruction needs to be updated.

Specifically, in one possible implementation manner, the specific method may be that, in response to determining that the virtual memory address corresponding to the target instruction is changed, the operation of determining the encryption key corresponding to the target instruction according to the target virtual memory address corresponding to the target instruction is performed by using the changed virtual memory address as the target virtual memory address.

Version change or other updating operations for the virtual machine can occur inevitably in the running process of the virtual machine, and after the updating operations are performed, the corresponding memory capacity of the virtual machine can be changed. The change of the memory capacity may cause the memory address included in the memory to change, which may be increasing the memory address or decreasing the memory address, and the storage position of the memory address may be changed. In this case, the virtual memory address in the virtual machine corresponding to the target instruction also changes correspondingly, and at this time, the virtual memory address after the target instruction is changed needs to be determined, and then the encryption key corresponding to the target instruction is redetermined based on the changed virtual memory address. After the encryption key is determined, the target instruction can be recoded through an encoding algorithm to obtain an encoding result, and the encoding result is stored in the updated virtual memory address as the target instruction.

By the method for encoding the target instruction after the virtual machine is installed, the target virtual memory address of the target instruction can be updated in time according to the change of the virtual machine memory, and the encoding result of the target instruction is updated according to the update of the target virtual memory address. By timely updating the coding result, the situation that the old target virtual memory address used by the target instruction does not exist due to the change of the memory in the updating process of the virtual machine, the target instruction is still coded according to the old target virtual memory address, and the coding result cannot be read according to the target virtual memory address when the target instruction is required to be read is avoided, so that the regular user can conveniently call and use the target instruction of the virtual machine, the possibility that the target instruction is cracked by an attacker by utilizing the historical target virtual memory address is reduced, and the safety of the virtual machine is improved.

When the instruction encoding of the target instruction is completed, an encoding result can be obtained, and the encoding result can be stored in the target virtual memory address as the target instruction. The time period for encoding the target instruction is different, and the time for storing the encoding result is also different. For example, assuming that encoding a target instruction occurs when the virtual machine generates an installation package, the corresponding encoding result storage needs to be performed when the virtual machine is installed with the installation package. Assuming that the encoding of the target instruction occurs after the virtual machine is installed, the corresponding encoding result will also occur after the virtual machine is installed.

S204, reading the coding result from the target virtual memory address when a call request aiming at the target instruction is acquired in the running process of the virtual machine.

In the running process of the virtual machine, an instruction needs to be fetched to control the virtual machine. When the virtual machine receives a call request of the server for the target instruction, the coding result of the target instruction is read from the corresponding target virtual memory address according to the call request of the target instruction. It may be understood that the fetch request includes a specific identifier of the target instruction, and the target virtual memory address of the target instruction can be determined according to the specific identifier, so as to read the stored encoding result of the target instruction from the target virtual memory address.

S205, according to the encryption key, instruction decoding is carried out on the encoding result through a decoding algorithm corresponding to the encoding algorithm, and the target instruction is obtained.

The decoding algorithm can be understood as the inverse operation of the encoding algorithm in one possible implementation, and can be other algorithms having a certain association relationship with the encoding algorithm. The encoding result of the target instruction is obtained by encoding the target instruction by using an encoding algorithm according to the encryption key, so that after the encryption key and the encoding result are obtained, the encoding result can be decoded by using a decoding algorithm corresponding to the encoding algorithm to obtain the target instruction.

By determining the encryption key of the target instruction according to the target virtual memory address of the target instruction, the target instruction with different virtual memory addresses in the memory can have different encryption keys. And meanwhile, according to the encryption key, the target instruction is subjected to instruction encoding by using an encoding algorithm to obtain an encoding result, and the encoding result is stored in a target virtual memory address as the target instruction. In this way, different encryption keys are determined for different target virtual memory addresses, the target instructions are encoded by combining the encryption keys with an encoding algorithm, encoding results are obtained and are stored in the corresponding target virtual memory addresses again as target instructions, the purpose that the target instructions in different storage positions can have different encoding results is achieved, the complexity of the target instructions is improved, the attack difficulty of an instruction attacker on the instructions is increased, the possibility that the target instructions are cracked by the instruction attacker is reduced to a certain extent, and the safety of the virtual machine is improved.

In the aforementioned step S203, it is mentioned that "the target instruction is instruction-encoded by an encoding algorithm based on the encryption key to obtain an encoding result". In the process of coding the target instruction, the data objects in the target instruction can be divided first, and coding of all or part of the data objects in the target instruction by using an encryption key through a coding algorithm can be selected to obtain a coding result.

Specifically, it may be assumed that the target instruction includes N data objects, where N >1, and a more critical data object of the N data objects of the target instruction is determined first, and in one possible implementation, the method for performing instruction encoding on the target instruction to obtain an encoding result may be that, according to an encryption key, instruction encoding is performed on a specified object in the target instruction by using an encoding algorithm to obtain an encoding result.

The above-mentioned specified object may be understood as a key data object among the data objects of the target instruction, wherein the data object may be understood as each data present in the target instruction, each of which may be present as one data object. Different data objects may store different information, some data objects may store more critical information related to the instruction, and some data objects may store non-critical information related to the instruction. A critical data object may be understood as a data object storing critical information of an instruction. The specified object may be at least one of N data objects. The criticality of the specified object can be represented in that if the specified object is cracked by an attacker, the target instruction is completely exposed, and the attacker can tamper with the target instruction according to the acquired data of the specified object.

Therefore, when encoding a target instruction, the security problem of the instruction object needs to be considered first, and the designated object needs to be subjected to key encryption, so that the complexity of the encoding result is increased. In the method for obtaining the encoding result by performing instruction encoding on the target instruction, only the designated object is subjected to instruction encoding on the designated object by using the encryption key as an encoding factor through an encoding algorithm to obtain the encoding result. In this method it is understood that only the specified object is encoded with an instruction based on the encryption key.

By the above-mentioned method for obtaining the encoding result by encoding the target instruction, the encoding of the target instruction based on the encryption key is performed on the specified object with higher importance in the target instruction, where the form of the encryption key is already described in the foregoing embodiment, and will not be described herein. In this method, at least one of the N data objects is designated as a designated object, that is to say the designated object may be 1 at least, and only one designated object may be subjected to the instruction encoding based on the encryption key. In this way, the command encoding based on the encryption key can be avoided, but the command encoding of the type can be purposefully executed on the important and critical data objects, so that the calculation amount of the command encoding on the target command can be reduced, and the command encoding efficiency can be improved.

In the above-described method, only the specified object is encoded with the instruction based on the encryption key, and the instruction encoding method of the non-specified object is not specifically described. The designated object is assumed to be a part of N data objects, and the N data objects are divided into a designated object and a non-designated object at this time. In one possible implementation manner, the method for performing instruction encoding on the target instruction by using an encoding algorithm to obtain an encoding result according to the encryption key mentioned in S203 may be that the instruction encoding is performed on the designated object by using an encoding algorithm in combination with the encryption key to obtain a first subcode result. And then aiming at the non-appointed object, carrying out instruction coding on the non-appointed object by a coding algorithm without combining an encryption key to obtain a second sub-coding result. And finally, obtaining a coding result according to the first sub-coding result and the second sub-coding result.

The above-mentioned method of encoding a target instruction to obtain an encoding result may be understood as encoding an instruction that is differential between a specified object and a non-specified object. That is, the specified object in the target instruction is encoded by the encoding algorithm in combination with the encryption key, and the non-specified object in the target instruction is encoded by the encoding algorithm in combination with the encryption key. And finally, combining the sub-coding results of the two data objects to obtain a coding result.

For example, assume that a target instruction includes a total of 100 data objects, the data objects being composed of 1 opcode and 99 operands, where the opcode represents the type of operation of the instruction and the operands represent the data or memory address to be operated on by the instruction. At this time, it may be determined that the data object that is more important in the operation code and the operand is the operation code. The reason is that the opcode determines the way data is manipulated, while the operand is manipulated with some specific data that can be manipulated. The operation mode of the operation code is determined when the attacker acquires the operation code, and then the operation mode is changed, so that the whole target instruction is affected. That is, the security of the operation code is of greater concern.

Therefore, in the above example, the operation code needs to be encoded by combining the encryption key and the encoding algorithm, so that the complexity of the encoding result of the operation code is improved, and the security of the operation code can be improved. For operands, from the standpoint of efficiency and saving of computational resources, it is optional to encode instructions using an encoding algorithm without combining encryption keys, that is, using an encoding algorithm to encode ordinary instructions.

The above mentioned last obtains the coding result according to the first sub-coding result and the second sub-coding result. The specific process may be that the first sub-coding result and the second sub-coding result are sequentially spliced, and after the sequential splicing is completed, the first sub-coding result and the second sub-coding result may be encrypted again by using other encryption algorithms, which is not limited herein.

By the above-mentioned method of obtaining the encoding result, the data objects in the target instruction are divided into specified objects and non-specified objects according to the degree of importance. Then, different instruction coding modes are adopted for different data objects, instruction coding combined with an encryption key is adopted for a specified object, and instruction coding without decryption and the encryption key is adopted for a non-specified object. Therefore, different data objects are distinguished in instruction coding, the adaptability of the instruction coding can be improved to a certain extent, meanwhile, the coding calculation force resources can be saved to a certain extent through differential instruction coding, and the efficiency of the instruction coding is improved.

The number of the specified objects is limited in the method for obtaining the encoding result by encoding the target instruction, specifically, in the first method, the reference to the specified object as at least one of the N data objects may be understood as 1 to N specified objects, and in the second method, the reference to the specified object as a part of the N data objects may be understood as 1 to N-1 specified objects.

In one possible implementation, 1 designated object and N-1 non-designated objects may be included in the N data objects. It may be assumed at this point that the N data objects include one opcode and N-1 operands. The specified object is an operation code and the operand is a non-specified object.

The reasons and methods for selectively encoding with encryption keys based on the importance of data in the instruction are specifically described in the foregoing description. Next, in the "encoding result obtained by encoding the target instruction by the encoding algorithm according to the encryption key" mentioned in S203, the encoding sequence when the target instruction is encoded by the instruction will be specifically described.

Suppose that the target instruction includes N data objects, where N >1. In one possible implementation, the method for obtaining the coding result by coding the target instruction according to the coding algorithm by the coding algorithm according to the encryption key can be that firstly, the N data objects are sequentially coded according to the coding order requirement by the coding algorithm according to the encryption key to obtain the sub-coding results respectively corresponding to the N data objects, and in the sequential coding, the sub-coding result of the i data object in the coding order is used for coding the i+1st data object, wherein i is less than or equal to 1 < N. And then generating a coding result according to the sub-coding results respectively corresponding to the N data objects and the sequence of the N data objects in the target instruction.

The above-mentioned encoding algorithm specifies the encoding order of the data objects, which may be determined according to the order of the data objects in the target instruction, or may be determined not according to the order of the data objects in the target instruction. The data object in the target instruction is required to be encoded according to a specified encoding sequence, and the sub-encoding result of the previous data object is used for encoding the next data object.

First, an instruction encoding process in which the encoding order is determined according to the arrangement order of data objects in a target instruction is specifically described, and fig. 8 is a schematic diagram of an encoding result obtained by performing instruction encoding on a target instruction according to an embodiment of the present application, as shown in fig. 8. For example, assuming that the target instruction includes A, B, C, D, E and F, the six data objects are arranged in order, the encoding order in which the data objects are encoded in the encoding algorithm is A, B, C, D, E, F. When the instruction encoding is performed, the instruction encoding needs to be performed on the data object a to obtain a sub-encoding result a ', then the data object a ' is used to perform instruction encoding on the next data object, namely the data object B, to obtain a sub-encoding result B ', and the following encoding process is performed in the same way according to the encoding sequence, which is not described herein again. After the instruction encoding of all the data objects is completed, all the sub-encoding results can be obtained, and the generating sequences are A ', B', C ', D', E 'and F'. The sub-code results need to be arranged in the order of the data instructions in the target instruction to obtain the final code results a ', B', C ', D', E ', F'.

Next, an instruction encoding process in which the encoding order is not determined according to the arrangement order of the data objects in the target instruction is specifically described, and fig. 9 is a schematic diagram of an encoding result obtained by performing instruction encoding on a target instruction according to an embodiment of the present application, as shown in fig. 9. For example, assuming that the target instruction includes A, B, C, D, E and F, the six data objects are arranged in order, the encoding order in which the data objects are encoded in the encoding algorithm is F, E, D, C, B, A. When the instruction encoding is performed, the F data object needs to be subjected to instruction encoding to obtain a subcode result F ', then the F ' is used for performing instruction encoding on the next data object, namely the E data object, to obtain a subcode result E ', and the following encoding process is similar according to the encoding sequence, which is not described herein. After the instruction encoding of all the data objects is completed, all the sub-encoding results can be obtained, and the generating sequences are F ', E', D ', C', B 'and A'. The sub-code results need to be arranged in the order of the data instructions in the target instruction to obtain the final code results a ', B', C ', D', E ', F'.

Fig. 10 is a schematic diagram of instruction encoding in an application scenario provided by the embodiment of the present application, as shown in fig. 10, in an actual application scenario, it is assumed that a target instruction is in the form of a combination of an OPCODE and an operand, OPCODE (OPCODE), op_num1 (operand 1), op_num2 (operand 2), op_num3 (operand 3), a manner of determining to encode the target instruction is bit operation (i.e. C in the figure), and an order of determining an encoding algorithm is OPCODE, op_num1, op_num2, op_num3 in order. The process of encoding the target instruction at this time may be:

1) Taking a target virtual memory address VM_ADDR (used as an encryption KEY) where a target instruction is located, and marking the target virtual memory address VM_ADDR as C_KEY;

2) Performing bit operation on the C_KEY and the OPCODE to obtain an OPCODE';

3) Performing bit operation on the OPCODE 'and the OP_NUM1 to obtain OP_NUM1';

4) Performing bit operation on the OP_NUM1 'and the OP_NUM2 to obtain OP_NUM2';

5) Performing bit operation on the OP_NUm2 'and the OP_NUm3 to obtain OP_NUm3';

6) And sequentially encoding the OPCODE ', OP_NUM1', OP_NUM2', OP_NUM3' to obtain an encoding result.

The above process can be seen from the operation process of the encoding algorithm, and the operation process is actually a nested process, so that the encoding result is more random and the analysis difficulty is greater because only one data object of the target instruction is changed and the encoding result of all subsequent data objects is changed instead of only affecting the encoding result of the current data object.

The data objects are encoded according to the encoding sequence, and the sub-encoding result of the previous data object is used for encoding the next data object in the encoding sequence, that is, in the process of encoding the target instruction, the data objects are in a nested manner when the target instruction is encoded. That is, the encoding process of the next data object needs to utilize the sub-encoding result of the previous data object, so as to perform the sequential encoding of all the data objects. In the instruction coding mode, the change of any data object can cause the sub-coding result of the data object after the data object, so that the randomness of the whole coding result can be improved, the complexity of the coding result is increased, and the safety of the virtual machine is further improved.

The foregoing describes the encoding sequence of the encoding result obtained by encoding the target instruction by the encoding algorithm according to the encryption key, and then the "encoding result is decoded by the decoding algorithm corresponding to the encoding algorithm according to the encryption key" mentioned in S205 to obtain the target instruction. The method of instruction decoding in "is specifically described.

In one possible implementation manner, the method for decoding the coding result to obtain the target instruction may be that the coding result is sequentially decoded based on the coding sequence by a decoding algorithm according to the encryption key to obtain N data objects, and in the sequential decoding, the sub-coding result of the ith data object in the coding sequence is used for decoding the (i+1) th data object. And then generating a target instruction according to the sequence of the N data objects in the target instruction.

For example, fig. 11 is a schematic diagram of instruction decoding in an application scenario provided by the embodiment of the present application, as shown in fig. 11, in an actual application scenario, it is assumed that a target instruction is in the form of a combination of an operation code and an operand, OPCODE (operation code), op_num1 (operand 1), op_num2 (operand 2), op_num3 (operand 3), and the encoding order of the target instruction is OPCODE, op_num1, op_num2, and op_num3 in order. And finally determining the encoding result after the target instruction is encoded as OPCODE ', OP_NUM1', OP_NUM2', OP_NUM3'. At this time, the target instruction is decoded by a decoding algorithm, and the decoding operation is the inverse operation of the bit operation (i.e. C' in the figure), which may be specifically:

2) Sequentially analyzing instructions in the memory into OPCODE ', OP_NUM1', OP_NUM2', OP_NUM3';

3) C 'operation is carried out on the C_KEY and the OPCODE' to obtain the OPCODE;

4) C ' operating the OPCODE ' and the OP_NUM1' to obtain the OP_NUM1;

5) C ' operation is carried out on the OP_NUm1' and the OP_NUm2' to obtain OP_NUm2;

6) C ' operation is carried out on the OP_NUm2' and the OP_NUm3' to obtain OP_NUm3;

7) The original operation code and operands OPCODE, op_num1, op_num2, op_num3 are obtained.

That is, when the encoding result needs to be decoded, the encoding result needs to be decoded sequentially according to the encoding sequence by using a decoding algorithm (i.e. the inverse operation of the encoding algorithm), the sub-encoding result of the previous data object will be used to decode the next data object in the decoding process, and after the decoding of all the data objects is completed, the target instructions are generated by arranging the data objects according to the sequence of the data objects in the target instructions. The coding sequence in sequentially decoding the coding result according to the coding sequence has been explained above, and will not be described here again.

The decoding algorithm corresponding to the encoding algorithm is used for decoding the encoding result to obtain the target instruction, and the decoding process can be understood to be a process of decrypting the encryption key, and the decoding algorithm can be used for decrypting the encryption key to obtain the target instruction.

On the basis of the foregoing embodiments corresponding to fig. 1 to 11, fig. 12 is a schematic device diagram of a data processing apparatus according to an embodiment of the present application, where the data processing apparatus 1200 includes an obtaining module 1201, a determining module 1202, an encoding module 1203, a reading module 1204 and a decoding module 1205;

In one possible implementation manner, the acquiring module is configured to:

In the process of generating the installation package corresponding to the virtual machine, acquiring a target instruction of the virtual machine;

The device is used for:

And when the virtual machine is installed through the installation package, storing the coding result in the target virtual memory address as the target instruction.

In one possible implementation, the apparatus is configured to:

And in response to determining that the virtual memory address corresponding to the target instruction is changed, taking the changed virtual memory address as the target virtual memory address, executing the operation of determining the encryption key corresponding to the target instruction according to the target virtual memory address corresponding to the target instruction.

In one possible implementation, the determining module is configured to:

Determining a fixed field identification in the target virtual memory address;

And using the fixed field identification as the encryption key.

In one possible implementation, the determining module is configured to:

determining an associated virtual memory address with a specified association relationship with the target virtual memory address in a virtual memory of the virtual machine;

And using a fixed field identification in the associated virtual memory address as the encryption key.

In one possible implementation, the determining module is configured to:

Generating a corresponding character string as the encryption key according to the target virtual memory address;

The device is used for:

The encryption key and the coding result are stored in an associated mode;

Before the encoding result is subjected to instruction decoding by a decoding algorithm corresponding to the encoding algorithm according to the encryption key to obtain the target instruction, the method further comprises:

And acquiring the encryption key stored in association with the coding result based on the target virtual memory address and the association relation.

In one possible implementation, the target instruction includes N data objects, N >1, and the encoding module is configured to:

and according to the encryption key, carrying out instruction encoding on a specified object in the target instruction through an encoding algorithm to obtain an encoding result, wherein the specified object is at least one of the N data objects.

In one possible implementation, the specified object is a part of the N data objects, the N data objects are divided into the specified object and a non-specified object, and the encoding module is configured to:

aiming at the appointed object, carrying out instruction coding on the appointed object by combining the encryption key through the coding algorithm to obtain a first sub-coding result;

Aiming at the non-appointed object, the non-appointed object is subjected to instruction coding through the coding algorithm without combining the encryption key, and a second sub-coding result is obtained;

And obtaining the coding result according to the first sub-coding result and the second sub-coding result.

In one possible implementation, the N data objects include an opcode and N-1 operands, the opcode being the specified object and the N-1 operands being the non-specified object.

In one possible implementation, the target instruction includes N data objects, N >1, the encoding algorithm specifies an encoding order for the N data objects, and the encoding module is configured to:

According to the encryption key, sequentially encoding the N data objects according to the encoding sequence requirement through the encoding algorithm to obtain sub-encoding results respectively corresponding to the N data objects, wherein in the sequential encoding, the sub-encoding result of the ith data object in the encoding sequence is used for encoding the (i+1) th data object, and i is less than or equal to 1 < N;

And generating the coding result according to the sub-coding results respectively corresponding to the N data objects and the sequence of the N data objects in the target instruction.

In one possible implementation, the decoding module is configured to:

Sequentially decoding the coding result based on the coding sequence through the decoding algorithm according to the encryption key to obtain the N data objects, wherein in the sequential decoding, the sub-coding result of the ith data object in the coding sequence is used for decoding the (i+1) th data object;

And generating the target instruction according to the sequence of the N data objects in the target instruction.

According to the data processing device, for the target instruction for controlling the virtual machine, in order to better encrypt the target instruction, the corresponding encryption key is determined according to the target virtual content address corresponding to the target instruction, the virtual memory address is a storage position for storing the target instruction when the virtual machine runs, so that the virtual memory addresses of different target instructions are different, and the encryption keys of all target instructions are determined according to the corresponding virtual memory addresses, so that the encryption keys of the target instructions stored in different virtual memory addresses are different. And different target instructions respectively encode the instructions according to the corresponding encryption keys, and the obtained encoding results are stored in the target virtual memory addresses as target instructions for decoding and using when needed. Therefore, based on the instruction coding mode of the encryption key which changes along with the change of the target virtual memory address, when the same target instruction is configured and stored in different virtual memory addresses, corresponding coding results are different, and aiming at different target instructions of different virtual memory addresses, the sub-coding results of the same data object in the respective coding results are also different. Therefore, the decoding cost of the coding result is effectively improved, and the safety of the virtual machine is improved.

The embodiment of the application also provides a computer device, which is the computer device introduced above, and can comprise a terminal device or a server, and the data processing device can be configured in the computer device. The computer device is described below with reference to the accompanying drawings.

If the computer device is a terminal device, please refer to fig. 13, an embodiment of the present application provides a terminal device, taking the terminal device as a mobile phone as an example:

Fig. 13 is a block diagram showing a part of the structure of a mobile phone related to a terminal device provided by an embodiment of the present application. Referring to fig. 13, the mobile phone includes a Radio Frequency (RF) circuit 1410, a memory 1420, an input unit 1430, a display unit 1440, a sensor 1450, an audio circuit 1460, a wireless fidelity (WiFi) module 1470, a processor 1480, and a power supply 1490. It will be appreciated by those skilled in the art that the handset construction shown in fig. 13 is not limiting of the handset and may include more or fewer components than shown, or may combine certain components, or a different arrangement of components.

The following describes the components of the mobile phone in detail with reference to fig. 13:

the RF circuit 1410 may be used for receiving and transmitting signals during a message or a call, specifically, receiving downlink information from a base station, processing the received downlink information by the processor 1480, and transmitting uplink data to the base station.

The memory 1420 may be used to store software programs and modules, and the processor 1480 performs various functional applications and data processing of the cellular phone by executing the software programs and modules stored in the memory 1420. The memory 1420 may mainly include a storage program area which may store an operating system, an application program required for at least one function (such as a sound playing function, an image playing function, etc.), etc., and a storage data area which may store data created according to the use of the cellular phone (such as audio data, a phonebook, etc.), etc. In addition, memory 1420 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device.

The input unit 1430 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the handset. In particular, the input unit 1430 may include a touch panel 1431 and other input devices 1432.

The display unit 1440 may be used to display information input by a user or information provided to the user and various menus of the mobile phone. The display unit 1440 may include a display panel 1441.

The handset can also include at least one sensor 1450, such as a light sensor, motion sensor, and other sensors.

Audio circuitry 1460, speaker 1461, microphone 1462 may provide an audio interface between the user and the handset.

WiFi belongs to a short-distance wireless transmission technology, and a mobile phone can help a user to send and receive emails, browse webpages, access streaming media and the like through a WiFi module 1470, so that wireless broadband Internet access is provided for the user.

The processor 1480 is a control center of the handset, connects various parts of the entire handset using various interfaces and lines, performs various functions of the handset and processes data by running or executing software programs and/or modules stored in the memory 1420, and invoking data stored in the memory 1420.

The handset also includes a power supply 1490 (e.g., a battery) that provides power to the various components.

In this embodiment, the processor 1480 included in the terminal apparatus also has the following functions:

And according to the encryption key, performing instruction decoding on the coding result through a decoding algorithm corresponding to the coding algorithm to obtain the target instruction. If the computer device is a server, as shown in fig. 14, fig. 14 is a block diagram of a server 1500 provided in the embodiment of the present application, where the server 1500 may have a relatively large difference due to different configurations or performances, and may include one or more central processing units (Central Processing Units, abbreviated as CPU) 1522 (e.g., one or more processors) and a memory 1532, one or more storage media 1530 (e.g., one or more mass storage devices) storing application programs 1542 or data 1544. Wherein the memory 1532 and the storage medium 1530 may be transitory or persistent storage. The program stored on the storage medium 1530 may include one or more modules (not shown), each of which may include a series of instruction operations on the server. Still further, the central processor 1522 may be configured to communicate with a storage medium 1530 and execute a series of instruction operations on the storage medium 1530 on the server 1500.

The Server 1500 may also include one or more power supplies 1526, one or more wired or wireless network interfaces 1550, one or more input/output interfaces 1558, and/or one or more operating systems 1541, such as a Windows Server ^TM,Mac OS X^TM,Unix^TM,Linux^TM,FreeBSD^TM, and the like.

The steps performed by the server in the above embodiments may be based on the server structure shown in fig. 14.

In addition, the embodiment of the application also provides a storage medium for storing a computer program for executing the method provided by the embodiment.

The present application also provides a computer program product comprising a computer program which, when run on a computer device, causes the computer device to perform the method provided by the above embodiments.

It will be appreciated by those of ordinary skill in the art that implementing all or part of the steps of the above method embodiments may be implemented by hardware associated with program instructions, where the above program may be stored in a computer readable storage medium, where the program when executed performs the steps including the above method embodiments, where the storage medium may be at least one of a Read-only Memory (ROM), a RAM, a magnetic disk, or an optical disk, etc. various media in which the computer program may be stored.

In the present embodiment, the term "module" or "unit" refers to a computer program or a part of a computer program having a predetermined function and working together with other relevant parts to achieve a predetermined object, and may be implemented in whole or in part by using software, hardware (such as a processing circuit or a memory), or a combination thereof. Also, a processor (or multiple processors or memories) may be used to implement one or more modules or units. Furthermore, each module or unit may be part of an overall module or unit that incorporates the functionality of the module or unit.

It should be noted that, in the present specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment is mainly described in a different point from other embodiments. In particular, for the apparatus and system embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, with reference to the description of the method embodiments in part. The apparatus and system embodiments described above are merely illustrative, in which elements illustrated as separate elements may or may not be physically separate, and elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.

The foregoing is only one specific embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions easily contemplated by those skilled in the art within the technical scope of the present application should be included in the scope of the present application. Further combinations of the present application may be made to provide further implementations based on the implementations provided in the above aspects. Therefore, the protection scope of the present application should be subject to the protection scope of the claims.

Claims

1. A method of data processing, the method comprising:

2. The method of claim 1, wherein the obtaining the target instruction of the virtual machine comprises:

The method further comprises the steps of:

3. The method according to claim 1, wherein the method further comprises:

4. The method according to claim 1, wherein the determining the encryption key corresponding to the target instruction according to the target virtual memory address corresponding to the target instruction comprises:

Determining a fixed field identification in the target virtual memory address;

And using the fixed field identification as the encryption key.

5. The method according to claim 1, wherein the determining the encryption key corresponding to the target instruction according to the target virtual memory address corresponding to the target instruction comprises:

6. The method according to claim 1, wherein the determining the encryption key corresponding to the target instruction according to the target virtual memory address corresponding to the target instruction comprises:

The method further comprises the steps of storing the encryption key and the coding result in an associated mode;

And acquiring the encryption key stored in association with the coding result based on the target virtual memory address.

7. The method according to any one of claims 1-6, wherein the target instruction includes N data objects, N >1, and the encoding result is obtained by performing instruction encoding on the target instruction through an encoding algorithm according to the encryption key, including:

8. The method according to claim 7, wherein the specified object is a part of the N data objects, the N data objects are divided into the specified object and a non-specified object, and the encoding the specified object in the target instruction by an encoding algorithm according to the encryption key to obtain an encoding result includes:

9. The method of claim 8, wherein the N data objects include an opcode and N-1 operands, the opcode being the specified object and the N-1 operands being the non-specified object.

10. The method according to any one of claims 1-6, wherein the target instruction includes N data objects, N >1, the encoding algorithm specifies an encoding order of the N data objects, and the encoding result is obtained by performing instruction encoding on the target instruction by the encoding algorithm according to the encryption key, including:

11. The method according to claim 10, wherein said performing instruction decoding on the encoded result by a decoding algorithm corresponding to the encoding algorithm according to the encryption key to obtain the target instruction includes:

12. The data processing device is characterized by comprising an acquisition module, a determination module, an encoding module, a reading module and a decoding module;

13. A computer device, the computer device comprising a processor and a memory:

the memory is used for storing a computer program and transmitting the computer program to the processor;

The processor is configured to perform the method of any of claims 1-11 according to the computer program.

14. A computer readable storage medium for storing a computer program which, when executed by a computer device, implements the method of any one of claims 1-11.

15. A computer program product comprising a computer program which, when run on a computer device, causes the computer device to perform the method of any of claims 1-11.