Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for monitoring program

A technology for monitoring programs and programs, applied in the computer field, can solve the problems of limited instrumentation tool efficiency, poor practical performance, and low method efficiency, and achieve the effects of improving monitoring efficiency, improving efficiency, and reducing manual intervention.

Active Publication Date: 2017-05-24
TENCENT TECH (SHENZHEN) CO LTD
View PDF4 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In addition, the existing technology monitors each API executed by a suspicious program by instrumentation. However, a program has a large number of APIs, which is limited by the efficiency of instrumentation tools. This method has low efficiency and poor practical performance.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for monitoring program
  • Method and device for monitoring program
  • Method and device for monitoring program

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0037] According to an embodiment of the present invention, an embodiment of a method for monitoring a program is provided. It should be noted that the steps shown in the flowcharts of the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions, and, Although a logical order is shown in the flowcharts, in some cases the steps shown or described may be performed in an order different from that shown or described herein.

[0038] The method embodiment provided in Embodiment 1 of the present application may be executed in a mobile terminal, a computer terminal, or a similar computing device. Take running on a computer terminal as an example, figure 1 It is a hardware structural block diagram of a computer terminal according to a method for monitoring a program in an embodiment of the present invention. Such as figure 1 As shown, the computer terminal 100 may include one or more (only one is shown in the figure) processor 102 ...

Embodiment 2

[0125] According to an embodiment of the present invention, a device for implementing the above method for monitoring a program is also provided. Figure 7 is a schematic diagram of a device for monitoring programs according to the first embodiment of the present invention, such as Figure 7 As shown, the device includes:

[0126] The determination module 701 is configured to determine the monitored program.

[0127] The loading module 702 is used for loading the monitored program.

[0128] The instrumentation module 703 is configured to instrument each application programming interface API function called by the monitored program when the monitored program is running.

[0129] A function name acquiring module 704, configured to acquire the function name of the API function.

[0130] Injection judging module 705, for judging whether described API function satisfies preset judging logic according to the function name of described API function;

[0131] An injection type acq...

Embodiment 3

[0155] The embodiment of the invention also provides a storage medium. Optionally, in this embodiment, the above-mentioned storage medium may be used to store the program code executed by the method for monitoring a program in the above-mentioned embodiment.

[0156] Optionally, in this embodiment, the storage medium is configured to store program codes for performing the following steps:

[0157] The first step is to determine the program to be monitored.

[0158] The second step is to load the monitored program.

[0159] In the third step, when the monitored program is running, each application programming interface API function called by the monitored program is inserted.

[0160] The fourth step is to obtain the function name of the API function.

[0161] The fifth step is to judge whether the API function satisfies the preset judgment logic according to the function name of the API function.

[0162] Step 6, if yes, it is determined that the monitored program is injec...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and device for monitoring a program and belongs to the technical field of computers. The method includes: loading a to-be-monitored program; during the operation of the to-be-monitored program, performing instrumentation on each application programming interface API function called by the to-be-monitored program; acquiring the function name of each API function; judging whether each API function satisfies preset judging logic or not according to the corresponding function name; if so, judging that the to-be-monitored program has dynamic-link library DLL injection; detecting the injection type of the DLL injection according to preset detecting logic; acquiring injection information. The method has the advantages that whether the to-be-monitored is injected with a DLL module or not and an injection manner can be judged effectively, only the information of the API functions conforming to the logic needs to be output and judged, other API functions are not processed and output, and accordingly monitoring efficiency is increased evidently.

Description

technical field [0001] The invention relates to the technical field of computers, in particular to a method and device for monitoring a program. Background technique [0002] In the prior art, for performance considerations, the active defense module in the device only checks whether the executable file (for example, exe file) of the program can be trusted, and does not check the DLL (Dynamic Link Library, dynamic link library) loaded by the program. Library file. DLL injection refers to putting a DLL into the address space of a process, making it part of that process. [0003] The above-mentioned characteristics of active defense in the prior art are utilized by some malicious programs. The malicious program uses DLL injection technology to package the Trojan horse DLL with a trusted white program. When the white program is executed, the Trojan DLL will be loaded, thereby Realize the purpose of using white programs to break through the active defense. [0004] In the exi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/52G06F21/56
CPCG06F21/52G06F21/566
Inventor 向琦董文辉王有富林智鑫
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com