CN102736978B - Method and apparatus for detecting a mounted state of the application - Google Patents

Method and apparatus for detecting a mounted state of the application Download PDF

Info

Publication number
CN102736978B
CN102736978B CN 201210215997 CN201210215997A CN102736978B CN 102736978 B CN102736978 B CN 102736978B CN 201210215997 CN201210215997 CN 201210215997 CN 201210215997 A CN201210215997 A CN 201210215997A CN 102736978 B CN102736978 B CN 102736978B
Authority
CN
Grant status
Grant
Patent type
Prior art keywords
terminal
application
detected
registry
according
Prior art date
Application number
CN 201210215997
Other languages
Chinese (zh)
Other versions
CN102736978A (en )
Inventor
申朝辉
Original Assignee
北京奇虎科技有限公司
奇智软件(北京)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Grant date

Links

Abstract

本发明公开了一种检测应用程序的安装状态的方法及装置其中所述方法包括:建立云端数据库,其中保存有针对每个应用程序所收集的所有文件的参考特征码;维护终端配置列表,其中记录有所述终端上安装的每个应用程序的安装路径、根据所述安装路径获取的每个应用程序安装的全部文件以及每个文件的特征码;根据所述终端配置列表提取待检测应用程序的每个文件的特征码在云端数据库中进行比对,根据比对结果判定所述待检测应用程序是否在所述终端上被正确安装并反馈给所述终端。 The present invention discloses a method of detecting a mounted state of the application method and device wherein the method comprises: establishing cloud database, which stores all documents with reference signature collected for each application; maintenance terminal configuration list, wherein installation path is recorded for each application installed on the terminal, according to all the files, and signature of each file path acquired for each application of the mounting installation; list to extract its configuration according to the terminal application each signature file to compare the database in the cloud, according to the comparison result of the determination to be checked whether the application is correctly installed and fed back to the terminal on the terminal. 本发明能够结合多种角度对应用程序的安装进行周全、细致的检查。 The present invention can be combined with a variety of mounting angle of application is comprehensive, detailed examination.

Description

一种检测应用程序的安装状态的方法及装置 Method and apparatus for detecting a mounted state of the application

技术领域 FIELD

[0001] 本发明属于计算机领域,具体地说,涉及一种检测应用程序的安装状态的方法及 [0001] The present invention belongs to the field of computers, and more particularly, relates to a method of detecting a mounted state of the application process and

目.0 Head .0

背景技术 Background technique

[0002] 现在,检测应用程序是否被正确安装的方式,主要是通过检测应用程序的文件的版本以及应用程序的注册表文件的版本来实现。 [0002] Now, the way to detect whether the application is properly installed, mainly achieved by detection version of the application file and the registry file an application. 但是,通过这种方式并不能真实检测出应用程序是否被正确安装。 However, in this way it does not truly detect whether the application is properly installed.

[0003] 首先,仅检测应用程序的文件版本是不足够的。 [0003] First of all, only the file version detection applications is not enough. 因为应用程序的文件的版本正确,不代表文件的内容没有被篡改,比如目前的病毒木马或游戏外挂等可以做到将文件的内容进行篡改甚至替换,但不改变文件的版本,此时文件的版本号就不能够真正反应出应用程序是否被正确安装。 Because the version of the file of the application is correct, does not mean that the contents of the file has not been tampered with, such as the current virus, Trojan horse or game plug-in can do so on the contents of the documents were tampered with or even replace, but does not change the version of the file, the file is the version number will not be able to truly reflect the application is properly installed. 另外,除PE文件(Portable Execute可移植的执行文件)以外,应用程序的其它文件是没有版本的,此时通过检查版本号就无法完成检测,也就无法检测出应用程序是否被正确安装。 Further, in addition to PE file (Portable Execute portable executable file), the other files of the application version is not, at this time by checking the version number of the detection can not be completed, it can not detect whether the application is correctly installed.

[0004] 再者,仅检测应用程序的注册表文件的版本也是不足够的。 [0004] Moreover, the only version of the registry file detection applications is not enough. 注册表文件是静态的,其可能与应用程序的文件的真实版本完全不对应,比如某应用程序的文件被删改了,文件的版本也发生了变化,但是并不会相应地删改注册表文件及其版本,此时应用程序的注册表文件与应用程序的文件真实版本就不一致了,通过检查注册表文件的版本号就不能够真正检测出应用程序是否被正确安装。 Registry files are static, which may not correspond exactly with the real version of the file of the application, such as file deletion is an application, the version of the file has changed, but not a corresponding registry file deletion and its version, then the registry file and application files on a real version of the application is inconsistent, and do not really detect whether the application is correctly installed by checking the version number of the registry file.

发明内容 SUMMARY

[0005] 有鉴于此,本发明所要解决的技术问题是提供了一种检测应用程序的安装状态的方法及装置,能够结合多种角度对应用程序的安装进行周全、细致的检查。 [0005] Accordingly, the present invention is to solve the technical problem is to provide a method and apparatus for detecting a mounted state of the application, the angle can be combined with a variety of mounting applications will be thorough and careful inspection.

[0006] 为了解决上述技术问题,本发明公开了一种检测应用程序的安装状态的方法,包括:建立云端数据库,其中保存有针对每个应用程序所收集的所有文件的参考特征码;维护终端配置列表,其中记录有所述终端上安装的每个应用程序的安装路径、根据所述安装路径获取的每个应用程序安装的全部文件以及每个文件的特征码;根据所述终端配置列表提取待检测应用程序的每个文件的特征码在云端数据库中进行比对,根据比对结果判定所述待检测应用程序是否在所述终端上被正确安装并反馈给所述终端。 [0006] To solve the above problems, the present invention discloses a method of detecting a mounted state of the application, comprising: establishing a cloud database, which stores all documents with reference signature collected for each application; maintenance terminal configuration list, wherein the mounting path is recorded for each application installed on the terminal, according to all the files, and signature of each file path acquired for each application of the mounting installation; extracted according to the terminal configuration list each pattern file of the application to be detected are aligned in the cloud database, according to the comparison result of the determination to be checked whether the application is correctly installed and fed back to the terminal on the terminal.

[0007] 进一步地,所述特征码,为唯一标识所述文件及文件内容的特征码,包括以下一种或者多种的组合:经由信息摘要算法MD5运算得出的MD5验证码、安全哈希算法校验码和循环冗余校验码。 [0007] Further, the signature for uniquely identifying the documents and signature content, comprising a combination of one or more of the following: via MD5 message-digest algorithm MD5 authentication code calculated over, Secure Hash checksum algorithm and a cyclic redundancy check code.

[0008] 进一步地,所述维护终端配置列表,还包括:在每个应用程序新增文件和/或删除文件和/或修改文件内容和/或修改文件存路径时,还在所述终端配置列表中更新相应的记录。 [0008] Further, the configuration list maintenance terminal, further comprising: at each new application files and / or delete files and / or and / or modify the file storage path, also change the contents of the terminal configuration list update the corresponding record.

[0009] 进一步地,所述云端数据库中还保存有针对每个应用程序所收集的写入注册表项的参考键值;所述终端配置列表中还记录有所述终端上安装的每个应用程序所创建的注册表项的路径以及根据所述注册表项的路径获取的每个应用程序写入注册表项的键值;还根据所述终端配置列表提取待检测应用程序的写入注册表项的键值在云端数据库中进行比对,根据比对结果判定所述待检测应用程序是否在所述终端上的注册表中被正确设置并反馈给所述终端。 [0009] Further, the cloud database further stores write collected for each application registry entry key reference; each application is recorded in the list is also installed on the terminal configuration of the terminal route registry entry is created and the program acquired by each application based on the path of the registration entry key write registry keys; further configured to extract its application list according to the registry of the terminal to compare the key value of the cloud in the database, according to the comparison result of the determination of the application to be detected and fed back been set correctly to the terminal in the registry of the terminal.

[0010] 进一步地,所述维护终端配置列表,还包括:在每个应用程序修改注册表项的路径和/或新增注册表项和/或删除注册表项和/或修改注册表项内容和/或修改系统注册表项内容时,还在所述终端配置列表中更新相应的记录。 [0010] Further, the configuration list maintenance terminal, further comprising: modifying each application registry entry path and / or add registry keys and / or delete registry keys and / or modify the registry items when registry items and / or modify the system, the terminal is also configured to update the corresponding record in the list.

[0011] 进一步地,所述云端数据库中还保存有所收集的每个应用程序运行时所创建的参考主进程及配套的进程和/或全部动态链接库和/或服务;所述终端配置列表中还记录有所述终端上安装的每个应用程序在运行时所创建的主进程以及所述主进程调用的进程和/或动态链接库和/或服务;根据所述终端配置列表提取待检测应用程序在运行时所创建的主进程以及所述主进程调用的进程和/或动态链接库和/或服务在云端数据库中进行比对,根据比对结果判定所述待检测应用程序是否在所述终端上正确运行并反馈给所述终端。 [0011] Further, the cloud database has also saved for each application collected reference master process runs created and supporting processes and / or all of the dynamic link library and / or services; the terminal configuration list in the main process is also recorded for each application installed on the terminal runtime created the calling process and the main process and / or dynamic link libraries, and / or services; extract its configuration list, according to the terminal the main process of the application at runtime create and process the main process calls and / or dynamic link libraries and / or services in the cloud database for comparison, it is determined to be detected applications based on whether the comparison result said run correctly on the terminal and fed back to the terminal.

[0012] 进一步地,所述维护终端配置列表,还包括:在每个应用程序新增进程和/或新增配套进程和/或新增动态链接库和/或新增服务和/或删除进程时,还在所述终端配置列表中更新相应的记录。 [0012] Further, the maintenance terminal configuration list, further comprising: at each new application process and / or supporting the new processes and / or add dynamic link libraries and / or additional services and / or removal process when, also the terminal updates the corresponding record in the configuration list.

[0013] 进一步地,根据比对结果判定所述待检测应用程序在所述终端上被正确安装时向所述终端发送的反馈,包括:提示所述待检测应用程序在所述终端上被正确安装;根据比对结果判定所述待检测应用程序在所述终端上的注册表中被正确设置时向所述终端发送的反馈,包括:提示所述待检测应用程序在所述终端上的注册表中被正确设置;根据比对结果判定所述待检测应用程序在所述终端上正确运行时向所述终端发送的反馈,包括:提示所述待检测应用程序在所述终端上正确运行;根据比对结果判定所述待检测应用程序在所述终端上没有被正确安装时和/或在所述终端上的注册表中没有被正确设置时和/或在所述终端上没有正确运行时,向所述终端发送的反馈,包括以下一项或多项的组合:提示所述待检测应用程序的非正确信息、提示修复所述待检测应用程 [0013] Further, according to the comparison result of the determination to the feedback sent by the terminal to be detected when the application is properly installed on the terminal, comprising: prompting the application is to be detected correctly on the terminal installation; according to the comparison result of the determination of the application program to be detected on the terminal registry feedback sent to the terminal is correctly set, comprising: detecting prompt the application to be registered in the terminal the table being set correctly; according to the comparison result of the determination of the application to be detected feedback sent to the terminal to run correctly on the terminal, comprising: prompting the application program to be run correctly detected on the terminal; according to the comparison result of the determination of the application is not to be detected on the terminal is correctly installed and / or registry on the terminal is not correctly set and / or not running properly on the terminal sending feedback to the terminal, including a combination of one or more of: the information to be prompted to correct the non-detection application, prompt repair applications to be detected 序、提示终止所述待检测应用程序的运行、提示清理所述待检测应用程序、提示重新安装所述待检测应用程序。 Sequence, suggesting terminating operation of said application program to be detected, cleaning up the application to be checked, to be prompted to re-install the application detect.

[0014] 为了解决上述技术问题,本发明还公开了一种检测应用程序的安装状态的装置,包括:云端数据库、云端数据库管理模块、终端配置列表、终端配置列表维护模块和比对分析模块;所述云端数据库管理模块,用于建立云端数据库;所述云端数据库,用于保存针对每个应用程序所收集的所有文件的参考特征码;所述终端配置列表维护模块,用于维护终端配置列表;所述终端配置列表,用于记录所述终端上安装的每个应用程序的安装路径、根据所述安装路径获取的每个应用程序安装的全部文件以及每个文件的特征码;所述比对分析模块,用于根据所述终端配置列表提取待检测应用程序的每个文件的特征码在云端数据库中进行比对,根据比对结果判定所述待检测应用程序是否在所述终端上被正确安装并反馈给所述终端。 [0014] To solve the above problems, the present invention also discloses a device for detecting the mounted state of the application program, comprising: a database cloud, the cloud database management module, a terminal configuration list, the terminal configuration list maintenance module and comparative analysis module; the cloud database management module for establishing a cloud database; the cloud database, configured to store the reference pattern all files collected for each application; the terminal configuration list maintenance module for maintaining a list of terminal configuration ; list of the terminal is configured for mounting path of each application installed on the terminal records, files, and all the pattern according to each file path acquired for each application of the mounting installation; the ratio analyzing means for extracting a list of configuration files for each pattern to be detected is to compare the application database in the cloud according to the terminal, according to the comparison result of the determination whether the application is to be detected at the terminal correctly installed and fed back to the terminal.

[0015] 进一步地,所述比对分析模块,所提取的所述特征码,为唯一标识所述文件及文件内容的特征码,包括以下一种或者多种的组合:经由信息摘要算法MD5运算得出的MD5验证码、安全哈希算法校验码和循环冗余校验码。 [0015] Further, the ratio of the analysis module, the extracted signature for uniquely identifying the document and a signature file content, comprising a combination of one or more of the following: message-digest algorithm MD5 calculation via resulting MD5 authentication code, secure hash algorithm checksum and cyclic redundancy check code.

[0016] 进一步地,所述终端配置列表维护模块,在维护终端配置列表时,还用于在每个应用程序新增文件和/或删除文件和/或修改文件内容和/或修改文件存路径时,在所述终端配置列表中更新相应的记录。 [0016] Furthermore, the terminal configuration list maintenance module, when the maintenance terminal configuration list, is also used in each new application files and / or delete files and / or change the contents and / or modify the file path memory when, updates the corresponding record in the terminal configuration list.

[0017] 进一步地,所述云端数据库,还用于保存针对每个应用程序所收集的写入注册表项的参考键值;所述终端配置列表,还用于记录所述终端上安装的每个应用程序所创建的注册表项的路径以及根据所述注册表项的路径获取的每个应用程序写入注册表项的键值;所述比对分析模块,还用于根据所述终端配置列表提取待检测应用程序的写入注册表项的键值在云端数据库中进行比对,根据比对结果判定所述待检测应用程序是否在所述终端上的注册表中被正确设置并反馈给所述终端。 [0017] Further, the cloud database, further configured to store the reference key registry key is written collected for each application; each of the terminal configuration list, is also mounted for recording of the terminal paths registry key created by the application, and each application acquired according to the path of the registration entry key write registry key; said alignment analysis module is further for configuring the terminal according to extracting a list entry to be written to the registry key is detected to compare the application database in the cloud, it has been set correctly according to the comparison result of the determination of the application registry to be detected in the terminal and fed back to the said terminal.

[0018] 进一步地,所述终端配置列表维护模块,在维护终端配置列表时,还用于在每个应用程序修改注册表项的路径和/或新增注册表项和/或删除注册表项和/或修改注册表项内容和/或修改系统注册表项内容时,在所述终端配置列表中更新相应的记录。 [0018] Furthermore, the terminal configuration list maintenance module, when the terminal is configured to maintain a list, registry entries is further configured to modify the path and / or add registry keys and / or delete registry keys in each application and / or modify the registry items and / or modify the system registry entry contents, update the corresponding record in the terminal configuration list.

[0019] 进一步地,所述云端数据库,还用于保存所收集的每个应用程序运行时所创建的参考主进程及配套的进程和/或全部动态链接库和/或服务;所述终端配置列表,还用于记录所述终端上安装的每个应用程序在运行时所创建的主进程以及所述主进程调用的进程和/或动态链接库和/或服务;所述比对分析模块,还用于根据所述终端配置列表提取待检测应用程序在运行时所创建的主进程以及所述主进程调用的进程和/或动态链接库和/或服务在云端数据库中进行比对,根据比对结果判定所述待检测应用程序是否在所述终端上正确运行并反馈给所述终端。 [0019] Further, the cloud database further reference to the main process for each application program stored in the collected runtime created and associated processes and / or all of the dynamic link library and / or services; and the terminal configuration list, but also for the main process each application installed on the terminal in run-time record created and the main process of the calling process and / or dynamic link libraries and / or services; the alignment analysis module, further extracting the primary process for configuring a listing to be checked at runtime applications created the calling process and the main process and / or dynamic link libraries, and / or services in the cloud than for a database according to the terminal, based on the ratio It is determined to be the result of the detection of the application is running, and fed back to the correct terminal on the terminal.

[0020] 进一步地,所述终端配置列表维护模块,在维护终端配置列表时,还用于在每个应用程序新增进程和/或新增配套进程和/或新增动态链接库和/或新增服务和/或删除进程时,在所述终端配置列表中更新相应的记录。 [0020] Furthermore, the terminal configuration list maintenance module, when the maintenance terminal configuration list, is also used in each new application process and / or additional ancillary process and / or add dynamic link library and / or when new services and / or removal process, update the corresponding record in the terminal configuration list.

[0021] 进一步地,所述比对分析模块,根据比对结果判定所述待检测应用程序在所述终端上被正确安装时向所述终端发送的反馈,包括:提示所述待检测应用程序在所述终端上被正确安装;所述比对分析模块,根据比对结果判定所述待检测应用程序在所述终端上的注册表中被正确设置时向所述终端发送的反馈,包括:提示所述待检测应用程序在所述终端上的注册表中被正确设置;所述比对分析模块,根据比对结果判定所述待检测应用程序在所述终端上正确运行时向所述终端发送的反馈,包括:提示所述待检测应用程序在所述终端上正确运行;所述比对分析模块,根据比对结果判定所述待检测应用程序在所述终端上没有被正确安装时和/或在所述终端上的注册表中没有被正确设置时和/或在所述终端上没有正确运行时,向所述终端发送的反馈,包括以下一项 [0021] Further, the ratio of the analysis module, send feedback to the terminal according to the comparison result of the determination when the application is detected to be correctly installed on the terminal, comprising: prompting the application program to be checked is properly installed on the terminal; the module alignment analysis, according to the comparison result of the determination to the feedback sent by the terminal to be detected in the registry on application of the terminal is correctly set, comprising: prompting the application program to be detected on the terminal is disposed in registry correctly; the comparison and analysis module, according to the result of the determination of the ratio to be correctly detected applications running on the terminal to the terminal transmitting feedback, comprising: prompting the application program to be run correctly detected on the terminal; the module alignment analysis, according to the comparison result of the determination of the application is not to be detected properly installed on the terminal and / or registry on the terminal is not correctly set and / or is not functioning correctly, the feedback transmitted to the terminal on the terminal, comprising a 多项的组合:提示所述待检测应用程序的非正确信息、修复所述待检测应用程序、终止所述待检测应用程序的运行、清理所述待检测应用程序、重新安装所述待检测应用程序。 A combination of multiple Tip: incorrect information in the application to be checked, repaired to be detected application, terminates the application to be detected, clean up the application to be checked and re-install the application to be tested program.

[0022] 与现有的方案相比,本发明所获得的技术效果: [0022] Compared with the existing program, the technical effects obtained by the present invention:

[0023] I)病毒木马感染破坏和应用程序本身的容错性差都会造成应用程序被破坏,包括非PE的数据文件如dat文件、Iib文件等,甚至系统文件,都可能随时被破坏或遗失,本发明可以识别文件内容的损坏,而且智能快捷方便的检测方式就显得尤其必要。 [0023] I) Trojan virus infection damage and the application itself fault tolerance difference will cause the application to be destroyed, including non-PE data files such as dat file, Iib files, and even the system files, may at any time be destroyed or lost, this invention can identify the contents of the file is damaged, and intelligent fast and convenient detection method is especially necessary.

[0024] 2)注册表项被破坏、修改,或者应用程序安装时自身问题导致未能正确地写入注册表项,此时都是无法正常启动并使用应用程序的,本发明可以识别注册表项的损坏,通过这一检测方式,就能够彻底追查出软件安装后是否能基本的正确启动。 [0024] 2) registry entry is destroyed when modifying or application installation itself cause problems not correctly written to the registry key, and at this time are not start normally using the application, the present invention can be identified registry damaged items, through this detection method, it is possible to completely traced whether the basic start correctly after installing the software.

[0025] 3)假设应用程序的文件和注册表项这种静态信息都是正确的,但在某种特定环境,如64位系统下,无法被加载32位进程及进程配套的dll及服务,这种情况也可以认为是失败的安装,本发明可以识别内存加载项的损坏,从而彻底追查出安装后不能正确启动的原因。 [0025] 3) Assuming the application files and registry entries this static information is correct, but in a particular environment, such as 64-bit, 32-bit processes can not be loaded and processes supporting dll and services, this situation can also be considered a failure to install, the present invention can identify corrupted memory load items, to completely trace the cause can not be installed after the start correctly.

附图说明 BRIEF DESCRIPTION

[0026] 图1为本发明实施例的方法流程图; [0026] Figure 1 a flowchart of a method embodiment of the present invention;

[0027] 图2为本发明实施例步骤SlO的流程图; [0027] FIG 2 is a flowchart of the procedure of Example SlO embodiment of the present invention;

[0028] 图3为本发明实施例步骤S20的流程图; [0028] FIG 3 a flow diagram of the embodiment of the present invention, the step S20;

[0029] 图4为本发明实施例步骤S30的流程图; [0029] FIG 4 is a flowchart of step S30 embodiment of the present invention embodiment;

[0030] 图5为本发明实施例的装置结构图。 [0030] FIG. 5 shows the structure of an embodiment of the present invention.

具体实施方式 detailed description

[0031] 以下将配合图式及实施例来详细说明本发明的实施方式,藉此对本发明如何应用技术手段来解决技术问题并达成技术功效的实现过程能充分理解并据以实施。 [0031] with the following drawings and will be described in detail in Example embodiments of the present invention, thereby fully understand how the present invention is applied to the technical means to solve the technical problem and achieve the technical effects of the implementation process and accordingly embodiment.

[0032] 本申请的主要思想 [0032] The main idea of ​​this application

[0033] 分别检测待检测应用程序的每个文件的特征码、写入注册表项的键值、在运行时的内存加载项; [0033] detect the signature of each file to be detected application, write key registry entry, add memory at runtime;

[0034] 任意文件的特征码是具有唯一性的,应用程序安装后,如果其他病毒木马或钩子替换修改应用程序的文件内容,或者应用程序本身容错性很差,导致应用程序的文件被破坏或删除或替换,则能够通过特征码校验出来。 Signature [0034] any file is unique, and the application is installed, or if other Trojan virus hooks replace content files modify the application, the application itself or fault tolerance is poor, resulting in the application file is damaged or removed or replaced, it is possible to check out by signature.

[0035] 应用程序安装后会在注册表创建不同的注册表项,包括安装项、服务项、开机启动项、用户注册信息等,例如杀毒软件在开机后登录前会加载优先级高的服务项,所述服务项必须抢在病毒木马启动之前启动,这样才能保证杀毒软件的正常运行,所以还需要检测写入注册表项的键值。 [0035] After installing the application creates a different registry entries in the registry, including the installation of items, service items, startup items, such as user registration information, such as anti-virus software before you can log the boot will load a high-priority service items the service items must be ahead of the Trojan virus start to start, so as to ensure the normal operation of antivirus software, so it needs a registry key entry that programmed.

[0036] 应用程序安装后,会启动主进程,之后主进程还会自行调用其他配套进程、动态链接库(dll)、服务,在某些环境下,应用程序是无法正常启动进程及加载配套进程、dll和服务,另外如果注入了其他第三方进程或者dll或其他不正确的模块应用程序也会出错,所以还需要检测在运行时的内存加载项,所述内存加载项包括:所创建的主进程以及所述主进程调用的进程和/或动态链接库和/或服务。 [0036] Once the application is installed, it will start the main process, after the main process also calls itself other supporting processes, dynamic-link library (dll), service, under certain circumstances, the application is unable to start the process of loading and supporting the process of normal , dll and services, while if the injection process or other third party dll or other incorrect application modules make mistakes, so it is necessary to detect memory add-ins at run time, the memory add-ons include: the creation of the master process and the main process of the calling process and / or dynamic link libraries and / or services.

[0037] 本串请的应用场景 [0037] The present application scenario string Please

[0038] I)应用程序被用户安装完成后,会遇到一系列使用上的问题甚至无法启动软件;此时用户常常求助于客服人员,但作为客服人员在远程很难追溯原因,例如应用程序没有被正确安装还是已经被破坏,或者是应用程序本身的功能性问题;此时适于应用本发明智能检查文件是否被安装,注册表项(如安装信息,服务项,用户信息等项)是否被撰写,特定的用户环境下是否启动进程、加载dll模块、启动服务。 [0038] I) after the application is installed complete user will encounter a series of problems even can not start using the software; this time users often resort to customer service, but as a customer service staff in remote difficult to trace the cause, such as an application not installed correctly or has been damaged, or the application itself functional problems; in this case adapted to check whether the application smart document of the present invention is mounted, the registry key (e.g., installation information, service items, items of user information) is It is written, whether to start the process under a specific user environment, load the dll module, start the service.

[0039] 2)应用程序的测试人员在测试时,往往首先要测试应用程序是否被正确安装上,然后才能进一步检测软件本身功能是否正确,比如安装一个大型达到IG的office软件,里面会有几万个文件,也需要写上千个注册表项,安装完毕后,中间出现任何环节,都是很难追查软件是否是被安装出错还是软件本身的BUG,此时适于应用本发明进行智能地排查。 Testers [0039] 2) application in testing, often the first to test whether the application is properly installed, before further testing of the software itself functions correctly, such as the installation of a large-scale reached IG office software, there will be a few million files, also need to write thousands of registry entries, after installation, any intermediate links, are very difficult to trace whether the software is installed wrong BUG or the software itself, in which case the present invention is suitable for applications intelligently investigation.

[0040] 3)应用程序的开发人员在开发大型软件时,每个开发人员不会负责所有模块的开发,只是负责部分模块的开发和集成调试,为了保证调试的完整性,此时适于应用本发明智能检查文件是否被安装。 [0040] 3) application developers in the development of large-scale software, each developer will not be responsible for the development of all modules, only partially responsible for the development and integrated debugging module, in order to ensure the integrity of debugging, suitable for application at this time check whether the smart document of the present invention is mounted.

[0041] 当然,本申请并不限于以上应用场景,还存在其他适用于涉及海量数据浏览及数据格式编辑的场景。 [0041] Of course, the present application is not limited to the above scenarios, there are other mass data browsing and editing the data format suitable for scenarios involving.

[0042] 实施例描沐 [0042] Example embodiments described Mu

[0043] 以下以一实施例对本发明的方法进行说明。 [0043] Hereinafter, the method of the present invention will be explained in one embodiment. 如图1所示,为本发明实施例的检测应用程序的安装状态的方法流程图,执行如下操作: 1, the mounting state detecting application of the embodiment of the present invention is shown in the flowchart, perform the following operations:

[0044] 步骤S10,检测待检测应用程序的每个文件的特征码,根据检测结果判定所述待检测应用程序是否在所述终端上正确安装。 [0044] Step S10, the signature of each file to be detected detecting the application, the application is determined to be detected correctly installed on the terminal according to the detection result.

[0045] 步骤S20,检测待检测应用程序写入注册表项的键值,根据检测结果判定所述待检测应用程序是否在所述终端上正确设置。 [0045] step S20, the application program written to be detected detecting the registry key entry, based on the detection result of the determination to be checked whether the correct application provided on the terminal.

[0046] 步骤S30,检测待检测应用程序在运行时的内存加载项,根据检测结果判定所述待检测应用程序是否在所述终端上正确运行。 [0046] step S30, the detecting memory add runtime application to be detected, the detection is determined to be the correct application is running on the terminal according to the detection result.

[0047] 应用程序的安装状态包括:待检测应用程序是否在所述终端上正确安装、正确设置和/或正确运行。 Installation state [0047] application comprising: detecting whether the application is to be properly installed on the terminal, the correct settings and / or operating properly. 上述步骤S10、S20、S30的并无执行次序,可以同时执行,也可以按任意次序先后执行,从以上三个平行的角度立体的检测待检测应用程序的状况。 The above-described steps S10, S20, S30, no execution order may be performed simultaneously, may be performed in any order successively, from the perspective angle of more than three parallel detection of the condition to be detected application.

[0048] 以下以一个实施例对上述步骤SlO进行说明。 [0048] In the following an embodiment example of the above step SlO will be described. 如图2所示,为本发明实施例步骤SlO的流程图,执行如下操作: 2, in step SlO of the flowchart of the present invention, perform the following operations:

[0049] 步骤S102,建立云端数据库,其中保存有针对每个应用程序所收集的所有文件的参考特征码; [0049] step S102, the establishment of cloud database, which holds the reference signatures of all documents collected for each application;

[0050] 所述特征码,为唯一标识所述文件及文件内容的特征码,包括以下一种或者多种的组合:经由信息摘要算法MD5运算得出的MD5验证码、安全哈希算法SHAl校验码和循环冗余CRC校验码。 [0050] The signature as a signature for uniquely identifying the document and the document content, comprising a combination of one or more of the following: derived via MD5 message-digest algorithm MD5 calculation codes, Secure Hash Algorithm correction SHAl and a cyclic redundancy check code CRC.

[0051] 所述参考特征码可以是正确的、判定为正确安装的参考值,通过白名单实现;所述参考特征码也可以是错误的、判定为未正确安装的参考值,通过黑名单实现。 [0051] The reference signatures may be correct, a reference value is determined properly installed, is achieved by whitelist; the reference signature may be wrong, it is determined that the reference value is not properly installed, is achieved by blacklist .

[0052] 步骤S104,维护终端配置列表,其中记录有所述终端上安装的每个应用程序的安装路径、根据所述安装路径获取的每个应用程序安装的全部文件以及每个文件的特征码; [0052] Step S104, the maintenance terminal configuration list, wherein the mounting path is recorded for each application installed on the terminal, each application path signatures acquired and all the files installed for each file according to the mounting ;

[0053] 通过具有文件或目录是否存在的功能的API (应用程序编程接口)函数获取所述终端上安装的每个应用程序的安装路径,例如PathFileExists函数,PathFileExists函数用于确定一个文件或目录的文件系统对象的路径是否是有效的;根据所述安装路径,通过具有枚举文件或文件夹的功能的API函数获取每个应用程序安装的全部文件,例如FindFirstFile函数和FindNextFile函数,FindFirstFile函数用于根据文件名查找文件,FindNextFile函数用于根据调用FindFirstFile函数时指定的一个文件名查找下一个文件。 [0053] (Application Programming Interface) API function is obtained by having the file or directory exists a function of the mounting path of each application installed on the terminal, e.g. PathFileExists function, PathFileExists function to determine a file or directory if the file system object path is valid; in accordance with the installation path, all the documents acquired by each application installed enumeration API function has a function of a file or folder, for example, and functions FindFirstFile FindNextFile functions, functions for FindFirstFile find files based on file name, FindNextFile function is used to find the next file specified when calling FindFirstFile function a file name.

[0054] 在每个应用程序新增文件和/或删除文件和/或修改文件内容(包括系统文件)和/或修改文件存路径时,还在所述终端配置列表中更新相应的记录。 [0054] When each new application files and / or delete files and / or change the contents (including system files), and / or modify the file path memory, the terminal is also configured to update the corresponding record in the list.

[0055] 步骤S106,根据所述终端配置列表提取待检测应用程序的每个文件的特征码在云端数据库中进行比对,根据比对结果判定所述待检测应用程序是否在所述终端上被正确安装并反馈给所述终端。 [0055] step S106, according to the terminal configuration list for each signature extraction application file to be detected is to compare the database in the cloud, according to the comparison result of the determination whether the application is to be detected at the terminal correctly installed and fed back to the terminal.

[0056] 参考特征码保存在所述云端数据库的白名单时,如果比对后发现终端配置列表中的特征码均被云端数据库中的参考特征码所命中,此时可以判定所述待检测应用程序在所述终端上被正确安装;如果比对后只要有一个终端配置列表中的特征码没有被云端数据库中的参考特征码所命中,此时可以判定所述待检测应用程序在所述终端上没有被正确安装。 [0056] When the reference pattern stored in the whitelist cloud database, if the client finds the terminal configuration list are Drive signature database reference signature is hit, then you can determine that the application be detected program is properly installed on the terminal; if the ratio of the terminal configuration as long as a list of signatures not been hit in the cloud database reference signature, then the terminal may determine the application to be detected on not installed correctly.

[0057] 参考特征码保存在所述云端数据库的黑名单时,如果比对后发现终端配置列表中的只要有一个特征码均被云端数据库中的参考特征码所命中,此时可以判定所述待检测应用程序在所述终端上没有被正确安装;如果比对后终端配置列表中的特征码均没有被云端数据库中的参考特征码所命中,此时可以判定所述待检测应用程序在所述终端上被正确安装。 When [0057] the reference pattern stored in the blacklist database cloud, if the client finds the terminal profile list as long as there are a signature database cloud hits the reference signature, the case can be determined detecting application is not to be properly installed on the terminal; if the list of signatures arranged after the terminal than did not hit the cloud being a reference signature database, the determination at this time can be detected in the application program It is properly mounted on the said terminal.

[0058] 根据比对结果判定所述待检测应用程序在所述终端上被正确安装时向所述终端发送的反馈,包括:提示所述待检测应用程序在所述终端上被正确安装; [0058] The comparison result of the determination to the feedback sent by the terminal to be detected when the application is properly installed on the terminal, comprising: prompting the application is to be detected correctly installed on the terminal;

[0059] 根据比对结果判定所述待检测应用程序在所述终端上没有被正确安装时向所述终端发送的反馈,包括以下一项或多项的组合:提示所述待检测应用程序的非正确信息、提示修复所述待检测应用程序、提示终止所述待检测应用程序的运行、提示清理所述待检测应用程序、提示重新安装所述待检测应用程序。 [0059] The ratio of the detection result of the determination of the application does not have to be transmitted to the feedback terminal is correctly installed on the terminal, including a combination of one or more of: prompting the application program to be detected incorrect information, prompt restoration of the application to be detected, suggesting that terminates the application to be detected, suggesting that cleaning up the application to be detected, prompt to reinstall the application to be checked.

[0060] 以下以一个应用实例对上述步骤SlO进行说明。 [0060] In the following application example described above a step SlO will be described. 待检测的应用程序以Fet1n为例,特征码以MD5为例,MD5值可以通过哈希算法获得。 Application to be detected Fet1n example, MD5 signature to an example, the value can be obtained by MD5 hash algorithm.

[0061] 云端数据库中保存有针对每个应用程序所收集的所有文件的参考MD5值,所述参考MD5值为正确的参考值,例如其中至少包括: [0061] Drive all files stored in the database of the collected application for each reference MD5 value, the reference value is MD5 correct reference value, for example, comprising at least:

[0062] Fet1n.exe&8af829e342a6bl5696af9650ad5f805c [0062] Fet1n.exe & 8af829e342a6bl5696af9650ad5f805c

[0063] fxffebBrowser.exe&8af829e342a6bl5696af9650ad5f8051 [0063] fxffebBrowser.exe & 8af829e342a6bl5696af9650ad5f8051

[0064] Fet1n.1ib&8af829e342a6bl5696af9650ad5f8052 [0064] Fet1n.1ib & 8af829e342a6bl5696af9650ad5f8052

[0065]其中,Fet1n.exe、fxffebBrowser.exe、Fet1n.lib 是文件,8af8 29e342a6bl5 696af96 5 0ad5f80 5c 是Fet1n.exe 对应的MD5 值,8af829e342a6bl5696af9650ad5f8051 是fxWebBrowser.exe 对应的MD5 值,8af829e342a6bl5696af9650ad5f8052 是Fet1n.1ib 对应的MD5 值。 [0065] wherein, Fet1n.exe, fxffebBrowser.exe, Fet1n.lib file, 8af8 29e342a6bl5 696af96 5 0ad5f80 5c is Fet1n.exe corresponding MD5 value, 8af829e342a6bl5696af9650ad5f8051 corresponding MD5 value is fxWebBrowser.exe, 8af829e342a6bl5696af9650ad5f8052 corresponding to a Fet1n.1ib the MD5 value.

[0066] 终端配置列表中记录文件路径、文件以及文件的MD5值,例如: [0066] The terminal configuration file path MD5 values ​​are recorded, and the file list of files, for example:

[0067] Filel="C: \ProgramFiles\ChinaMobile\Fet1n\Fet1n.exe"&8af829e342a6bl5696af9650ad5f805c [0067] Filel = "C: \ ProgramFiles \ ChinaMobile \ Fet1n \ Fet1n.exe" & 8af829e342a6bl5696af9650ad5f805c

[0068] Filel="C:\ProgramFiles\ChinaMobile\Fet1n\fxffebBrowser.exe"&8af829e342a6bl5696af9650ad5f8051 [0068] Filel = "C: \ ProgramFiles \ ChinaMobile \ Fet1n \ fxffebBrowser.exe" & 8af829e342a6bl5696af9650ad5f8051

[0069] Filel="C:\ProgramFiles\ChinaMobile\Fet1n\Fet1n.1ib"&8af829e342a6bl5696af9650ad5f8052 [0069] Filel = "C: \ ProgramFiles \ ChinaMobile \ Fet1n \ Fet1n.1ib" & 8af829e342a6bl5696af9650ad5f8052

[0070] 以上格式中,Fet1n.exe、fxffebBrowser.exe、Fet1n.lib 是文件,C:\ProgramFiles\ChinaMobile\Fet1n\ 是文件路径,8af829e342a6bl5696a f9650ad5f805c是Fet1n.exe 对应的MD5 值,8af829e342a6bl5696af9650ad5f8051 是fxWebBrowser.exe对应的MD5 值,8af829e342a6bl596af9650ad5f8052 是Fet1n.1ib 对应的MD5 值,Fet1n.1ib是非PE文件。 [0070] In the above format, Fet1n.exe, fxffebBrowser.exe, Fet1n.lib file, C: \ ProgramFiles \ ChinaMobile Fet1n \ file path \, 8af829e342a6bl5696a f9650ad5f805c corresponding MD5 value is Fet1n.exe, 8af829e342a6bl5696af9650ad5f8051 is fxWebBrowser.exe corresponding MD5 value, 8af829e342a6bl596af9650ad5f8052 corresponding MD5 value is Fet1n.1ib, Fet1n.1ib non PE file.

[0071] 在应用程序Fet1n新增文件(包括临时生成的文件)、删除文件、修改文件内容(包括修改windows系统文件)、文件存储的路径时,终端配置列表中记录的参数会自动更新调整。 [0071] In the application Fet1n new file (including a temporary generated file), delete files, modify the contents of the file (including modifications windows file system), when the path to the file is stored, the terminal configuration parameters recorded in the list adjusted automatically updated.

[0072]根据所述终端配置列表提取 Fet1n 的Fet1n.exe、fxffebBrowser.exe、Fet1n.lib的MD5值在云端数据库中进行比对,如果比对后发现终端配置列表中的MD5均被云端数据库中的参考MD5值所命中,此时可以判定所述待检测应用程序在所述终端上被正确安装;如果比对后终端配置列表中只要有一个MD5没有被云端数据库中的参考MD5值所命中,此时可以判定所述待检测应用程序在所述终端上没有被正确安装。 [0072] The configuration of the terminal according to the list of extracted Fet1n.exe Fet1n, fxffebBrowser.exe, MD5 value Fet1n.lib were aligned in the cloud database, if the client finds the terminal profile list are MD5 cloud database MD5 hit reference value, the determination at this time can be detected application is properly installed on the terminal; if there is a long MD5 than the terminal profile list is not the reference value of MD5 of the cloud database hit, at this time it can be determined that the application is not detected correctly installed on the terminal.

[0073] 以下以一个实施例对上述步骤S20进行说明。 [0073] In the following an embodiment example of the above-described step S20 will be described. 如图3所示,为本发明实施例步骤S20的流程图,执行如下操作: 3, a flowchart of step S20 of the present invention, perform the following operations:

[0074] 步骤S202,建立云端数据库,其中保存有针对每个应用程序所收集的写入注册表项的参考键值; [0074] step S202, the establishment of the cloud database, which holds the registry key is written with reference to the collected key for each application;

[0075] 所述参考键值可以是正确的、判定为正确安装的参考值,通过白名单实现;所述参考键值也可以是错误的、判定为未正确安装的参考值,通过黑名单实现。 [0075] The reference key value may be correct, a reference value is determined properly installed, is achieved by whitelist; the reference key value may be wrong, it is determined that the reference value is not properly installed, is achieved by blacklist .

[0076] 步骤S204,维护终端配置列表,其中记录有所述终端上安装的每个应用程序所创建的注册表项的路径以及根据所述注册表项的路径获取的每个应用程序写入注册表项的键值; [0076] Step S204, the maintenance terminal configuration list, registry entries recorded therein the path for each application installed on the terminal and create each application acquired according to the path of the registration entry write register table of key items;

[0077] 通过具有在指定的注册表项下进行读写操作的功能的API函数获取每个应用程序所创建的注册表项的路径以及写入注册表项的键值,例如SHGetValue函数和RegCreateKeyEx函数,SHGetValue函数用于在指定的注册表项下进行读写操作;RegCreateKeyEx函数用于在指定注册表项下创建新项的复杂方式,在Win32环境中使用。 [0077] Gets the registry key path for each application created by the API function has a function to read and write at a specified key registry entries and writing registry entry, e.g. SHGetValue functions and functions RegCreateKeyEx , SHGetValue function for performing read and write operations at the registry key specified; the RegCreateKeyEx function to create a new entry in a complicated manner specified registry key, used in a Win32 environment.

[0078] 在每个应用程序修改注册表项的路径和/或新增注册表项和/或删除注册表项和/或修改注册表项内容和/或修改系统注册表项内容时,还在所述终端配置列表中更新相应的记录。 [0078] In each application to modify the registry key path and / / or registry entries or add and / or remove registry entries and modify the registry items and / or modify the system registry items, still the terminal profile list update the corresponding record.

[0079] 步骤S206,根据所述终端配置列表提取待检测应用程序的写入注册表项的键值在云端数据库中进行比对,根据比对结果判定所述待检测应用程序是否在所述终端上的注册表中被正确设置并反馈给所述终端; [0079] Step S206, the terminal configuration list according to the key extraction registry key is written applications to be detected are aligned in the cloud database, according to the comparison result of the determination of the application is to be detected in said terminal the registry is set correctly and fed back to the terminal;

[0080] 参考键值保存在所述云端数据库的白名单时,如果比对后发现终端配置列表中的键值均被云端数据库中的参考键值所命中,此时可以判定所述待检测应用程序在所述终端上被正确设置;如果比对后终端配置列表中只要有一个键值没有被云端数据库中的参考键值所命中,此时可以判定所述待检测应用程序在所述终端上没有被正确设置。 [0080] Reference key stored at the cloud database whitelist, if the client finds the terminal configuration are key list cloud database hits the reference key value, the determination at this time can be detected application program is set correctly at the terminal; if the ratio of the terminal configuration as long as a key list being not hit the reference cloud database key, a time to be determined on the detected application program in the terminal It is not set correctly.

[0081] 参考键值保存在所述云端数据库的黑名单时,如果比对后发现终端配置列表中只要有一个键值均被云端数据库中的参考键值所命中,此时可以判定所述待检测应用程序在所述终端上没有被正确设置;如果比对后终端配置列表中的键值均没有被云端数据库中的参考键值所命中,此时可以判定所述待检测应用程序在所述终端上被正确设置。 When the [0081] key stored in the black reference of the cloud database, if the client finds the terminal profile list as long as there are a key cloud database hits the reference key value, the determination at this time may be detecting application is not set correctly on the terminal; if the configuration list of key-value ratio of the terminal after being hit the cloud did not reference the database key, the determination at this time can be detected in the application program It is set correctly on the terminal.

[0082] 根据比对结果判定所述待检测应用程序在所述终端上的注册表中被正确设置时向所述终端发送的反馈,包括:提示所述待检测应用程序在所述终端上的注册表中被正确设置; [0082] The comparison result of the determination to the feedback sent by the terminal to be detected in the registry on application of the terminal is correctly set, comprising: prompting the application program to be detected on the terminal the registry is set correctly;

[0083] 根据比对结果判定所述待检测应用程序在所述终端上的注册表中没有被正确设置时向所述终端发送的反馈,包括以下一项或多项的组合:提示所述待检测应用程序的非正确信息、提示修复所述待检测应用程序、提示终止所述待检测应用程序的运行、提示清理所述待检测应用程序、提示重新安装所述待检测应用程序。 [0083] The comparison result of the determination to the feedback sent by the terminal to be detected in the registry on application of the terminal is not correctly set, comprising a combination of one or more of: the tips to be incorrect application of information detection, prompt restoration of the application to be detected, suggesting that terminates the application to be detected, suggesting that cleaning up the application to be detected, prompt to reinstall the application to be checked.

[0084] 以下以一个应用实例对上述步骤S20进行说明。 [0084] In the following application example of the above-described step S20 will be described. 待检测的应用程序以Fet1n为例。 Applications to be detected Fet1n example.

[0085] 云端数据库中保存有针对每个应用程序所收集的写入注册表项的参考键值,所述参考键值为正确的参考值,例如其中至少包括: [0085] Drive database registry key is written is stored in the collected key reference for each application, with reference to the key value to the correct reference value, for example, comprising at least:

[0086] " \ " C: \\Prοgram Fi les\\China Mob i I e\\Fet 1n\\Fet 1n.exe\" \" %1\""。 [0086] "\" C: \\ Prοgram Fi les \\ China Mob i I e \\ Fet 1n \\ Fet 1n.exe \ "\"% 1 \ "".

[0087] 终端配置列表中记录注册表项的路径以及写入注册表项的键值,例如: [0087] The terminal configuration path recorded in the list and writing registry entry key registry entries, for example:

[0088] [HKEY_CLASSES_R00T\App I icat1ns\Fet1n.exe \ she 11 \open\command]@="\"C:\\Program Files\\China Mobile\\Fet1n\\Fet1n.exe\" \" %1\"" [0088] [HKEY_CLASSES_R00T \ App I icat1ns \ Fet1n.exe \ she 11 \ open \ command] @ = "\" C: \\ Program Files \\ China Mobile \\ Fet1n \\ Fet1n.exe \ "\"% 1 \ ""

[0089] 以上格式中,[HKEY_CLASSES_ROOT\Applicat1ns\Fet1n.exe\shell\open\command]是注册表项的路径,"\" C: \\Program Files\\China Mobile\\Fet1n\\Fet1n.exe\" \" %1\""是写入的注册表项的键值。 [0089] in the above format, [HKEY_CLASSES_ROOT \ Applicat1ns \ Fet1n.exe \ shell \ open \ command] is the path to the registry key, "\" C: \\ Program Files \\ China Mobile \\ Fet1n \\ Fet1n.exe \ "\"% 1 \ "" is the key registry entries written.

[0090] 应用程序Fet1n在修改注册表的路径,新增注册表项(包括临时生成的注册表项)、删除注册表项、修改注册表项内容(包括修改windows注册表项)时,终端配置列表中记录的参数会自动更新调整。 When the [0090] application in modifying the registry Fet1n path, the new registry entries (including temporarily generated registry key), remove the registry keys, registry entries modify the content (including modifications windows registry entries), terminal configuration recorded in the list will be updated automatically adjust the parameters.

[0091] 根据所述终端配置列表提取Fet1n写入的注册表项的键值在云端数据库中进行比对,如果比对后发现终端配置列表中的键值均被云端数据库中的参考键值所命中,此时可以判定所述待检测应用程序在所述终端上被正确设置;如果比对后终端配置列表中只要有一个键值没有被云端数据库中的参考键值所命中,此时可以判定所述待检测应用程序在所述终端上没有被正确设置。 [0091] are aligned in the cloud database according to the registry entry key list extracted Fet1n write terminal configuration, if the ratio of key values ​​found in the reference list of the terminal configuration are key cloud database hit, this time can be determined that the application is correctly detected provided on the terminal; if there is a key as long as the ratio of the terminal are arranged not in the list of reference hits cloud database key, may be determined at this time the application is not to be detected properly disposed on the terminal.

[0092] 以下以一个实施例对上述步骤S30进行说明。 [0092] In the following an embodiment example of the above-described step S30 will be described. 如图4所示,为本发明实施例步骤S30的流程图,执行如下操作: 4, a flowchart of the embodiment of the present invention the step S30, performs the following operations:

[0093] 步骤S302,建立云端数据库,其中保存有所收集的每个应用程序运行时所创建的参考主进程及配套的进程和/或全部动态链接库和/或服务; [0093] step S302, the establishment of cloud database, refer to the main process in which each application has saved collected runtime created and supporting processes and / or all of the dynamic link library and / or services;

[0094] 所述参考主进程及配套的进程和/或全部动态链接库和/或服务可以是正确的、判定为正确安装的参考值,通过白名单实现;所述参考主进程及配套的进程和/或全部动态链接库和/或服务也可以是错误的、判定为未正确安装的参考值,通过黑名单实现。 [0094] The process and the supporting reference master process and / or all of the dynamic link library and / or service may be correct, a reference value is determined properly installed, is achieved by whitelist; and matching process of the reference master process and / or all of the dynamic link library and / or services may be wrong, it is determined that the reference value is not properly installed, implemented by the blacklist.

[0095] 步骤S304,维护终端配置列表,其中记录有所述终端上安装的每个应用程序在运行时所创建的主进程以及所述主进程调用的进程和/或动态链接库和/或服务; [0095] step S304, the maintenance terminal configuration list, which recorded the main process for each application installed on the terminal created at run time and the main processes of the calling process and / or dynamic link libraries and / or services ;

[0096] 通过具有为指定的进程、进程使用的堆、模块、线程建立快照的功能的API函数获取每个应用程序在运行时所创建的主进程以及所述主进程调用的进程和/或动态链接库和/ 或服务,例如CreateToolhelp32Snapshot 函数,CreateToolhelp32Snapshot 函数用于为指定的进程、进程使用的堆[HEAP]、模块[MODULE]、线程[THREAD]建立一个快照。 [0096] By having the specified process, process heap, a module, a snapshot of the establishment of functional thread API function to get the primary process each application at runtime created and the main process of the calling process and / or dynamic link libraries and / or services, such as CreateToolhelp32Snapshot function, CreateToolhelp32Snapshot function is used for the specified process, the process used heap [hEAP], module [mODULE], thread [tHREAD] to create a snapshot.

[0097] 在每个应用程序新增进程和/或新增配套进程和/或新增动态链接库和/或新增服务和/或删除进程时,还在所述终端配置列表中更新相应的记录。 [0097] update the new process in each application and / or supporting the new processes and / or add dynamic link libraries and / or additional services and / or deletion process is also the terminal configuration list recording.

[0098] 步骤S306,根据所述终端配置列表提取待检测应用程序在运行时所创建的主进程以及所述主进程调用的进程和/或动态链接库和/或服务在云端数据库中进行比对,根据比对结果判定所述待检测应用程序是否在所述终端上正确运行并反馈给所述终端; [0098] step S306, the configuration of the terminal to be detected according to the list of primary extraction process of the application at run-time created the calling process and the main process and / or dynamic link libraries, and / or services in the cloud database match the ratio of the result of the determination to be detected and the application is running is fed back to the correct terminal on the terminal;

[0099] 参考值保存在所述云端数据库的白名单时,如果比对后发现终端配置列表中的主进程以及所述主进程调用的进程和/或动态链接库和/或服务均被云端数据库中的参考值所命中,此时可以判定所述待检测应用程序在所述终端上被正确设置;如果比对后终端配置列表中只要有一个主进程以及所述主进程调用的进程和/或动态链接库和/或服务没有被云端数据库中的参考值所命中,此时可以判定所述待检测应用程序在所述终端上没有被正确设置。 [0099] When the reference value is stored in the whitelist cloud database, if the client finds the main process of the terminal configuration list and the main process of the calling process and / or dynamic link libraries, and / or services are cloud database the hit reference value, the determination at this time can be properly detected application is provided on the terminal; if the ratio of the terminal after the configuration process of a list as long as the main process and the main process calls and / or dynamically linked library and / or service is not the reference value in the cloud database hit, then it can determine that the application is not to be detected properly disposed on the terminal.

[0100] 参考值保存在所述云端数据库的黑名单时,如果比对后发现终端配置列表中只要有一个主进程以及所述主进程调用的进程和/或动态链接库和/或服务均被云端数据库中的参考键值所命中,此时可以判定所述待检测应用程序在所述终端上没有被正确设置;如果比对后终端配置列表中的主进程以及所述主进程调用的进程和/或动态链接库和/或服务均没有被云端数据库中的参考键值所命中,此时可以判定所述待检测应用程序在所述终端上被正确设置。 [0100] When the reference value stored in the black cloud database, if the client finds the terminal profile list as long as there is a master process and the main process of the calling process and / or dynamic link libraries, and / or services are cloud database hits the reference key value, the determination at this time can be properly detected application is not provided on the terminal; If the configuration than the main process list after the process of the main terminal and the calling process and / or dynamic link libraries, and / or services have not been hit in the reference cloud database key, a time to determine whether the application is to be detected correctly disposed on the terminal.

[0101] 根据比对结果判定所述待检测应用程序在所述终端上正确运行时向所述终端发送的反馈,包括:提示所述待检测应用程序在所述终端上正确运行; [0101] The ratio of the detection result of the determination of the application to be sent to the feedback terminal to run correctly on the terminal, comprising: prompting the application program to be run correctly detected on the terminal;

[0102] 根据比对结果判定所述待检测应用程序在所述终端上没有正确运行时向所述终端发送的反馈,包括以下一项或多项的组合:提示所述待检测应用程序的非正确信息、提示修复所述待检测应用程序、提示终止所述待检测应用程序的运行、提示清理所述待检测应用程序、提示重新安装所述待检测应用程序。 [0102] The ratio of the detection result of the determination of the application is not to be sent to the feedback terminal operates correctly on the terminal, including a combination of one or more of: prompting the non-application to be detected correct information, prompt restoration of the application to be detected, suggesting that terminates the application to be detected, suggesting that cleaning up the application to be detected, prompt to reinstall the application to be checked.

[0103] 以下以一个应用实例对上述步骤S30进行说明。 [0103] In the following application example of the above-described step S30 will be described. 待检测的应用程序以Fet1n为例。 Applications to be detected Fet1n example.

[0104] 云端数据库中保存有所收集的每个应用程序运行时所创建的参考主进程及配套的进程和/或全部动态链接库和/或服务,所述参考主进程及配套的进程和/或全部动态链接库和/或服务为正确的参考值,例如其中至少包括: [0104] reference to the main process each application in the cloud to save the database has been collected runtime created and supporting processes and / or all of the dynamic link library and / or services, the main reference process and supporting processes and / or all of the dynamic link library and / or services to correct a reference value, for example, comprising at least:

[0105]主进程 Fet1n.exe、配套的动态链接库ADVAPI32.dll 和AvatarX.dllo [0105] primary process Fet1n.exe, supporting dynamic link libraries ADVAPI32.dll and AvatarX.dllo

[0106] 终端配置列表中记录每个应用程序在运行时所创建的主进程以及所述主进程调用的进程和/或动态链接库和/或服务,例如: [0106] terminal configuration list records in the primary process each application at runtime created and the main process of the calling process and / or dynamic link libraries and / or services, such as:

[0107] Exel=Fet1n.exe&ADVAPI32.dll&AvatarX.dll [0107] Exel = Fet1n.exe & ADVAPI32.dll & AvatarX.dll

[0108] Exe2=… [0108] Exe2 = ...

[0109] 以上格式中,Fet1n.exe是主进程,ADVAPI32.dll是主进程Fet1n.exe的配套动态链接库,AvatarX.dll也是主进程Fet1n.exe的配套动态链接库。 [0109] in the above format, Fet1n.exe is the main process, ADVAPI32.dll is the main process Fet1n.exe supporting dynamic link libraries, AvatarX.dll is the main process Fet1n.exe supporting dynamic link library.

[0110] 应用程序Fet1n在新增进程(包括临时加载的进程)、新增配套的dll (包括需要注入windows系统进程或dll)、新增配套的服务、删除进程时,终端配置列表中记录的参数会自动更新调整。 [0110] Application Fet1n in new processes (including temporary loading process), when new matching dll (including the need to inject windows system process or dll), new ancillary services, the removal process, terminal configuration list records parameters are updated automatically adjusted.

[0111] 根据所述终端配置列表提取Fet1n运行时所创建的参考主进程及配套的进程和/或全部动态链接库和/或服务在云端数据库中进行比对,如果比对后发现终端配置列表中的主进程及配套的进程和/或全部动态链接库和/或服务均被云端数据库中的参考值所命中,此时可以判定所述待检测应用程序在所述终端上被正确运行;如果比对后终端配置列表中的主进程及配套的进程和/或全部动态链接库和/或服务只要有一个没有被云端数据库中的参考值所命中,此时可以判定所述待检测应用程序在所述终端上没有被正确运行。 [0111] in the cloud database to compare the reference in the main process when the terminal is configured to extract Fet1n run list created and supporting processes and / or all of the dynamic link library and / or services, if the discovery after comparing the terminal configuration list the main process and matching process and / or all of the dynamic link library and / or services that are the reference values ​​in the cloud database hit, then you can determine that the application is to be run correctly detected on the terminal; if than the main process after the terminal configuration list and the supporting processes and / or all of the dynamic link library and / or services as long as there is not a reference value in the cloud database hit, then it can determine that the application be detected not run correctly on the terminal.

[0112] 以下再以三个装置实施例对本发明的装置进行说明,所述装置与上述方法流程对应,不足之处可参考上述方法部分。 [0112] The following Examples further embodiment of the apparatus in three device of the invention will be described, the apparatus and method of the above-described process corresponds to the inadequacies of the methods described above may be reference portion. 如图5所示,为检测应用程序的安装状态的装置,包括:云端数据库1、云端数据库管理模块2、终端配置列表3、终端配置列表维护模块4和比对分析模块5。 5, the installed application state detecting device, comprising: a database cloud, the cloud database management module 2, the terminal configuration list 3, list maintenance terminal configuration module 4 and 5 compared to the analysis module.

[0113] 第一装置实施例 [0113] The first embodiment of device

[0114] 所述云端数据库管理模块2,用于建立云端数据库I ; [0114] The database management module Drive 2, Drive for establishing a database I;

[0115] 所述云端数据库1,用于保存针对每个应用程序所收集的所有文件的参考特征码; [0115] The cloud database 1 for storing all the files collected for each application of the reference signature;

[0116] 所述终端配置列表维护模块4,用于维护终端配置列表3 ; [0116] The terminal configuration list maintenance module 4, arranged for maintaining a list of terminal 3;

[0117] 所述终端配置列表3,用于记录所述终端上安装的每个应用程序的安装路径、根据所述安装路径获取的每个应用程序安装的全部文件以及每个文件的特征码; [0117] The terminal configuration list 3, the installation path for each application installed on the terminal records, files, and all the signatures of each file path acquired for each application installed in accordance with the installation;

[0118] 所述比对分析模块5,用于根据所述终端配置列表3提取待检测应用程序的每个文件的特征码在云端数据库I中进行比对,根据比对结果判定所述待检测应用程序是否在所述终端上被正确安装并反馈给所述终端。 [0118] The alignment analysis module 5, for comparison in the cloud database file I according to the pattern of each terminal 3 to extract its configuration list in an application, according to the comparison result of the determination to be detected whether the application is properly installed and fed back to the terminal on the terminal.

[0119] 所述终端配置列表维护模块4,在维护终端配置列表3时,进一步用于通过具有文件或目录是否存在的功能的应用程序编程接口API函数获取所述终端上安装的每个应用程序的安装路径;进一步用于根据所述安装路径,通过具有枚举文件或文件夹的功能的API函数获取每个应用程序安装的全部文件。 [0119] The terminal configuration list maintenance module 4, three terminal configuration list during maintenance, by having a further file or directory exists a function of an application programming interface function to obtain the API for each application installed on the terminal installation path; further installation according to the path, all the documents acquired by each application installed enumeration API function having a function of a file or folder.

[0120] 所述终端配置列表维护模块4,在维护终端配置列表3时,还用于在每个应用程序新增文件和/或删除文件和/或修改文件内容(包括系统文件)和/或修改文件存路径时,在所述终端配置列表3中更新相应的记录。 [0120] The terminal configuration list maintenance module 4, three terminal configuration list during maintenance, but also for the new file in each application, and / or delete files and / or file content (including system files), and / or when modifying the file save path disposed in the terminal list corresponding record update 3.

[0121] 所述特征码,为唯一标识所述文件及文件内容的特征码,包括以下一种或者多种的组合:经由信息摘要算法MD5运算得出的MD5验证码、安全哈希算法校验码和循环冗余校验码。 [0121] The signature for uniquely identifying the file and the file content signature, comprising a combination of one or more of the following: derived by calculating MD5 message-digest algorithm MD5 authentication code, checking the Secure Hash Algorithm code and a cyclic redundancy check code.

[0122] 所述比对分析模块5,根据比对结果判定所述待检测应用程序在所述终端上被正确安装时向所述终端发送的反馈,包括:提示所述待检测应用程序在所述终端上被正确安装;根据比对结果判定所述待检测应用程序在所述终端上没有被正确安装时向所述终端发送的反馈,包括以下一项或多项的组合:提示所述待检测应用程序的非正确信息、修复所述待检测应用程序、终止所述待检测应用程序的运行、清理所述待检测应用程序、重新安装所述待检测应用程序。 [0122] The alignment analysis module 5, a decision feedback sent to the terminal to be detected when the application is properly installed on the terminal according to the comparison result, comprising: prompting the application program to be detected in the It is properly mounted on said terminal; according to the comparison result of the determination of the application is not detected to be sent to the feedback terminal is correctly installed on the terminal, including a combination of one or more of: the prompt to be incorrect application of information detection, repair to be detected application, terminates the application to be detected, clean up the application to be checked and re-install the application to be checked.

[0123] 第二装置实施例 [0123] The second embodiment of apparatus

[0124] 所述云端数据库管理模块2,用于建立云端数据库I ; [0124] The database management module Drive 2, Drive for establishing a database I;

[0125] 所述云端数据库1,用于保存针对每个应用程序所收集的写入注册表项的参考键值; [0125] The cloud database 1, the registry key is written the collected key reference for each application for storing;

[0126] 所述终端配置列表维护模块4,用于维护终端配置列表3 ; [0126] The terminal configuration list maintenance module 4, arranged for maintaining a list of terminal 3;

[0127] 所述终端配置列表3,用于记录所述终端上安装的每个应用程序所创建的注册表项的路径以及根据所述注册表项的路径获取的每个应用程序写入注册表项的键值; [0127] The terminal 3 arranged list, registry entry path for each application installed on the terminal recording the created application and for each path according to the obtained registry entry written to the registry key items;

[0128] 所述比对分析模块5,用于根据所述终端配置列表3提取待检测应用程序的写入注册表项的键值在云端数据库I中进行比对,根据比对结果判定所述待检测应用程序是否在所述终端上的注册表中被正确设置并反馈给所述终端。 [0128] The alignment analysis module 5, for comparison in the cloud database in the terminal I 3 extracts configuration list entry to be written to the registry key is detected according to the application, according to the comparison result of the determination detecting whether the application is to be correctly disposed in registry on the terminal and fed back to the terminal.

[0129] 所述终端配置列表维护模块4,在维护终端配置列表3时,进一步用于通过具有在指定的注册表项下进行读写操作的功能的API函数获取每个应用程序所创建的注册表项的路径以及写入注册表项的键值。 [0129] The terminal configuration list maintenance module 4, in the configuration list maintenance terminal 3, further configured to acquire each application through the API function has a function to read and write at a specified registry key created register path entries and write key registry entries.

[0130] 所述终端配置列表维护模块4,在维护终端配置列表3时,还用于在每个应用程序修改注册表项的路径和/或新增注册表项和/或删除注册表项和/或修改注册表项内容和/或修改系统注册表项内容时,在所述终端配置列表3中更新相应的记录。 [0130] The terminal configuration list maintenance module 4, in the configuration list maintenance terminal 3, further configured to modify each application registry entry path and / or add registry keys and / or delete registry keys and when / or modify the registry items and / or modify the system registry items, the terminal configuration list update corresponding records 3.

[0131] 所述比对分析模块5,根据比对结果判定所述待检测应用程序在所述终端上的注册表中被正确设置时向所述终端发送的反馈,包括:提示所述待检测应用程序在所述终端上的注册表中被正确设置;根据比对结果判定所述待检测应用程序在所述终端上的注册表中没有被正确设置时向所述终端发送的反馈,包括以下一项或多项的组合:提示所述待检测应用程序的非正确信息、修复所述待检测应用程序、终止所述待检测应用程序的运行、清理所述待检测应用程序、重新安装所述待检测应用程序。 [0131] The alignment analysis module 5, according to the comparison result of the determination to the feedback sent by the terminal to be detected in the registry on application of the terminal is set correctly, comprising: a prompt to be detected application is correctly set in the registry on the terminal; according to the comparison result of the determination to the feedback sent by the terminal to be detected in the registry on application of the terminal is not correctly set, comprising a combination of one or more of: Tip incorrect information in the application to be checked, repaired to be detected application, terminates the application to be detected, clean up the application to be checked and re-install the application to be detected.

[0132] 第三装置实施例 [0132] The third embodiment of the apparatus

[0133] 所述云端数据库管理模块2,用于建立云端数据库I ; [0133] The database management module Drive 2, Drive for establishing a database I;

[0134] 所述云端数据库1,用于保存所收集的每个应用程序运行时所创建的参考主进程及配套的进程和/或全部动态链接库和/或服务; [0134] The cloud database 1, primary reference for each application process to save the collected runtime created and supporting processes and / or all of the dynamic link library and / or services;

[0135] 所述终端配置列表维护模块4,用于维护终端配置列表3 ; [0135] The terminal configuration list maintenance module 4, arranged for maintaining a list of terminal 3;

[0136] 所述终端配置列表3,还用于记录所述终端上安装的每个应用程序在运行时所创建的主进程以及所述主进程调用的进程和/或动态链接库和/或服务; [0136] The terminal configuration list 3, the main process is further configured for each application installed on the terminal recorded in the run-time created the calling process and the main process and / or dynamic link libraries, and / or services ;

[0137] 所述比对分析模块5,还用于根据所述终端配置列表3提取待检测应用程序在运行时所创建的主进程以及所述主进程调用的进程和/或动态链接库和/或服务在云端数据库I中进行比对,根据比对结果判定所述待检测应用程序是否在所述终端上正确运行并反馈给所述终端。 [0137] The alignment analysis module 5, the terminal is further configured to configure a list of the primary extraction process 3 to be checked at runtime applications created the calling process and the main process and / or dynamic link libraries and according / or services are aligned in the cloud database I, the application program is running to be detected and fed back to the terminal according to the comparison result of the determination on the terminal correctly.

[0138] 所述终端配置列表维护模块4,在维护终端配置列表3时,进一步用于通过具有为指定的进程、进程使用的堆、模块、线程建立快照的功能的API函数获取每个应用程序在运行时所创建的主进程以及所述主进程调用的进程和/或动态链接库和/或服务。 [0138] The terminal configuration list maintenance module 4, three terminal configuration list during maintenance, more API functions for a bulk process, a module, the thread creating snapshots function is specified by having a process of acquiring each application the main process at runtime created and the main process of the calling process and / or dynamic link libraries and / or services.

[0139] 所述终端配置列表维护模块4,在维护终端配置列表3时,还用于在每个应用程序新增进程和/或新增配套进程和/或新增动态链接库和/或新增服务和/或删除进程时,在所述终端配置列表3中更新相应的记录。 [0139] The terminal configuration list maintenance module 4, in the configuration list maintenance terminal 3, further configured to process each new application and / or additional ancillary process and / or add dynamic link library and / or new or by service and / deletion process, arranged in the terminal 3 updates the list of the corresponding record.

[0140] 所述比对分析模块5,根据比对结果判定所述待检测应用程序在所述终端上正确运行时向所述终端发送的反馈,包括:提示所述待检测应用程序在所述终端上正确运行;根据比对结果判定所述待检测应用程序在所述终端上没有正确运行时向所述终端发送的反馈,包括以下一项或多项的组合:提示所述待检测应用程序的非正确信息、修复所述待检测应用程序、终止所述待检测应用程序的运行、清理所述待检测应用程序、重新安装所述待检测应用程序。 [0140] The alignment analysis module 5, according to the comparison result of the determination of the feedback to be transmitted to the terminal application to behave correctly detected on the terminal, comprising: prompting the application program to be detected in the the terminal is operating correctly; according to the comparison result of the determination of the application is not to be detected on the terminal transmits the feedback to the terminal operating correctly, comprising a combination of one or more of: prompting the application program to be checked the incorrect information, repairing to be detected application, terminates the application to be detected, clean up the application to be checked and re-install the application to be checked.

[0141] 需要说明的是,在不冲突的情况下,本发明中的实施例及实施例中的特征可以相互任意组合。 [0141] Incidentally, in the case of no conflict, embodiments and features of embodiments of the present invention may be arbitrarily combined with each other.

[0142]当然,本发明还可有其他多种实施例,在不背离本发明精神及其实质的情况下,熟悉本领域的技术人员可根据本发明作出各种相应的改变和变形,但这些相应的改变和变形都应属于本发明所附的权利要求的保护范围。 [0142] Of course, the present invention may have various other embodiments without departing from the spirit and the essence of the present invention, those skilled in the art can make various corresponding modifications and variations according to the present invention, but these corresponding modifications and variations shall fall within the scope of the appended claims.

[0143] 本领域普通技术人员可以理解上述方法中的全部或部分步骤可通过程序来指令、相关硬件完成,所述程序可以存储于计算机可读存储介质中,如只读存储器、磁盘或光盘等。 [0143] Those of ordinary skill in the art will be appreciated that the above method steps may be all or part by a program instructing relevant hardware. The program may be stored in a computer-readable storage medium, such as read only memory, magnetic or optical disk, etc. . 可选地,上述实施例的全部或部分步骤也可以使用一个或多个集成电路来实现。 Alternatively, all or part of the steps of the above-described embodiments may be implemented using one or more integrated circuits. 相应地,上述实施例中的各模块/单元可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。 Accordingly, each module / unit in the above-described embodiments may be implemented in the form of hardware, software functional modules may also be implemented. 本发明不限制于任何特定形式的硬件和软件的结合。 The present invention is not limited to any specific combination of hardware and software form.

Claims (14)

  1. 1.一种检测应用程序的安装状态的方法,其特征在于,包括: 建立云端数据库,其中保存有针对每个应用程序所收集的所有文件的参考特征码;维护终端配置列表,其中记录有所述终端上安装的每个应用程序的安装路径、根据所述安装路径获取的每个应用程序安装的全部文件以及每个文件的特征码; 根据所述终端配置列表提取待检测应用程序的每个文件的特征码在云端数据库中进行比对,根据比对结果判定所述待检测应用程序是否在所述终端上被正确安装并反馈给所述终端; 其中, 所述云端数据库中还保存有针对每个应用程序所收集的写入注册表项的参考键值;所述终端配置列表中还记录有所述终端上安装的每个应用程序所创建的注册表项的路径以及根据所述注册表项的路径获取的每个应用程序写入注册表项的键值; 还根据所述终端配置列表提 Mounting state detecting method for an application, wherein, comprising: establishing cloud database, which stores all documents with reference signature collected for each application; maintenance terminal configuration list, wherein the recording has mounting path of each application installed on said terminal, based on the entire document and signature of each file path acquired for each application of the mounting installation; extract its configuration list of applications based on each of the terminal signature file to compare the database in the cloud, according to the comparison result of the determination of the application is to be detected, and feedback is correctly installed on the terminal to the terminal; wherein the cloud database further stores for registry key is written in the key of each reference application collected; the terminal configuration list also records route registry entry for each application installed on the terminal has created based on the registry, and each application path item acquired write registry entry key; further configured to provide the list according to the terminal 待检测应用程序的写入注册表项的键值在云端数据库中进行比对,根据比对结果判定所述待检测应用程序是否在所述终端上的注册表中被正确设置并反馈给所述终端。 Key registry key is written to be detected is to compare the application database in the cloud, it has been set correctly and fed back to the registry on the terminal according to the comparison result of the determination of the application to be detected terminal.
  2. 2.如权利要求1所述的方法,其特征在于, 所述特征码,为唯一标识所述文件及文件内容的特征码,包括以下一种或者多种的组合:经由信息摘要算法MD5运算得出的MD5验证码、安全哈希算法校验码和循环冗余校验码。 2. The method according to claim 1, wherein said signature for uniquely identifying the documents and signature content, comprising a combination of one or more of the following: information available via a digest algorithm MD5 calculation the MD5 authentication code, secure hash algorithm checksum and cyclic redundancy check code.
  3. 3.如权利要求1或2所述的方法,其特征在于,所述维护终端配置列表,还包括: 在每个应用程序新增文件和/或删除文件和/或修改文件内容和/或修改文件存路径时,还在所述终端配置列表中更新相应的记录。 3. The method according to claim 1, wherein the configuration list maintenance terminal, further comprising: at each new application files and / or delete files and / or change the contents and / or modify the when the file path memory, the terminal is also configured to update the corresponding record in the list.
  4. 4.如权利要求1所述的方法,其特征在于,所述维护终端配置列表,还包括: 在每个应用程序修改注册表项的路径和/或新增注册表项和/或删除注册表项和/或修改注册表项内容和/或修改系统注册表项内容时,还在所述终端配置列表中更新相应的记录。 4. The method according to claim 1, wherein the configuration list maintenance terminal, further comprising: modifying each application registry entry path and / or add registry keys and / or delete registry item and / or modify the registry items and / or modify the system registry items, the terminal is also configured to update the corresponding record in the list.
  5. 5.如权利要求1所述的方法,其特征在于, 所述云端数据库中还保存有所收集的每个应用程序运行时所创建的参考主进程及配套的进程和/或全部动态链接库和/或服务; 所述终端配置列表中还记录有所述终端上安装的每个应用程序在运行时所创建的主进程以及所述主进程调用的进程和/或动态链接库和/或服务; 根据所述终端配置列表提取待检测应用程序在运行时所创建的主进程以及所述主进程调用的进程和/或动态链接库和/或服务在云端数据库中进行比对,根据比对结果判定所述待检测应用程序是否在所述终端上正确运行并反馈给所述终端。 5. The method according to claim 1, characterized in that said cloud database also stores reference master process and matching process has been collected for each application created by the runtime, and / or all of the dynamic link library and / or services; the terminal configuration list also recorded the main terminal on the installation process for each application at runtime created and the main process of the calling process and / or dynamic link libraries and / or services; the main process of the calling process and / or dynamic link libraries, and / or services that are aligned in the cloud database, according to the comparison result of the determination of the master terminal configuration list extraction process of the application at run-time to be detected and created according to the application is to be detected and fed back to the terminal to run correctly on the terminal.
  6. 6.如权利要求5所述的方法,其特征在于,所述维护终端配置列表,还包括: 在每个应用程序新增进程和/或新增配套进程和/或新增动态链接库和/或新增服务和/或删除进程时,还在所述终端配置列表中更新相应的记录。 6. The method according to claim 5, wherein the configuration list maintenance terminal, further comprising: at each new application process and / or additional ancillary process and / or dynamic link libraries, and add / or when new services and / or removal process, the terminal configuration list also update the corresponding record.
  7. 7.如权利要求5或6所述的方法,其特征在于, 根据比对结果判定所述待检测应用程序在所述终端上被正确安装时向所述终端发送的反馈,包括:提示所述待检测应用程序在所述终端上被正确安装; 根据比对结果判定所述待检测应用程序在所述终端上的注册表中被正确设置时向所述终端发送的反馈,包括:提示所述待检测应用程序在所述终端上的注册表中被正确设置; 根据比对结果判定所述待检测应用程序在所述终端上正确运行时向所述终端发送的反馈,包括:提示所述待检测应用程序在所述终端上正确运行; 根据比对结果判定所述待检测应用程序在所述终端上没有被正确安装时和/或在所述终端上的注册表中没有被正确设置时和/或在所述终端上没有正确运行时,向所述终端发送的反馈,包括以下一项或多项的组合:提示所述待检测应用程序的非正确信 7. The method of claim 5 or claim 6, characterized in that, according to the comparison result of the determination to the feedback sent by the terminal to be detected when the application is properly installed on the terminal, comprising: prompting the detecting application is to be properly installed on the terminal; according to the comparison result of the determination to the feedback sent by the terminal to be detected in the registry on application of the terminal is correctly set, comprising: prompting the to be detected in the application registry is correctly disposed on said terminal; according to the comparison result of the determination to the feedback sent by the terminal to be properly detected applications running on the terminal, comprising: a prompt to be detecting an application running on the terminal correctly; according to the comparison result when determining that the application is not to be detected properly installed on the terminal and / or registry on the terminal is not set correctly and / or is not functioning correctly, the feedback transmitted to the terminal on the terminal, including a combination of one or more of: the incorrect letter prompt application to be checked 、提示修复所述待检测应用程序、提示终止所述待检测应用程序的运行、提示清理所述待检测应用程序、提示重新安装所述待检测应用程序。 Prompt restoration of the application to be detected, suggesting that terminates the application to be detected, suggesting that cleaning up the application to be detected, prompt to reinstall the application to be checked.
  8. 8.—种检测应用程序的安装状态的装置,其特征在于,包括:云端数据库、云端数据库管理模块、终端配置列表、终端配置列表维护模块和比对分析模块; 所述云端数据库管理模块,用于建立云端数据库; 所述云端数据库,用于保存针对每个应用程序所收集的所有文件的参考特征码; 所述终端配置列表维护模块,用于维护终端配置列表; 所述终端配置列表,用于记录所述终端上安装的每个应用程序的安装路径、根据所述安装路径获取的每个应用程序安装的全部文件以及每个文件的特征码; 所述比对分析模块,用于根据所述终端配置列表提取待检测应用程序的每个文件的特征码在云端数据库中进行比对,根据比对结果判定所述待检测应用程序是否在所述终端上被正确安装并反馈给所述终端; 其中, 所述云端数据库,还用于保存针对每个应用程序所 8.- types of mounting means detecting the state of the application, wherein, comprising: a database cloud, the cloud database management module, a terminal configuration list, list maintenance module and the terminal configuration module comparative analysis; the cloud database management module, with establishing a database in the cloud; the cloud database, configured to store the reference pattern all files collected for each application; the terminal configuration list maintenance module for maintaining a list of terminal configuration; and the terminal configuration list, with each application installation path of the terminal is mounted on the recording, according to the pattern of all files and each file for each application of the mounting path of the mounting acquired; the comparison and analysis module, according to the said each terminal configuration file list signature extraction application to be detected are aligned in the cloud database, the application is to be detected and fed back to be properly installed on the terminal according to the comparison result of the determination to the terminal ; wherein the cloud database, further configured to store for each application 收集的写入注册表项的参考键值; 所述终端配置列表,还用于记录所述终端上安装的每个应用程序所创建的注册表项的路径以及根据所述注册表项的路径获取的每个应用程序写入注册表项的键值; 所述比对分析模块,还用于根据所述终端配置列表提取待检测应用程序的写入注册表项的键值在云端数据库中进行比对,根据比对结果判定所述待检测应用程序是否在所述终端上的注册表中被正确设置并反馈给所述终端。 Registry key is written collected reference key; the terminal configuration list further route registry entry for each application installed on the terminal records created and is acquired according to the path of the registration entry each application writes the registry entry key; said alignment analysis module is further configured to extract a list entry to be written to the registry key is detected in accordance with the application program in the terminal than the cloud database Yes, according to the comparison result of the determination of the application is to be detected, and feedback is provided to the terminal properly in registry on the terminal.
  9. 9.如权利要求8所述的装置,其特征在于, 所述比对分析模块,所提取的所述特征码,为唯一标识所述文件及文件内容的特征码,包括以下一种或者多种的组合:经由信息摘要算法MD5运算得出的MD5验证码、安全哈希算法校验码和循环冗余校验码。 9. The apparatus according to claim 8, wherein the comparison analysis module, the extracted signature for uniquely identifying the file and the signature file content, comprising one or more combination: codes, secure hash algorithm checksum and cyclic redundancy check code via a message-digest algorithm MD5 MD5 calculation obtained.
  10. 10.如权利要求8或9所述的装置,其特征在于, 所述终端配置列表维护模块,在维护终端配置列表时,还用于在每个应用程序新增文件和/或删除文件和/或修改文件内容和/或修改文件存路径时,在所述终端配置列表中更新相应的记录。 10. The apparatus of claim 8 or claim 9, characterized in that the terminal configuration list maintenance module, when the maintenance terminal configuration list, is also used in each new application files and / or delete files and / or change the contents and / or modify the file path memory, update the corresponding record in the terminal configuration list.
  11. 11.如权利要求8所述的装置,其特征在于, 所述终端配置列表维护模块,在维护终端配置列表时,还用于在每个应用程序修改注册表项的路径和/或新增注册表项和/或删除注册表项和/或修改注册表项内容和/或修改系统注册表项内容时,在所述终端配置列表中更新相应的记录。 11. The apparatus according to claim 8, characterized in that the terminal configuration list maintenance module, when the terminal is configured to maintain a list, registry entries is further configured to modify the path and / or new registered in each application and / or delete registry keys and / or modify the registry items and / or modify the system registry items, updating the terminal list corresponding configuration record entries.
  12. 12.如权利要求8所述的装置,其特征在于, 所述云端数据库,还用于保存所收集的每个应用程序运行时所创建的参考主进程及配套的进程和/或全部动态链接库和/或服务; 所述终端配置列表,还用于记录所述终端上安装的每个应用程序在运行时所创建的主进程以及所述主进程调用的进程和/或动态链接库和/或服务; 所述比对分析模块,还用于根据所述终端配置列表提取待检测应用程序在运行时所创建的主进程以及所述主进程调用的进程和/或动态链接库和/或服务在云端数据库中进行比对,根据比对结果判定所述待检测应用程序是否在所述终端上正确运行并反馈给所述终端。 12. The apparatus according to claim 8, characterized in that said cloud database further reference to the main process for each application program stored in the collected runtime created and associated processes and / or all of the dynamic link library and / or services; the terminal configuration list, but also for the main process each application installed on the terminal in run-time record created and the main process of the calling process and / or dynamic link libraries and / or services; the comparison and analysis module is further configured to extract a list of the main process to be checked at runtime applications created the calling process and the main process and / or dynamic link libraries and / or service according to the terminal Drive database for comparison, according to the comparison result of the determination of the application is running to be detected and fed back to the correct terminal on the terminal.
  13. 13.如权利要求12所述的装置,其特征在于, 所述终端配置列表维护模块,在维护终端配置列表时,还用于在每个应用程序新增进程和/或新增配套进程和/或新增动态链接库和/或新增服务和/或删除进程时,在所述终端配置列表中更新相应的记录。 13. The apparatus according to claim 12, characterized in that the terminal configuration list maintenance module, when the maintenance terminal configuration list, is also used in each new application processes and / or new processes and supporting / when new or dynamic link libraries and / or additional services and / or removal process, update the corresponding record in the terminal configuration list.
  14. 14.如权利要求12或13所述的装置,其特征在于, 所述比对分析模块,根据比对结果判定所述待检测应用程序在所述终端上被正确安装时向所述终端发送的反馈,包括:提示所述待检测应用程序在所述终端上被正确安装; 所述比对分析模块,根据比对结果判定所述待检测应用程序在所述终端上的注册表中被正确设置时向所述终端发送的反馈,包括:提示所述待检测应用程序在所述终端上的注册表中被正确设置; 所述比对分析模块,根据比对结果判定所述待检测应用程序在所述终端上正确运行时向所述终端发送的反馈,包括:提示所述待检测应用程序在所述终端上正确运行; 所述比对分析模块,根据比对结果判定所述待检测应用程序在所述终端上没有被正确安装时和/或在所述终端上的注册表中没有被正确设置时和/或在所述终端上没有正确运行时,向所述 14. The apparatus of claim 12 or claim 13, wherein the ratio of the analysis module, transmitted to the terminal according to the comparison result of the determination when the application is detected to be correctly installed on the terminal feedback, comprising: prompting the application is to be detected correctly installed on the terminal; the module alignment analysis, according to the comparison result of the determination of the application is to be detected correctly arranged on the terminal in the registry when sending feedback to the terminal, comprising: prompting the application program to be detected correctly registry is provided at the terminal; and the comparative analysis module, according to the comparison result of the determination in the application to be detected the transmitting terminal to the feedback terminal operating correctly, comprising: prompting the application program to be run correctly detected on the terminal; the module alignment analysis, according to the comparison result of the determination of the application to be detected not the terminal is correctly installed and / or registry on the terminal is not correctly set or is not functioning properly and the terminal on / to the 终端发送的反馈,包括以下一项或多项的组合:提示所述待检测应用程序的非正确信息、修复所述待检测应用程序、终止所述待检测应用程序的运行、清理所述待检测应用程序、重新安装所述待检测应用程序。 Transmitting feedback terminal, comprising a combination of one or more of: the information to be prompted to correct the non-detection application, fixes the application to be detected, terminates the application program to be detected, cleaning to be detected application, to reinstall the application to be detected.
CN 201210215997 2012-06-26 2012-06-26 Method and apparatus for detecting a mounted state of the application CN102736978B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201210215997 CN102736978B (en) 2012-06-26 2012-06-26 Method and apparatus for detecting a mounted state of the application

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201210215997 CN102736978B (en) 2012-06-26 2012-06-26 Method and apparatus for detecting a mounted state of the application

Publications (2)

Publication Number Publication Date
CN102736978A true CN102736978A (en) 2012-10-17
CN102736978B true CN102736978B (en) 2015-09-30

Family

ID=46992519

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201210215997 CN102736978B (en) 2012-06-26 2012-06-26 Method and apparatus for detecting a mounted state of the application

Country Status (1)

Country Link
CN (1) CN102736978B (en)

Families Citing this family (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103001947B (en) * 2012-11-09 2015-09-30 北京奇虎科技有限公司 A program processing method and system
CN102999606B (en) * 2012-11-21 2015-12-23 东莞宇龙通信科技有限公司 Software Removal Method and apparatus
CN103023885B (en) * 2012-11-26 2015-09-16 北京奇虎科技有限公司 Data processing method and system security
CN103067364B (en) * 2012-12-21 2015-11-25 华为技术有限公司 Virus detection methods and apparatus
CN103077353B (en) * 2013-01-24 2015-12-02 北京奇虎科技有限公司 The method of proactive protection from malware and means
CN104102539A (en) * 2013-04-09 2014-10-15 腾讯科技(深圳)有限公司 Method and device for acquiring underlying library called by mobile terminal application program
CN104113443A (en) 2013-04-19 2014-10-22 中兴通讯股份有限公司 Network equipment detection method, device and cloud detection system
CN103235730A (en) * 2013-04-27 2013-08-07 天津长瑞华通科技发展有限公司 Portable management device based on C/S (client/server) client software and implementation method of device
US9591003B2 (en) * 2013-08-28 2017-03-07 Amazon Technologies, Inc. Dynamic application security verification
CN103473163B (en) * 2013-09-11 2016-10-26 腾讯科技(深圳)有限公司 Method and apparatus for detecting the application
CN103645922B (en) * 2013-12-25 2017-12-22 北京奇虎科技有限公司 A method of cloud-based software to clean up the query, apparatus and system
CN103701922B (en) * 2013-12-31 2017-06-06 曙光云计算技术有限公司 Method and system security application deployment platform Paas
CN103810105B (en) * 2014-03-06 2016-08-31 中国工商银行股份有限公司 Application version detection method and apparatus
CN104932965A (en) * 2014-03-18 2015-09-23 北京奇虎科技有限公司 Object real-time monitoring method and device
CN104317699A (en) * 2014-07-24 2015-01-28 小米科技有限责任公司 Application program verifying method and device
CN104239215B (en) * 2014-09-30 2018-02-02 北京奇虎科技有限公司 Method and apparatus for investigation of unwanted software
CN104346206B (en) * 2014-10-30 2018-06-01 北京奇虎科技有限公司 Species have to uninstall and restoring the system software installation
CN105117644B (en) * 2015-08-26 2018-08-28 福建天晴数码有限公司 Android plug-acquisition method and system
US9870215B2 (en) 2015-11-30 2018-01-16 International Business Machines Corporation Tracking an application installation state
CN105487935B (en) * 2015-12-07 2017-06-23 中南大学 Based method of acquiring context-aware of active service
CN105554096A (en) * 2015-12-11 2016-05-04 鹏博士电信传媒集团股份有限公司 Method and system for realizing cloud game cloud service
CN105631318A (en) * 2015-12-23 2016-06-01 北京金山安全软件有限公司 Method and device for acquiring registry keys

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6560776B1 (en) * 2000-02-18 2003-05-06 Avaya Technology Corp. Software installation verification tool
CN1955971A (en) * 2005-10-27 2007-05-02 北京振戎融通通信技术有限公司 Safety installation method suitable for Java application program
CN101017435A (en) * 2006-04-14 2007-08-15 北京瑞星国际软件有限公司 Method and apparatus used for upgrading software
CN101789888A (en) * 2010-01-12 2010-07-28 腾讯科技(深圳)有限公司 Detection method and device for software installation

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6560776B1 (en) * 2000-02-18 2003-05-06 Avaya Technology Corp. Software installation verification tool
CN1955971A (en) * 2005-10-27 2007-05-02 北京振戎融通通信技术有限公司 Safety installation method suitable for Java application program
CN101017435A (en) * 2006-04-14 2007-08-15 北京瑞星国际软件有限公司 Method and apparatus used for upgrading software
CN101789888A (en) * 2010-01-12 2010-07-28 腾讯科技(深圳)有限公司 Detection method and device for software installation

Also Published As

Publication number Publication date Type
CN102736978A (en) 2012-10-17 application

Similar Documents

Publication Publication Date Title
Sidiroglou et al. Assure: automatic software self-healing using rescue points
US6604237B1 (en) Apparatus for journaling during software deployment and method therefor
Chen et al. Polus: A powerful live updating system
US7437764B1 (en) Vulnerability assessment of disk images
US20040236960A1 (en) Pre-boot firmware based virus scanner
US6792556B1 (en) Boot record recovery
US8006125B1 (en) Automatic detection and recovery of corrupt disk metadata
US6950964B1 (en) Driver protection
US7370233B1 (en) Verification of desired end-state using a virtual machine environment
US7603440B1 (en) System and method for management of end user computing devices
US20080282230A1 (en) Product, method and system for using window authentication in testing graphical user interface applications
US20070220032A1 (en) Method and apparatus for implementing a software installation process
US20150052402A1 (en) Cloud Deployment Infrastructure Validation Engine
US20110320882A1 (en) Accelerated virtual environments deployment troubleshooting based on two level file system signature
US7908521B2 (en) Process reflection
US20100293615A1 (en) Method and apparatus for detecting the malicious behavior of computer program
US20100017512A1 (en) Method and System For Improvements In or Relating to Off-Line Virtual Environments
US20120124007A1 (en) Disinfection of a file system
US7734945B1 (en) Automated recovery of unbootable systems
US20060107121A1 (en) Method of speeding up regression testing using prior known failures to filter current new failures when compared to known good results
US20100058314A1 (en) Computer System and Related Method of Logging BIOS Update Operation
CN102314561A (en) Automatic analysis method and system of malicious codes based on API (application program interface) HOOK
US20050216749A1 (en) Method and apparatus for detection of hostile software
CN103092664A (en) Processing method and device of data file of android system
US20080133972A1 (en) System Analysis and Management

Legal Events

Date Code Title Description
C06 Publication
C41 Transfer of the right of patent application or the patent right
COR Bibliographic change or correction in the description

Free format text: CORRECT: ADDRESS; FROM: 100016 CHAOYANG, BEIJING TO: 100088 XICHENG, BEIJING

ASS Succession or assignment of patent right

Owner name: QIZHI SOFTWARE (BEIJING) CO., LTD.

Effective date: 20120910

Owner name: BEIJING QIHU TECHNOLOGY CO., LTD.

Free format text: FORMER OWNER: QIZHI SOFTWARE (BEIJING) CO., LTD.

Effective date: 20120910

C10 Request of examination as to substance
C14 Granted