CN104378388B - Executable file progress control method and device - Google Patents
Executable file progress control method and device Download PDFInfo
- Publication number
- CN104378388B CN104378388B CN201410751258.5A CN201410751258A CN104378388B CN 104378388 B CN104378388 B CN 104378388B CN 201410751258 A CN201410751258 A CN 201410751258A CN 104378388 B CN104378388 B CN 104378388B
- Authority
- CN
- China
- Prior art keywords
- executable file
- close string
- functional module
- calling
- close
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/547—Remote procedure calls [RPC]; Web services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
Abstract
The present invention provides a kind of executable file progress control method, comprises the following steps:By telecommunication port check bit and confirm the machine legal authorization;Executable file is pushed in case performing to target terminal by the communication link that the machine maintains;Executable file is called to run its first functional module by communication link, when the first functional module verifies and confirms to call legal, the second functional module operation of executable file.The present invention also provides a kind of executable file operating control device.By the above-mentioned means, can be controlled to the operation of executable file, executable file is prevented by Hacking Run by verification, and then realizes the protection to executable file, avoids it from being cracked and abuse.
Description
Technical field
The present invention relates to computer realm, specifically, the present invention relates to a kind of executable file progress control method and
Device.
Background technology
With the continuous development of Internet technology, various application programs are developed application, application program in the process of running,
When data interaction be present, generally interaction both sides are carried out with legitimate verification to ensure the safety of interaction.At present, when two applications
When program interacts, typically by calling signature to verify the legitimacy of other side.
The executable file of application program is the real executor of operation, and executable file is that one kind can deposit in operating system
The program that can directly run for positioning of being floated in space is stored up, such as:Microsoft operating system, its executable file format include
MZ、NE、PE;(SuSE) Linux OS, its executable file format include a.out, COFF, ELF.Executable file and installation kit
Compare, it need not be installed, and can directly be run, but directly operation can cause the abuse of executable file, give program developer band
To lose.
The content of the invention
The purpose of the present invention is intended at least solve one of above-mentioned technological deficiency, particularly can be to the operation of executable file
It is controlled, prevents executable file by Hacking Run.
The present invention provides a kind of executable file progress control method, comprises the following steps:Pass through telecommunication port school
Test and confirm the machine legal authorization;Executable file is pushed in case holding to target terminal by the communication link that the machine maintains
OK;Executable file is called to be verified in the first functional module to run its first functional module and confirm to adjust by communication link
With it is legal when, executable file the second functional module operation.
Wherein, the step of verifying and confirming the machine legal authorization, it is specially:Send asking comprising local features information
Ask, the local features information obtained in response to the request is located at the machine legitimate messages in white list.
Wherein, local features information is the encryption information of unique mark local features.
Wherein, push executable file and be revised as can perform, in case performing.
Wherein, the step of executable file is to run its first functional module is called by communication link, specifically included:Adjust
With executable file to run its first functional module, obtain the return of the first functional module includes allocating time and target terminal
Mark close string, to it is close serially add it is close, again call executable file with run its first functional module and send encryption after it is close
Go here and there to executable file.
Wherein, the first functional module is used to produce close string, and it verifies the close string after encryption and close string caused by calling again
In allocating time be spaced in preset time, when target terminal mark is consistent, the second functional module operation of executable file.
Wherein, the second functional module is used for the Root authority for obtaining target terminal.
Wherein, the machine has the connectivity port that communication link is established with target terminal.
Wherein, connectivity port is bluetooth, WiFi and/or USB interface.
Wherein, confirm the step of the machine legal authorization or confirm to call legal step, when that can not confirm, terminate
Perform each follow-up step.
The present invention also provides a kind of executable file progress control method, comprises the following steps:It is logical by what is locally maintained
Believe that link receives the order for calling executable file;According to call instruction, verify and confirm whether calling is legal;Verification and it is true
Recognize when calling legal, perform the function of executable file.
Wherein, according to call instruction, verify and confirm to call whether legal step, specifically include:Obtained according to calling
The close string including allocating time and locally identified, close string is sent by communication link, after the encryption for receiving communication link return
Close string and obtain the close string that includes allocating time and locally identify according to calling again, the close string after decryption encryption, verification solves
Close string after close and call again allocating time interval in the close string of acquisition whether in preset time, local identify whether one
Cause.
Wherein, when invoked between be spaced not in preset time, terminate the verification that locally identifies.
Wherein, after the step of performing the function of executable file, show the information whether to run succeeded or pass through communication chain
The information whether road feedback runs succeeded.
The present invention provides a kind of executable file operating control device, including:Correction verification module, for passing through telecommunication end
Mouth verifies and confirms the machine legal authorization;Pushing module, when confirming the machine legal authorization for correction verification module, pass through
The communication link that the machine maintains pushes executable file in case performing to target terminal;Calling module, for passing through communication link
Executable file is called to run its first functional module, when the first functional module verifies and confirms to call legal, can perform
The second functional module operation of file.
Wherein, correction verification module is specifically used for:The request for including local features information is sent, obtains the sheet in response to the request
Machine characteristic information is located at the machine legitimate messages in white list.
Wherein, local features information is the encryption information of unique mark local features.
Wherein, pushing module is further used for:Push executable file simultaneously is revised as can perform, in case performing.
Wherein, calling module is specifically used for:Executable file is called to run its first functional module, obtains the first function
The close string for including allocating time and target terminal and identifying that module returns, serially add close to close, call executable file to transport again
Its first functional module of row simultaneously sends the close string after encryption to executable file.
Wherein, the first functional module is used to produce close string, and it verifies the close string after encryption and close string caused by calling again
In allocating time be spaced in preset time, when target terminal mark is consistent, the second functional module operation of executable file.
Wherein, the second functional module is used for the Root authority for obtaining target terminal.
Wherein, the machine has the connectivity port that communication link is established with target terminal.
Wherein, connectivity port is bluetooth, WiFi and/or USB interface.
The present invention also provides a kind of executable file operating control device, including:Receiving module, for by locally maintaining
Communication link receive call executable file order;First functional module, for according to call instruction, verifying and confirming to adjust
With whether legal;Second functional module, for when verifying and confirming to call legal, performing the function of executable file.
Wherein, the first functional module is specifically used for:The close string for obtaining according to calling and including allocating time and locally identifying, lead to
Cross communication link and send close string, receive the close string after the encryption of communication link return and include calling according to calling to obtain again
Time and the close string locally identified, the close string after decryption encryption, verify in close string of the close string after decryption with calling acquisition again
Allocating time interval whether in preset time, it is local identify whether it is consistent.
Wherein, when invoked between be spaced the verification that not in preset time, locally identifies and terminate.
Wherein, device includes:Feedback module, for the second functional module perform executable file function after, display is held
The information of row success or not or the information whether to be run succeeded by communication link feedback.
Compared to prior art, the present invention has advantages below:
1. the legitimacy of client verifies where pair application program, i.e., school is carried out to the running environment of application program
Test, it can be ensured that application program is operated in the client of mandate, avoids application program from arbitrarily being installed and used.
2. application program sends executable file to target terminal, before executable file execution, whether its operation is verified
For the calling of application call, only application program, executable file could be run, this verification can prevent executable file quilt
Arbitrarily pluck out, any abuse.
In checking procedure, executable file is called twice, and application program calls what executable file returned to it first
Close string is encrypted, and the close string of encryption is decrypted again for executable file, and comparing the close string after decryption can hold with calling again
The uniformity of target terminal mark in close string caused by style of writing part.Enhancing verification is judged by above-mentioned encrypting and decrypting, uniformity
Accuracy.
3. multiple check is set, first, whether the running environment of verification Application program is legal, second, verification Application program is
It is no legal, third, whether the order that verification performs executable file is legal, by triple verifications, increase the number of plies and difficulty of verification
Degree, the interests of defence program developer.
4. application program can send executable file to multiple target terminals, i.e., multiple target terminals are carried out at batch
Reason, to improve the service efficiency of application program.
In brief, the method for present invention control executable file operation can be to application program and its executable text of push
Part is efficiently protected, and is avoided cracking and is abused.
The additional aspect of the present invention and advantage will be set forth in part in the description, and these will become from the following description
Obtain substantially, or recognized by the practice of the present invention.
Brief description of the drawings
Of the invention above-mentioned and/or additional aspect and advantage will become from the following description of the accompanying drawings of embodiments
Substantially and it is readily appreciated that, wherein:
Fig. 1 is present system structure principle chart;
Fig. 2 is the schematic flow sheet of the embodiment of executable file progress control method one of the present invention;
Fig. 3 is the schematic flow sheet of another embodiment of executable file progress control method of the present invention;
Fig. 4 is the schematic flow sheet of executable file progress control method another embodiment of the present invention;
Fig. 5 is the structural representation of the embodiment of executable file operating control device one of the present invention.
Embodiment
Embodiments of the invention are described below in detail, the example of the embodiment is shown in the drawings, wherein from beginning to end
Same or similar label represents same or similar element or the element with same or like function.Below with reference to attached
The embodiment of figure description is exemplary, is only used for explaining the present invention, and is not construed as limiting the claims.
Those skilled in the art of the present technique are appreciated that unless expressly stated, singulative " one " used herein, " one
It is individual ", " described " and "the" may also comprise plural form.It is to be further understood that what is used in the specification of the present invention arranges
Diction " comprising " refer to the feature, integer, step, operation, element and/or component be present, but it is not excluded that in the presence of or addition
One or more other features, integer, step, operation, element, component and/or their groups.It should be understood that when we claim member
Part is " connected " or during " coupled " to another element, and it can be directly connected or coupled to other elements, or there may also be
Intermediary element.In addition, " connection " used herein or " coupling " can include wireless connection or wireless coupling.It is used herein to arrange
Taking leave "and/or" includes whole or any cell and all combinations of one or more associated list items.
Those skilled in the art of the present technique are appreciated that unless otherwise defined, all terms used herein (including technology art
Language and scientific terminology), there is the general understanding identical meaning with the those of ordinary skill in art of the present invention.Should also
Understand, those terms defined in such as general dictionary, it should be understood that have with the context of prior art
The consistent meaning of meaning, and unless by specific definitions as here, idealization or the implication of overly formal otherwise will not be used
To explain.
Those skilled in the art of the present technique are appreciated that " terminal " used herein above, " terminal device " both include wireless communication
The equipment of number receiver, it only possesses the equipment of the wireless signal receiver of non-emissive ability, includes receiving again and transmitting hardware
Equipment, its have on bidirectional communication link, can perform two-way communication reception and launch hardware equipment.This equipment
It can include:Honeycomb or other communication equipments, it has single line display or multi-line display or shown without multi-line
The honeycomb of device or other communication equipments;PCS (Personal Communications Service, PCS Personal Communications System), it can
With combine voice, data processing, fax and/or its communication ability;PDA (Personal Digital Assistant, it is personal
Digital assistants), it can include radio frequency receiver, pager, the Internet/intranet access, web browser, notepad, day
Go through and/or GPS (Global Positioning System, global positioning system) receiver;Conventional laptop and/or palm
Type computer or other equipment, its have and/or the conventional laptop including radio frequency receiver and/or palmtop computer or its
His equipment." terminal " used herein above, " terminal device " they can be portable, can transport, installed in the vehicles (aviation,
Sea-freight and/or land) in, or be suitable for and/or be configured in local runtime, and/or with distribution form, operate in the earth
And/or any other position operation in space." terminal " used herein above, " terminal device " can also be communication terminal, on
Network termination, music/video playback terminal, such as can be PDA, MID (Mobile Internet Device, mobile Internet
Equipment) and/or mobile phone or the equipment such as intelligent television, set top box with music/video playing function.
Those skilled in the art of the present technique are appreciated that remote network devices used herein above, and it includes but is not limited to count
The cloud that calculation machine, network host, single network server, multiple webserver collection or multiple servers are formed.Here, Yun Youji
Formed in a large amount of computers or the webserver of cloud computing (Cloud Computing), wherein, cloud computing is Distributed Calculation
One kind, a super virtual computer being made up of the computer collection of a group loose couplings.In embodiments of the invention, distal end
It can be realized and communicated by any communication mode between the network equipment, terminal device and WNS servers, included but is not limited to, be based on
3GPP, LTE, WIMAX mobile communication, based on TCP/IP, the computer network communication of udp protocol and based on bluetooth, infrared
The low coverage wireless transmission method of transmission standard.
It will be appreciated by those skilled in the art that " application ", " application program ", " application software " and class alleged by the present invention
It is the same concept well known to those skilled in the art like the concept of statement, refers to be instructed by series of computation machine and related data
The computer software for being suitable to electronics operation of the organic construction of resource.Unless specified, this name is not in itself by programming language
Species, rank, the operating system of operation of also not rely by it or platform are limited.In the nature of things, this genus also not by appoint
The terminal of what form is limited.
Referring to Fig. 1, Fig. 1 is present system structure principle chart, as shown in figure 1, including server end 11, client 12
And target terminal 13.
System shown in Figure 1 is the system constructed by Network Environment, and server end 11 realizes the verification to client 12,
Client 12 is to be provided with the computer of application program of the present invention, and target terminal 13 is the mobile terminal for performing function of application
(such as:Mobile phone).Wherein, server end 11 can be high in the clouds, and to run the computer of linux system, target terminal 13 is client 12
Run the terminal of android system.
The present embodiment is related to linux system, android system, but is not limited to the system, and those skilled in the art can be with
The operating system such as reasonable prediction, Windows, apple, the contemplated scheme of applicable the present embodiment.And client 12 is also
It can be ARM machines, be connected with multiple mobile phones.
Client 12 is connected by telecommunication port with server end 11, and passes through communication link and at least one target
Terminal 13 connects.Client 12 is configured with corresponding target terminal 13 in client 12 and driven to be communicated with target terminal 13
The relative program such as program and adb (Android Debug Bridge, Android debugging bridge), and client 12 has and target terminal
13 establish the connectivity port of communication link, such as bluetooth, WiFi and/or USB interface.
Referring to Fig. 2, Fig. 2 is the schematic flow sheet of the embodiment of executable file progress control method one of the present invention, such as Fig. 2
It is shown, comprise the following steps:
S21, by telecommunication port check bit and confirm the machine legal authorization.
The machine of the present embodiment is to be provided with the computer of application program of the present invention, and the machine passes through its telecommunication port and clothes
Business device interaction, verifies whether it is legal client, the client only authorized could run the application by server
Program.
S22, executable file is pushed in case performing to target terminal by the communication link that the machine maintains.
When the machine be confirmed to be it is legal, its can to target terminal push executable file, its work(is completed by executable file
Energy.
S23, executable file is called to be verified to run its first functional module in the first functional module by communication link
And when confirming to call legal, the second functional module operation of executable file.
Before executable file performs its second functional module, that is, before the function of performing application program, need to verify pair can hold
Whether the calling of style of writing part is sent by application program, when it to the calling of executable file is sent by application program to confirm, the
Two functional modules are just run.Specifically, using judgement of the machine to the calling and the first functional module of the first functional module, realize
Call whether legal verification.
Referring to Fig. 3, Fig. 3 is the schematic flow sheet of another embodiment of executable file progress control method of the present invention, such as
Shown in Fig. 3, comprise the following steps:
S31, the order for calling executable file is received by the communication link locally maintained.
S32, according to call instruction, verify and confirm whether calling is legal.
S33, when verifying and confirming to call legal, perform the function of executable file.
Combined with the embodiment shown in Fig. 2, in the executable file and embodiment illustrated in fig. 2 of the present embodiment target terminal
The machine coordinates, the whether legal verification of complete call, when the application program of call instruction embodiment as shown in Figure 2 is sent, holds
The function that row executable file need to be realized to target terminal.
Referring to Fig. 4, Fig. 4 is the schematic flow sheet of executable file progress control method another embodiment of the present invention, such as
Shown in Fig. 4, comprise the following steps:
S41, by telecommunication port check bit and confirm the machine legal authorization.
The method of the present embodiment based on the system shown in Fig. 1, client 12 respectively with server end 11 and target terminal 13
Interaction.The machine described in the present embodiment is client 12, need to be to server end 11 during application program launching in client 12
Whether legal request, verify its running environment.
Wherein, the work of client 12 is specific as follows:
A. the verification comprising the characteristic information of client 12 is sent to ask.
Characteristic information is the information of unique mark client 12, including mac addresses, mainboard ID number and/or hard disk serial number.
Client 12 has all multicharacteristic informations, it is not limited to several listed by above-mentioned.The present embodiment selectes the standard of characteristic information
More flexibly, so that client 12, preferably mac addresses can be identified using these information.But can be by multiple characteristic informations
It is combined, to improve the accuracy of identification.
The acquisition of this feature information is realized by application program, when application is run, obtains characteristic information and transmission extremely services
Device end 11 is to judge whether its running environment is legal.
B. obtain in response to the legal message of the client 12 of the request.
Wherein, the checking procedure of server end 11 is specific as follows:
A. the request for including the characteristic information of client 12 is obtained by telecommunication port.
B. whether judging characteristic information is in default white list.
White list is preset with server end 11, there is the client-side information for authorizing operation application program, each visitor in white list
Family client information includes the information of unique mark client features.After server end 11 receives the request of the transmission of client 12,
Search whether to deposit characteristic information in the request in white list.
C. when characteristic information is in default white list, the legal authorization of client 12 is confirmed, and pass through telecommunication end
Mouth returns to the legal message of client 12.
When there is no characteristic information in white list, return to that client 12 is illegal disappears again by telecommunication port
Breath.
By above-mentioned elaboration, client 12 interacts with server end 11, can complete the whether legal verification of client 12.When
After application program in client 12 receives the message of the return of server end 11, if client 12 is illegal, stop fortune
OK.This verification makes the application program operate in specific client, the client outside white list, then does not allow its use to answer
Use program.
In this checking procedure, the characteristic information sent to application program is encrypted, i.e., the request that application program is sent
For CIPHERING REQUEST, after server end 11 receives the request, be decrypted, then again judging characteristic information whether in default white name
Dan Zhong.And during the return message of server end 11, message can be also encrypted.Wherein, different application programs has different
Key。
In other embodiments, can also ask not encrypt, the message for only returning to server end 11 is encrypted, client
12 are decrypted.
Above-mentioned encryption is encrypted using AES (Advanced Encryption Standard, Advanced Encryption Standard), is
Symmetric cryptography, encrypt identical with the key of decryption both sides.AES on software and hardware can rapidly encryption and decryption, be easy to implementation
And need seldom memory.
Using above-mentioned encryption, it may be verified that the legitimacy of application program, while interactive data can also be protected.
S42, executable file is pushed in case performing to target terminal by the communication link that the machine maintains.
When application program receives the legal message of client 12 of the return of server end 11, confirm that the machine is legal
Authorize, continue to run with.Detect whether that target terminal 13 is connected with client 12, deposited when between target terminal 13 and client 12
In communication link, application program sends executable file to target terminal 13, is stored in/bin catalogues.Wherein, application program
Executable file can be sent to multiple target terminals simultaneously.Wherein, executable file is encryption file, can be prevented in transmitting procedure
In or be cracked in target terminal 13.
Need to be executable by its attribute modification, so as to the operation of executable file after pushing executable file.For
The executable file of microsoft operating system, it is to judge whether file is executable by identifying file suffixes, therefore not
Need to change attribute.
In the present embodiment, the method for the present embodiment is used for the Root authority for obtaining target terminal 13, therefore, application program
For Root softwares, it includes Root schemes, and Root schemes are executable file.It is well known that the function of executable file can be with
To be a variety of, therefore application program is not limited to Root softwares.
There are a variety of Root authorities for putting forward power scheme and being used to obtain android system, the life acted on according to authority after the power that proposes at present
From the point of view of ordering the cycle, including permanent Root authority and temporary Root authority.In the case of permanent Root authority, application program is once Root
Authorize, need not can again carry out Root later and put forward power;And in the case of temporary Root authority, the life cycle of authority effect simply operates
System once still needs to carry out Root from start to the process of shutdown, start next time.
No matter which kind of Root mode is used, and the general principle for putting forward power is by being implanted into system for receiving authority request
Su, realize man-machine interaction in conjunction with SuperUser.apk application programs.Root puies forward the process that power operates:Su texts
Part is put into/system/bin/ in, Superuser.apk is put into below system/app, the former is used for the authority of monitoring users
Ask and communicated with the latter, the latter mainly realizes man-machine interaction on the basis of being communicated with the former, so as to allow user to make
Correlation instruction.In theory, if su can realize that acquiescence is asked by all permissions, SuperUser.apk can give up.This
Also needing to setting/system/bin/su outside can allow any user to run, and make it have set uid and set gid power
Limit, it can specifically be ordered by being run on android machines:Adb shell chmod 4755/system/bin/su are realized.
For Root schemes, it is thus understood that including:The code file related to cracking and its configuration parameter, with " su ",
The file that " SuperUser.apk " is named or realized.
S43, executable file is called by communication link.
S44, target terminal receive the order for calling executable file by the communication link locally maintained.
S45, according to call instruction, verify and confirm whether calling is legal.
Executable file is binary file, and whether to prevent from abusing after it is obtained, it is in client 12 that need to verify
Its perform function of application call.Specific checking procedure includes step S43, S44, S45, the verification is carried out below detailed
Illustrate:
The executable file of the present embodiment includes the first functional module and the second functional module, and the first functional module is used to produce
The raw string for including allocating time and target terminal 13 and identifying, and the string is encrypted;Second functional module is used to perform acquisition
The work of Root authority.
First, for application call executable file to run its first functional module, the first functional module produces close string,
And application program is back to, application program carries out secondary encryption to the close string;Then, application program calls executable file again
To run its first functional module, and close string to executable file, the first functional module sent after encryption produces close string again;
Furthermore the close string after the encryption of acquisition is decrypted the first functional module, and by the close string after decryption with it is caused close again
String is compared, to verify whether call instruction is sent by application program.
Specifically comparison procedure is:Due to calling existence time poor twice, compare the time interval in two close strings first
Whether within the default time, if time interval exceedes preset time, the operation of executable file is terminated;If time interval exists
In preset time, then continue to compare the target terminal 13 in two close strings and identify whether unanimously, if unanimously, illustrating to send and extremely should
Sent really by target terminal 13 with the close string of program, final to confirm that call instruction is sent by application program, that is, it is legal to call
's.
Above-mentioned verification process cardinal principle is:The close string called first is encrypted application program, executable file pair
The close string of encryption is decrypted, and the close string after decrypting is with the mark in the close string called again consistent, determines to call with this
Order is sent by application program.By the checking executable file can be avoided to be acquired to carry out Root to arbitrary mobile phone,
Realize the protection to executable file.
S46, when verifying and confirming to call legal, perform the function of executable file.
When verifying and confirming to call legal, the second functional module of executable file is run, target terminal 13 is carried out
Root, Root mode are interim Root or permanent Root.
After the completion of Root flows, the information whether to run succeeded can be shown on target terminal 13 or passes through communication link
The information that whether runs succeeded is fed back to client 12.
It is pointed out that in the method flow of the present embodiment, when any checking procedure can not confirm, after automatic termination
Continuous step.
It is described above, to protect application program, the operation of executable file is controlled, multiple check is set, first, verification should
It is whether legal with the running environment of program, second, whether verification Application program is legal, third, verification makes what executable file performed
Whether order is legal, by triple verifications, increases the number of plies and difficulty of verification, prevents application program to be cracked and abuse, and protects
The interests of program developer.
Referring to Fig. 5, Fig. 5 is the structural representation of the embodiment of executable file operating control device one of the present invention, such as Fig. 5
It is shown, including:Correction verification module 51, pushing module 52, calling module 53, receiving module 54, the first functional module 55, the second function
Module 56 and feedback module 57.
The function of above-mentioned each module is as follows:
Correction verification module 51 is used for by telecommunication port check bit and confirms the machine legal authorization.Pushing module 52 is used
When correction verification module 51 confirms the machine legal authorization, pushed and can perform to target terminal by the communication link that the machine maintains
File is in case perform.Calling module 53 is used to call executable file by communication link to run its first functional module 55,
When the first functional module 55 verifies and confirms to call legal, the second functional module 56 of executable file is run.
Receiving module 54 is used to receive the order for calling executable file by the communication link locally maintained.First function
Module 55 is used for according to call instruction, verifies and confirms whether calling is legal.Second functional module 56 is used to verify and confirm
When calling legal, the function of executable file is performed.Feedback module 57 is used for the second functional module 56 and performs executable file
After function, the information whether to run succeeded or the information whether to be run succeeded by communication link feedback are shown.
In the present embodiment, it is located at client 12 with reference to Fig. 1, correction verification module 51, pushing module 52 and calling module 53, connects
Receive module 54, the first functional module 55, the second functional module 56 and feedback module 57 and be located at target terminal 13.Client 12 and mesh
Mark terminal 13 interacts, and is set forth in detail below in interaction, the course of work of each module.
During application program launching in client 12, its correction verification module 51 sends the request for including the characteristic information of client 12
To server end 11, when server end 11 judges characteristic information in the request in its white list, return to client 12 and close
The message of method, correction verification module 51 obtains the message returned, to confirm the legal authorization of client 12., should when client 12 is legal
Its executable file is pushed to target terminal 13 with the pushing module 52 of program, to protect the executable file not to be abused,
Before executable file performs the function that it need to be realized on target terminal 13, whether the operation that need to verify executable file is application
Routine call.Specially:The calling module 53 of application program calls executable file to run its first functional module 55;It can hold
After the receiving module 54 of style of writing part receives the call instruction, the first functional module 55, which obtains, includes allocating time and target terminal
The close string of 13 marks is simultaneously back to calling module 53;After calling module 53 obtains close string, secondary encryption is carried out to close string, and again
Executable file is called to run its first functional module 55 and send the close string after encryption to executable file;First function mould
Block 55 receive return encryption after close string and according to again call obtain include allocating time and target terminal 13 mark it is close
Go here and there, the close string after decryption encryption, whether the allocating time interval in close string of the close string with calling acquisition again after verification decryption
In preset time, target terminal 13 identifies whether unanimously;When the first functional module 55 verification allocating time is spaced in default
When interior, target terminal 13 identifies consistent, confirm that the operation of executable file is legal by application call, the calling.When true
Recognize call it is legal when, the second functional module 56 perform its function.Second functional module 56 operation after the completion of, display run succeeded with
No information or by the feedback of the information to client 12.
Wherein, the characteristic information of client 12 is the information of unique mark local features, and also this feature information can be carried out
Encryption, by the decryption of server end 11 to further confirm that the legitimacy of the application program in client 12.
Wherein, need to be executable by the attribute modification of executable file when target terminal 13 is android system.
Wherein, the second functional module 56 can be used for the Root authority for obtaining target terminal 13.
Wherein, the first functional module 55 verification allocating time interval whether in preset time, target terminal 13 identifies
Whether it is consistent during, when invoked between when being spaced not in preset time, the verification of mark terminates.
Described above, the present embodiment device can verify to the running environment of application program of the present invention, to avoid applying
Program is arbitrarily installed and used;Operation to executable file, which is called, to be verified, to avoid executable file from arbitrarily being plucked out,
Any abuse;By multiple check, to protect application program, it is prevented to be cracked.
Described above is only some embodiments of the present invention, it is noted that for the ordinary skill people of the art
For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should
It is considered as protection scope of the present invention.
Claims (27)
1. a kind of executable file progress control method, it is characterised in that comprise the following steps:
By telecommunication port check bit and confirm the machine legal authorization;
The executable file is pushed in case performing to target terminal by the communication link that the machine maintains;
Call the executable file to produce close string to run its first functional module by the communication link, and be back to and answer
With program, application program carries out secondary encryption to the close string;Application program call the executable file again with run its
One functional module, and close string to the executable file, the first functional module sent after encryption produces close string again;First work(
Close string after the encryption of acquisition is decrypted energy module, and by the close string after decryption compared with caused close string again,
To verify and confirm whether the calling is legal;Wherein, the close string after the first functional module verification encryption produces with calling again
Close string in allocating time be spaced in preset time, when target terminal mark is consistent, confirm it is described call it is legal;
When the first functional module verifies and confirms that the calling is legal, the second functional module operation of the executable file.
2. executable file progress control method according to claim 1, it is characterised in that verify and confirm the machine
The step of legal authorization, it is specially:The request for including local features information is sent, obtains the local features letter in response to the request
Breath is located at the machine legitimate messages in white list.
3. executable file progress control method according to claim 2, it is characterised in that the local features information is
The encryption information of unique mark local features.
4. executable file progress control method according to claim 1, it is characterised in that push the executable file
And be revised as can perform, in case performing.
5. executable file progress control method according to claim 2, it is characterised in that adjusted by the communication link
The step of with the executable file to run its first functional module, specifically include:The executable file is called to run
Its first functional module, the close string for including allocating time and target terminal and identifying that the first functional module returns is obtained, to described
It is close to serially add close, the executable file is called again to run its first functional module and send the close string after encryption to executable
File.
6. executable file progress control method according to claim 5, it is characterised in that first functional module is used
In producing close string, it verifies the close string after encryption and is spaced in preset time with the allocating time in close string caused by calling again
When interior, target terminal identifies consistent, the second functional module operation of the executable file.
7. executable file progress control method according to claim 6, it is characterised in that second functional module is used
In the Root authority for obtaining target terminal.
8. executable file progress control method according to claim 1, it is characterised in that described the machine has and target
Terminal establishes the connectivity port of the communication link.
9. executable file progress control method according to claim 8, it is characterised in that the connectivity port is indigo plant
Tooth, WiFi and/or USB interface.
10. executable file progress control method according to claim 1, it is characterised in that confirm that the machine is legal
The step of mandate, confirms the legal step of the calling, when that can not confirm, terminates and performs each follow-up step.
11. a kind of executable file progress control method, it is characterised in that comprise the following steps:
The order for calling executable file is received by the communication link locally maintained;
According to call instruction, secondary encryption is carried out after obtaining close string caused by calling, receives the life for calling executable file again
Order, obtain and call caused close string again;Close string after caused close string and the close string of secondary encryption are decrypted again described in obtaining
Between the legitimacy result of the calling that verifies and confirm more afterwards;
When verifying and confirming that the calling is legal, the function of executable file is performed;Wherein, caused by calling it is close string with again
When allocating time in close string caused by calling is spaced in preset time, target terminal mark is consistent, confirm that described call is closed
Method.
12. executable file progress control method according to claim 11, it is characterised in that according to call instruction, school
Test and confirm it is described call whether legal step, specifically include:Obtain what is included allocating time and locally identify according to calling
Close string, the close string is sent by the communication link, receive the close string and basis after the encryption of communication link return
Call again and obtain the close string that includes allocating time and locally identify, the close string after decryption encryption, close string after verification decryption and
Call again the allocating time interval in the close string of acquisition whether in preset time, it is local identify whether it is consistent.
13. executable file progress control method according to claim 12, it is characterised in that be spaced not between when invoked
In preset time, the verification locally identified is terminated.
14. executable file progress control method according to claim 13, it is characterised in that perform executable file
After the step of function, the information whether to run succeeded or the information whether to be run succeeded by communication link feedback are shown.
A kind of 15. executable file operating control device, it is characterised in that including:
Correction verification module, for by telecommunication port check bit and confirming the machine legal authorization;
Pushing module, when confirming the machine legal authorization for the correction verification module, by the machine maintain communication link to
Target terminal pushes the executable file in case performing;
Calling module, it is close to run the generation of its first functional module for calling the executable file by the communication link
String, and application program is back to, application program carries out secondary encryption to the close string;Application program calls the executable text again
Part is to run its first functional module, and close string to the executable file, the first functional module sent after encryption is produced again
Raw close string;Close string after the encryption of acquisition is decrypted first functional module, and by the close string after decryption with it is caused again
Close string is compared, to verify and confirm whether the calling is legal;Wherein, the first functional module verification encryption after close string with
When allocating time in close string caused by calling again is spaced in preset time, target terminal mark is consistent, the tune is confirmed
With whether legal;
When the first functional module verifies and confirms that the calling is legal, the second functional module operation of the executable file.
16. executable file operating control device according to claim 15, it is characterised in that the correction verification module is specific
For:
The request for including local features information is sent, the local features information obtained in response to the request is located at the sheet in white list
Machine legitimate messages.
17. executable file operating control device according to claim 16, it is characterised in that the local features information
For the encryption information of unique mark local features.
18. executable file operating control device according to claim 15, it is characterised in that the pushing module enters one
Walk and be used for:
Push the executable file and be revised as can perform, in case performing.
19. executable file operating control device according to claim 16, it is characterised in that the calling module is specific
For:
The executable file is called to run its first functional module, obtain the return of the first functional module includes allocating time
And the close string of target terminal mark, to it is described it is close serially add close, call the executable file again to run its first function mould
Block simultaneously sends the close string after encryption to executable file.
20. executable file operating control device according to claim 19, it is characterised in that first functional module
For producing close string, it verifies the close string after encryption and is spaced in preset time with the allocating time in close string caused by calling again
When interior, target terminal identifies consistent, the second functional module operation of the executable file.
21. executable file operating control device according to claim 20, it is characterised in that second functional module
For obtaining the Root authority of target terminal.
22. executable file operating control device according to claim 15, it is characterised in that described the machine has and mesh
Mark terminal establishes the connectivity port of the communication link.
23. executable file operating control device according to claim 22, it is characterised in that the connectivity port is indigo plant
Tooth, WiFi and/or USB interface.
A kind of 24. executable file operating control device, it is characterised in that including:
Receiving module, the order for calling executable file is received for the communication link by locally maintaining;
First functional module, for according to call instruction, carrying out secondary encryption after obtaining close string caused by calling, reception is adjusted again
With the order of executable file, obtain and call caused close string again;Caused close string and secondary encryption again described in obtaining
The legitimacy result for the calling for verifying and confirming more afterwards between close string after close string decryption;
Second functional module, for when verifying and confirming that the calling is legal, performing the function of executable file;Wherein,
Close string caused by one functional module calling is spaced in preset time with the allocating time in close string caused by calling again, target
When terminal iidentification is consistent, confirm that the calling is legal.
25. executable file operating control device according to claim 24, it is characterised in that first functional module
It is specifically used for:
The close string for obtaining according to calling and including allocating time and locally identifying, the close string is sent by the communication link, connect
Receive the close string after the encryption of communication link return and obtain what is included allocating time and locally identify according to calling again
Close string, the close string after decryption encryption, the allocating time interval in close string of the close string with calling acquisition again after verification decryption are
It is no in preset time, it is local identify whether it is consistent.
26. executable file operating control device according to claim 25, it is characterised in that be spaced not between when invoked
In preset time, the verification locally identified terminates.
27. executable file operating control device according to claim 26, it is characterised in that described device includes:
Feedback module, after the function that executable file is performed for second functional module, show the letter that whether runs succeeded
Breath or the information whether to be run succeeded by communication link feedback.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410751258.5A CN104378388B (en) | 2014-12-09 | 2014-12-09 | Executable file progress control method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410751258.5A CN104378388B (en) | 2014-12-09 | 2014-12-09 | Executable file progress control method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104378388A CN104378388A (en) | 2015-02-25 |
| CN104378388B true CN104378388B (en) | 2018-02-27 |
Family
ID=52557044
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410751258.5A Active CN104378388B (en) | 2014-12-09 | 2014-12-09 | Executable file progress control method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104378388B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106156034A (en) * | 2015-03-26 | 2016-11-23 | 北京畅游天下网络技术有限公司 | The methods of exhibiting of a kind of executable file and device |
| CN107864036A (en) * | 2017-11-20 | 2018-03-30 | 安徽亿联智能有限公司 | A kind of computer with high safety performance reads box critical data recording mode |
| CN108287997B (en) * | 2018-01-10 | 2020-07-31 | 武汉斗鱼网络科技有限公司 | Host environment identification method, device, medium and equipment of target application program |
| CN108270574B (en) * | 2018-02-11 | 2021-02-09 | 浙江中控技术股份有限公司 | Safe loading method and device for white list library file |
| CN110245464B (en) * | 2018-10-10 | 2021-08-27 | 爱信诺征信有限公司 | Method and device for protecting file |
| CN111935061B (en) * | 2019-12-26 | 2021-06-11 | 长扬科技(北京)有限公司 | Industrial control host and network security protection implementation method thereof |
| CN113536242A (en) * | 2021-07-09 | 2021-10-22 | 深圳市元征未来汽车技术有限公司 | Dynamic library calling method and device, terminal equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101542429A (en) * | 2005-06-13 | 2009-09-23 | 高通股份有限公司 | Apparatus and methods for detection and management of unauthorized executable instructions on a wireless device |
| CN103324506A (en) * | 2013-06-24 | 2013-09-25 | 上海天奕达电子科技有限公司 | Method and mobile phone for controlling installation of Android applications |
| CN103544409A (en) * | 2012-07-11 | 2014-01-29 | 腾讯科技(深圳)有限公司 | Method for controlling application program, use equipment and server |
| CN103544434A (en) * | 2013-11-12 | 2014-01-29 | 北京网秦天下科技有限公司 | Method and terminal used for ensuring safe operation of application program |
| CN104111844A (en) * | 2013-04-19 | 2014-10-22 | 腾讯科技(深圳)有限公司 | Method and system for installing application programs into mobile terminals |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040193917A1 (en) * | 2003-03-26 | 2004-09-30 | Drews Paul C | Application programming interface to securely manage different execution environments |
-
2014
- 2014-12-09 CN CN201410751258.5A patent/CN104378388B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101542429A (en) * | 2005-06-13 | 2009-09-23 | 高通股份有限公司 | Apparatus and methods for detection and management of unauthorized executable instructions on a wireless device |
| CN103544409A (en) * | 2012-07-11 | 2014-01-29 | 腾讯科技(深圳)有限公司 | Method for controlling application program, use equipment and server |
| CN104111844A (en) * | 2013-04-19 | 2014-10-22 | 腾讯科技(深圳)有限公司 | Method and system for installing application programs into mobile terminals |
| CN103324506A (en) * | 2013-06-24 | 2013-09-25 | 上海天奕达电子科技有限公司 | Method and mobile phone for controlling installation of Android applications |
| CN103544434A (en) * | 2013-11-12 | 2014-01-29 | 北京网秦天下科技有限公司 | Method and terminal used for ensuring safe operation of application program |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104378388A (en) | 2015-02-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104378388B (en) | Executable file progress control method and device | |
| WO2017197974A1 (en) | Biometric characteristic-based security authentication method, device and electronic equipment | |
| CN102467634B (en) | Software authorization system and method | |
| US20090319793A1 (en) | Portable device for use in establishing trust | |
| CN104063788B (en) | Mobile platform credibility payment system and method | |
| US20190147441A1 (en) | Method and device for providing and obtaining graphic code information, and terminal | |
| US20210092108A1 (en) | Non-custodial tool for building decentralized computer applications | |
| EP3694243A1 (en) | Method and device for network connection authentication | |
| CN109286599A (en) | Data security protection method, smart machine, server and readable storage medium storing program for executing | |
| CN104869099A (en) | Multi-network-account login method and system based on fingerprint account | |
| CN107872447A (en) | Electronic device, server, communication system and communication method | |
| US20150149777A1 (en) | Mobile terminal, terminal and authentication method using security cookie | |
| GB2585170A (en) | Oblivious pseudorandom function in a key management system | |
| EP3206329B1 (en) | Security check method, device, terminal and server | |
| CN112528257A (en) | Security debugging method and device, electronic equipment and storage medium | |
| CN109361508A (en) | Data transmission method, electronic equipment and computer readable storage medium | |
| CN108449315A (en) | Ask calibration equipment, method and the computer readable storage medium of legitimacy | |
| CN109922027A (en) | A kind of trusted identity authentication method, terminal and storage medium | |
| CN102523095A (en) | User digital certificate remote update method with intelligent card protection function | |
| CN104135531B (en) | A kind of upgrade method and device of Web softwares | |
| US11146961B2 (en) | Third party certificate management for native mobile apps and internet of things apps | |
| CN113765655A (en) | Access control method, device, equipment and storage medium | |
| WO2014180431A1 (en) | Network management security authentication method, device and system, and computer storage medium | |
| CN112422500A (en) | Cross-platform data transmission method and device, storage medium and electronic device | |
| CN107508804A (en) | The method, device and mobile terminal of key and certificate in a kind of protection mobile terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee after: Beijing Qizhi Business Consulting Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210622 Address after: 100016 1773, 15 / F, 17 / F, building 3, No.10, Jiuxianqiao Road, Chaoyang District, Beijing Patentee after: Beijing Hongteng Intelligent Technology Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Beijing Qizhi Business Consulting Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100016 1773, 15 / F, 17 / F, building 3, No.10, Jiuxianqiao Road, Chaoyang District, Beijing Patentee after: Sanliu0 Digital Security Technology Group Co.,Ltd. Address before: 100016 1773, 15 / F, 17 / F, building 3, No.10, Jiuxianqiao Road, Chaoyang District, Beijing Patentee before: Beijing Hongteng Intelligent Technology Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder |