CN104881291B - Control method and device of default browser and terminal - Google Patents
Control method and device of default browser and terminal Download PDFInfo
- Publication number
- CN104881291B CN104881291B CN201510300373.5A CN201510300373A CN104881291B CN 104881291 B CN104881291 B CN 104881291B CN 201510300373 A CN201510300373 A CN 201510300373A CN 104881291 B CN104881291 B CN 104881291B
- Authority
- CN
- China
- Prior art keywords
- function
- default browser
- path
- browser
- creation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Stored Programmes (AREA)
Abstract
The invention discloses a control method, a device and a terminal of a default browser, wherein the method comprises the following steps: receiving a process creation request of an application program for calling a browser, and calling a process creation system function of a system according to the request to create a process to be created; intercepting a process creation system function of a system, and acquiring a mapping path loaded by a process to be created by the process creation system function; judging whether the mapping path is the path of a default browser or not; and if not, creating a process handle according to the path of the default browser, creating a process of the default browser according to the process handle, and feeding back the process to the application program so that the application program calls the default browser according to the process. The method creates the system function by calling the process of the system to create the target process, so that kernel codes are executed when the system is called, the whole work is in a kernel state, the permission problem does not exist, the success rate of default browser control is improved, and the system performance is improved.
Description
Technical field
The present invention relates to a kind of field of computer technology more particularly to control method of default browser, device and terminals.
Background technology
It at present, can calling system current default when the network address that user shows in click chat tool on chat tool
Browser opens the network address.But if system current default browser does not possess website safety detection function, work as user
When the network address of opening includes swindle content, the risk of property loss may be brought to user.Therefore, it is necessary to lock one to have
The default browser of website safety detection function opens the network address showed in chat tool class application program, to avoid system
The risk that default browser can be changed and brought.
In correlation technique, as shown in Figure 1, the method for locking default browser is mainly:Pass through in RING3 (User space)
Function CreateProcess creates a target process to run browser " Abrowser.exe ", wherein can pass through DLL
The mode of (Dynamic Link Library, dynamic link library) injection is by the code and data of browser " Abrowser.exe "
It is mapped in the address space of target process;Afterwards, by HOOK, (what is provided in Windows operating system is a kind of replacing
The system mechanism of " interruption " under DOS is translated into " hook " or " hook ") to above-mentioned process creation function Createprocess, it creates
Target process is linked up with running browser " Abrowser.exe " this event;In HOOK process creation functions
In the processing function of Createprocess (i.e. HookCreateProcess), judge browser " Abrowser.exe " whether be
The default browser of locking;If so, browser Abrowser.exe is directly invoked, if it is not, then changing target component as locking
Default browser, that is, the default browser of locking is called, so as to achieve the purpose that lock default browser.
But there are the problem of be:(1) due to be in RING3 (User space) DLL injection by way of it is silent to lock
Browser is recognized, it is possible that can be because Insufficient privilege causes injection to fail;(2) target process can change the interior of oneself process
It deposits, protects oneself not by HOOK, so that whether the browser that cannot be guaranteed target process operation is default browser, so as to
It can cause default browser locking failure.
The content of the invention
The purpose of the present invention is intended to solve one of the technical issues of above-mentioned at least to a certain extent.
For this purpose, first purpose of the present invention is to propose a kind of control method of default browser.This method passes through tune
With the process creation system function of system to create target process so that is performed when execution system is called is kernel code,
So that entire work in kernel state, so there is no rights concerns, improves the success rate of default browser control, carries
High system performance.
Second object of the present invention is to propose a kind of control device of default browser.
Third object of the present invention is to propose a kind of terminal.
To achieve these goals, the control method of the default browser of first aspect present invention embodiment, including:It receives
The creation request for being used to call browser of application program, and created according to the process of the creation request calling system
System function is built to create process to be created;The process creation system function of the system is intercepted, and obtains the process
Create the Image Path that system function process to be created is loaded;Judge whether the Image Path is default browser
Path;If it is determined that Image Path is not the path of the default browser, then created according to the path of the default browser
Process handle;And the process of the default browser is created according to the process handle, and by the progress feedback to described
Application program, so that the application program calls the default browser according to the process.
The control method of the default browser of the embodiment of the present invention, can first receive application program for calling browser
Creation request can be created afterwards according to the process creation system function of creation request calling system with starting
The process built during establishment, can be intercepted and captured by the process creation system function of Hook Function Hook (hook) system
The Image Path that process creation system function process to be created is loaded, and whether the Image Path for judging to load is silent
Recognize the path of browser, if it is not, then a process handle is created according to default browser path, and according to the process handle
The process of default browser is created, and by the progress feedback to application program, so that application program calls acquiescence according to the process
Browser, so as to achieve the purpose that locking acquiescence browsing, due to creating mesh by the process creation system function of calling system
Mark process so that is performed when execution system is called is kernel code, so that entire work is in kernel state, so not
There are rights concerns, and DLL need not be injected target process, reduce the EMS memory occupation to target process, improved and be
System performance.
To achieve these goals, the control device of the default browser of second aspect of the present invention embodiment, including:It receives
Module, for receiving the creation request for being used to call browser of application program;First creation module, for according to
The process creation system function of creation request calling system is to create process to be created;Interception module, for intercepting
The process creation system function of the system;Acquisition module, for obtain the process creation system function it is to be created into
The Image Path that journey is loaded;Judgment module, for judge the Image Path whether be default browser path;Second wound
Block is modeled, for when judging Image Path not for the path of the default browser, according to the path of the default browser
Create process handle;And the 3rd creation module, for creating the process of the default browser according to the process handle, and
By the progress feedback to the application program, so that the application program calls the default browser according to the process.
The control device of the default browser of the embodiment of the present invention can be adjusted by receiving module reception application program
With the creation request of browser, the first creation module is according to the process creation system function of creation request calling system
To start to create process to be created, during establishment, interception module passes through Hook Function Hook (hook) system
To intercept and capture the process creation system function, acquisition module obtains the process creation system function to be created process creation system function
The Image Path that the process built is loaded, judgment module judge loading Image Path whether be default browser path, such as
Fruit is not that then the second creation module creates a process handle according to default browser path, and created according to the process handle
The process of default browser, and by the progress feedback to application program, so that application program calls acquiescence browsing according to the process
Device, so as to achieve the purpose that locking acquiescence browsing, due to by the process creation system function of calling system with create target into
Journey so that is performed when execution system is called is kernel code, so that entire work is in kernel state, so being not present
Rights concerns, and DLL need not be injected target process, reduce the EMS memory occupation to target process, improve systematicness
Energy.
To achieve these goals, the terminal of third aspect present invention embodiment, including:Housing, processor, memory,
Circuit board and power circuit, wherein, the circuit board is placed in the interior volume that the housing surrounds, the processor and described
Memory is arranged on the circuit board;The power circuit, for powering for each circuit or device of the terminal;It is described
Memory is used to store executable program code;The processor is by reading the executable program generation stored in the memory
Code runs program corresponding with the executable program code, for performing following steps:Receive being used for for application program
Call the creation request of browser, and according to the process creation system function of the creation request calling system to create
Build process to be created;The process creation system function of the system is intercepted, and obtains the process creation system function institute
The Image Path that the process to be created is loaded;Judge the Image Path whether be default browser path;If it is determined that
Image Path is not the path of the default browser, then creates process handle according to the path of the default browser;And
The process of the default browser is created according to the process handle, and by the progress feedback to the application program, so that
The application program calls the default browser according to the process.
The terminal of the embodiment of the present invention can first receive the creation request for being used to call browser of application program, it
It can created afterwards according to the process creation system function of creation request calling system to start to create process to be created
During, can the process creation system letter be intercepted and captured by the process creation system function of Hook Function Hook (hook) system
The Image Path that number processes to be created are loaded, and judge loading Image Path whether be default browser path,
If it is not, then creating a process handle according to default browser path, and default browser is created according to the process handle
Process, and by the progress feedback to application program, so that application program calls default browser according to the process, so as to reach
The purpose of locking acquiescence browsing, due to creating target process by the process creation system function of calling system so that holding
What row system performed when calling is kernel code, so that entire work is in kernel state, so there is no rights concerns, and
And DLL need not be injected target process, reduce the EMS memory occupation to target process, improve system performance.
The additional aspect of the present invention and advantage will be set forth in part in the description, and will partly become from the following description
It obtains substantially or is recognized by the practice of the present invention.
Description of the drawings
Above-mentioned and/or additional aspect and advantage of the invention will become from the following description of the accompanying drawings of embodiments
Substantially and it is readily appreciated that, wherein,
Fig. 1 is the flow chart of the method for locking default browser of the prior art;
Fig. 2 is the flow chart of the control method of default browser according to an embodiment of the invention;
Fig. 3 is the structure diagram of the control device of default browser according to an embodiment of the invention;
Fig. 4 is the structure diagram of the control device of default browser in accordance with another embodiment of the present invention.
Specific embodiment
The embodiment of the present invention is described below in detail, the example of the embodiment is shown in the drawings, wherein from beginning to end
Same or similar label represents same or similar element or has the function of same or like element.Below with reference to attached
The embodiment of figure description is exemplary, it is intended to for explaining the present invention, and is not considered as limiting the invention.
Below with reference to the accompanying drawings control method, device and the terminal of default browser according to embodiments of the present invention are described.
Fig. 2 is the flow chart of the control method of default browser according to an embodiment of the invention.It should be noted that
In an embodiment of the present invention, default browser can be regarded as the default browser of user's locking, i.e., in the application
Network address is opened using the default browser of the locking.
As shown in Fig. 2, the control method of the default browser can include:
S201 receives the creation request for being used to call browser of application program, and according to creation request tune
With the process creation system function of system to create process to be created.
For example, by taking application program is certain chat tool as an example, when user is beaten in certain chat tool by clicking on
Open the network address " http of its displaying:During //www.xxx.com ", certain chat tool can be with " http://www.xxx.com " is as ginseng
Number to send creation request to system.When the process creation for being used to call browser for receiving the transmission of certain chat tool please
After asking, can start to create according to the process creation system function of the creation request calling system it is to be created into
Journey.
S202, the process creation system function of intercepting system, and obtain process creation system function process to be created
The Image Path loaded.
For example, it is assumed that default browser lockBrowser.exe, current browser Abrowser.exe,
In specific embodiment, when the process creation system function of system starts establishment process, Hook Function intercepting system can be first passed through
Process creation system function, wherein, in an embodiment of the present invention, Hook Function can be used for when executed obtain image letter
Number, and current browser Abrowser.exe files and its file handle hFile can be obtained, it afterwards can be by this document handle
HFile is passed to NtCreateSection (... hFile) with loading procedure image.Then, it is performed in Hook Function, hook
Function can obtain the corresponding Image Path of this document handle from parameter hFile.
S203, judge Image Path whether be default browser path.
For example, the path that ObReferenceObjectByHandle functions obtain default browser can be first passed through, afterwards,
It can be by the above-mentioned Image Path got compared with the path of default browser, to judge whether the path of the two is consistent.
S204 if it is determined that Image Path is not the path of default browser, is then created according to the path of default browser
Process handle, and the process of default browser is created and by progress feedback to application program according to process handle, so that using
Program calls default browser according to process.
Specifically, when Image Path not be default browser path when, it is necessary to redirect.For example, acquiescence can be browsed
Default browser is opened using NtCreateFile (path of default browser) functions in the path of device as parameter
LockBrowser.exe files obtain corresponding file handle hNewFile, afterwards, can using file handle hNewFile as
Parameter, call function RealNtCreateSection (hNewFile), to obtain process handle hNewSection.Finally, may be used
The process of default browser lockBrowser.exe is created according to process handle hNewSection, and the progress feedback is arrived
Application program, application program call default browser lockBrowser.exe according to the process.Thus, it is possible to it is silent to reach locking
Recognize the purpose of browser lockBrowser.exe, and cause user that the acquiescence of locking can be used when application program opens network address
Browser, the risk for avoiding system browser that from may being changed, improves security.
S205 if it is determined that Image Path is the path of default browser, then directly creates the process of default browser, with
Make application call default browser.
Specifically, when judging Image Path for the path of default browser, can directly be created according to the Image Path silent
The process of browser is recognized, so that application program calls default browser according to the process.
Further, in one embodiment of the invention, before the process creation system function of intercepting system, this is silent
The control method for recognizing browser may also include:By SSDT, (System Services Descriptor Table, system service are retouched
State symbol table) in call function address be revised as the address of Hook Function so that the process creation system function of system create into
Hook Function is performed during journey.
Specifically, in an embodiment of the present invention, SSDT can be first obtained, and obtains process creation system function in SSDT
In function address call number.It afterwards, can be according to function address call number of the process creation system function in SSDT, by SSDT
In call function address be revised as the address of Hook Function, and former call function address is preserved, so that the process creation of system
System function performs Hook Function in the process of establishment, that is, completes HOOK.
Wherein, in an embodiment of the present invention, function address call number of the process creation system function in SSDT is obtained
Specific implementation process may include:System process query function (such as ZwQuerySystemInformation) acquisition can be first passed through
Plot in the management of process storehouse of system.Afterwards, the derived table of plot can according to transplantable execution body PE file structures, be obtained
Address.It then, can be according to derived table and process creation system function with obtaining function of the process creation system function in SSDT
Location call number.For example, the derived table can be enumerated, and enumeration result and process creation system function are compared to obtain process
Create function address call number of the system function in SSDT.
The control method of the default browser of the embodiment of the present invention, can first receive application program for calling browser
Creation request can be created afterwards according to the process creation system function of creation request calling system with starting
The process built during establishment, can be intercepted and captured by the process creation system function of Hook Function Hook (hook) system
The Image Path that process creation system function process to be created is loaded, and whether the Image Path for judging to load is silent
Recognize the path of browser, if it is not, then a process handle is created according to default browser path, and according to the process handle
The process of default browser is created, and by the progress feedback to application program, so that application program calls acquiescence according to the process
Browser, so as to achieve the purpose that locking acquiescence browsing, due to creating mesh by the process creation system function of calling system
Mark process so that is performed when execution system is called is kernel code, so that entire work is in kernel state, so not
The code in default browser path and data are injected into there are rights concerns, and since DLL injection modes need not be passed through
In target process, therefore reduce the EMS memory occupation to target process, improve system performance.
In addition, the invention also provides a kind of control devices of default browser.
Fig. 3 is the structure diagram of the control device of default browser according to an embodiment of the invention.It needs to illustrate
, in an embodiment of the present invention, default browser can be regarded as the default browser of user's locking, that is, be directed to using journey
In sequence network address is opened using the default browser of the locking.
As shown in figure 3, the control device of the default browser can include:Receiving module 10, the first creation module 20 are cut
Modulus block 30, acquisition module 40, judgment module 50, the second creation module 60 and the 3rd creation module 70.
Specifically, receiving module 10 can be used for the creation request for being used to call browser for receiving application program.The
One creation module 20 can be used for the process creation system function according to creation request calling system to be created to create
Process.For example, by taking application program is certain chat tool as an example, when user opens it in certain chat tool by clicking on
Network address " the http of displaying:During //www.xxx.com ", certain chat tool can be with " http://www.xxx.com " as a parameter to
Creation request is sent to system.When receiving module 10 receives the process for being used to call browser of certain chat tool transmission
After request to create, the first creation module 20 can be opened according to the process creation system function of the creation request calling system
File process to be created.
Interception module 30 can be used for the process creation system function of intercepting system.Acquisition module 40 is created available for acquisition process
Build the Image Path that system function process to be created is loaded.
For example, it is assumed that default browser lockBrowser.exe, current browser Abrowser.exe,
When the process creation system function of system starts establishment process, interception module 30 can be created by the process of Hook Function intercepting system
System function is built, wherein, in an embodiment of the present invention, Hook Function can be used for obtaining image function when executed.It obtains
Module 40 can obtain current browser Abrowser.exe files and its file handle hFile, afterwards can be by this document handle
HFile is passed to NtCreateSection (... hFile) with loading procedure image.Then, it is performed in Hook Function, hook
Function can obtain the corresponding Image Path of this document handle from parameter hFile.
Judgment module 50 can be used for judge Image Path whether be default browser path.For example, judgment module 50 can
The path that ObReferenceObjectByHandle functions obtain default browser is first passed through, afterwards, can be got above-mentioned
Image Path is compared with the path of default browser, to judge whether the path of the two is consistent.
Second creation module 60 can be used for when judging Image Path not for the path of default browser, be browsed according to acquiescence
The path of device creates process handle.3rd creation module 70 can be used for the process that default browser is created according to process handle, and
By progress feedback to application program, so that application program calls default browser according to process.More specifically, work as Image Path not
For default browser path when, it is necessary to redirect.For example, the second creation module 60 can be using the path of default browser as ginseng
Number, default browser lockBrowser.exe files are opened using NtCreateFile (path of default browser) functions,
Corresponding file handle hNewFile is obtained, it afterwards, can be using file handle hNewFile as parameter, call function
RealNtCreateSection (hNewFile), to obtain process handle hNewSection.3rd creation module 70 can basis
Process handle hNewSection creates the process of default browser lockBrowser.exe, and by the progress feedback to application
Program, application program call default browser lockBrowser.exe according to the process.Thus, it is possible to it is clear to reach locking acquiescence
It lookes at the purpose of device lockBrowser.exe, and user is caused when application program opens network address the acquiescence of locking to can be used to browse
Device, the risk for avoiding system browser that from may being changed, improves security.
Further, in one embodiment of the invention, as shown in figure 4, the control device of the default browser may be used also
Including modified module 80.Modified module 80 can be used for before the process creation system function of 30 intercepting system of interception module, will
The address of Hook Function is revised as in call function address in SSDT, so that the process creation system function of system is in the process of establishment
Perform Hook Function.
Specifically, in an embodiment of the present invention, as shown in figure 4, the modified module 80 may include 81 He of acquiring unit
Change unit 82.Acquiring unit 81 can be used for obtaining SSDT, and obtain function address of the process creation system function in SSDT
Call number.Unit 82 is changed available for the function address call number according to process creation system function in SSDT, it will be in SSDT
Call function address be revised as the address of Hook Function, and former call function address is preserved, so that the process creation system of system
System function performs Hook Function in the process of establishment, that is, completes HOOK.
Wherein, in an embodiment of the present invention, acquiring unit 81 obtains function of the process creation system function in SSDT
The specific implementation process of allocation index number can be as follows:System process query function can be first passed through (such as
ZwQuerySystemInformation the plot in the management of process storehouse of system) is obtained;It afterwards, can be according to transplantable execution
Body PE file structures obtain the export table address of plot;Then, process wound is obtained according to derived table and process creation system function
Build function address call number of the system function in SSDT.For example, the derived table can be enumerated, and by enumeration result and process creation
System function is compared to obtain function address call number of the process creation system function in SSDT.
Further, in one embodiment of the invention, the 3rd creation module 70 can also be used to judge Image Path
For default browser path when, directly create default browser process so that application call default browser.More
Body, the 3rd creation module 70 can directly basis be somebody's turn to do when judgment module 50 judges Image Path for the path of default browser
Image Path creates the process of default browser, so that application program calls default browser according to the process.
The control device of the default browser of the embodiment of the present invention can be adjusted by receiving module reception application program
With the creation request of browser, the first creation module is according to the process creation system function of creation request calling system
To start to create process to be created, during establishment, interception module passes through Hook Function Hook (hook) system
To intercept and capture the process creation system function, acquisition module obtains the process creation system function to be created process creation system function
The Image Path that the process built is loaded, judgment module judge loading Image Path whether be default browser path, such as
Fruit is not that then the second creation module creates a process handle according to default browser path, and created according to the process handle
The process of default browser, and by the progress feedback to application program, so that application program calls acquiescence browsing according to the process
Device, so as to achieve the purpose that locking acquiescence browsing, due to by the process creation system function of calling system with create target into
Journey so that is performed when execution system is called is kernel code, so that entire work is in kernel state, so being not present
Rights concerns, and DLL need not be injected target process, reduce the EMS memory occupation to target process, improve systematicness
Energy.
In addition, the invention also provides a kind of terminal, it is necessary to which explanation, in an embodiment of the present invention, terminal can manage
Solution is PC (Personal Computer, personal computer) ends.The terminal may include:Housing, processor, memory, circuit board
And power circuit, wherein, circuit board is placed in the interior volume that housing surrounds, and processor and memory are set on circuit boards;
Power circuit, for powering for each circuit or device of terminal;Memory is used to store executable program code;Processor leads to
It crosses and reads in memory the executable program code that stores to run program corresponding with executable program code, for performing
Following steps:
S101 ' receives the creation request for being used to call browser of application program, and according to creation request tune
With the process creation system function of system to create process to be created.
S102 ', the process creation system function of intercepting system, and obtain process creation system function process to be created
The Image Path loaded.
S103 ', judge Image Path whether be default browser path.
S104 ' if it is determined that Image Path is not the path of default browser, is then created according to the path of default browser
Process handle.
S105 ' creates the process of default browser according to process handle, and by progress feedback to application program, so that should
Default browser is called according to process with program.
The terminal of the embodiment of the present invention can first receive the creation request for being used to call browser of application program, it
It can created afterwards according to the process creation system function of creation request calling system to start to create process to be created
During, can the process creation system letter be intercepted and captured by the process creation system function of Hook Function Hook (hook) system
The Image Path that number processes to be created are loaded, and judge loading Image Path whether be default browser path,
If it is not, then creating a process handle according to default browser path, and default browser is created according to the process handle
Process, and by the progress feedback to application program, so that application program calls default browser according to the process, so as to reach
The purpose of locking acquiescence browsing, due to creating target process by the process creation system function of calling system so that holding
What row system performed when calling is kernel code, so that entire work is in kernel state, so there is no rights concerns, and
And DLL need not be injected target process, reduce the EMS memory occupation to target process, improve system performance.
In the description of the present invention, it is to be understood that term " first ", " second " are only used for description purpose, and cannot
It is interpreted as indicating or implies relative importance or imply the quantity of the technical characteristic indicated by indicating.Define as a result, " the
One ", at least one this feature can be expressed or be implicitly included to the feature of " second ".In the description of the present invention, " multiple "
It is meant that at least two, such as two, three etc., unless otherwise specifically defined.
Any process described otherwise above or method description are construed as in flow chart or herein, represent to include
Module, segment or the portion of the code of the executable instruction of one or more the step of being used to implement specific logical function or process
Point, and the scope of the preferred embodiment of the present invention includes other realization, wherein can not press shown or discuss suitable
Sequence, including according to involved function by it is basic simultaneously in the way of or in the opposite order, carry out perform function, this should be of the invention
Embodiment person of ordinary skill in the field understood.
Expression or logic and/or step described otherwise above herein in flow charts, for example, being considered use
In the order list for the executable instruction for realizing logic function, may be embodied in any computer-readable medium, for
Instruction execution system, device or equipment (such as computer based system, including the system of processor or other can be held from instruction
Row system, device or equipment instruction fetch and the system executed instruction) it uses or combines these instruction execution systems, device or set
It is standby and use.For the purpose of this specification, " computer-readable medium " can any can be included, store, communicate, propagate or pass
Defeated program is for instruction execution system, device or equipment or the dress used with reference to these instruction execution systems, device or equipment
It puts.The more specific example (non-exhaustive list) of computer-readable medium includes following:Electricity with one or more wiring
Connecting portion (electronic device), portable computer diskette box (magnetic device), random access memory (RAM), read-only memory
(ROM), erasable edit read-only storage (EPROM or flash memory), fiber device and portable optic disk is read-only deposits
Reservoir (CDROM).In addition, computer-readable medium can even is that the paper that can print described program on it or other are suitable
Medium, because can be for example by carrying out optical scanner to paper or other media, then into edlin, interpretation or if necessary with it
His suitable method is handled electronically to obtain described program, is then stored in computer storage.
It should be appreciated that each several part of the present invention can be realized with hardware, software, firmware or combination thereof.Above-mentioned
In embodiment, software that multiple steps or method can in memory and by suitable instruction execution system be performed with storage
Or firmware is realized.If for example, with hardware come realize in another embodiment, can be under well known in the art
Any one of row technology or their combination are realized:With for the logic gates to data-signal realization logic function
Discrete logic, have suitable combinational logic gate circuit application-specific integrated circuit, programmable gate array (PGA), scene
Programmable gate array (FPGA) etc..
Those skilled in the art are appreciated that realize all or part of step that above-described embodiment method carries
Suddenly it is that relevant hardware can be instructed to complete by program, the program can be stored in a kind of computer-readable storage medium
In matter, the program upon execution, one or a combination set of the step of including embodiment of the method.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing module, it can also
That unit is individually physically present, can also two or more units be integrated in a module.Above-mentioned integrated mould
The form that hardware had both may be employed in block is realized, can also be realized in the form of software function module.The integrated module is such as
Fruit is realized in the form of software function module and is independent production marketing or in use, can also be stored in a computer
In read/write memory medium.
Storage medium mentioned above can be read-only memory, disk or CD etc..
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show
The description of example " or " some examples " etc. means specific features, structure, material or the spy for combining the embodiment or example description
Point is contained at least one embodiment of the present invention or example.In the present specification, schematic expression of the above terms is not
It must be directed to identical embodiment or example.Moreover, particular features, structures, materials, or characteristics described can be in office
It is combined in an appropriate manner in one or more embodiments or example.In addition, without conflicting with each other, the skill of this field
Art personnel can tie the different embodiments described in this specification or example and different embodiments or exemplary feature
It closes and combines.
Although the embodiment of the present invention has been shown and described above, it is to be understood that above-described embodiment is example
Property, it is impossible to limitation of the present invention is interpreted as, those of ordinary skill in the art within the scope of the invention can be to above-mentioned
Embodiment is changed, changes, replacing and modification.
Claims (11)
1. a kind of control method of default browser, which is characterized in that comprise the following steps:
The creation request for being used to call browser of application program is received, and according to the creation request calling system
Process creation system function to create process to be created;
The process creation system function of the system is intercepted, and obtains process creation system function process institute to be created
The Image Path of loading;
Judge the Image Path whether be default browser path;
If it is determined that Image Path be the default browser path, then according to the path of the default browser create into
Journey handle;
Create the process of the default browser according to the process handle, and by the progress feedback to the application program,
So that the application program calls the default browser according to the process;
If it is determined that Image Path is the path of the default browser, then the process of the default browser is directly created, with
Make default browser described in the application call.
2. the control method of default browser as described in claim 1, which is characterized in that the process of the interception system
System function is created, is specifically included:
The process creation system function of the system is intercepted by Hook Function, wherein, the Hook Function is used to be performed
When obtain the Image Path.
3. the control method of default browser as claimed in claim 2, which is characterized in that the interception system into
Before journey creates system function, the control method further includes:
Call function address in system service descriptor table SSDT is revised as to the address of the Hook Function, so that the system
Process creation system function perform the Hook Function in the process of establishment.
4. the control method of default browser as claimed in claim 3, which is characterized in that described by system service descriptor table
The address of the Hook Function is revised as in call function address in SSDT, specifically includes:
The system service descriptor table SSDT is obtained, and obtains the process creation system function and is described in the system service
Accord with the function address call number in table SSDT;
According to function address call number of the process creation system function in the system service descriptor table SSDT, by institute
State the address that the Hook Function is revised as in the call function address in system service descriptor table SSDT.
5. the control method of default browser as claimed in claim 4, which is characterized in that the acquisition process creation system letter
Function address call number of the number in the system service descriptor table SSDT specifically includes:
The plot in the management of process storehouse of the system is obtained by system process query function;
According to the transplantable export table address for performing body PE file structures, obtaining the plot;
The process creation system function is obtained according to the derived table and the process creation system function to take in the system
The function address call number being engaged in descriptor table SSDT.
6. a kind of control device of default browser, which is characterized in that including:
Receiving module, for receiving the creation request for being used to call browser of application program;
First creation module, for being wanted according to the process creation system function of the creation request calling system with creating
The process of establishment;
Interception module, for intercepting the process creation system function of the system;
Acquisition module, for obtaining the Image Path that process creation system function process to be created is loaded;
Judgment module, for judge the Image Path whether be default browser path;
Second creation module, it is clear according to the acquiescence for when judging Image Path not for the path of the default browser
Look at device path create process handle;
3rd creation module, for creating the process of the default browser according to the process handle, and the process is anti-
The application program is fed to, so that the application program calls the default browser according to the process;
3rd creation module is additionally operable to when judging Image Path for the path of the default browser, directly described in establishment
The process of default browser, so that default browser described in the application call.
7. the control device of default browser as claimed in claim 6, which is characterized in that the interception module is specifically used for:
The process creation system function of the system is intercepted by Hook Function, wherein, the Hook Function is used to be performed
When obtain the Image Path.
8. the control device of default browser as claimed in claim 7, which is characterized in that further include:
Modified module, for before the process creation system function of the interception system, by system service descriptor table
The address of the Hook Function is revised as in call function address in SSDT, so that the process creation system function of the system is being created
The Hook Function is performed when building process.
9. the control device of default browser as claimed in claim 8, which is characterized in that the modified module includes:
Acquiring unit for obtaining the system service descriptor table SSDT, and obtains the process creation system function in institute
State the function address call number in system service descriptor table SSDT;
Unit is changed, for the function according to the process creation system function in the system service descriptor table SSDT
The address of the Hook Function is revised as in call function address in the system service descriptor table SSDT by location call number.
10. the control device of default browser as claimed in claim 9, which is characterized in that the acquiring unit is specifically used for:
The plot in the management of process storehouse of the system is obtained by system process query function;
According to the transplantable export table address for performing body PE file structures, obtaining the plot;
The process creation system function is obtained according to the derived table and the process creation system function to take in the system
The function address call number being engaged in descriptor table SSDT.
11. a kind of terminal, which is characterized in that including:Housing, processor, memory, circuit board and power circuit, wherein, it is described
Circuit board is placed in the interior volume that the housing surrounds, and the processor and the memory are arranged on the circuit board;
The power circuit, for powering for each circuit or device of the terminal;The memory is used to store executable program
Code;The processor is run and the executable program by reading the executable program code stored in the memory
The corresponding program of code, for performing following steps:
The creation request for being used to call browser of application program is received, and according to the creation request calling system
Process creation system function to create process to be created;
The process creation system function of the system is intercepted, and obtains process creation system function process institute to be created
The Image Path of loading;
Judge the Image Path whether be default browser path;
If it is determined that Image Path be the default browser path, then according to the path of the default browser create into
Journey handle;
Create the process of the default browser according to the process handle, and by the progress feedback to the application program,
So that the application program calls the default browser according to the process;
If it is determined that Image Path is the path of the default browser, then the process of the default browser is directly created, with
Make default browser described in the application call.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510300373.5A CN104881291B (en) | 2015-06-03 | 2015-06-03 | Control method and device of default browser and terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510300373.5A CN104881291B (en) | 2015-06-03 | 2015-06-03 | Control method and device of default browser and terminal |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104881291A CN104881291A (en) | 2015-09-02 |
CN104881291B true CN104881291B (en) | 2018-05-25 |
Family
ID=53948798
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510300373.5A Active CN104881291B (en) | 2015-06-03 | 2015-06-03 | Control method and device of default browser and terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104881291B (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3332321B1 (en) | 2015-09-24 | 2023-06-07 | Hewlett Packard Enterprise Development LP | Process and thread launch features |
CN106897618A (en) * | 2015-12-21 | 2017-06-27 | 珠海市君天电子科技有限公司 | Webpage access method and device |
CN106020880B (en) * | 2016-05-17 | 2019-05-07 | 珠海豹趣科技有限公司 | A kind of browser starting method, apparatus and electronic equipment |
CN107766351B (en) * | 2016-08-16 | 2020-12-25 | 腾讯科技(深圳)有限公司 | File directory identification method and device |
CN106557688A (en) * | 2016-11-17 | 2017-04-05 | 广东欧珀移动通信有限公司 | The method and device of management default application |
CN107103099B (en) * | 2017-05-26 | 2021-03-16 | 北京金山安全管理系统技术有限公司 | Browser homepage returning method and device |
CN107729132B (en) * | 2017-10-09 | 2019-10-25 | 武汉斗鱼网络科技有限公司 | A kind of video decoding process guard method and device |
CN107566843B (en) * | 2017-10-09 | 2019-07-09 | 武汉斗鱼网络科技有限公司 | A kind of video decoding process guard method and device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101901313A (en) * | 2010-06-10 | 2010-12-01 | 中科方德软件有限公司 | Linux file protection system and method |
CN102194079A (en) * | 2011-03-18 | 2011-09-21 | 北京思创银联科技股份有限公司 | File access filtering method |
CN102542182A (en) * | 2010-12-15 | 2012-07-04 | 苏州凌霄科技有限公司 | Device and method for controlling mandatory access based on Windows platform |
CN103617395A (en) * | 2013-12-06 | 2014-03-05 | 北京奇虎科技有限公司 | Method, device and system for intercepting advertisement programs based on cloud security |
-
2015
- 2015-06-03 CN CN201510300373.5A patent/CN104881291B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101901313A (en) * | 2010-06-10 | 2010-12-01 | 中科方德软件有限公司 | Linux file protection system and method |
CN102542182A (en) * | 2010-12-15 | 2012-07-04 | 苏州凌霄科技有限公司 | Device and method for controlling mandatory access based on Windows platform |
CN102194079A (en) * | 2011-03-18 | 2011-09-21 | 北京思创银联科技股份有限公司 | File access filtering method |
CN103617395A (en) * | 2013-12-06 | 2014-03-05 | 北京奇虎科技有限公司 | Method, device and system for intercepting advertisement programs based on cloud security |
Also Published As
Publication number | Publication date |
---|---|
CN104881291A (en) | 2015-09-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104881291B (en) | Control method and device of default browser and terminal | |
CN1933647B (en) | Apparatus and method for controlling access to an external memory | |
CN108228305A (en) | Display methods, device, storage medium and the electronic equipment of five application page | |
US20080148298A1 (en) | System and Methods for Providing Granular Security for Locally Running Scripted Environments and Web Applications | |
CN108549568A (en) | Using entrance processing method, apparatus, storage medium and electronic equipment | |
CN107357489A (en) | A kind of synchronous method for browsing information, terminal and server | |
CN103514395A (en) | Plug-in right control method and system | |
CN106203141A (en) | The data processing method of a kind of application and device | |
CN107800611A (en) | The method and page layout switch device of a kind of page layout switch | |
CN108334404A (en) | The operation method and device of application program | |
CN106648316A (en) | Unlocking method and terminal | |
CN109684027A (en) | The method and apparatus of dynamically track Java Virtual Machine operation | |
CN104123165B (en) | Application program unloading method and device and mobile terminal | |
CN105095758A (en) | Processing method and device for lock-screen application program and mobile terminal | |
CN106169048B (en) | File delet method, device and electronic equipment | |
CN108171063A (en) | Method, terminal and the computer readable storage medium of access safety element | |
CN106325710B (en) | Control method, device and the mobile terminal of mobile terminal | |
CN107943921A (en) | Page sharing information generation method, device, computer equipment and storage medium | |
CN111880952A (en) | Application program jumping method and device, electronic equipment and storage medium | |
CN111639339A (en) | Process monitoring method and device, electronic equipment and storage medium | |
CN112015496A (en) | Interface calling method and device, computer equipment and storage medium | |
CN100576225C (en) | External memory storage management devices and external memory storage management method | |
CN110275701A (en) | Data processing method, device, medium and calculating equipment | |
CN105631318B (en) | A kind of acquisition methods and device of registration table key assignments | |
CN115454541A (en) | Macro code acquisition method and device, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
EXSB | Decision made by sipo to initiate substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20181205 Address after: 519030 Room 105-53811, No. 6 Baohua Road, Hengqin New District, Zhuhai City, Guangdong Province Patentee after: Zhuhai Leopard Technology Co.,Ltd. Address before: 100085 East District, Second Floor, 33 Xiaoying West Road, Haidian District, Beijing Patentee before: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd. |
|
TR01 | Transfer of patent right |