CN104881610B - A kind of defence method for virtual table hijack attack - Google Patents

A kind of defence method for virtual table hijack attack Download PDF

Info

Publication number
CN104881610B
CN104881610B CN201510333581.5A CN201510333581A CN104881610B CN 104881610 B CN104881610 B CN 104881610B CN 201510333581 A CN201510333581 A CN 201510333581A CN 104881610 B CN104881610 B CN 104881610B
Authority
CN
China
Prior art keywords
virtual
function
virtual table
pointer
effective
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510333581.5A
Other languages
Chinese (zh)
Other versions
CN104881610A (en
Inventor
胡昌振
王勇
闫海林
冉宇辰
杨亚峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Technology BIT
Original Assignee
Beijing Institute of Technology BIT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Technology BIT filed Critical Beijing Institute of Technology BIT
Priority to CN201510333581.5A priority Critical patent/CN104881610B/en
Publication of CN104881610A publication Critical patent/CN104881610A/en
Application granted granted Critical
Publication of CN104881610B publication Critical patent/CN104881610B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a kind of defence method for virtual table hijack attack, and it includes:Build effective virtual table set and effective Virtual Function set;Determine to need the Virtual Function in protected object and object in executable program, analysis obtains the call address for reading address and Virtual Function of Virtual Function data;Backup call back function is inserted in the running of executable program at the reading address of Virtual Function data, check callback function is inserted at the call address of Virtual Function;The virtual table of virtual table pointer and its sensing is backed up;Verified according to the virtual table of the virtual table pointer of backup and its sensing, and according to check results carry out Virtual Function execution whether.The present invention is based on binary rewrite technology, it is not necessary to which source code can complete deployment;And can be effectively in guard process important object, do not influenceed by virtual table hijack attack;And the overhead that is brought of the present invention is also within tolerance interval.

Description

A kind of defence method for virtual table hijack attack
Technical field
The invention belongs to effective defense technique field that application program internal memory destroys leak, more particularly to one kind is for empty letter The defence method of number table hijack attack.
Background technology
Internal memory destruction leak (memory corruption bugs) is widely present in using low-level languages such as C/C++ Program in, after stack overflow, heap overflow, release reuse etc. leak belong to internal memory destruction leak.Attacker utilizes such leak, Data, code, reprogramming behavior or even the controlling stream for kidnapping program in application program internal memory can be controlled.
There are following two processing modes in the prior art:
VTGuard:VTGuard is a virtual table protection technique being deployed in IE browser.Its basic thought is: The cookie of a secret is inserted in each virtual table, and is checked when Virtual Function is called, in current table Whether cookie is consistent with corresponding cookie, can forbid this time calling if inconsistent.The program can effectively reduce void Function table replay attack, but it is invalid to virtual table destruction and virtual table injection attacks.
SafeDispatch:SafeDispatch is the virtual table hijack attack defense schemes based on compiler, and it is first First the class relation to whole program is analyzed, and is inferred in program effective virtual table set and Virtual Function set;Then Safety check is carried out when Virtual Function is called, current Virtual Function and virtual table are checked whether in efficient set, if not existing Then forbid this time calling.For the inspection of Virtual Function, 7% overhead will be brought;For the inspection of virtual table, it will bring 30% overhead, and it is invalid to virtual table destruction attack.
DieHard:DieHard provide customized memory allocator, carry out Memory Allocation when realize randomization and Isolation.The technical scheme is effective to virtual table hijack attack to a certain extent, but exists uncertain.
But in such scheme, there is following defect:Validity:The equal nothing of VTGuard, SafeDispatch, DIeHard Method ensures effectively to protect all types of virtual table hijack attacks;Binary compatible:VTGuard、 SafeDispatch and DieHard not binary compatible, that is, need source code.And protection of goal program is obtained in practice Source code be extremely difficult;Overhead:The overhead (7% and 30%) that SafeDispatch is brought makes it difficult to should For in practice.
The content of the invention
To solve the above problems, the present invention provides a kind of defence method for virtual table hijack attack.Base of the present invention In binary rewrite technology, it is not necessary to which source code can complete deployment;And can be effectively in guard process important object, not by void The influence of function table hijack attack;And the overhead that is brought of the present invention is also within tolerance interval.
The defence method for virtual table hijack attack of the present invention, it includes:
Step 1: building effective virtual table set and effective Virtual Function set;Effective virtual table set is used to store Virtual table pointer, virtual table pointer points to virtual table;Effective Virtual Function set is used to store virtual table, virtual table For storing Virtual Function pointer, Virtual Function pointer points to Virtual Function;
Step 2: determine in executable program may by virtual table hijack attack, need protected object and right Virtual Function as in, analysis obtains the call address for reading address and Virtual Function of Virtual Function data;Wherein, Virtual Function packet Include:Virtual table pointer and virtual table;The different Virtual Function data of same object use identical reading address, and Virtual Function Virtual table pointer and virtual table in data use identical reading address;
Step 3: in the running of executable program, mode is inserted using binary, in Virtual Function data Read and backup call back function is inserted at address, check callback function is inserted at the call address of Virtual Function;
Step 4: when the corresponding backup call back function of the Virtual Function data that executable program goes to some object X, In the backup call back function, the virtual table of object X virtual table pointer and its sensing is backed up, wherein virtual table Pointer backup is into effective virtual table set, and virtual table is backuped in effective Virtual Function set;
Step 5: when executable program goes to the corresponding check callback function of some Virtual Function, letter is adjusted back in verification In number, whether the virtual table pointer Y of the virtual table where the called Virtual Function of inspection is in effective virtual table set;
If virtual table pointer Y is not in effective virtual table set, verification failure, refusal call Virtual Function, exist side by side Terminate the executable program;
If virtual table pointer Y is in effective virtual table set, according to effective virtual table set of backup and have Virtual Function set is imitated, the virtual table Z of virtual table pointer Y sensings is found;Judge called Virtual Function pointer whether in void In function table Z, if being verified if successfully, operation executable program calls Virtual Function, and otherwise verification failure, refusal call empty letter Number, and terminate the executable program.
Further, the access attribute of the page where Backup Data is revised as after being backed up in step 4 read-only.
Beneficial effect:
The present invention inserts code in object-instantiated to virtual table pointer and Virtual Function by binary system Program instrumentation Table is backed up;When the Virtual Function of object is called, according to current virtual table pointer and Virtual Function pointer with it is original be worth into Row compares to judge whether to be called.In this way, the present invention is carried out in binary layer in face of virtual table Protection, effectively protects object not influenceed by virtual table hijack attack.
Brief description of the drawings
Fig. 1 (a) is the defence method schematic diagram for virtual table hijack attack of the invention;
Fig. 1 (b) is Backup Data schematic diagram of the invention;
Fig. 1 (c) is checking procedure flow chart of the invention;
Fig. 2 is the code schematic diagram that executable program calls Virtual Function;
The class formation that Fig. 3 (a) is object d in embodiments of the invention;
The virtual table memory mapping that Fig. 3 (b) is object d in embodiments of the invention.
Embodiment
There are multiple objects in PE files, the virtual table of which part object is vulnerable to the attack of attacker, captures program Controlling stream, perform dangerous code, influence system safety.
Shown in technical solution of the present invention such as Fig. 1 (a).First, preanalysis is carried out to PE files to be protected, obtains needing to protect At the generation for the virtual table for protecting object and Virtual Function calls place;Next, at generation and the Virtual Function place of calling is inserted Dress, adds the protection to target program.In order to be inserted to target program, it is necessary to be obtained by preanalysis:1. virtual table Position is generated, data backup is carried out to carry out inserting;2. Virtual Function calling station, to do safety when carrying out and being inserted into and call Checking.There are a variety of analysis methods for binary file to realize this target at present, including automatically analyze platform, static state Analysis, dynamic analysis etc..
The defence method for virtual table hijack attack of the present invention, it includes:
Step 1: building effective virtual table set and effective Virtual Function set;Effective virtual table set is used to store Virtual table pointer, virtual table pointer points to virtual table;Effective Virtual Function set is used to store virtual table, virtual table For storing Virtual Function pointer, Virtual Function pointer points to Virtual Function.
Step 2: determine in executable program may by virtual table hijack attack, need protected object and right Virtual Function as in, analysis obtains the call address for reading address and Virtual Function of Virtual Function data;Wherein, Virtual Function packet Include:Virtual table pointer and virtual table;The different Virtual Function data of same object use identical reading address, and Virtual Function Virtual table pointer and virtual table in data use identical reading address;
Wherein obtain Virtual Function call address mode be:
Attack code is obtained by network, modification attack code is to Virtual Function pointer or the asignment statement of virtual table pointer Sentence, when executable program calls Virtual Function and the Virtual Function is being attacked by amended attack code, executable program reports an error, IA when then executable program reports an error performed by executable program is the calling station of Virtual Function.
The mode of reading address for obtaining Virtual Function data is:
Code when Virtual Function is called is analyzed in executable program, the data flow of the affiliated object of the Virtual Function is followed the trail of with true Determine the reading position of the Virtual Function data of object.
Step 3: in the running of executable program, mode is inserted using binary, in Virtual Function data Read and backup call back function is inserted at address, check callback function is inserted at the call address of Virtual Function.
Step 4: when the corresponding backup call back function of the Virtual Function data that executable program goes to some object X, In the backup call back function, the virtual table of object X virtual table pointer and its sensing is backed up, wherein virtual table Pointer backup is into effective virtual table set, and virtual table is backuped in effective Virtual Function set.
Step 5: when executable program goes to the corresponding check callback function of some Virtual Function, letter is adjusted back in verification In number, whether the virtual table pointer Y of the virtual table where the called Virtual Function of inspection is in effective virtual table set;
If virtual table pointer Y is not in effective virtual table set, verification failure, refusal call Virtual Function, exist side by side Terminate the executable program;
If virtual table pointer Y is in effective virtual table set, according to effective virtual table set of backup and have Virtual Function set is imitated, the virtual table Z of virtual table pointer Y sensings is found;Judge called Virtual Function pointer whether in void In function table Z, if being verified if successfully, operation executable program calls Virtual Function, and otherwise verification failure, refusal call empty letter Number, and terminate the executable program.
Further, the access attribute of the page where Backup Data is revised as after being backed up in step 4 read-only.
Give to (Intel grammers) after certain program decompiling that what is obtained call the process of Virtual Function in Fig. 2.In a program Virtual Function is called to include three steps:The first step calls the object address of the Virtual Function to obtain, and then obtains at the object first address The virtual table address (initial address of the virtual table in internal memory) stored, is finally called according to call instruction Offset of the Virtual Function in virtual table, gone to call the Virtual Function according to the offset.Wherein, if the object has empty letter Number table, the then front end that its virtual table is exclusively enjoyed positioned at this.Wherein deposited in eax registers for object first address, ecx registers For virtual table pointer, its value is the address of virtual table.From invoked procedure as can be seen that no matter virtual table pointer is tampered (virtual table injection/replay attack) or virtual table (virtual table destruction attack) are tampered, and will all cause programme-control Stream integrality is destroyed.
It is now assumed that being learnt by the preanalysis stage, certain object is after the distribution of virtual table is completed by virtual table address In (Virtual Function pointer) deposit eax registers, code position now is set_address;In call_address1 ... .call_addres10 place is called in the presence of the Virtual Function of the object, and call instruction is cal [ecx+14c], call [ecx+20c] Deng.
Inserted at set_address addresses.The virtual table pointer stored in back-up registers eax, and successively The called Virtual Function pointer of backup.Called Virtual Function pointer can obtain it in virtual table by call instruction Position, such as call [ecx+14c], then mean in virtual table offset be the Virtual Function that 14c locates be called, it is necessary to Backed up.By the called Virtual Function pointer of all backups, referred to as effective virtual table set.Virtual table pointer and void Function pointer is backed up in the page newly applied, after the completion of backup operation, the attribute of current page is set into read-only.
Efficiency analysis:The present invention can be verified when Virtual Function is called to virtual table pointer, therefore, it is possible to effective Defend virtual table replay attack and virtual table injection attacks;And the backup of the Virtual Function pointer to calling then ensure that program Do not influenceed by virtual table destruction attack.Meanwhile, the present invention is by data backup in the read-only page of internal memory.Determine in the present invention Under the threat modeling of justice, although Backup Data has been arrived in attacker's scanning, it can not also be distorted.
Above-mentioned virtual table (virtual table, referred to as empty table or vtable):C++ Dynamic polymorphism is by Virtual Function (Vitrual Function) is realized.Each class containing Virtual Function has each single item in a virtual table, table to be one The address of individual Virtual Function, virtual table solves the problem of succession, covering.
Virtual table hijack attack (vtable hijacking attack) refers to by distorting virtual table or virtual table Pointer (points to the pointer of virtual table, its value is virtual table initial address), and reaches and kidnap the one of program control flow purpose Class is attacked.
For by guard process, present invention assumes that:It is PE formatted files by guard process;Binary file does not carry out generation Code is obscured;Program is generated by the main flow such as gcc, visual C++ compiler.
Object virtual table memory mapping:When using parent one subclass of pointer operation when, virtual table just as One map, specifies the function that should actually call.By the function pointer in traversal list, corresponding empty letter just can be called Number.Fig. 3 (a) illustrates object d class formation, and Fig. 3 (b) describes object d virtual table memory mapping, can from figure Go out, each parent has the empty table of oneself, the Virtual Function of subclass has been placed to the empty table of first parent (to state that order is determined) In;The Virtual Function covered by subclass is placed on the position of empty table Central Plains parent Virtual Function, and the function being not covered with is constant;Such as Fig. 3 (b), the virtual table pointer of object is located at position forward in object memory mapping;State f in Fig. 3 (a) in Base1 successively (), g (), three Virtual Functions of h (), Virtual Function is according to its statement order it can be seen from the virtual table of Base1 in Fig. 3 (b) It is put in table;Fig. 3 (a) Derive class class figures, such is the Virtual Function f () that multiple inheritance and subclass cover parent; (b) Derive class objects d memory mapping, virtual table pointer is located at position forward in object instance, and it points to the object Each virtual table, the position of the f () in parent virtual table has been replaced by the function pointer of subclass.
The major way of virtual table hijack attack includes:
1. virtual table destroys (vtable corruption):The Virtual Function stored in attacker's covering virtual table refers to Pin reaches attack purpose.
2. virtual table injects (vtable injection):Attacker covers virtual table pointer, makes the pointer point to The virtual table constructed by attacker.This mode is reliable and efficient, is the attack method that attacker is commonly used.
3. virtual table reuses (vtable reuse):Attacker covers virtual table pointer, makes the pointer point to internal memory In already present virtual table.Such a mode utilizes difficulty height and and unstable, the appearance not in actual attack at present
Binary system inserting refers to modify in face of program in binary layer, by increase, deletion, modification code, reaches Increase the purposes such as function, monitoring program operation.
Present invention assumes that attacker meets following condition:
1. attacker can read full internal memory, so that attacker can carry out information leakage attack (information Leakage attacks), and bypass ASLR (Adress space layout randomization, by heap, stack The randomization being laid out Deng linear zone, increase attacker predicts the difficulty of destination address, prevents the direct seat offence code of attacker The mean of defense of position) etc. defense mechanism;
2. attacker can carry out write operation in all writeable pages, so that attacker being capable of Modification growth function return ground The significant datas such as location, virtual table pointer, reach that reprogramming performs the purpose of stream;
3. attacker can not directly read, write register;
Above-mentioned hypothesis is strict enough, meets condition when being attacked in real world using internal memory destruction leak; Meanwhile, leak is destroyed using internal memory, attacker can also realize above-mentioned condition.
Certainly, the present invention can also have other various embodiments, ripe in the case of without departing substantially from spirit of the invention and its essence Various corresponding changes and deformation, but these corresponding changes and change ought can be made according to the present invention by knowing those skilled in the art Shape should all belong to the protection domain of appended claims of the invention.

Claims (2)

1. a kind of defence method for virtual table hijack attack, it is characterised in that including:
Step 1: building effective virtual table set and effective Virtual Function set;Effective virtual table set is used to store empty letter Number list index, virtual table pointer points to virtual table;Effective Virtual Function set is used to store virtual table, and virtual table is used for Virtual Function pointer is stored, Virtual Function pointer points to Virtual Function;
Step 2: may be by virtual table hijack attack, the protected object of needs and object in determination executable program Virtual Function, analysis obtains the call address for reading address and Virtual Function of Virtual Function data;Wherein, Virtual Function data include: Virtual table pointer and virtual table;
Step 3: in the running of executable program, mode is inserted using binary, in the reading of Virtual Function data Backup call back function is inserted at address, check callback function is inserted at the call address of Virtual Function;
Step 4: when the corresponding backup call back function of the Virtual Function data that executable program goes to some object X, it is standby at this In part call back function, the virtual table of object X virtual table pointer and its sensing is backed up, wherein virtual table pointer Backup in effective virtual table set, virtual table is backuped in effective Virtual Function set;
Step 5: when executable program goes to the corresponding check callback function of some Virtual Function, in check callback function, Whether the virtual table pointer Y of the virtual table where the called Virtual Function of inspection is in effective virtual table set;
If virtual table pointer Y is not in effective virtual table set, Virtual Function is called in verification failure, refusal, and immediately eventually The only executable program;
It is according to effective virtual table set of backup and effectively empty if virtual table pointer Y is in effective virtual table set Function set, finds the virtual table Z of virtual table pointer Y sensings;Judge called Virtual Function pointer whether in Virtual Function In table Z, if being verified if successfully, operation executable program calls Virtual Function, and otherwise verification failure, refusal call Virtual Function, and Terminate the executable program.
2. the defence method of virtual table hijack attack is directed to as claimed in claim 1, it is characterised in that backed up in step 4 The access attribute of the page where Backup Data is revised as afterwards read-only.
CN201510333581.5A 2015-06-16 2015-06-16 A kind of defence method for virtual table hijack attack Active CN104881610B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510333581.5A CN104881610B (en) 2015-06-16 2015-06-16 A kind of defence method for virtual table hijack attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510333581.5A CN104881610B (en) 2015-06-16 2015-06-16 A kind of defence method for virtual table hijack attack

Publications (2)

Publication Number Publication Date
CN104881610A CN104881610A (en) 2015-09-02
CN104881610B true CN104881610B (en) 2017-09-29

Family

ID=53949100

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510333581.5A Active CN104881610B (en) 2015-06-16 2015-06-16 A kind of defence method for virtual table hijack attack

Country Status (1)

Country Link
CN (1) CN104881610B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105808251B (en) * 2016-03-03 2021-02-02 武汉斗鱼网络科技有限公司 Virtual function table hijacking bypass security detection method and system
CN105868641A (en) * 2016-04-01 2016-08-17 北京理工大学 Defending method based on virtual function table hijacking
CN106021110B (en) * 2016-05-24 2019-03-26 南京大学 Code huge profit attack detection method based on virtual table inheritance
CN107368742B (en) * 2017-08-16 2022-10-18 南京大学 Fine-grained virtual function table hijacking attack defense method based on GCC
CN110187988B (en) * 2019-06-06 2021-08-13 中国科学技术大学 Static function call graph construction method suitable for virtual function and function pointer
CN111859372B (en) * 2020-07-29 2023-08-22 中国工商银行股份有限公司 Heap memory attack detection method and device and electronic equipment
CN112581582B (en) * 2020-12-24 2024-08-16 西安翔腾微电子科技有限公司 TLM device of GPU (graphics processing unit) rasterization module based on SysML (graphics processing unit) view and operation method
CN114741131B (en) * 2022-04-02 2023-08-15 深圳软牛科技有限公司 Hiding method, device, equipment and storage medium for dynamic library derived symbol

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7426718B2 (en) * 2005-03-21 2008-09-16 Microsoft Corporation Overriding constructors to provide notification in order to detect foreign code
CN103714292A (en) * 2014-01-15 2014-04-09 四川师范大学 Method for detecting exploit codes

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100205674A1 (en) * 2009-02-11 2010-08-12 Microsoft Corporation Monitoring System for Heap Spraying Attacks
US8683583B2 (en) * 2010-12-02 2014-03-25 Microsoft Corporation Using virtual table protections to prevent the exploitation of object corruption vulnerabilities

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7426718B2 (en) * 2005-03-21 2008-09-16 Microsoft Corporation Overriding constructors to provide notification in order to detect foreign code
CN103714292A (en) * 2014-01-15 2014-04-09 四川师范大学 Method for detecting exploit codes

Also Published As

Publication number Publication date
CN104881610A (en) 2015-09-02

Similar Documents

Publication Publication Date Title
CN104881610B (en) A kind of defence method for virtual table hijack attack
US10990667B2 (en) Systems and/or methods for automatically protecting against memory corruption vulnerabilities
EP3779745B1 (en) Code pointer authentication for hardware flow control
EP3069254B1 (en) Improved control flow integrity system and method
CN106991324A (en) It is a kind of that the malicious code Tracking Recognition method that type is monitored is protected based on internal memory
US8037529B1 (en) Buffer overflow vulnerability detection and patch generation system and method
KR101995285B1 (en) Method and apparatur for patching security vulnerable executable binaries
CN104598823A (en) Kernel level rootkit detection method and system in Andriod system
CN105512548B (en) Based on hiding executable mirror image and inject the method for dll protection code images
CN105653905A (en) Software protection method based on API (Application Program Interface) security attribute hiding and attack threat monitoring
CN105653980B (en) A kind of guard method and its system of virtual memory data
CN108920253B (en) Agent-free virtual machine monitoring system and monitoring method
CN101866406A (en) Stack overflow attack defense method
CN106991328A (en) A kind of vulnerability exploit detection recognition method based on Dram fingerprint anomaly analysis
CN105653906A (en) Anti-kernel-hook method based on address randomization
CN105868641A (en) Defending method based on virtual function table hijacking
US20220258955A1 (en) Non-disruptive mitigation of malware attacks
Ismail et al. Tightly Seal Your Sensitive Pointers with {PACTight}
CN105956425B (en) A kind of Android application guard methods based on smali Code obfuscations
CN102831334A (en) Positioning method and positioning system for target address
CN106096407A (en) The defence method that a kind of code reuse is attacked
Abrath et al. Obfuscating windows dlls
CN112883374B (en) General Android platform application program shelling method and system based on ART environment
Mustafa et al. Persistent Memory Security Threats to Interprocess Isolation
CN104036192B (en) Method and device for obtaining scheduling table original data of computer programs

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
EXSB Decision made by sipo to initiate substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant