CN104978518A - Method and system for preventing PC (Personal Computer) side from obtaining layout operation of mobile equipment screen - Google Patents
Method and system for preventing PC (Personal Computer) side from obtaining layout operation of mobile equipment screen Download PDFInfo
- Publication number
- CN104978518A CN104978518A CN201410597914.0A CN201410597914A CN104978518A CN 104978518 A CN104978518 A CN 104978518A CN 201410597914 A CN201410597914 A CN 201410597914A CN 104978518 A CN104978518 A CN 104978518A
- Authority
- CN
- China
- Prior art keywords
- described process
- parameter
- progress
- perform
- continue
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 99
- 230000008569 process Effects 0.000 claims description 81
- 238000012544 monitoring process Methods 0.000 claims description 8
- 230000002452 interceptive effect Effects 0.000 claims description 3
- 230000007123 defense Effects 0.000 abstract description 2
- 238000001514 detection method Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000004913 activation Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000001427 coherent effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
Landscapes
- Telephone Function (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a method and a system for preventing a PC (Personal Computer) side from obtaining a layout operation of a mobile equipment screen. The method comprises the following steps: firstly, a HOOK operating system creates a progress API (Application Program Interface), and analyzes a progress name if a progress creating behavior is in the presence; on the basis of an analysis result, whether the progress is an ADB (Android Debug Bridge) progress or not is judged, the progress permits to be continuously executed if the progress is not the ADB progress, and otherwise, a parameter list used when the progress is created is analyzed; and whether a uiautomator parameter is in the presence in the parameter list or not is judged, the progress permits to be continuously executed if no uiautomator parameters are in the presence in the parameter list, and otherwise, the user is prompted about that risks exist. The method and the system actively defense and intercept a situation that PC side malicious codes obtain the layout operation of an Android equipment screen and timely prompt the user so as to effectively prevent the PC side malicious codes from carrying out a malicious operation on an Android mobile phone.
Description
Technical field
The present invention relates to field of information security technology, particularly relate to a kind of method and system of tackling the operation of PC end acquisition mobile device screen layout.
Background technology
Along with the activation amount on smart machine of Android operation system increases rapidly, and day by day spread unchecked for the Virus of android system exploitation, android system security fields technology have also been obtained and develops rapidly, as " privacy protection " software developed for Android device, effectively can tackle the access of malicious code to sensitive information in android system, such as: cell phone address book information, message registration information, SMS etc.Meanwhile, at PC end, the program quantity of malicious operation Android device, also in improper increase, as by ADB Installing of Command Malware to Android device, and instigates Malware read of sensitive information.
But the illegal operation of rogue program is held for above-mentioned PC, the effect that " privacy protection " software plays be completely inadequate, although " privacy protection " software can point out user to have certain program attempting to access sensitive information, if but now PC holds program by using adb shell uiautomator dump order, just " allowing access " button in interception dialog box can be parsed fast, and by ADB order simulated screen clicking operation, " allowing access " button can be pressed completely automatically, and successfully get the sensitive information of user.And existing PC holds securing software not think, and acquisition Android phone layout operation is unsafe.
Summary of the invention
The invention provides a kind of method and system of tackling the operation of PC end acquisition mobile device screen layout, this invention is created by monitoring process, and in timely interception parameter, there is the ADB process of uiautomator, thus notify user in time, and guide user to make suitable selection, thus effectively solve the confinement problems of traditional privacy securing software to access sensitive information Malicious Code Detection, improve the Information Security of android mobile device.
The present invention adopts and realizes with the following method: a kind of method of tackling the operation of PC end acquisition mobile device screen layout, comprising:
HOOK operating system creates process API, if find to there is process creation behavior, then resolves described process name;
Judge whether described process is ADB process based on analysis result, the parameter list used when if so, then resolving described process creation, otherwise allow described process to continue to perform;
Judge whether there is uiautomator parameter in described parameter list, if exist, then point out user to there is risk, otherwise allow described process to continue to perform.
Further, also comprise after prompting user exists risk: provide and allow or stop option, select according to user, allow described process to continue to perform or stop described process and continue to perform.
Tackle the system that PC end obtains the operation of mobile device screen layout, comprising:
Process monitoring module, creates process API for HOOK operating system, if find to there is process creation behavior, then resolves described process name;
Process judge module, for judging based on the analysis result of process monitoring module whether described process is ADB process, if so, then continues operation by Parameter analysis of electrochemical module, otherwise allows described process to continue to perform;
Parameter analysis of electrochemical module, the parameter list used during for resolving described process creation, and continue operation by parameter judge module;
Parameter judge module, for judging whether there is uiautomator parameter in described parameter list, if exist, then points out user to there is risk, otherwise allows described process to continue to perform.
Further, also comprise interactive module, allow for providing or stop option, selecting according to user, allow described process to continue to perform or stop described process and continue to perform.
In sum, the invention provides a kind of method and system of tackling the operation of PC end acquisition mobile device screen layout, first, utilize HOOK API technology injecting codes to the establishment process API of system; Whether monitoring exists process creation behavior, if exist, then judge whether it is ADB process, if not, then allow described process to continue to perform, otherwise continue to judge whether there is uiautomator parameter in described process creation list, if do not deposit, continuing then allowing described process to perform, otherwise eject intercept window, there is risk in prompting user.Technical scheme provided by the invention when there being process to attempt trial acquisition android device screen layout operation, can being tackled and reminding timely, thus effectively protects user's storage sensitive information in the terminal.
Accompanying drawing explanation
In order to be illustrated more clearly in technical scheme of the present invention, be briefly described to the accompanying drawing used required in embodiment below, apparently, the accompanying drawing that the following describes is only some embodiments recorded in the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of embodiment of the method process flow diagram tackling the operation of PC end acquisition mobile device screen layout provided by the invention;
Fig. 2 is a kind of system embodiment structural drawing tackling the operation of PC end acquisition mobile device screen layout provided by the invention.
Embodiment
The present invention gives a kind of method and system of tackling the operation of PC end acquisition mobile device screen layout, technical scheme in the embodiment of the present invention is understood better in order to make those skilled in the art person, and enable above-mentioned purpose of the present invention, feature and advantage become apparent more, below in conjunction with accompanying drawing, technical scheme in the present invention is described in further detail:
The present invention provide firstly a kind of embodiment of the method for tackling the operation of PC end acquisition mobile device screen layout, as shown in Figure 1, comprising:
S101HOOK operating system creates process API, if find to there is process creation behavior, then resolves described process name; Inject coherent detection code by dynamically creating process API to operating system, this is a kind of method of Initiative Defense;
Based on analysis result, S102 judges whether described process is ADB process, if so, then performs S103, otherwise perform S105;
The parameter list that S103 uses when resolving described process creation;
S104 judges whether there is uiautomator parameter in described parameter list, if so, then points out user to there is risk, terminates, otherwise perform S105;
The described process that allows S105 continues to perform.
Preferably, also comprise after prompting user exists risk: provide and allow or stop option, select according to user, allow described process to continue to perform or stop described process and continue to perform.
Present invention also offers a kind of system embodiment of tackling the operation of PC end acquisition mobile device screen layout, as shown in Figure 2, comprising:
Process monitoring module 201, creates process API for HOOK operating system, if find to there is process creation behavior, then resolves described process name;
Process judge module 202, for judging based on the analysis result of process monitoring module 201 whether described process is ADB process, if so, then continues operation by Parameter analysis of electrochemical module 203, otherwise allows described process to continue to perform;
Parameter analysis of electrochemical module 203, the parameter list used during for resolving described process creation, and continue operation by parameter judge module 204;
Parameter judge module 204, for judging whether there is uiautomator parameter in described parameter list, if exist, then points out user to there is risk, otherwise allows described process to continue to perform.
Preferably, also comprise interactive module, allow for providing or stop option, selecting according to user, allow described process to continue to perform or stop described process and continue to perform.
As mentioned above, The present invention gives a kind of method and system embodiment of tackling the operation of PC end acquisition mobile device screen layout, for traditional privacy securing software, the access of malicious code to sensitive information in Android system can be tackled, but, if now PC program of holding parses " allowing access " button that " privacy securing software " ejects, and simulated screen is clicked, and just successfully may obtain user's sensitive information in the terminal.For the problems referred to above that conventional privacy securing software exists, the invention provides as above method and system, can effectively identify ADB process, and identify whether further to be the process relevant to resolving screen layout, if, then notify user in time, and point out user to make the selection allowing or stop process.Thus, if technical solutions according to the invention coordinate with traditional " privacy securing software ", then more effectively can protect the security of private data of user, improve the security of Android system further.
Above embodiment is unrestricted technical scheme of the present invention in order to explanation.Do not depart from any modification or partial replacement of spirit and scope of the invention, all should be encompassed in the middle of right of the present invention.
Claims (4)
1. tackle the method that PC end obtains the operation of mobile device screen layout, it is characterized in that, comprising:
HOOK operating system creates process API, if find to there is process creation behavior, then resolves described process name;
Judge whether described process is ADB process based on analysis result, the parameter list used when if so, then resolving described process creation, otherwise allow described process to continue to perform;
Judge whether there is uiautomator parameter in described parameter list, if exist, then point out user to there is risk, otherwise allow described process to continue to perform.
2. the method for claim 1, is characterized in that, also comprises after prompting user exists risk: provide and allow or stop option, select according to user, allows described process to continue to perform or stop described process and continues to perform.
3. tackle the system that PC end obtains the operation of mobile device screen layout, it is characterized in that, comprising:
Process monitoring module, creates process API for HOOK operating system, if find to there is process creation behavior, then resolves described process name;
Process judge module, for judging based on the analysis result of process monitoring module whether described process is ADB process, if so, then continues operation by Parameter analysis of electrochemical module, otherwise allows described process to continue to perform;
Parameter analysis of electrochemical module, the parameter list used during for resolving described process creation, and continue operation by parameter judge module;
Parameter judge module, for judging whether there is uiautomator parameter in described parameter list, if exist, then points out user to there is risk, otherwise allows described process to continue to perform.
4. system as claimed in claim 3, is characterized in that, also comprise interactive module, allowing or stoping option, selecting according to user for providing, and allows described process to continue to perform or stop described process and continues to perform.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410597914.0A CN104978518B (en) | 2014-10-31 | 2014-10-31 | A kind of method and system for intercepting PC ends and obtaining mobile device screen layout operation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410597914.0A CN104978518B (en) | 2014-10-31 | 2014-10-31 | A kind of method and system for intercepting PC ends and obtaining mobile device screen layout operation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104978518A true CN104978518A (en) | 2015-10-14 |
| CN104978518B CN104978518B (en) | 2018-07-06 |
Family
ID=54275012
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410597914.0A Active CN104978518B (en) | 2014-10-31 | 2014-10-31 | A kind of method and system for intercepting PC ends and obtaining mobile device screen layout operation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104978518B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107798240A (en) * | 2016-09-07 | 2018-03-13 | 武汉安天信息技术有限责任公司 | A kind of method and device for being used to monitor PC ends operation mobile device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101414341A (en) * | 2007-10-15 | 2009-04-22 | 北京瑞星国际软件有限公司 | Software self-protection method |
| KR101051641B1 (en) * | 2010-03-30 | 2011-07-26 | 주식회사 안철수연구소 | Mobile communication terminal and behavior based checking virus program method using the same |
| CN102254113A (en) * | 2011-06-27 | 2011-11-23 | 深圳市安之天信息技术有限公司 | Method and system for detecting and intercepting malicious code of mobile terminal |
| CN103279707A (en) * | 2013-06-08 | 2013-09-04 | 北京奇虎科技有限公司 | Method, device and system for actively defending against malicious programs |
-
2014
- 2014-10-31 CN CN201410597914.0A patent/CN104978518B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101414341A (en) * | 2007-10-15 | 2009-04-22 | 北京瑞星国际软件有限公司 | Software self-protection method |
| KR101051641B1 (en) * | 2010-03-30 | 2011-07-26 | 주식회사 안철수연구소 | Mobile communication terminal and behavior based checking virus program method using the same |
| CN102254113A (en) * | 2011-06-27 | 2011-11-23 | 深圳市安之天信息技术有限公司 | Method and system for detecting and intercepting malicious code of mobile terminal |
| CN103279707A (en) * | 2013-06-08 | 2013-09-04 | 北京奇虎科技有限公司 | Method, device and system for actively defending against malicious programs |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107798240A (en) * | 2016-09-07 | 2018-03-13 | 武汉安天信息技术有限责任公司 | A kind of method and device for being used to monitor PC ends operation mobile device |
| CN107798240B (en) * | 2016-09-07 | 2019-10-18 | 武汉安天信息技术有限责任公司 | A kind of method and device operating mobile device for monitoring the end PC |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104978518B (en) | 2018-07-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102752730B (en) | Method and device for message handling | |
| CN106156619B (en) | Application security protection method and device | |
| CN106709325B (en) | Method and device for monitoring program | |
| CN102043919B (en) | Universal vulnerability detection method and system based on script virtual machine | |
| CN104217161B (en) | A kind of virus scan method and system, terminal unit | |
| CN102254113A (en) | Method and system for detecting and intercepting malicious code of mobile terminal | |
| CN104834859A (en) | Method for dynamically detecting malicious behavior in Android App (Application) | |
| WO2016019893A1 (en) | Application installation method and apparatus | |
| CN105844157A (en) | Monitoring method for App behaviors in Android system | |
| CN102750477B (en) | Method and system for controlling closing of terminal | |
| CN104063660B (en) | A kind of virus scan method, device and terminal | |
| CN110933103A (en) | Anti-crawler method, device, equipment and medium | |
| CA2862046C (en) | Method and device for prompting program uninstallation | |
| CN108268773B (en) | Android application upgrade package local storage security detection method | |
| Jeong et al. | A kernel-based monitoring approach for analyzing malicious behavior on android | |
| Jafari et al. | Designing a comprehensive security framework for smartphones and mobile devices | |
| CN103294951A (en) | Malicious code sample extraction method and system based on document type bug | |
| CN103810428A (en) | Method and device for detecting macro virus | |
| CN105844146A (en) | Method and device for protecting driver and electronic equipment | |
| CN104915594B (en) | Application program operation method and device | |
| CN104992116B (en) | Monitoring method based on intent sniffer and system | |
| CN106682493B (en) | A kind of method, apparatus for preventing process from maliciously being terminated and electronic equipment | |
| CN104486292A (en) | Enterprise-resource safety-access control method, device and system | |
| CN109472135B (en) | Method, device and storage medium for detecting process injection | |
| CN104978518A (en) | Method and system for preventing PC (Personal Computer) side from obtaining layout operation of mobile equipment screen |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 150010 Heilongjiang science and technology innovation city, Harbin new and high tech Industrial Development Zone, No. 7 building, innovation and entrepreneurship Plaza, 838 Patentee after: Harbin antiy Technology Group Limited by Share Ltd Address before: 150090 room 506, Hongqi Street, Nangang District, Harbin Development Zone, Heilongjiang, China, 162 Patentee before: Harbin Antiy Technology Co., Ltd. |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Method and system for preventing PC (Personal Computer) side from obtaining layout operation of mobile equipment screen Effective date of registration: 20190718 Granted publication date: 20180706 Pledgee: Bank of Longjiang, Limited by Share Ltd, Harbin Limin branch Pledgor: Harbin antiy Technology Group Limited by Share Ltd Registration number: 2019230000007 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 150010 Heilongjiang science and technology innovation city, Harbin new and high tech Industrial Development Zone, No. 7 building, innovation and entrepreneurship Plaza, 838 Patentee after: Antan Technology Group Co.,Ltd. Address before: 150010 Heilongjiang science and technology innovation city, Harbin new and high tech Industrial Development Zone, No. 7 building, innovation and entrepreneurship Plaza, 838 Patentee before: Harbin Antian Science and Technology Group Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20211119 Granted publication date: 20180706 Pledgee: Bank of Longjiang Limited by Share Ltd. Harbin Limin branch Pledgor: Harbin Antian Science and Technology Group Co.,Ltd. Registration number: 2019230000007 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right |