CN105787302A - Application processing method and device and electronic equipment - Google Patents
Application processing method and device and electronic equipment Download PDFInfo
- Publication number
- CN105787302A CN105787302A CN201610100170.6A CN201610100170A CN105787302A CN 105787302 A CN105787302 A CN 105787302A CN 201610100170 A CN201610100170 A CN 201610100170A CN 105787302 A CN105787302 A CN 105787302A
- Authority
- CN
- China
- Prior art keywords
- unloading
- window information
- application
- window
- application program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 12
- 238000000034 method Methods 0.000 claims abstract description 288
- 230000008569 process Effects 0.000 claims abstract description 265
- 230000008859 change Effects 0.000 claims description 23
- 238000012545 processing Methods 0.000 claims description 19
- 238000012790 confirmation Methods 0.000 claims description 12
- 238000001514 detection method Methods 0.000 claims description 11
- 230000000630 rising effect Effects 0.000 claims description 7
- 241000239290 Araneae Species 0.000 claims description 6
- 230000004083 survival effect Effects 0.000 abstract description 4
- 230000006870 function Effects 0.000 description 27
- 230000006698 induction Effects 0.000 description 6
- 230000002155 anti-virotic effect Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 241000700605 Viruses Species 0.000 description 3
- 230000006399 behavior Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000010295 mobile communication Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 231100000572 poisoning Toxicity 0.000 description 1
- 230000000607 poisoning effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/107—License processing; Key processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Stored Programmes (AREA)
Abstract
The embodiment of the invention discloses a processing method and device of an application program and electronic equipment. The method comprises the following steps: acquiring an uninstalling process of an uninstalling application program, and determining a parent process of the uninstalling process; when the parent process is a process corresponding to a preset malicious application program, terminating the uninstalling process; enumerating first window information existing in a screen of the electronic equipment when the parent process is a preset active starting process; traversing the first window information, and acquiring second window information of which the window title contains preset malicious application program keywords; and if the second window information contains the field of the uninstalled or deleted target application program, terminating the uninstalling process. By applying the method and the device, the survival rate of the application program can be improved.
Description
Technical field
The present invention relates to computer network security technology, particularly relate to the processing method of a kind of application program, device and electronic equipment.
Background technology
Along with the development of compunication and Internet technology, the application of electronic equipment is more and more general, for instance, intelligent mobile phone, personal digital assistant, palm PC, notebook computer obtain and are increasingly widely applied.In electronic equipment install application program (APP, Application) also get more and more, it is provided that application function also more and more abundanter.But along with being on the increase of the application program installed, so that a certain or some application program acquisition more resource of electronic equipment, or based on commercial competition or otherwise consideration, some user's imprudences are installed or the malicious application that binding is installed obtains the higher-rights of operating system by virus or wooden horse mode, the normal application program of user can be carried out malice unloading, or, induction user carries out the unloading of application program, thus making troubles to user and potential hidden danger.Such as, malicious application is by unloading the application program relevant or close to self application program, this malicious application is selected in optional situation thus lacking user, in order to promote the subscriber usage of self, not only reduce the availability of unloaded application program and normal time to live, compromise the legitimate rights and interests of the operator that normal application is provided, also reduce the overall workability of electronic equipment so that Consumer's Experience is relatively low;After the malice unloading critical applications such as security protection application program and checking and killing virus application program, electronic equipment will be lost or close the function of defence poisoning intrusion, easily attacked by malicious application, cause material and the wealth loss of user, the safety causing consumer electronic devices declines, and brings potential safety hazard to the use of electronic equipment.At present, but without the effective anti-uninstall method of one, it is possible to effectively prevent normal application program from maliciously being unloaded,
It is then desired to the processing method of a kind of application program, it is possible to the normal application program of guarantee that takes appropriate measures maliciously is not unloaded, and to promote survival rate and the availability of application program, strengthens the safety of electronic device system.
Summary of the invention
In view of this, the embodiment of the present invention provides the processing method of a kind of application program, device and electronic equipment, promotes the survival rate of application program.
For reaching above-mentioned purpose, embodiments of the invention adopt the following technical scheme that
First aspect, the embodiment of the present invention provides the processing method of a kind of application program, including:
Obtain the unloading process of unloading application program, it is determined that the parent process of described unloading process;
When described parent process is process corresponding to the malicious application pre-set, terminate described unloading process;Described parent process be the active pre-set adjusted process time, enumerate in the screen of electronic equipment exist first window information;
Traversal first window information, obtains the second window information including the malicious application key word pre-set in window title;
If described second window information includes unloading or delete target application field, terminate described unloading process.
Optionally, the described unloading process obtaining unloading application program, it is determined that the parent process of described unloading process includes:
Whether detection operating system exists un0inst.exe process, if it has, all processes in enumeration operation system, obtains the tune person's of rising process of described un0inst.exe process.
Optionally, enumerate the first window information existed in the screen of electronic equipment described in include:
Call the window enumeration function in windows application programming interface function, enumerate all first window information existed in the desktop of electronic equipment.
Optionally, call the window title function in windows application programming interface function and obtain the described window title in window information.
Optionally, described second window information includes unloading or delete target application field includes:
Judge whether window title comprises unloading or change program or StartMenu Programs AA, wherein, AA is destination application title, if it has, determine and include unloading or delete target application field in described second window information.
Optionally, described second window information includes unloading or delete target application field includes:
If the Application Program Interface that the second window information is corresponding includes the option of unloading or delete target application program, and described option selectes described destination application;Or, if the second window information corresponding application program location to unloading or change program, and described unloading or change program selecting described in destination application;Determine and described second window information includes unloading or delete target application field.
Optionally, described method also includes:
If described second window information does not include unloading or delete target application field;
The information unloading described destination application is ejected to user;
Receive the confirmation unloading described destination application of user's input, it is allowed to described unloading process unloads.
Optionally, before the described unloading process of described termination, described method also includes:
The information terminating unloading described destination application is ejected to user;
Receive the confirmation terminating unloading described destination application of user's input, perform the step of the described unloading process of described termination.
Second aspect, the embodiment of the present invention provides the process device of a kind of application program, including: unloading process acquisition module, parent process processing module, spider module and unloading process processing module, wherein,
Unloading process acquisition module, for obtaining the unloading process of unloading application program, it is determined that the parent process of described unloading process;
Parent process processing module, for when described parent process is process corresponding to the malicious application pre-set, terminating described unloading process;Described parent process be the active pre-set adjusted process time, enumerate in the screen of electronic equipment exist first window information;
Spider module, is used for traveling through first window information, obtains the second window information including the malicious application key word pre-set in window title;
Unloading process processing module, if including unloading or delete target application field in described second window information, terminates described unloading process.
Optionally, described unloading process acquisition module includes: detection unit and enumeration unit, wherein,
Detection unit, is used for detecting in operating system and whether there is un0inst.exe process, if it has, notice enumeration unit;
Enumeration unit, for all processes in enumeration operation system, obtains the tune person's of rising process of described un0inst.exe process.
Optionally, described parent process processing module includes: judging unit, termination unit, call unit and window information enumeration unit, wherein,
Judging unit, for when described parent process is process corresponding to the malicious application pre-set, notice terminates unit;Described parent process be the active pre-set adjusted process time, notify call unit;
Terminate unit, be used for terminating described unloading process;
Call unit, for calling the window enumeration function in windows application programming interface function;
Window information enumeration unit, for enumerating all first window information existed in the desktop of electronic equipment.
Optionally, call the window title function in windows application programming interface function and obtain the described window title in window information.
Optionally, described second window information includes unloading or delete target application field includes:
Judge whether window title comprises unloading or change program or StartMenu Programs AA, wherein, AA is destination application title, if it has, determine and include unloading or delete target application field in described second window information.
Optionally, described second window information includes unloading or delete target application field includes:
If the Application Program Interface that the second window information is corresponding includes the option of unloading or delete target application program, and described option selectes described destination application;Or, if the second window information corresponding application program location to unloading or change program, and described unloading or change program selecting described in destination application;Determine and described second window information includes unloading or delete target application field.
Optionally, unload or after delete target application field if described unloading process processing module is additionally operable to not include in described second window information;The information unloading described destination application is ejected to user;Receive the confirmation unloading described destination application of user's input, it is allowed to described unloading process unloads.
Optionally, described unloading process processing module, before terminating described unloading process, is additionally operable to eject, to user, the information terminating unloading described destination application;Receive the confirmation terminating unloading described destination application of user's input, perform the step of the described unloading process of described termination.
The third aspect, the embodiment of the present invention provides a kind of electronic equipment, and described electronic equipment includes: housing, processor, memorizer, circuit board and power circuit, and wherein, circuit board is placed in the interior volume that housing surrounds, processor and memorizer and arranges on circuit boards;Power circuit, powers for each circuit or the device for above-mentioned electronic equipment;Memorizer is used for storing executable program code;Processor runs the program corresponding with executable program code by reading the executable program code of storage in memorizer, for performing the processing method of aforementioned arbitrary described application program.
The processing method of application program, device and the electronic equipment that the embodiment of the present invention provides, by obtaining the unloading process of unloading application program, it is determined that the parent process of described unloading process;When described parent process is process corresponding to the malicious application pre-set, terminate described unloading process;Described parent process be the active pre-set adjusted process time, enumerate in the screen of electronic equipment exist first window information;Traversal first window information, obtains the second window information including the malicious application key word pre-set in window title;If described second window information includes unloading or delete target application field, terminate described unloading process.So, utilize the determination methods of process and window information, can precisely judge that whether destination application is by malicious application malice unloading, and, whether user is induced to unload by malicious application, can effectively prevent destination application from maliciously being unloaded, improve survival rate and the availability of destination application.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, the accompanying drawing used required in embodiment or description of the prior art will be briefly described below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the premise not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the process flow schematic diagram of embodiment of the present invention application program;
Fig. 2 is the process apparatus structure schematic diagram of embodiment of the present invention application program;
Fig. 3 is the structural representation of one embodiment of electronic equipment of the present invention.
Detailed description of the invention
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in detail.
It will be appreciated that described embodiment a part of embodiment that is only the present invention, rather than whole embodiment.Based on the embodiment in the present invention, all other embodiments that those of ordinary skill in the art obtain under not making creative work premise, broadly fall into the scope of protection of the invention.
Fig. 1 is the process flow schematic diagram of embodiment of the present invention application program.Referring to Fig. 1, the method includes:
Step 11, obtains the unloading process of unloading application program, it is determined that the parent process of described unloading process;
In this step, as an alternative embodiment, unloading process is un0inst.exe process.
In the embodiment of the present invention, as an alternative embodiment, obtain the unloading process of unloading application program, it is determined that the parent process of described unloading process includes:
Whether detection operating system exists un0inst.exe process, if it has, all processes in enumeration operation system, obtains the tune person's of rising process of described un0inst.exe process.
In this step, operating system be a certain application assigned to should the un0inst process of application program time, represent and need this certain application program is performed unloading operation.In the embodiment of the present invention, it is possible to enumerated all processes in operating system that obtain by process, find out the parent process of un0inst process from the process enumerated, i.e. the tune person's of rising process of un0inst process.
In the embodiment of the present invention, as an alternative embodiment, it is possible to by the membership relation between process, it is determined that the parent process of un0inst process.
In the embodiment of the present invention, the corresponding unloading process of an application program.
In the embodiment of the present invention, as an alternative embodiment, it is possible to be by timing or variable interval mode detect whether there is un0inst.exe process in operating system.For example, it is possible to detect according to the detection cycle pre-set.As another alternative embodiment, it is also possible to be for application assigned process by monitor operating system, when monitoring the process of operating system distribution and being unloading process, confirm that operating system exists un0inst.exe process.
In the embodiment of the present invention, if operating system is absent from un0inst.exe process, represents and do not have application programs to have the operation performing unloading, then do not deal with.
Step 12, when described parent process is process corresponding to the malicious application pre-set, terminates described unloading process;Described parent process be the active pre-set adjusted process time, enumerate in the screen of electronic equipment exist first window information;
In this step, for unloading process, including actively having adjusted process and non-active tune to play process, wherein, in the embodiment of the present invention, it is process corresponding to malicious application that non-active tune plays process.
In the embodiment of the present invention; if the parent process of unloading process is process corresponding to the malicious application pre-set; namely the person's of tune process of unloading process is the process that the malicious application pre-set is corresponding; may indicate that it is that destination application is carried out malice unloading by this malicious application; this unloading process can perform on backstage, thus not being easily noticed by the users, for such unloading behavior; need to terminate the operation of unloading process, to protect destination application maliciously not unloaded.
If user is by clicking start menu, find the unloading application program of unloading destination application to unload destination application, or, by clicking the control panel arranged under control knob under start menu, find " unloading or change program " to unload destination application at the control panel interface shown, namely parent process is that process has been adjusted in the active pre-set, by the unloading actively having adjusted the unloading behavior that process is initiated to belong to user's actively wish, even if being the unloading of user's actively wish, also likely to be present the possibility induced by malicious application, thus, for this situation, needs are further analyzed.
In the embodiment of the present invention, process corresponding to the malicious application that pre-sets can be determined according to actual needs by user, such as, the information can grasped according to oneself, or obtain some malicious application by web search, therefrom choose malicious application and arrange to carry out corresponding malice unloading process.
In the embodiment of the present invention, as an alternative embodiment, actively process has been adjusted to include but not limited to: explorer.exe process and rundll32.exe process.nullWherein,Explorer.exe process is the process name of start menu,Rundll32.exe process is the process name of " unloading or the change program " in control panel,If the parent process of un0inst process is explorer.exe process or rundll32.exe process,Show that user has adjusted unloading process at start menu or in control panel in " unloading or change program ",Destination application is unloaded,Destination application is actively unloaded for user,But this actively unloads the behavior of destination application,Also need to determine whether to induce user to carry out the active unloading of destination application for some malicious application,If not,Then without processing,It has adjusted un0inst process unloading destination application to allow user,If,Then need to take corresponding measure.
In the embodiment of the present invention, as an alternative embodiment, enumerate the first window information existed in the screen of electronic equipment and include:
Call the window enumeration function in windows application programming interface (API, ApplicationProgrammingInterface) function, enumerate all first window information existed in the desktop of electronic equipment.
In this step, as an alternative embodiment, window enumeration function is EnumWindows function, utilizes EnumWindows function to enumerate all window informations existed in desktop, namely first window information comprises one or more window information, the corresponding window information of the application program of each operation.
Step 13, travels through first window information, obtains the second window information including the malicious application key word pre-set in window title;
In this step, as an alternative embodiment, call the window title function in windows application programming interface function and obtain the window title in window information.Window title function is GetWindowsText function, by utilizing GetWindowsText function to obtain window title, judge whether the window title obtained includes malicious application key word, such as, whether comprise the key word such as " software management ", " software cleaning ", if comprised, it was shown that malicious application is currently running, it is possible to induction user actively unloads destination application.
Step 14, if including unloading or delete target application field in described second window information, terminates described unloading process.
In this step, as an alternative embodiment, described second window information includes unloading or delete target application field includes:
Judge whether window title comprises unloading or change program or StartMenu Programs AA, wherein, AA is destination application title, if it has, determine and include unloading or delete target application field in described second window information.
In this step, by enumerating all window informations on desktop, extract window title, after determining that malicious application is currently running, obtain the malicious application of operation more whether to position and open destination application catalogue, or, if location opens " unloading or change program " in the control panel of the start menu of operating system, if it is, think that malicious application induction user has adjusted the unloading process of destination application.For destination application for Jinshan anti-virus software, if window title includes " unloading or change program ", " StartMenu Programs Jinshan anti-virus software " or " kingsoft kingsoftantivirus ", confirm that this malicious application induction user has raised the unloading process of Jinshan anti-virus software maliciously to unload Jinshan anti-virus software at the interface of this malicious application.
As another alternative embodiment, described second window information includes unloading or delete target application field includes:
If the Application Program Interface that the second window information is corresponding includes the option of unloading or delete target application program, and described option selectes described destination application;Or, if the second window information corresponding application program location to unloading or change program, and described unloading or change program selecting described in destination application;Determine and described second window information includes unloading or delete target application field.
In this step, some malicious application induction user has adjusted the Uninstaller (process) of destination application, such as, on malicious application interface, " unloading AA " option is clicked by user, the Uninstaller catalogue of destination application selected this destination application of unloading are opened in this option location, or navigate to " unloading or change program " selected unloading process, so that user by unloading the mode that destination application is identical with normal flow, induction unloading destination application.
In the embodiment of the present invention, after terminating described unloading process, the unloading process of destination application exits, and has adjusted the unloading interface failure of destination application.
In the embodiment of the present invention, as an alternative embodiment, if described second window information does not include unloading or delete target application field, it is allowed to described unloading process, can successfully adjust the unloading interface of destination application, thus destination application is unloaded.
In the embodiment of the present invention, in order to avoid normal destination application maliciously to be unloaded further, if after not including unloading or delete target application field in described second window information, it is allowed to before described unloading process, the method can also include:
The information unloading described destination application is ejected to user;
Receive the confirmation unloading described destination application of user's input, perform the step of the described unloading process of described permission.
In the embodiment of the present invention, as an alternative embodiment, information can be the information comprising ACK button and cancel button, if user clicks ACK button, it is allowed to described unloading process performs unloading;If user clicks cancel button, terminate described unloading process.
As another alternative embodiment, information can be an identifying code, if the confirmation of user's input is identical with described identifying code, performs the step of the described unloading process of described permission;If the confirmation of user's input differs with described identifying code, terminate described unloading process.
In the embodiment of the present invention, as an alternative embodiment, identifying code includes but not limited to: identifying code etc. chosen by digital verification code, letter identifying code, the identifying code of numeral combination letter, picture.
Certainly, in practical application, it is also possible to before the described unloading process of described termination, the method can also include:
The information terminating unloading described destination application is ejected to user;
Receive the confirmation terminating unloading described destination application of user's input, perform the step of the described unloading process of described termination.
In the embodiment of the present invention, as an alternative embodiment, it is possible to the method for the embodiment of the present invention is carried out program code segments programming and forms script file, be injected in unloading process corresponding to each destination application (un0inst.exe process) and realize.
From above-mentioned, the processing method of the application program of the embodiment of the present invention, by obtaining the unloading process of unloading application program, it is determined that the parent process of described unloading process;When described parent process is process corresponding to the malicious application pre-set, terminate described unloading process;Described parent process be the active pre-set adjusted process time, enumerate in the screen of electronic equipment exist first window information;Traversal first window information, obtains the second window information including the malicious application key word pre-set in window title;If described second window information includes unloading or delete target application field, terminate described unloading process.So, utilize the determination methods of process and window information, can precisely judge that whether destination application is by malicious application malice unloading, and, whether user is induced to unload by malicious application, it is possible to effectively to prevent destination application from maliciously being unloaded, be conducive to the properly functioning of destination application, improve the availability of destination application so that the overall workability of electronic equipment gets a promotion;Further, by preventing the critical applications such as security protection application program and checking and killing virus application program from maliciously being unloaded, moreover it is possible to promote the safety of consumer electronic devices, it is to avoid the potential safety hazard in electronic equipment use.
Fig. 2 is the process apparatus structure schematic diagram of embodiment of the present invention application program.Referring to Fig. 2, this device includes: unloading process acquisition module 21, parent process processing module 22, spider module 23 and unloading process processing module 24, wherein,
Unloading process acquisition module 21, for obtaining the unloading process of unloading application program, it is determined that the parent process of described unloading process;
In the embodiment of the present invention, as an alternative embodiment, unloading process is un0inst.exe process.
In the embodiment of the present invention, if operating system is absent from un0inst.exe process, represents and do not have application programs to have the operation performing unloading, then do not deal with.
In the embodiment of the present invention, as an alternative embodiment, unloading process acquisition module 21 includes: detection unit and enumeration unit (not shown), wherein,
Detection unit, is used for detecting in operating system and whether there is un0inst.exe process, if it has, notice enumeration unit;
In the embodiment of the present invention, as an alternative embodiment, it is possible to be by timing or variable interval mode detect whether there is un0inst.exe process in operating system.For example, it is possible to detect according to the detection cycle pre-set.As another alternative embodiment, it is also possible to be for application assigned process by monitor operating system, when monitoring the process of operating system distribution and being unloading process, confirm that operating system exists un0inst.exe process.
Enumeration unit, for all processes in enumeration operation system, obtains the tune person's of rising process of described un0inst.exe process.
In the embodiment of the present invention, as an alternative embodiment, it is possible to by the membership relation between process, it is determined that the parent process of un0inst process.
Parent process processing module 22, for when described parent process is process corresponding to the malicious application pre-set, terminating described unloading process;Described parent process be the active pre-set adjusted process time, enumerate in the screen of electronic equipment exist first window information;
In the embodiment of the present invention, process corresponding to the malicious application that pre-sets can be determined according to actual needs by user.
In the embodiment of the present invention, as an alternative embodiment, actively process has been adjusted to include: explorer.exe process and rundll32.exe process.Wherein, explorer.exe process is the process name of start menu, and rundll32.exe process is the process name of " unloading or the change program " in control panel.
In the embodiment of the present invention, as an alternative embodiment, parent process processing module 22 includes: judging unit, termination unit, call unit and window information enumeration unit (not shown), wherein,
Judging unit, for when described parent process is process corresponding to the malicious application pre-set, notice terminates unit;Described parent process be the active pre-set adjusted process time, notify call unit;
Terminate unit, be used for terminating described unloading process;
Call unit, for calling the window enumeration function in windows application programming interface function;
Window information enumeration unit, for enumerating all first window information existed in the desktop of electronic equipment.
Spider module 23, is used for traveling through first window information, obtains the second window information including the malicious application key word pre-set in window title;
Unloading process processing module 24, if including unloading or delete target application field in described second window information, terminates described unloading process.
In the embodiment of the present invention, after terminating described unloading process, the unloading process of destination application exits, and has adjusted the unloading interface failure of destination application.
In the embodiment of the present invention, as an alternative embodiment, described second window information includes unloading or delete target application field includes:
Judge whether window title comprises unloading or change program or StartMenu Programs AA, wherein, AA is destination application title, if it has, determine and include unloading or delete target application field in described second window information.
In the embodiment of the present invention, as an alternative embodiment, call the window title in the acquisition window information of the window title function in windows application programming interface function to determine whether to include unloading or delete target application field.
In the embodiment of the present invention, as another alternative embodiment, described second window information includes unloading or delete target application field includes:
If the Application Program Interface that the second window information is corresponding includes the option of unloading or delete target application program, and described option selectes described destination application;Or, if the second window information corresponding application program location to unloading or change program, and described unloading or change program selecting described in destination application;Determine and described second window information includes unloading or delete target application field.
In the embodiment of the present invention, as an alternative embodiment, unload or after delete target application field if unloading process processing module 24 is additionally operable to not include in described second window information;The information unloading described destination application is ejected to user;Receive the confirmation unloading described destination application of user's input, it is allowed to described unloading process unloads.
In the embodiment of the present invention, as an alternative embodiment, information can be the information comprising ACK button and cancel button, or, it is an identifying code.Wherein, identifying code includes but not limited to: identifying code etc. chosen by digital verification code, letter identifying code, the identifying code of numeral combination letter, picture.
In the embodiment of the present invention, as an alternative embodiment, unloading process processing module 24, before terminating described unloading process, is additionally operable to eject, to user, the information terminating unloading described destination application;Receive the confirmation terminating unloading described destination application of user's input, perform the step of the described unloading process of described termination.
The embodiment of the present invention also provides for a kind of electronic equipment, and described electronic equipment comprises the device described in aforementioned any embodiment.
Fig. 3 is the structural representation of one embodiment of electronic equipment of the present invention, the flow process of Fig. 1-2 illustrated embodiment of the present invention can be realized, as shown in Figure 3, above-mentioned electronic equipment may include that housing 31, processor 32, memorizer 33, circuit board 34 and power circuit 35, wherein, circuit board 34 is placed in the interior volume that housing 31 surrounds, processor 32 and memorizer 33 and is arranged on circuit board 34;Power circuit 35, powers for each circuit or the device for above-mentioned electronic equipment;Memorizer 33 is used for storing executable program code;Processor 32 runs the program corresponding with executable program code by reading the executable program code of storage in memorizer 33, for performing the processing method of the application program described in aforementioned any embodiment.
The step that concrete execution process and the processor 32 of above-mentioned steps are performed further by processor 32 by operation executable program code, it is possible to referring to the description of Fig. 1-2 illustrated embodiment of the present invention, do not repeat them here.
This electronic equipment exists in a variety of forms, includes but not limited to:
(1) mobile communication equipment: the feature of this kind equipment is to possess mobile communication function, and to provide speech, data communication for main target.This Terminal Type includes: smart mobile phone (such as iPhone), multimedia handset, functional mobile phone, and low-end mobile phone etc..
(2) super mobile personal computer equipment: this kind equipment belongs to the category of personal computer, has calculating and processes function, generally also possessing mobile Internet access characteristic.This Terminal Type includes: PDA, MID and UMPC equipment etc., for instance iPad.
(3) portable entertainment device: this kind equipment can show and play content of multimedia.This kind equipment includes: audio frequency, video player (such as iPod), handheld device, e-book, and intelligent toy and portable car-mounted navigator.
(4) server: the equipment of the service of calculating is provided, the composition of server includes processor, hard disk, internal memory, system bus etc., server is similar with general computer architecture, but owing to needing to provide highly reliable service, therefore require higher in disposal ability, stability, reliability, safety, extensibility, manageability etc..
(5) other have the electronic equipment of data interaction function.
One of ordinary skill in the art will appreciate that all or part of flow process realizing in above-described embodiment method, can be by the hardware that computer program carrys out instruction relevant to complete, described program can be stored in a computer read/write memory medium, this program is upon execution, it may include such as the flow process of the embodiment of above-mentioned each side method.Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read-OnlyMemory, ROM) or random store-memory body (RandomAccessMemory, RAM) etc..
The above; being only the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, any those familiar with the art is in the technical scope that the invention discloses; the change that can readily occur in or replacement, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with scope of the claims.
Claims (10)
1. the processing method of an application program, it is characterised in that the method includes:
Obtain the unloading process of unloading application program, it is determined that the parent process of described unloading process;
When described parent process is process corresponding to the malicious application pre-set, terminate described unloading process;Described parent process be the active pre-set adjusted process time, enumerate in the screen of electronic equipment exist first window information;
Traversal first window information, obtains the second window information including the malicious application key word pre-set in window title;
If described second window information includes unloading or delete target application field, terminate described unloading process.
2. method according to claim 1, it is characterised in that the unloading process of described acquisition unloading application program, it is determined that the parent process of described unloading process includes:
Whether detection operating system exists un0inst.exe process, if it has, all processes in enumeration operation system, obtains the tune person's of rising process of described un0inst.exe process.
3. method according to claim 1 and 2, it is characterised in that described in enumerate the first window information existed in the screen of electronic equipment and include:
Call the window enumeration function in windows application programming interface function, enumerate all first window information existed in the desktop of electronic equipment.
4. method according to claim 1 and 2, it is characterised in that call the window title function in windows application programming interface function and obtain the described window title in window information.
5. method according to claim 1 and 2, it is characterised in that include unloading in described second window information or delete target application field includes:
Judge whether window title comprises unloading or change program or StartMenu Programs AA, wherein, AA is destination application title, if it has, determine and include unloading or delete target application field in described second window information.
6. method according to claim 1 and 2, it is characterised in that include unloading in described second window information or delete target application field includes:
If the Application Program Interface that the second window information is corresponding includes the option of unloading or delete target application program, and described option selectes described destination application;Or, if the second window information corresponding application program location to unloading or change program, and described unloading or change program selecting described in destination application;Determine and described second window information includes unloading or delete target application field.
7. method according to claim 6, it is characterised in that described method also includes:
If described second window information does not include unloading or delete target application field;
The information unloading described destination application is ejected to user;
Receive the confirmation unloading described destination application of user's input, it is allowed to described unloading process unloads.
8. method according to claim 1 and 2, it is characterised in that before the described unloading process of described termination, described method also includes:
The information terminating unloading described destination application is ejected to user;
Receive the confirmation terminating unloading described destination application of user's input, perform the step of the described unloading process of described termination.
9. the process device of an application program, it is characterised in that this device includes: unloading process acquisition module, parent process processing module, spider module and unloading process processing module, wherein,
Unloading process acquisition module, for obtaining the unloading process of unloading application program, it is determined that the parent process of described unloading process;
Parent process processing module, for when described parent process is process corresponding to the malicious application pre-set, terminating described unloading process;Described parent process be the active pre-set adjusted process time, enumerate in the screen of electronic equipment exist first window information;
Spider module, is used for traveling through first window information, obtains the second window information including the malicious application key word pre-set in window title;
Unloading process processing module, if including unloading or delete target application field in described second window information, terminates described unloading process.
10. device according to claim 9, it is characterised in that described unloading process acquisition module includes: detection unit and enumeration unit, wherein,
Detection unit, is used for detecting in operating system and whether there is un0inst.exe process, if it has, notice enumeration unit;
Enumeration unit, for all processes in enumeration operation system, obtains the tune person's of rising process of described un0inst.exe process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610100170.6A CN105787302B (en) | 2016-02-23 | 2016-02-23 | A kind of processing method of application program, device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610100170.6A CN105787302B (en) | 2016-02-23 | 2016-02-23 | A kind of processing method of application program, device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105787302A true CN105787302A (en) | 2016-07-20 |
| CN105787302B CN105787302B (en) | 2019-05-17 |
Family
ID=56403225
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610100170.6A Active CN105787302B (en) | 2016-02-23 | 2016-02-23 | A kind of processing method of application program, device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105787302B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109815700A (en) * | 2018-12-29 | 2019-05-28 | 360企业安全技术(珠海)有限公司 | Processing method and processing device, storage medium, the computer equipment of application program |
| CN109815701A (en) * | 2018-12-29 | 2019-05-28 | 360企业安全技术(珠海)有限公司 | Detection method, client, system and the storage medium of software security |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103617395A (en) * | 2013-12-06 | 2014-03-05 | 北京奇虎科技有限公司 | Method, device and system for intercepting advertisement programs based on cloud security |
| CN104717178A (en) * | 2013-12-13 | 2015-06-17 | 中国移动通信集团河南有限公司 | Information source data calling method and device |
| CN105303105A (en) * | 2015-10-20 | 2016-02-03 | 珠海市君天电子科技有限公司 | Window message interception method and device and terminal equipment |
-
2016
- 2016-02-23 CN CN201610100170.6A patent/CN105787302B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103617395A (en) * | 2013-12-06 | 2014-03-05 | 北京奇虎科技有限公司 | Method, device and system for intercepting advertisement programs based on cloud security |
| CN104717178A (en) * | 2013-12-13 | 2015-06-17 | 中国移动通信集团河南有限公司 | Information source data calling method and device |
| CN105303105A (en) * | 2015-10-20 | 2016-02-03 | 珠海市君天电子科技有限公司 | Window message interception method and device and terminal equipment |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109815700A (en) * | 2018-12-29 | 2019-05-28 | 360企业安全技术(珠海)有限公司 | Processing method and processing device, storage medium, the computer equipment of application program |
| CN109815701A (en) * | 2018-12-29 | 2019-05-28 | 360企业安全技术(珠海)有限公司 | Detection method, client, system and the storage medium of software security |
| CN109815701B (en) * | 2018-12-29 | 2022-04-22 | 奇安信安全技术(珠海)有限公司 | Software security detection method, client, system and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105787302B (en) | 2019-05-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106227585B (en) | Application program starting method, device and equipment | |
| WO2016019893A1 (en) | Application installation method and apparatus | |
| US9747449B2 (en) | Method and device for preventing application in an operating system from being uninstalled | |
| CN108932428B (en) | Lesog software processing method, device, equipment and readable storage medium | |
| US8701195B2 (en) | Method for antivirus in a mobile device by using a mobile storage and a system thereof | |
| CN105635122A (en) | Wifi access method and device and electronic equipment | |
| CN107729764A (en) | Guard method, device, storage medium and the electronic equipment of sensitive information | |
| CN104866770A (en) | Sensitive data scanning method and sensitive data scanning system | |
| CN108235767A (en) | A kind of partition method, device and terminal for paying application | |
| EP3486823B1 (en) | System notification service control method, apparatus, terminal device, and storage medium | |
| EP3021250B1 (en) | Electronic device and method for suggesting response manual in occurrence of denial | |
| CN111030968A (en) | Detection method and device capable of customizing threat detection rule and storage medium | |
| US20140298462A1 (en) | Restricted Software Automated Compliance | |
| CN107368736A (en) | Information access method, device and computer-readable recording medium | |
| CN105787302A (en) | Application processing method and device and electronic equipment | |
| WO2016197827A1 (en) | Method and apparatus for processing malicious bundled software | |
| WO2016107343A1 (en) | Detection method and device for application privacy security information | |
| CN105320777A (en) | Application program recommendation method and device | |
| WO2023213289A1 (en) | Permission management method and apparatus for application program | |
| CN101833622B (en) | Method and apparatus for checking and killing Trojan of removable storage device of terminal | |
| CN103870378A (en) | Monitoring method for terminal device and terminal device | |
| CN106406674A (en) | Mobile terminal application starting method and device | |
| CN108874462B (en) | Browser behavior acquisition method and device, storage medium and electronic equipment | |
| CN107316197B (en) | Payment protection method, mobile terminal and computer readable storage medium | |
| CN108875371B (en) | Sandbox analysis method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20190108 Address after: 519031 Room 105-53811, No. 6 Baohua Road, Hengqin New District, Zhuhai City, Guangdong Province Applicant after: Zhuhai Leopard Technology Co.,Ltd. Address before: 100085 East District, No. 33 Xiaoying West Road, Haidian District, Beijing Applicant before: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |