CN105808256A - Method and system for constructing legal stack return value by avoiding function call detection - Google Patents
Method and system for constructing legal stack return value by avoiding function call detection Download PDFInfo
- Publication number
- CN105808256A CN105808256A CN201610128818.0A CN201610128818A CN105808256A CN 105808256 A CN105808256 A CN 105808256A CN 201610128818 A CN201610128818 A CN 201610128818A CN 105808256 A CN105808256 A CN 105808256A
- Authority
- CN
- China
- Prior art keywords
- storehouse
- address
- pressed
- createdeviceex
- function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/30—Creation or generation of source code
- G06F8/31—Programming languages or programming paradigms
Abstract
The invention discloses a method for constructing a legal stack return value by avoiding function call detection. The method comprises the following steps: constructing a recursive call; pressing addresses of any two continuous assembly instruction sequences popebp, retn in a code segment of a d3d9.d11 module of a progress to a stack for multiple times, wherein the times of pressing the addresses is greater than or equal to the number of layers of a stack detection call; after the addresses are pressed in the stack, constructing parameters needed by a system function CreateDeviceEx and pressing the parameters in the stack; after the addresses are pressed in the stack again, going to the system function CreateDeviceEx. By constructing a recursive call and pressing the addresses of any two continuous assembly instruction sequences popebp, retn in the code segment of the d3d9.d11 module of the progress to the stack for multiple times, legal addresses which exceed the number of layers of the stack detection call are pressed in the stack, legality verification can be passed when a game developer checks a caller who calls the CreateDeviceEx function, and thus a normal game live can be guaranteed.
Description
Technical field
The invention belongs to computer development technical field, more particularly, to a kind of construct legal storehouse return value walk around function call detection method and system.
Background technology
At present, live software when live can preview to live content, obtaining live display content is all by one dynamic link library of injection to game process, the Present function of the d3d9.dll in the dynamic link library meeting hook process injected obtains the display content of video card, in order to get the address of Present function, then need first to get the pointer of IDirect3DDevice9Ex, obtaining function address from this pointer, this pointer then can obtain by calling CreateDeviceEx function.But this function can be called to realize some " plug-in " function due to a lot " plug-in " at present, check so causing that the development of games chamber of commerce exchanges with the caller of this function, if not calling of game self, can judge that " plug-in " is calling, thus punishing.Certain function is have invoked for whom how to detect, then can utilize the function call mechanism of intelx86, extension base pointer depositor (extendedbasepointer can be used when function call, EBP) and storehouse stack top register (ExtendedStackPointer, ESP) preserve address and stack top address at the bottom of the stack of current stack.And the return address calling this function is deposited in address at the bottom of stack.Thus, the return address of function call is obtained by continuous backtracking EBP depositor, it is possible to get the whole call chain calling this function, such that it is able to whether distinguish is legal call address.
Summary of the invention
For disadvantages described above or the Improvement requirement of prior art, the invention provides a kind of method walking around storehouse detection, this invention assembly code by one section of meticulous structure, by constantly covering and call really toward being pressed into legal address in storehouse.
For achieving the above object, according to one aspect of the present invention, provide a kind of construct legal storehouse return value walk around function call detection method, including: structure recursive call toward storehouse is repeatedly pressed into process d3d9.dll module code segment in arbitrary continuous two assembly instruction sequence popebp, the address of retn, the number of times being wherein pressed into address detects the number of plies called more than or equal to storehouse;After being repeatedly pressed into address above mentioned in storehouse, parameter that structure system function CreateDeviceEx needs also is pressed into storehouse, and after being pressed again by address above mentioned in storehouse, jump to system function CreateDeviceEx.
In one embodiment of the invention, in storehouse, the acquisition mode of the address of press-in is: search the address of the instruction that continuous print value is 0x5D, 0xC3, wherein 0x5D in the code segment of the d3d9.dll module of process, 0xC3 is 16 systems corresponding to assembly instruction sequence popebp, retn.
In one embodiment of the invention, the legal storehouse return value of described structure walks around the method for function call detection, particularly as follows:
Initialize i=n;
Voidfunc(void)
{
The address of arbitrary continuous two assembly instructions sequence popebp, retn in the code segment of the d3d9.dll module of process is pressed into storehouse;
The value of i is subtracted one;
If: i >=0
Jump to func ();
Otherwise
The parameter press-in storehouse that structure system function CreateDeviceEx needs, and after being pressed again by address above mentioned in storehouse, jump to system function CreateDeviceEx;
}
Wherein, n is that storehouse detects the number of plies called.
In one embodiment of the invention, the legal storehouse return value of described structure walk around function call detection method particularly as follows:
Initialize i=0;
Voidfunc(void)
{
The address of arbitrary continuous two assembly instructions sequence popebp, retn in the code segment of the d3d9.dll module of process is pressed into storehouse;
The value of i is subtracted one;
If: i≤n
Jump to func ();
Otherwise
The parameter press-in storehouse that structure system function CreateDeviceEx needs, and after being pressed again by address above mentioned in storehouse, jump to system function CreateDeviceEx;
}
Wherein, n is that storehouse detects the number of plies called.
In one embodiment of the invention, described recursive call is pressed into the number of times of address be more than or equal to 5 in storehouse.
It is another aspect of this invention to provide that additionally provide a kind of construct legal storehouse return value walk around function call detection system, jump out module including recurrence module, recurrence, wherein:
Described recurrence module, for construct recursive call toward storehouse is repeatedly pressed into process d3d9.dll module code segment in arbitrary continuous two assembly instruction sequence popebp, the address of retn, the number of times being wherein pressed into address detects the number of plies called more than or equal to storehouse;
Described recurrence jumps out module, for in described recurrence module toward after storehouse is repeatedly pressed into address above mentioned, parameter that structure system function CreateDeviceEx needs also is pressed into storehouse, and after being pressed again by address above mentioned in storehouse, jump to system function CreateDeviceEx.
In one embodiment of the invention, in storehouse, the acquisition mode of the address of press-in is: search the address of the instruction that continuous print value is 0x5D, 0xC3, wherein 0x5D in the code segment of the d3d9.dll module of process, 0xC3 is 16 systems corresponding to assembly instruction sequence popebp, retn.
In one embodiment of the invention, the specific implementation of described system is:
Initialize i=n;
Voidfunc(void)
{
The address of arbitrary continuous two assembly instructions sequence popebp, retn in the code segment of the d3d9.dll module of process is pressed into storehouse;
The value of i is subtracted one;
If: i >=0
Jump to func ();
Otherwise
The parameter press-in storehouse that structure system function CreateDeviceEx needs, and after being pressed again by address above mentioned in storehouse, jump to system function CreateDeviceEx;
}
Wherein, n is that storehouse detects the number of plies called.
In one embodiment of the invention, the specific implementation of described system is:
Initialize i=0;
Voidfunc(void)
{
The address of arbitrary continuous two assembly instructions sequence popebp, retn in the code segment of the d3d9.dll module of process is pressed into storehouse;
The value of i is subtracted one;
If: i≤n
Jump to func ();
Otherwise
The parameter press-in storehouse that structure system function CreateDeviceEx needs, and after being pressed again by address above mentioned in storehouse, jump to system function CreateDeviceEx;
}
Wherein, n is that storehouse detects the number of plies called.
In one embodiment of the invention, described recursive call is pressed into the number of times of address be more than or equal to 5 in storehouse.
In general, by the contemplated above technical scheme of the present invention compared with prior art, by construct recursive call toward storehouse is repeatedly pressed into process d3d9.dll module code segment in arbitrary continuous two assembly instruction sequence popebp, the address of retn, thus press-in exceedes storehouse detection and calls the legal address of the number of plies in storehouse, thus legitimate verification can be passed through when the caller calling CreateDeviceEx function is checked by game developer, thus ensureing live being normally carried out.
Accompanying drawing explanation
Fig. 1 be the present invention construct legal storehouse return value walk around function call detection method schematic diagram;
Fig. 2 be the present invention construct legal storehouse return value walk around function call detection system construction drawing.
Detailed description of the invention
In order to make the purpose of the present invention, technical scheme and advantage clearly understand, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein is only in order to explain the present invention, is not intended to limit the present invention.As long as just can be mutually combined additionally, technical characteristic involved in each embodiment of invention described below does not constitute conflict each other.
As shown in Figure 1, the invention provides a kind of construct legal storehouse return value walk around function call detection method, including: structure recursive call toward storehouse is repeatedly pressed into process d3d9.dll module code segment in arbitrary continuous two assembly instruction sequence popebp, the address of retn, the number of times being wherein pressed into address detects the number of plies called more than or equal to storehouse;After being repeatedly pressed into address above mentioned in storehouse, parameter that structure system function CreateDeviceEx needs also is pressed into storehouse, and after being pressed again by address above mentioned in storehouse, jump to system function CreateDeviceEx.
In embodiments of the present invention, the specific implementation of technical solution of the present invention is:
Step one: the address of arbitrary continuous two assembly instructions sequence popebp, retn in the code segment of the d3d9.dll module of lookup process.
Searching 16 systems corresponding to assembly instruction sequence popebp, retn in the code segment of the d3d9.dll module of process is exactly 0x5D, 0xC3 so having only to search the address of the instruction that continuous print value is 0x5D, 0xC3 in the code segment of d3d9.dll module.
For above-mentioned two assembly instructions sequence popebp, retn, wherein popebp is for the value in storehouse being ejected in depositor EBP;Retn is return instruction, for ejecting return address from storehouse.These 2 assembly instructions just can realize returning to next instruction address of the instruction calling this code from one section of code.If these 2 assembly codes are directly written in the function of developer's design, when Stack Backtraces, just energy backtracking, to this point of invocation, so will be judged as illegally calling by system.If the address of these 2 assembly codes gets from the legal module of d3d9.dll, then serve the effect of hiding true call address, illegally call from without being judged as.And in d3d9.dll module, these 2 instructions just can get from the ending of function easily, so the present invention is exactly that searching has continuous 2 instructions from the code segment of d3d9.dll dynamic link library is (popebp;Retn) address of (finding method is then compared by 16 hex value of contrast assembly instruction).Perform this paragraph assembly code and just can return to upper strata function call, therefore just can walk around storehouse by use this address and have detected.
Due to the assembly instruction sequence popebp in the code segment of the d3d9.dll module of lookup process, the address of retn needs certain time, so generally first finding this address before calling system CreateDeviceEx function, such that it is able to be directly pressed into this address in storehouse follow-up.Can certainly search again when needing and be pressed into this address in storehouse every time, but running efficiency of system can be reduced because increasing the lookup time.
Step 2: the function of structure calling system CreateDeviceEx
This function, for constructing the parameter of system CreateDeviceEx function, is then pressed into the memory address that step one finds in storehouse, and jumps to system function CreateDeviceEx.
False code is as follows:
{
The parameter press-in storehouse that structure system function CreateDeviceEx needs
The memory address press-in storehouse that step one is found
Jump to system function CreateDeviceEx
}
Such as can construct a Compilation function nakedCallCreateDeviceEx, its function being capable of is: the parameter of structure system CreateDeviceEx function, then in storehouse, it is pressed into the memory address that step one finds, and jumps to system function CreateDeviceEx.
Step 3: structure recursive call is toward stack structure legal address invocation step two function
This function effect is the address obtained in press-in step one in structure recursive call dealing storehouse, and the outlet of recurrence is then the function of invocation step two.In storehouse, thus construct a lot of legal call address.Recurrence number of times needs to find the detection number of plies of game, is such as n layer, then as long as the legal call address of structure is then more than or equal to n+1 layer.
False code uses assembly code to be accomplished by
Initialize i=n
Voidfunc(void)
{
The memory address press-in storehouse that step one is found
The value of i is subtracted one
If: i >=0
Jump to func () (realizing recursive call)
Otherwise
Jump to the function of step 2
}
Can certainly be another kind of implementation, for:
The specific implementation of described system is:
Initialize i=0;
Voidfunc(void)
{
The address of arbitrary continuous two assembly instructions sequence popebp, retn in the code segment of the d3d9.dll module of process is pressed into storehouse;
The value of i is subtracted one;
If: i≤n
Jump to func ();
Otherwise
The parameter press-in storehouse that structure system function CreateDeviceEx needs, and after being pressed again by address above mentioned in storehouse, jump to system function CreateDeviceEx;
}
Such as can constructing a paragraph assembly code function nakedCallCreateDeviceExPrev, the function of this function is to arrange a circulation, constantly calls this function, so can produce the call chain grown very much, and the outlet of circulation is then the function mentioned in invocation step two.All only can detect 5 layers owing to storehouse detection is general to call, and said method can produce the call chain of random layer by a circulation, and the return address called of every layer is all legal address.
As in figure 2 it is shown, present invention also offers a kind of construct legal storehouse return value walk around function call detection system, jump out module including recurrence module, recurrence, wherein:
Described recurrence module, for construct recursive call toward storehouse is repeatedly pressed into process d3d9.dll module code segment in arbitrary continuous two assembly instruction sequence popebp, the address of retn, the number of times being wherein pressed into address detects the number of plies called more than or equal to storehouse;
Described recurrence jumps out module, for in described recurrence module toward after storehouse is repeatedly pressed into address above mentioned, parameter that structure system function CreateDeviceEx needs also is pressed into storehouse, and after being pressed again by address above mentioned in storehouse, jump to system function CreateDeviceEx.
Those skilled in the art will readily understand; the foregoing is only presently preferred embodiments of the present invention; not in order to limit the present invention, all any amendment, equivalent replacement and improvement etc. made within the spirit and principles in the present invention, should be included within protection scope of the present invention.
Claims (10)
1. one kind constructs the method that legal storehouse return value walks around function call detection, it is characterized in that, including: structure recursive call toward storehouse is repeatedly pressed into process d3d9.dll module code segment in arbitrary continuous two assembly instruction sequence popebp, the address of retn, the number of times being wherein pressed into address detects the number of plies called more than or equal to storehouse;After being repeatedly pressed into address above mentioned in storehouse, parameter that structure system function CreateDeviceEx needs also is pressed into storehouse, and after being pressed again by address above mentioned in storehouse, jump to system function CreateDeviceEx.
2. the method that the legal storehouse return value of structure as claimed in claim 1 walks around function call detection, it is characterized in that, in storehouse, the acquisition mode of the address of press-in is: searching continuous print value in the code segment of the d3d9.dll module of process is 0x5D, the address of the instruction of 0xC3, wherein 0x5D, 0xC3 is 16 binary value corresponding to assembly instruction sequence popebp, retn.
3. as claimed in claim 1 or 2 construct the method that legal storehouse return value walks around function call detection, it is characterised in that the legal storehouse return value of described structure walk around function call detection method particularly as follows:
Initialize i=n;
Voidfunc(void)
{
The address of arbitrary continuous two assembly instructions sequence popebp, retn in the code segment of the d3d9.dll module of process is pressed into storehouse;
The value of i is subtracted one;
If: i >=0
Jump to func ();
Otherwise
The parameter press-in storehouse that structure system function CreateDeviceEx needs, and after being pressed again by address above mentioned in storehouse, jump to system function CreateDeviceEx;
}
Wherein, n is that storehouse detects the number of plies called.
4. as claimed in claim 1 or 2 construct the method that legal storehouse return value walks around function call detection, it is characterised in that the legal storehouse return value of described structure walk around function call detection method particularly as follows:
Initialize i=0;
Voidfunc(void)
{
The address of arbitrary continuous two assembly instructions sequence popebp, retn in the code segment of the d3d9.dll module of process is pressed into storehouse;
The value of i is subtracted one;
If: i≤n
Jump to func ();
Otherwise
The parameter press-in storehouse that structure system function CreateDeviceEx needs, and after being pressed again by address above mentioned in storehouse, jump to system function CreateDeviceEx;
}
Wherein, n is that storehouse detects the number of plies called.
5. the method that the legal storehouse return value of structure as claimed in claim 1 or 2 walks around function call detection, described recursive call is pressed into the number of times of address be more than or equal to 5 in storehouse.
6. the legal storehouse return value of structure walks around the system that function call detects, it is characterised in that include recurrence module, recurrence jumps out module, wherein:
Described recurrence module, for construct recursive call toward storehouse is repeatedly pressed into process d3d9.dll module code segment in arbitrary continuous two assembly instruction sequence popebp, the address of retn, the number of times being wherein pressed into address detects the number of plies called more than or equal to storehouse;
Described recurrence jumps out module, for in described recurrence module toward after storehouse is repeatedly pressed into address above mentioned, parameter that structure system function CreateDeviceEx needs also is pressed into storehouse, and after being pressed again by address above mentioned in storehouse, jump to system function CreateDeviceEx.
7. the legal storehouse return value of structure as claimed in claim 6 walks around the system of function call detection, it is characterized in that, in storehouse, the acquisition mode of the address of press-in is: searching continuous print value in the code segment of the d3d9.dll module of process is 0x5D, the address of the instruction of 0xC3, wherein 0x5D, 0xC3 is 16 systems corresponding to assembly instruction sequence popebp, retn.
8. the legal storehouse return value that constructs as claimed in claims 6 or 7 walks around the system of function call detection, it is characterised in that the specific implementation of described system is:
Initialize i=n;
Voidfunc(void)
{
The address of arbitrary continuous two assembly instructions sequence popebp, retn in the code segment of the d3d9.dll module of process is pressed into storehouse;
The value of i is subtracted one;
If: i >=0
Jump to func ();
Otherwise
The parameter press-in storehouse that structure system function CreateDeviceEx needs, and after being pressed again by address above mentioned in storehouse, jump to system function CreateDeviceEx;
}
Wherein, n is that storehouse detects the number of plies called.
9. the legal storehouse return value that constructs as claimed in claims 6 or 7 walks around the system of function call detection, it is characterised in that the specific implementation of described system is:
Initialize i=0;
Voidfunc(void)
{
The address of arbitrary continuous two assembly instructions sequence popebp, retn in the code segment of the d3d9.dll module of process is pressed into storehouse;
The value of i is subtracted one;
If: i≤n
Jump to func ();
Otherwise
The parameter press-in storehouse that structure system function CreateDeviceEx needs, and after being pressed again by address above mentioned in storehouse, jump to system function CreateDeviceEx;
}
Wherein, n is that storehouse detects the number of plies called.
10. the legal storehouse return value that constructs as claimed in claims 6 or 7 walks around the method that function call detects, and described recursive call is pressed into the number of times of address be more than or equal to 5 in storehouse.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610128818.0A CN105808256B (en) | 2016-03-08 | 2016-03-08 | It is a kind of to construct the method and system that legal storehouse return value bypasses function call detection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610128818.0A CN105808256B (en) | 2016-03-08 | 2016-03-08 | It is a kind of to construct the method and system that legal storehouse return value bypasses function call detection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105808256A true CN105808256A (en) | 2016-07-27 |
| CN105808256B CN105808256B (en) | 2017-06-23 |
Family
ID=56466818
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610128818.0A Active CN105808256B (en) | 2016-03-08 | 2016-03-08 | It is a kind of to construct the method and system that legal storehouse return value bypasses function call detection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105808256B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106295325A (en) * | 2016-08-12 | 2017-01-04 | 武汉斗鱼网络科技有限公司 | A kind of hook method and system for obtaining video card content |
| CN106295326A (en) * | 2016-08-12 | 2017-01-04 | 武汉斗鱼网络科技有限公司 | A kind of inline hook method and system for obtaining video card content |
| WO2019047442A1 (en) * | 2017-09-06 | 2019-03-14 | 武汉斗鱼网络科技有限公司 | Method and system for bypassing function call chain detection in ios application |
| CN110245464A (en) * | 2018-10-10 | 2019-09-17 | 爱信诺征信有限公司 | The method and apparatus for protecting file |
| CN113010855A (en) * | 2019-12-18 | 2021-06-22 | 武汉斗鱼鱼乐网络科技有限公司 | Method, device and medium for acquiring data and computer equipment |
| CN115145571A (en) * | 2021-03-31 | 2022-10-04 | 武汉斗鱼鱼乐网络科技有限公司 | Method, apparatus and medium for hiding system function calls in program core code |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101692206A (en) * | 2009-08-28 | 2010-04-07 | 腾讯科技(深圳)有限公司 | Method for adding dynamic parameters to static callback function and related realization |
| CN101796484A (en) * | 2008-06-26 | 2010-08-04 | 拉塞尔·H·菲什 | Thread optimized multiprocessor architecture |
| CN102651060A (en) * | 2012-03-31 | 2012-08-29 | 北京奇虎科技有限公司 | Method and system for detecting vulnerability |
| CN104298534A (en) * | 2014-10-23 | 2015-01-21 | 广州华多网络科技有限公司 | Programming method and device based on Lua language |
-
2016
- 2016-03-08 CN CN201610128818.0A patent/CN105808256B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101796484A (en) * | 2008-06-26 | 2010-08-04 | 拉塞尔·H·菲什 | Thread optimized multiprocessor architecture |
| CN101692206A (en) * | 2009-08-28 | 2010-04-07 | 腾讯科技(深圳)有限公司 | Method for adding dynamic parameters to static callback function and related realization |
| CN102651060A (en) * | 2012-03-31 | 2012-08-29 | 北京奇虎科技有限公司 | Method and system for detecting vulnerability |
| CN104298534A (en) * | 2014-10-23 | 2015-01-21 | 广州华多网络科技有限公司 | Programming method and device based on Lua language |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106295325A (en) * | 2016-08-12 | 2017-01-04 | 武汉斗鱼网络科技有限公司 | A kind of hook method and system for obtaining video card content |
| CN106295326A (en) * | 2016-08-12 | 2017-01-04 | 武汉斗鱼网络科技有限公司 | A kind of inline hook method and system for obtaining video card content |
| CN106295325B (en) * | 2016-08-12 | 2020-02-07 | 武汉斗鱼网络科技有限公司 | Hook method and system for acquiring content of display card |
| CN106295326B (en) * | 2016-08-12 | 2020-02-07 | 武汉斗鱼网络科技有限公司 | Inline hook method and system for acquiring content of display card |
| WO2019047442A1 (en) * | 2017-09-06 | 2019-03-14 | 武汉斗鱼网络科技有限公司 | Method and system for bypassing function call chain detection in ios application |
| CN110245464A (en) * | 2018-10-10 | 2019-09-17 | 爱信诺征信有限公司 | The method and apparatus for protecting file |
| CN113010855A (en) * | 2019-12-18 | 2021-06-22 | 武汉斗鱼鱼乐网络科技有限公司 | Method, device and medium for acquiring data and computer equipment |
| CN113010855B (en) * | 2019-12-18 | 2022-05-10 | 武汉斗鱼鱼乐网络科技有限公司 | Method, device and medium for acquiring data and computer equipment |
| CN115145571A (en) * | 2021-03-31 | 2022-10-04 | 武汉斗鱼鱼乐网络科技有限公司 | Method, apparatus and medium for hiding system function calls in program core code |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105808256B (en) | 2017-06-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105808256A (en) | Method and system for constructing legal stack return value by avoiding function call detection | |
| CN102279738B (en) | Identify the technology of the entrance and exit of strong connected component | |
| CN107665306B (en) | A kind of method, apparatus, client and the server of the injection of detection illegal file | |
| KR101234591B1 (en) | Method for Anti-Encoding Android by Using Java Native Interface | |
| CN105955762A (en) | Method and device for injecting dynamic link library file and electronic equipment | |
| CN105808251A (en) | Virtual function table based method and system for bypassing security detection by hijack | |
| CN102722672B (en) | A kind of method and device detecting running environment authenticity | |
| CN109413016B (en) | Rule-based message detection method and device | |
| CN109039751A (en) | Configure method, apparatus, computer equipment and the storage medium of routing | |
| CN101604370B (en) | Highly compatible method for monitoring Windows kernel function call | |
| CN110543765A (en) | malicious software detection method | |
| CN104932888A (en) | Information processing method and device | |
| CN102262537B (en) | Method for processing abnormities of execution engine working in mixed model | |
| CN108710492B (en) | Method for identifying third-party library in APP program | |
| CN107450907A (en) | Compatibility method, mobile terminal and the device with store function of fingerprint module | |
| CN105700886B (en) | The display methods and terminal of plug-in interface | |
| CN113127868A (en) | Script identification method, device, equipment and storage medium | |
| CN106650339A (en) | Control flow complication-based Java code obfuscation method | |
| CN110597731A (en) | Vulnerability detection method and device and electronic equipment | |
| CN109901937A (en) | Hide reflection call method, device, computer equipment and the storage medium of API | |
| CN105956475A (en) | DLL file interception processing method and device and electronic equipment | |
| CN116071012A (en) | Node jump method and device of workflow, processor and electronic equipment | |
| CN106169046A (en) | Method and device for preventing message hook injection and terminal equipment | |
| CN106934290B (en) | Vulnerability detection method and device | |
| CN109067716A (en) | A kind of method and system identifying dark chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |