CN106446671A - Method for intercepting dynamic link library injection - Google Patents
Method for intercepting dynamic link library injection Download PDFInfo
- Publication number
- CN106446671A CN106446671A CN201610785500.XA CN201610785500A CN106446671A CN 106446671 A CN106446671 A CN 106446671A CN 201610785500 A CN201610785500 A CN 201610785500A CN 106446671 A CN106446671 A CN 106446671A
- Authority
- CN
- China
- Prior art keywords
- object function
- dynamic base
- described object
- program
- function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The invention provides a method for intercepting dynamic link library injection. The method comprises a step of monitoring a target function in a program process; and a preprocessing step of refusing to call the target function if the target function is called by a system dynamic link library and a filename introduced into the dynamic link library mismatches a preset filename. Through application of the technical scheme provided by the method, the external dynamic link library containing executable code can be prevented from being injected into the program process by an external program.
Description
Technical field
The present invention relates to field of computer technology, particularly to a kind of method intercepting dynamic base injection.
Background technology
Dynamic base injection is a kind of programming mechanism of windows operating system offer it is allowed to application program A is one section
Code injection executes in another one application program B, for realizing certain function.But so it is likely to result in application
Program B fluctuation of service, or even collapse occurs.For example, some antivirus software programs can be injected to other processes in operating system
Dynamic base, executes some codes, wherein just comprises this dynamic base of kswebshield.dll, comprises some codes in this storehouse,
The application programs fluctuation of service being injected into can be led to, often collapse.
The purpose intercepting dynamic base injection is exactly leading to prevent itself program from suffering the injection of other programs
Serial instability problem.When dynamic base is attempted being loaded into current process, actively cancel operation.In prior art not
A kind of method realizing intercepting dynamic base injection is provided.
Content of the invention
The technical problem that technical solution of the present invention solves is how effectively to intercept dynamic base injection.
In order to solve above-mentioned technical problem, the invention provides a kind of method realizing intercepting dynamic base injection, it is suitable to prevent
Only the external dynamic storehouse containing executable code is injected into this program process by external program, including;
Monitor the object function in this program process;And, preposition process following steps;
If described object function is called by system dynamic base and the filename in incoming external dynamic storehouse and profile name
Join, then refusal calls described object function.
Preferably, also include described object function is linked up with, or, to described target in described program process
Function is linked up with;
If the described object function monitored in this program process includes described object function being called, when message call arrives
After reaching, before calling described object function, preferentially execute described preposition process.
Preferably, if the calling station also including described object function is located at the address of described system dynamic base, described
Object function is called by system dynamic base.
Preferably, also include obtaining returning of address realm in this program for the described system dynamic base and described object function
Go back to address.
Preferably, described acquisition address realm in this program for the described system dynamic base includes:Use
GetModuleHandle series of functions obtains;
The return address obtaining described object function includes:Obtained using ReturnAddress function.
Preferably, required for also including writing, the dynamic library file name of interception is as described profile name.
Preferably, described object function be called by described system dynamic base call function active in this program process,
And be suitable to load described external dynamic storehouse.
Preferably, described call function is ClientLoadLibrary, and described object function is LoadLibraryExW.
Preferably, it is additionally included in after refusal calls described object function and continue to run with this program.
Preferably, not do not called by system dynamic base and/or incoming external dynamic storehouse if also including described object function
Filename is inconsistent with profile name, then the request calling described object function is transferred to operating system.
The beneficial effect of technical solution of the present invention at least includes:
Technical solution of the present invention, by object function is linked up with (API Hook technology), identifies from this program process and needs
Dynamic base to be intercepted, then realizes the interception to outside dynamic base by refusing invocation target function.
The present invention, by way of the preset dynamic base needing and intercepting, makes interception scheme more purposive, intercepts effective
On the basis of the state of harmful dynamic storehouse, do not hinder the loading that run required dynamic base normal to system, keep the normal of this program
Run.
Brief description
The detailed description with reference to the following drawings, non-limiting example made by reading, other features of the present invention,
Objects and advantages will become more apparent upon:
Fig. 1 illustrates according to the first embodiment of the present invention, a kind of method flow diagram intercepting dynamic base injection;
Fig. 2 illustrates the flow process synoptic diagram of the dynamic base injection according to the present invention;
Fig. 3 illustrates a change case according to the first embodiment of the present invention, a kind of method intercepting dynamic base injection
Flow chart;
Fig. 4 illustrates according to the second embodiment of the present invention, a kind of method flow diagram intercepting dynamic base injection;
According to the third embodiment of the invention Fig. 5 illustrates, a kind of method flow diagram intercepting dynamic base injection;
Fig. 6 illustrates according to the fourth embodiment of the invention, a kind of method flow diagram intercepting dynamic base injection.
Specific embodiment
In order to preferably make technical scheme clearly show, below in conjunction with the accompanying drawings the present invention is made into one
Step explanation.
Fig. 1 illustrates according to the first embodiment of the present invention, a kind of method flow diagram intercepting dynamic base injection.As above institute
State, present invention is mainly applied in Windows operating system, but be not excluded for being useful in other operating systems, such as Android
OS, Mac OS etc., skilled artisan understands that such control process is significant, is lifted with antivirus software and browser
Example explanation, antivirus software can execute some codes to other processes injection dynamic base in Windows operating system.This area skill
Art personnel understand, comprise some codes, can lead to the application programs fluctuation of service being injected into, often collapse in this storehouse
Burst.In actual moving process, described antivirus software program injects dynamic base to described browser, general in order to allow description to have
Property, hereinafter we represent antivirus software (also can represent other programs any) with program A.exe, and dynamic base C.dll represents
Need the dynamic base (can also be other any .dll files) of injection, function xyz () is in described dynamic base C.dll
Section code, program B.exe represents browser (can also be other random procedures, such as browser, screen player etc.).
Windows operating system provides a kind of mechanism of dynamic base injection, using Windows API:SetWindowsHook or
Two functions of SetWindowsHookEx, can make described program A.exe that described dynamic base C.dll is loaded into described program
In B.exe, and execute comprise in described dynamic base C.dll described function xyz () (be passive in this case, non-from
It is willing to), the flow process synoptic diagram of dynamic base injection as shown in Figure 2, specific as follows:
1. described program A.exe provides described dynamic base C.dll, and comprising one in wherein said C.dll needs to note
Described function xyz () entering;
2. a Thread Id of described program A.exe acquisition described program B.exe (can be understood as described program B.exe
A resource identifier), then call described Windows API, and the ground of incoming parameter Thread Id and function xyz ()
Location;
3. when described program B.exe goes to particular procedure, that is, when needing to realize a certain function, Windows operating system
Described dynamic base C.dll will be loaded in present procedure, and call described function xyz ().
Technical solution of the present invention is exactly to solve how to stop described program A.exe from being injected into described function xyz ()
Need the technical problem in program B.exe to be protected.Specifically, comprise the following steps that as shown in Figure 1:
Initially enter step S101, this program is run, and this program is exactly defence program required for technical solution of the present invention.
Subsequently into step S102, monitor the object function in this program process.Described object function is i.e. outer for transferring
The function of portion's dynamic base.
Further, described object function is actively to be adjusted by described system dynamic base call function in this program process
With and be suitable to load described external dynamic storehouse.In actual mechanical process, when application program will load a dynamic base and makes
During with function therein, first have to dynamic base to be loaded in the memory headroom of program, and complete this step and take task to be made
Instrument is described object function.For example, it will be appreciated by those skilled in the art that under Windows operating system, described target
LoadLibraryExW the or LoadLibraryExA function that function is provided by Kernel32.dll.
Then execution step S103, system dynamic base calls described object function.In this program process, when need load
During dynamic base, described object function will be called by described system dynamic base, and described system dynamic base is described containing transferring
The dynamic data base of the instrument of object function, for example, it will be appreciated by those skilled in the art that under Windows operating system, described system
System dynamic base is User32.dll, described comprises One function function ClientLoadLibrary, described power function
ClientLoadLibrary is used for realizing the dynamic base injection mechanism of Windows offer itself, but can only be by described
User32.dll uses, and the third party's dynamic base being not applied to outside uses.
Subsequently into step S104, judge whether the filename in described external dynamic storehouse is mated with described profile name.
Described external dynamic storehouse is as not belonging to the dynamic base that described system provides, and described external dynamic storehouse is will to be described target letter
The target dynamic storehouse that number is transferred, the described flow process transferring the injection of process dynamic base as shown in Figure 2.Institute's filename with .dll is
The dynamic library name of suffix, dynamic library file name that described profile name is previously written, needing interception.Described coupling, that is,
Detect whether the filename in described incoming external dynamic storehouse is identical with described profile name, if identical, conclude described incoming
External dynamic storehouse is the dynamic base needing to intercept.It is emphasized that for example, it will be appreciated by those skilled in the art that in Windows behaviour
Make under system, the operating principle of described step S103 is:Under normal circumstances, described User32.dll is Windows operation system
The assembly of system, absolutely not may order described object function (LoadLibraryExW or LoadLibraryExA) to call external dynamic
, this situation and substantially can be concluded that external dynamic storehouse is injected in this program in function in storehouse.
Then execution step S105, if coupling, refusal calls described object function.Described coupling, that is, described incoming outer
Portion's dynamic base is the dynamic base needing to intercept, and at this moment, described object function will be refused to call described external dynamic storehouse.
Further, Fig. 3 illustrates a change case according to the first embodiment of the present invention, and a kind of dynamic base that intercepts is noted
The method flow diagram entering.Fig. 3 is based on Fig. 1, in execution step S304, after refusal calls described object function, continues to run with this journey
Sequence.The objective of technical solution of the present invention is to ensure that described program is stable, thus intercept described object function transferring
The function in preset described external dynamic storehouse.Therefore, after intercepting, also it is intended to normally run described program, thus not shadow
Ring the functional realiey of this program.Meanwhile, if the instruction of invocation target function again, the technical scheme that the present invention provides remains to
Enough continuation keep the protection to this program.
Fig. 4 illustrates according to the second embodiment of the present invention, a kind of method flow diagram intercepting dynamic base injection.Fig. 4 base
It is in place of Fig. 1, difference:By previous step S4021, described object function is linked up with, to monitor described target letter
Number, described hook changes the original function of described object function using hook, and specifically, for example, those skilled in the art manage
Solution, under Windows operating system, described hook is a platform of windows messaging treatment mechanism, and application program can be
Sub- journey is set above described platform with the target message of monitor window, and the window being monitored can be that other processes are created
's.Hook Mechanism allows application program to intercept and capture windows messaging or particular event, that is, after target message reaches, in target window
Mouthful process function pre-treatment it.
In conjunction with second embodiment, linked up with using API Hook technology, described API (Application
Programming Interface, application programming interface) it is some predefined functions it is therefore an objective to provide application journey
Sequence and developer are accessed the ability of one group of routine based on certain software or hardware, and need not access source code, or understand
The details of internal work mechanism.Specifically, called by system, described hook is linked into described object function, whenever specific
Message sends, and before not reaching purpose window, described hook program just first captures this message, that is, described Hook Function first obtains
To control.The wherein last hook loading obtains message at first.The present invention use a kind of hook be INLINE Hook or
IAT Hook, described INLINE Hook are inline function hook, and it can directly change the generation of object function to be linked up with
Code, to realize jumping in the function pre-setting of function flow process, the described function pre-setting can execute judgement
Whether the filename in described incoming external dynamic storehouse is mated with described profile name;Described IAT Hook as imports table function
Hook, jumps to, by change that the importing table of X.exe or X.dll realizes function flow process, the function pre-setting
In, the described function pre-setting can execute the filename judging described incoming external dynamic storehouse and described profile name is
No coupling.
Further, a change case of second embodiment, and theing improvement is that of second embodiment, in described journey
In sequence process, described object function is linked up with.I.e. in this program is entered, then object function is linked up with, not right in advance
Described object function is linked up with, so, more purposive according to the program of technical solution of the present invention, and flexible approach intercepts appoints
Business, will not cause to bear to system operation simultaneously again..
According to the third embodiment of the invention Fig. 5 illustrates, a kind of method flow diagram intercepting dynamic base injection.Fig. 5 base
In Fig. 1, difference is, including step S503, judge described object function calls whether set is located at described system dynamic base
Address;If so, then execution step S504, judges whether the filename of described incoming outside is mated with described profile name.
In particular it is required that it is emphasized that present invention determine that technical scheme by the behavior of monitoring objective function find out need intercept
External dynamic storehouse, is injected into setting in the path of this program in described external dynamic storehouse and intercepts.The invocation bit of described object function
Put the position referring to that object function transfers external dynamic storehouse, dynamic base is exactly the set of a series function.For example, ability technology
Personnel understand, under Windows operating system, will create a window again on screen, then programmer can call
Realizing, CreateWindow here is exactly that User32.dll provides to the CreateWindow function providing in User32.dll
The function name for creating window.When described program needs to load a dynamic base and use function therein, first
Need to call described object function, described object function is tool function, realize transferring the function of function in other dynamic base.Logical
In the case of often, described object function transfers certain function inside system dynamic base, and it is dynamic that described function necessarily belongs to this system
Storehouse, and the technical scheme is that and described object function will be prevented to be deployed into the letter in external dynamic storehouse by system dynamic base
Number.After clearly aforementioned thinking, before realizing intercepting, first have to judge whether the return address of described object function comes from system
Dynamic base, if coming from system dynamic base, the filename in external dynamic storehouse being next passed into described in judgement is pre- with described
Put whether filename mates, so clearly could finally need the external dynamic storehouse intercepting, prevent maloperation.
Further, obtain the return ground of address realm in this program for the described system dynamic base and described object function
Location.This step provides a kind of determination methods, that is, clear and definite on the basis of step S503 how to judge returning of described object function
Return whether address comes from described system dynamic base.Specifically it is necessary first to obtain ground in this program for the described system dynamic base
Location scope, then obtains the return address of described object function, and described return address is that main program continues after subprogram returns
The IA of continuous execution is referred to as " return address ". and return address is exactly the ground of an instruction after CALL instruction in main program
Location.For example, it will be appreciated by those skilled in the art that under Windows operating system, described system dynamic base (as User32.d11) exists
Address realm in this program, such as 0x600000~0x900000, and described return address fall 0x600000~
When between 0x900000, that is, prove that described object function will transfer function from described system dynamic data storehouse;If described return
Go back to address when falling outside 0x600000~0x900000, then prove that described object function not will be from described system dynamic base
In transfer function.
Further, described acquisition address realm in this program for the described system dynamic base includes:Use
GetModuleHandle series of functions obtains, and the return address obtaining described object function includes:Using ReturnAddress
Function obtains.This step provides two kinds of instruments, for obtaining address realm in this program for the system dynamic base and target letter
The return address of number.Specifically, it will be appreciated by those skilled in the art that under Windows operating system, described
GetModuleHandle series of functions includes GetModuleHandle and GetModuleHandleEx, and this function is by institute
State Kenerl32.dll offer function, for obtaining the handle of a dynamic base, described handle be exactly in programming language for
The mark of one object, will operate a dynamic base must first obtain the described handle in storehouse._ ReturnAddress () is Microsoft
C++ run when, dynamic base provide a DLL, for obtaining the return address of current function, that is, call this
Certain position of individual function.It should be noted that there are other methods in theory to go to obtain this return address, but do not have
Related replacement function.
In conjunction with previous step, before intercepting, judge whether described object function will be from the intercepted external dynamic of needs
The method of the function in storehouse is specially:For example, it will be appreciated by those skilled in the art that under Windows operating system, obtaining first and will sentence
Address realm in this program for the disconnected described system dynamic base (as user32.dll), such as 0x600000~0x900000, this
Some Windows API can be passed through, the series of functions such as GetModuleHandle obtains.In currently invoked object function
The API that middle use windows system provides, _ ReturnAddress () obtain the return address x of current function, whether judge x
Superincumbent described system dynamic base, within the scope of this program, if it is illustrates that described object function will be judged
Described system dynamic base (as user32.dll) is called, and then carries out judging that the filename in described external dynamic storehouse is pre- with described
Put whether filename mates, if it matches, then refusal calls described object function.
Fig. 6 illustrates according to the fourth embodiment of the invention, a kind of method flow diagram intercepting dynamic base injection.In order to enter one
Step ensures the operation of this program, adds following steps during intercepting:
Step 603, if described object function is not called by system dynamic base, will call the request of described object function
It is transferred to operating system it is ensured that the function of described program needs is realized by described object function.
Step 604, if the file in incoming external dynamic storehouse is inconsistent with profile name, will call described object function
Request be transferred to operating system it is ensured that the function that described program needs is realized by described object function.
It should be noted that the lasting operation for this program of the technical scheme of present invention offer provides protection.So Fig. 6
The flow chart illustrating is execution capable of circulation, until this program stopped runs.
Above the specific embodiment of the present invention is described.It is to be appreciated that the invention is not limited in above-mentioned
Particular implementation, those skilled in the art can make various modifications or modification within the scope of the claims, this not shadow
Ring the flesh and blood of the present invention.
Claims (10)
1. a kind of method intercepting dynamic base injection, is suitable to prevent external program from noting the external dynamic storehouse containing executable code
Enter to this program process it is characterised in that including:
Monitor the object function in this program process;And, preposition process following steps:
If described object function is called by system dynamic base and the filename in incoming external dynamic storehouse is mated with profile name,
Then refusal calls described object function.
2. the method intercepting dynamic base injection as claimed in claim 1 is it is characterised in that also include:
Described object function is linked up with, or, in described program process, described object function is linked up with;
The described object function monitored in this program process includes:
If described object function is called, after message call reaches, before calling described object function, preferential execution is described
Preposition process.
3. the method intercepting dynamic base injection as claimed in claim 1 is it is characterised in that also include:
If the calling station of described object function is located at the address of described system dynamic base, described object function is dynamic by system
Storehouse is called.
4. the method intercepting dynamic base injection as claimed in claim 1 is it is characterised in that also include:
Obtain the return address of address realm in this program for the described system dynamic base and described object function.
5. the method intercepting dynamic base injection as claimed in claim 4 is it is characterised in that described acquisition described system dynamic base exists
Address realm in this program includes:Obtained using GetModuleHandle series of functions;
The return address obtaining described object function includes:Obtained using ReturnAddress function.
6. the method intercepting dynamic base injection as claimed in claim 1 is it is characterised in that also include:
The dynamic library file name intercepting required for write is as described profile name.
7. the method intercepting dynamic base injection as claimed in claim 1 is it is characterised in that described object function is to enter in this program
Called by described system dynamic base call function active in journey and be suitable to load described external dynamic storehouse.
8. the method intercepting dynamic base injection as claimed in claim 7 is it is characterised in that described call function is
ClientLoadLibrary, described object function is LoadLibraryExW.
9. the method intercepting dynamic base injection as claimed in claim 1 is it is characterised in that also include:
Continue to run with this program after refusal calls described object function.
10. the method intercepting dynamic base injection as claimed in claim 1 is it is characterised in that also include:
If described object function not called by system dynamic base and/or incoming external dynamic storehouse filename and profile name
Inconsistent, then the request calling described object function is transferred to operating system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610785500.XA CN106446671A (en) | 2016-08-30 | 2016-08-30 | Method for intercepting dynamic link library injection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610785500.XA CN106446671A (en) | 2016-08-30 | 2016-08-30 | Method for intercepting dynamic link library injection |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106446671A true CN106446671A (en) | 2017-02-22 |
Family
ID=58090551
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610785500.XA Pending CN106446671A (en) | 2016-08-30 | 2016-08-30 | Method for intercepting dynamic link library injection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106446671A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108629184A (en) * | 2018-05-18 | 2018-10-09 | 北京智游网安科技有限公司 | A kind of SDK safety detection methods of IOS |
| CN109063481A (en) * | 2018-07-27 | 2018-12-21 | 平安科技(深圳)有限公司 | A kind of risk checking method and device |
| CN110633566A (en) * | 2019-06-27 | 2019-12-31 | 北京无限光场科技有限公司 | Intrusion detection method, device, terminal equipment and medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103778375A (en) * | 2012-10-24 | 2014-05-07 | 腾讯科技(深圳)有限公司 | Device and method for preventing user equipment from loading illegal dynamic link library file |
| CN105512552A (en) * | 2014-09-26 | 2016-04-20 | 腾讯科技(深圳)有限公司 | Method and device for parameter detection |
| CN105631333A (en) * | 2015-12-24 | 2016-06-01 | 北京奇虎科技有限公司 | Safety protection method and device |
-
2016
- 2016-08-30 CN CN201610785500.XA patent/CN106446671A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103778375A (en) * | 2012-10-24 | 2014-05-07 | 腾讯科技(深圳)有限公司 | Device and method for preventing user equipment from loading illegal dynamic link library file |
| CN105512552A (en) * | 2014-09-26 | 2016-04-20 | 腾讯科技(深圳)有限公司 | Method and device for parameter detection |
| CN105631333A (en) * | 2015-12-24 | 2016-06-01 | 北京奇虎科技有限公司 | Safety protection method and device |
Non-Patent Citations (2)
| Title |
|---|
| 徐小玲等: "代码注入攻击及防御技术研究", 《浙江教育学院学报》 * |
| 王佩红等: "远程线程注入DLL的检测与卸载方法研究", 《计算机与数字工程》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108629184A (en) * | 2018-05-18 | 2018-10-09 | 北京智游网安科技有限公司 | A kind of SDK safety detection methods of IOS |
| CN109063481A (en) * | 2018-07-27 | 2018-12-21 | 平安科技(深圳)有限公司 | A kind of risk checking method and device |
| CN109063481B (en) * | 2018-07-27 | 2023-04-07 | 平安科技(深圳)有限公司 | Risk detection method and device |
| CN110633566A (en) * | 2019-06-27 | 2019-12-31 | 北京无限光场科技有限公司 | Intrusion detection method, device, terminal equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11354144B2 (en) | Java native interface and windows universal app hooking | |
| CN107092488B (en) | Method and system for realizing non-invasive point burying of application | |
| US5761513A (en) | System and method for exception handling in dynamically linked programs | |
| US9824209B1 (en) | Framework for efficient security coverage of mobile software applications that is usable to harden in the field code | |
| US9009823B1 (en) | Framework for efficient security coverage of mobile software applications installed on mobile devices | |
| US8739147B2 (en) | Class isolation to minimize memory usage in a device | |
| US9639329B2 (en) | System and method for automatic invocation of constructor code for superclasses | |
| US7882496B2 (en) | Method and system for metering execution of interpreted programs | |
| Pukall et al. | JavAdaptor—Flexible runtime updates of Java applications | |
| US20060095483A1 (en) | Modified computer architecture with finalization of objects | |
| EP1625497B1 (en) | Apparatus and methods for restoring synchronization to object-oriented software applications in managed runtime enviroments | |
| US8850577B2 (en) | Method and apparatus for preventing an IDT-based security sandbox from causing a kernel panic when using a call gate | |
| CN102760068B (en) | Loading method of Active X plugin and device | |
| CN103379481B (en) | Method for achieving safety protection | |
| EP3203406A1 (en) | Sensitive information security protection method and device | |
| US20110145924A1 (en) | Method for detection and prevention of loading executable files from the current working directory | |
| JP2007534064A (en) | Multicomputer architecture with synchronization. | |
| CN102955714B (en) | Device and method for implementing dynamic analog remote interface | |
| CN109255235B (en) | Mobile application third-party library isolation method based on user state sandbox | |
| CN111400757B (en) | Method for preventing native code in android third-party library from revealing user privacy | |
| CN113569246A (en) | Vulnerability detection method and device, computer equipment and storage medium | |
| CN106446671A (en) | Method for intercepting dynamic link library injection | |
| US20190065171A1 (en) | Binary suppression and modification for software upgrades | |
| US20150067686A1 (en) | Auto-Cloudifying Applications Via Runtime Modifications | |
| CN110765394A (en) | So file loading method and device, storage medium and terminal equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170222 |