CN106681923A - Software evaluation method and device - Google Patents

Software evaluation method and device Download PDF

Info

Publication number
CN106681923A
CN106681923A CN201611249512.7A CN201611249512A CN106681923A CN 106681923 A CN106681923 A CN 106681923A CN 201611249512 A CN201611249512 A CN 201611249512A CN 106681923 A CN106681923 A CN 106681923A
Authority
CN
China
Prior art keywords
packet
information
acquisition
target
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611249512.7A
Other languages
Chinese (zh)
Other versions
CN106681923B (en
Inventor
王妍鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Huaduo Network Technology Co Ltd
Original Assignee
Guangzhou Huaduo Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Huaduo Network Technology Co Ltd filed Critical Guangzhou Huaduo Network Technology Co Ltd
Priority to CN201611249512.7A priority Critical patent/CN106681923B/en
Publication of CN106681923A publication Critical patent/CN106681923A/en
Application granted granted Critical
Publication of CN106681923B publication Critical patent/CN106681923B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3688Test management for test execution, e.g. scheduling of test suites
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3692Test management for test results analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a software evaluation method and device and belongs to the technical field of networks. The method comprises the steps that a dynamic link library DLL main program is injected into a target progress, wherein the DLL main program is used for obtaining and analyzing a data package received or sent by current to-be-evaluated target software; a data package received or sent by target software is obtained in the target progress through the DLL main program; when data package analyzing operation is detected, the obtained data package is analyzed through the DLL main program based on the data package analyzing operation. The DLL main program is directly injected into the target progress to obtain the data package of the target software and analyzes the data package, so that the process that in the prior art, the data package of the target software is determined from multiple data packages is omitted; besides, the data package is directly obtained from the target process and does not contain a great deal of hardware information, and when the data volume of the data package is reduced, the target software can be more easily evaluated by an evaluation personnel.

Description

A kind of software assessment method and device
Technical field
The present invention relates to networking technology area, more particularly to a kind of to be based on a kind of software assessment method and device.
Background technology
In software development, software test and appraisal are requisite processes.When software test and appraisal are carried out, need to software fortune The packet for sending during row or receiving is captured, to obtain packet capturing information, afterwards, the packet capturing that test and appraisal personnel can be to getting Information is analyzed, and software is further tested and assessed based on analysis result.
In prior art, when software test and appraisal are carried out, test and appraisal personnel need to install packet catcher on equipment, afterwards, if It is standby receive on network interface card or send, multiple packets also not carrying out course allocation are captured by the packet catcher, when After catching multiple packets, test and appraisal personnel need to check that the plurality of packet subsequently sets up the Target IP connected during process (Internet Protocol, Internet protocol) and process creation port, just can determine that the plurality of packet is corresponding soft Part, and therefrom determine the corresponding packet of target software to be tested and assessed.When it is determined that after the packet of target software, test and assess personnel The packet of target software is analyzed by evaluation tool, and based on analysis result, writes correspondingly program to be measured to this Software is commented further to be tested and assessed.
Because the plurality of packet is that reception on network interface card or the packet for sending are carried out crawl and obtained, therefore, grab Multiple packets in not comprising the relevant information for including hardware layer in progress information, and the plurality of packet, determine target The process of the packet of software is more complicated, and data volume is larger, is not easy to test and appraisal personnel and is tested and assessed.
The content of the invention
After capturing for the packet solved to receiving on network interface card or send, determine that the packet of target software is more multiple It is miscellaneous, and packet data amount is larger, the problem for being not easy to test and assess, and embodiments provides a kind of software assessment method and dress Put.The technical scheme is as follows:
On the one hand, there is provided a kind of software assessment method, methods described includes:
DLL (Dynamic Link Library, dynamic link library) mastery routine is injected in target process, the DLL Mastery routine is used for the packet of reception or the transmission for obtaining target software currently to be tested and assessed and the packet is analyzed, The target process is the process of the target software;
The packet that the target software is received or sent is obtained from the target process by the DLL mastery routines;
When data packet analysis operation is detected, operated based on the data packet analysis, by the DLL mastery routines to obtaining The packet for taking is analyzed, so that test and appraisal personnel are tested and assessed based on analysis result to the target software.
Alternatively, after the packet that the target software reception or transmission are obtained from the target process, also Including:
When detecting, function information checks instruction and the function information is checked in instruction and carries object function to be viewed Address when, the address acquisition based on the object function simultaneously shows the parameter of the object function, the ground of the object function Location is the address for storing the object function;
When the parameter modification for detecting the object function is instructed, instructed to the target letter based on the parameter modification Several parameters are modified.
Alternatively, it is described to be operated based on the data packet analysis when data packet analysis operation is detected, to the number for obtaining It is analyzed according to bag, including:
Filtering characters and filtering rule are carried in data packet analysis operation is for filter operation and the filter operation When, based on the filtering characters, the data comprising the filtering characters are determined from the packet of the acquisition;
Based on the filtering rule, corresponding operation is performed to the data comprising the filtering characters.
Alternatively, it is described to be operated based on the data packet analysis when data packet analysis operation is detected, to the number for obtaining It is analyzed according to bag, including:
Zone bit information is carried in data packet analysis operation is characterized statistical operation and characteristic statisticses operation When, based on the zone bit information, determine condition code from the packet of the acquisition, the zone bit information be used to indicating from The specified location of the packet of the acquisition determines the condition code of designated length;
Based on a determination that condition code, count the number of times that occurs in the packet of the acquisition of described document information.
Alternatively, it is described to be operated based on the data packet analysis when data packet analysis operation is detected, to the number for obtaining Before being analyzed according to bag, also include:
When the information that detects arranges instruction, display information arranges interface;
The configuration information that the test and appraisal personnel are input in described information arranges interface is obtained, it is right that the configuration information includes Filtering characters and filtering rule that the packet of the acquisition is filtered, and characteristic statisticses are carried out to the data of the acquisition Zone bit information.
On the other hand, there is provided a kind of software assessment device, described device includes:
Injection module, for dynamic link library (DLL) mastery routine to be injected in target process, the DLL mastery routines are used for Obtain the packet of reception or the transmission of target software currently to be tested and assessed and the packet is analyzed, the target is entered Journey is the process of the target software;
First acquisition module, connects for the target software to be obtained from the target process by the DLL mastery routines The packet received or send;
Analysis module, for when data packet analysis operation is detected, being operated based on the data packet analysis, by described DLL mastery routines are analyzed to the packet for obtaining, so that test and appraisal personnel are surveyed based on analysis result to the target software Comment.
Alternatively, described device also includes:
Second acquisition module, for function information to check instruction and the function information is checked in instruction and carried when detecting During the address of object function to be viewed, address acquisition based on the object function simultaneously shows the parameter of the object function, The address of the object function is the address for storing the object function;
Modified module, for when the parameter modification for detecting the object function is instructed, being referred to based on the parameter modification The parameter to the object function is made to modify.
Alternatively, the analysis module includes:
Acquisition submodule, filters for the carrying in data packet analysis operation is filter operation and the filter operation When character and filtering rule, based on the filtering characters, determine comprising the filtering characters from the packet of the acquisition Data;
Submodule is processed, for based on the filtering rule, to the data comprising the filtering characters correspondence being performed Operation.
Alternatively, the analysis module includes:
Determination sub-module, in being characterized statistical operation and characteristic statisticses operation when data packet analysis operation When carrying zone bit information, based on the zone bit information, condition code, the flag bit are determined from the packet of the acquisition Information is used for the condition code for indicating from the specified location of the packet of the acquisition to determine designated length;
Statistic submodule, for based on a determination that condition code, statistics described document information go out in the packet of the acquisition Existing number of times.
Alternatively, described device also includes:
Display module, for when the information that detects arranges instruction, display information to arrange interface;
Setup module, it is described for obtaining the configuration information that the test and appraisal personnel are input in described information arranges interface Configuration information includes filtering characters and the filtering rule filtered to the packet of the acquisition, and the number to the acquisition According to the zone bit information for carrying out characteristic statisticses.
The beneficial effect that technical scheme provided in an embodiment of the present invention is brought is:The embodiment of the present invention is by by the main journeys of DLL Sequence is directly injected in target process to capture the packet that target software is received or sent, and the packet to getting is carried out point Analysis, because packet is directly to capture from the process of target software, in other words, the packet for grabbing belongs to target The packet of software, therefore, the process that target software packet is determined from multiple packets is eliminated, solve correlation technique In, cause the software that sets the goal really during by capturing the packet that course allocation is not carried out on network interface card and target software is tested and assessed The difficult problem of packet, simultaneously as the packet of the target software directly grabbed in target process compared to from The packet captured on network interface card, not comprising there is substantial amounts of hardware information, therefore, the data volume of packet is reduced, it is easier to tested and assessed Personnel test and assess to target software.
Description of the drawings
Technical scheme in order to be illustrated more clearly that the embodiment of the present invention, below will be to making needed for embodiment description Accompanying drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for For those of ordinary skill in the art, on the premise of not paying creative work, can be obtaining other according to these accompanying drawings Accompanying drawing.
Fig. 1 is a kind of software assessment method flow chart provided in an embodiment of the present invention;
Fig. 2 is a kind of software assessment method flow chart provided in an embodiment of the present invention;
Fig. 3 A are a kind of block diagrams of software assessment device provided in an embodiment of the present invention;
Fig. 3 B are a kind of block diagrams of software assessment device provided in an embodiment of the present invention;
Fig. 3 C are a kind of block diagrams of analysis module provided in an embodiment of the present invention;
Fig. 3 D are a kind of block diagrams of analysis module provided in an embodiment of the present invention;
Fig. 3 E are a kind of block diagrams of software assessment device provided in an embodiment of the present invention.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing to embodiment party of the present invention Formula is described in further detail.
Before detailed explanation is carried out to the embodiment of the present invention, first the application scenarios of the embodiment of the present invention are given Introduce.Generally, when software test and appraisal are carried out, it is necessary first to obtain the data that target software sends or receives by packet catcher Wrap, and the packet to getting is analyzed, afterwards, test and appraisal personnel write script and target software are carried out based on analysis result Further test and assess.In the related, due to packet catcher can only be directed to network interface card on receive or send, also do not carry out process Multiple packets of distribution are captured, therefore, after multiple packets are grabbed, determine that target is soft from the plurality of packet The process of the packet of part is more complicated, and the packet for being additionally, since target software is the directly crawl from network interface card, therefore, should Include the relevant information of hardware layer in packet, data volume is larger, and these hardware informations for test and appraisal be it is unnecessary, because This, is not easy to test and appraisal personnel and target software is tested and assessed.
In order to solve the above problems, a kind of software assessment method and device are embodiments provided.The method passes through DLL mastery routines are directly injected into into target process to obtain the packet that target software is received and sent, and the data to getting Bag is analyzed, and because packet is directly to obtain from the process of target software, that is to say, the packet for getting belongs to In target software, therefore, the process of the packet for determining target software in prior art from multiple packets is eliminated, and It is a large amount of not comprising having compared to the packet captured from network interface card because the packet is directly to obtain from target process Hardware information, therefore, the data volume of packet is reduced, it is easier to which test and appraisal personnel test and assess to target software.
In addition, software assessment method provided in an embodiment of the present invention is also based on the data packet analysis operation for detecting, The packet for getting is analyzed by DLL mastery routines, to facilitate test and appraisal personnel further to survey target software Comment.In addition, method provided in an embodiment of the present invention applies also for carrying out conversed analysis and research to software, by the method In filtering function and characteristic statisticses function, research worker can easily get want obtain target software dependency number According to, and research and analysis are carried out to target software based on the data for getting.Meanwhile, checked by the function information in the method Function, research worker can easily get the parameter of arbitrary function, and the parameter to the function is modified, afterwards, Target software after DLL mastery routines are to changing parameter carries out debugging research, and compared in prior art, research worker is directed to Each test event coding is debugged, and the method for the embodiment of the present invention greatly alleviates the heavy repetition of research worker Work, is that conversed analysis and research bring convenience.
A kind of flow chart of software assessment method is embodiments provided, referring to Fig. 1, the method includes:
Step 101:DLL mastery routines are injected in target process, DLL mastery routines are used to obtain target currently to be tested and assessed The packet of reception or the transmission of software is simultaneously analyzed to packet, and target process is the process of target software.
Step 102:The packet that target software is received or sent is obtained from target process by DLL mastery routines.
Step 103:When data packet analysis operation is detected, operated based on data packet analysis, by DLL mastery routines to obtaining The packet for taking is analyzed, so that test and appraisal personnel are tested and assessed based on analysis result to target software.
In embodiments of the present invention, target software reception is captured by the way that DLL mastery routines are directly injected in target process Or the packet for sending, and the packet to getting is analyzed, because packet is directly from the process of target software Crawl, in other words, the packet for grabbing belongs to the packet of target software, therefore, eliminate from multiple packets The middle process for determining target software packet, in solving correlation technique, by capturing the number that course allocation is not carried out on network interface card Cause to set the goal really the difficult problem of packet of software when testing and assessing target software according to bag, simultaneously as in target The packet of the target software directly grabbed in process is substantial amounts of hard not comprising having compared to the packet captured from network interface card Part information, therefore, the data volume of packet is reduced, it is easier to which test and appraisal personnel test and assess to target software.
Alternatively, after the packet of target software reception or transmission is obtained from target process, also include:
When detecting, function information checks instruction and function information is checked and the ground of object function to be viewed is carried in instruction During location, the parameter of address acquisition and display target function based on object function, the address of object function is storage object function Address;
When the parameter modification for detecting object function is instructed, the parameter to object function is instructed to carry out based on parameter modification Modification.
Alternatively, when data packet analysis operation is detected, operated based on data packet analysis, the packet to obtaining is carried out Analysis, including:
When filtering characters and filtering rule is carried during data packet analysis operation is for filter operation and filter operation, it was based on Filter character, determines the data comprising filtering characters from the packet for obtaining;
Based on filtering rule, corresponding operation is performed to the data comprising filtering characters.
Alternatively, when data packet analysis operation is detected, operated based on data packet analysis, the packet to obtaining is carried out Analysis, including:
When zone bit information is carried during data packet analysis operation is characterized statistical operation and characteristic statisticses operation, based on mark Will position information, determines condition code from the packet for obtaining, and zone bit information is used to indicate the specific bit from the packet for obtaining Put the condition code for determining designated length;
Based on a determination that condition code, statistical nature code obtain packet in occur number of times.
Alternatively, when data packet analysis operation is detected, operated based on data packet analysis, the packet to obtaining is carried out Before analysis, also include:
When the information that detects arranges instruction, display information arranges interface;
The configuration information that test and appraisal personnel are input in information arranges interface is obtained, configuration information includes the packet to obtaining The filtering characters for being filtered and filtering rule, and the data to obtaining carry out the zone bit information of characteristic statisticses.
Above-mentioned all optional technical schemes, can be real according to the alternative embodiment for arbitrarily combining to form the present invention, the present invention Apply example no longer to repeat this one by one.
Fig. 2 is a kind of flow chart of software assessment method provided in an embodiment of the present invention, as shown in Fig. 2 the method can be with For terminal, comprise the following steps:
Step 201:DLL mastery routines are injected in target process, DLL mastery routines are used to obtain target currently to be tested and assessed The packet of reception or the transmission of software is simultaneously analyzed to packet, and target process is the process of target software.
Alternatively, before testing and assessing to target software, the DLL mastery routines can be installed to winsock by test and appraisal personnel Under (Windows Socket, interface for network programming) catalogue, when terminal detects the network operation for target software, then may be used To directly invoke the DLL mastery routines, and the DLL mastery routines are injected in the target process of target software.
Certainly, before testing and assessing to software, the mode that test and appraisal personnel can also manually inject is by the DLL mastery routines In being injected into target process.When being manually injected into, test and appraisal personnel can download implantation tool, and start the implantation tool.Work as end When end detects implantation tool operation, dialog box can be selected with the current process list of display terminal and DLL injections.Test and appraisal people Member selects the DLL mastery routines to be injected from selection target process in the process list of the display from terminal local storage.When Terminal is detected after the target process of selection and DLL mastery routines, and the DLL mastery routines are injected in target process.
It should be noted that the injection mode that implantation tool is adopted can be LSP (Layered Service Provider, layered service provider) the common injection mould such as injection way, message injection way, Remote thread injecting pattern Formula.
Step 202:The packet that target software is received or sent is obtained from target process by DLL mastery routines.
After DLL mastery routines are injected into target process, by the DLL mastery routines, when obtaining current from the target process Between target software receive and send all packets.Meanwhile, after DLL mastery routines are injected into target process, terminal can be with Show the user interface of the DLL mastery routines.
After the packet of target software is got, the embodiment of the present invention can also pass through the Hook of arbitrary function address (hook) to the parameter of the arbitrary function in the packet of the target software for getting being monitored.That is to say, when terminal inspection Measure that function information checks instruction and function information is checked in instruction when carrying the address of object function to be viewed, can be based on The address acquisition of the object function simultaneously shows the parameter of the object function, wherein, the address of object function is storage object function Address;When the parameter modification that terminal detects the object function is instructed, can be instructed to object function based on parameter modification Parameter modify.
Generally, test and appraisal personnel need the corresponding function parameter of certain function by checking target software, so as to judge this Whether function parameter is changed, or, test and appraisal personnel need to modify the corresponding function parameter of certain function, to test ginseng The safety of the amended software of number.In this case, test and appraisal personnel can select the high-level functions list of user interface to select , the function address of the object function checked is wanted in input.Because DLL mastery routines include the Hook of arbitrary function address, It is that the modification of the parameter of arbitrary function, shielding and output in terminal-pair packet can be intercepted and monitored, because This, after terminal gets the function address of object function, the Hook of arbitrary function address can be based on the letter of the object function Number address, obtains the parameter of the object function and including in the panel of user interface.When test and appraisal, personnel are needed to the mesh During the safety that the parameter of scalar functions is modified with test software, the parameter of object function that can be to showing be modified. After the parameter modification that terminal detects the object function is instructed, the parameter of modification is obtained, then by the arbitrary function address Hook, the modification to the parameter of object function is realized, so, when test and appraisal personnel are wanted by Modification growth function parameter to software When safety is tested, it is not necessary to which individually coding to be changing the function parameter, especially when needing test and appraisal to software When multiple functions are tested and assessed, it is not necessary to tested come coding for each function, be software test and appraisal bring it is very big Convenience, save the plenty of time.
Step 203:When the information that detects arranges instruction, display information arranges interface, and obtains test and appraisal personnel in information The configuration information being input in interface is set.
Based on the description in step 202, after DLL mastery routines to be injected into target process, when terminal detects information When instruction is set, interface can be arranged with display information, test and appraisal personnel can be input into configuration information in the information arranges interface, with Analysis to follow-up data bag carries out basic information setting.After terminal gets the configuration information of test and appraisal personnel input, base Packet is analyzed in the configuration information.
It should be noted that the configuration information includes that the filtering characters that the packet to obtaining is filtered are advised with filtering Then, the data and to obtaining carry out the zone bit information of characteristic statisticses, meanwhile, the configuration information can also include target data Segment information, for indicating to be analyzed the target data segment in the packet that gets.For example, the target data segment information can Think beginning byte:0, byte number:2000, that is, represent and start to byte number 2000 from 0 byte in the packet for getting Data segment be analyzed.
Which when terminal gets the packet of target software by step 201-203, and determine in packet After data segment is analyzed, the packet of target software can be analyzed by step 204.
Step 204:When data packet analysis operation is detected, operated based on data packet analysis, by DLL mastery routines to obtaining The packet for taking is analyzed, so that test and appraisal personnel are tested and assessed based on analysis result to target software.
Based on the description of step 203, terminal can both be directed to the entire packet for getting and be analyzed, it is also possible to be directed to Certain data segment is analyzed in the packet for getting, and the difference of personnel's data as needed of testing and assessing, can be by not Same data packet analysis operate to carry out different analyses to packet.
On the one hand, when test and appraisal personnel need to analyze the data of a certain class, because artificial filter is difficult, then can pass through Filter operation to realize.When filtering characters and filtering rule is carried during terminal detects filter operation and filter operation, it was based on Filter character, determines the data comprising filtering characters from the packet for obtaining;Afterwards, based on filtering rule, to comprising filtration word The data of symbol perform corresponding operation.Wherein, filtering characters can be the condition code of the data that can be identified for that a certain type, also may be used Being other characters for distinguishing in many data that the data of a certain class can be comformed.In addition, filtering rule can include screen Cover, show, intercepting etc..
For example, it is assumed that filtering characters are " 00 ", filtering rule is shielding, then, terminal then can be from packet or mesh All data for including " 00 " character are searched in mark data segment, afterwards, terminal can include " 00 " character by what is found Data shielded.
By the filter operation, test and appraisal personnel easily can search and obtain the data wanted from substantial amounts of data, Bring great convenience for software test and appraisal.In addition, when conversed analysis and research that the method is used for software, can be with Filter false caused by avoiding due to neglecting during artificial filter, so as to avoid reverse mistake.
On the other hand, when zone bit information is carried during terminal detects characteristic statisticses operation and characteristic statisticses operation, base In zone bit information, from the packet for obtaining condition code is determined, the zone bit information is used to indicate from the packet for obtaining Specified location determines the condition code of designated length;Based on a determination that condition code, statistical nature code obtain packet in occur Number of times.
Generally, when test and appraisal personnel want to obtain corresponding certain the class data of a certain function, but such data correspondence is not known Condition code when, test and appraisal personnel can perform a certain function by target software first, and when determining the execution function, corresponding Packet number.Then, test and appraisal personnel can estimate zone bit information by checking the packet for getting.Afterwards, test and assess people Member can select characteristic statisticses option, and the zone bit information that input is estimated;When terminal detects characteristic statisticses to be operated, obtain The zone bit information of test and appraisal personnel input, and based on the zone bit information, from the specified location of packet designated length is determined Condition code;After condition code is determined, terminal can in the packet count the number of times that the condition code of the determination occurs, and will The number of times of condition code and statistics is shown.Test and appraisal personnel can be by corresponding packet number and system when performing a certain function The number of times of meter is compared, if identical, it is determined that the current condition code for determining is the feature of certain the class data for wanting to obtain Code.
For example, when test and appraisal personnel want to obtain the bag of propagandaing directed to communicate in target software, but do not know that the condition code of bag of propagandaing directed to communicate is What, now, test and appraisal personnel can perform operation of propagandaing directed to communicate by target software, it is assumed that operation of propagandaing directed to communicate has been continuously performed twice, Then correspond to two bags of propagandaing directed to communicate.Afterwards, test and appraisal personnel check multiple packets, and the zone bit information for estimating bag of propagandaing directed to communicate is a line one Row, two bytes, and by selecting characteristic statisticses option, in information arranges interface the zone bit information estimated is have input; Terminal obtains the zone bit information after characteristic statisticses instruction is detected, and according to the zone bit information, in the first row first row The data of 2 bytes are searched at place, and the data of find two bytes are defined as into condition code;Afterwards, terminal is in packet The number of times that the middle condition code for counting two bytes occurs, and the number of times of this feature code and statistics is shown.Test and appraisal personnel Judge that whether this feature code is the condition code of bag of propagandaing directed to communicate by the number of times for counting, when the number of times of statistics is for twice, with bag of propagandaing directed to communicate Number is identical, and test and appraisal personnel then can determine that this feature code is the condition code of bag of propagandaing directed to communicate, otherwise, it is determined that be not.
By said method, test and appraisal personnel can easily determine condition code, compared in correlation technique by artificially looking into The method that count feature code is looked for determine the condition code for wanting to obtain, saves the substantial amounts of time, improves work efficiency.
It should be noted that when test and appraisal personnel are carried out by the method in step 201-204 to the packet of target software After analysis, based on analysis result, test and appraisal personnel can write script and target software is further tested and assessed.Now, survey Personnel are commented to select the script option of user interface, terminal can be carried out when script option is detected to the script write Compile and run, and show the compile error information in compilation process, personnel are subsequently modified for test and appraisal.Except this it Outward, the embodiment of the present invention additionally provides the temporary interface for test, to facilitate test and appraisal personnel to complete software test code, it is to avoid When code malfunctions in correlation technique, it has to be repeatedly injected the problem of DLL mastery routines, shorten the time of debugging interface.
In embodiments of the present invention, terminal obtains target software and connects by the way that DLL mastery routines are directly injected into into target process The packet received and send, and the packet to getting is analyzed, because packet is obtained from the process of target software Take, that is to say, the packet for getting belongs to the packet of target software, therefore, eliminate in prior art from multiple The process of the packet of target software is determined in packet, and because the packet is directly to obtain from target process, Compared to the packet captured from network interface card, not comprising there is substantial amounts of hardware information, therefore, the data volume of packet is reduced, more It is easy to test and appraisal personnel to test and assess target software.
In addition, software assessment method provided in an embodiment of the present invention is also based on the data packet analysis operation for detecting, Filter analysis and characteristic statisticses analysis are carried out to the packet for getting by DLL mastery routines, is that test and appraisal personnel acquisition is wanted to obtain The data for taking bring convenience, and save the time.Meanwhile, by the function information look facility in the method, test and appraisal personnel can be with The parameter of arbitrary function is easily got, and the parameter to the function is modified, afterwards, by DLL mastery routines to repairing Changing the target software after parameter carries out testing research, and compared in prior art, test and appraisal personnel write for each test event The method that program is tested, the method for the embodiment of the present invention greatly alleviates the work of the heavy repetition of test and appraisal personnel.
In addition, method provided in an embodiment of the present invention applies also for carrying out conversed analysis and research to software, passes through Filtering function and characteristic statisticses function in the method, research worker can easily get the target software for wanting to obtain Related data, and research and analysis are carried out to target software based on the data for getting, it is that conversed analysis and research are provided more For the help of intelligence.
Fig. 3 A are a kind of block diagrams of software assessment device 300 provided in an embodiment of the present invention, referring to Fig. 3 A, the device bag Include:Injection module 301, the first acquisition module 302 and analysis module 303.
Injection module 301, DLL mastery routines are injected in target process, and DLL mastery routines are used to obtain currently to be tested and assessed The packet of reception or the transmission of target software is simultaneously analyzed to packet, and target process is the process of target software;
First acquisition module 302, for by DLL mastery routines obtains from target process target software receive or transmission Packet;
Analysis module 303, for when data packet analysis operation is detected, being operated based on data packet analysis, by DLL master Program is analyzed to the packet for obtaining, so that test and appraisal personnel are tested and assessed based on analysis result to target software.
Alternatively, referring to Fig. 3 B, the device 300 also includes:
Second acquisition module 304, for function information to check instruction and function information is checked in instruction and carried when detecting During the address of object function to be viewed, the parameter of address acquisition and display target function based on object function, object function Address be store object function address;
Modified module 305, for when the parameter modification for detecting object function is instructed, being instructed to mesh based on parameter modification The parameter of scalar functions is modified.
Alternatively, referring to Fig. 3 C, analysis module 303 includes:
Acquisition submodule 3031, for carrying filtering characters in operating as filter operation and filter operation when data packet analysis During with filtering rule, based on filtering characters, the data comprising filtering characters are determined from the packet for obtaining;
Submodule 3032 is processed, for based on filtering rule, to the data comprising filtering characters corresponding operation being performed.
Alternatively, referring to Fig. 3 D, analysis module 303 includes:
Determination sub-module 3033, for carrying in being characterized statistical operation and characteristic statisticses operation when data packet analysis operation During zone bit information, based on zone bit information, condition code is determined from the packet for obtaining, zone bit information is used to indicating from obtaining The specified location of the packet for taking determines the condition code of designated length;
Statistic submodule 3034, for based on a determination that condition code, statistical nature code obtain packet in occur Number of times.
Alternatively, referring to Fig. 3 E, the device 300 also includes:
Display module 306, for when the information that detects arranges instruction, display information to arrange interface;
Setup module 307, for obtaining the configuration information that test and appraisal personnel are input in information arranges interface, configuration information bag Filtering characters and filtering rule that the packet to obtaining is filtered are included, and the data to obtaining carry out the mark of characteristic statisticses Will position information.
In sum, the embodiment of the present invention obtains target software and connects by the way that DLL mastery routines are directly injected into into target process The packet received and send, and the packet to getting is analyzed, because packet is obtained from the process of target software Take, that is to say, the packet for getting belongs to the packet of target software, therefore, eliminate in prior art from multiple The process of the packet of target software is determined in packet, and because the packet is directly to obtain from target process, Compared to the packet captured from network interface card, not comprising there is substantial amounts of hardware information, therefore, the data volume of packet is reduced, more It is easy to test and appraisal personnel to test and assess target software.
In addition, software assessment method provided in an embodiment of the present invention is also based on the data packet analysis operation for detecting, Filter analysis and characteristic statisticses analysis are carried out to the packet for getting by DLL mastery routines, is that test and appraisal personnel acquisition is wanted to obtain The data for taking bring convenience, and save the time.Meanwhile, by the function information look facility in the method, test and appraisal personnel can be with The parameter of arbitrary function is easily got, and the parameter to the function is modified, afterwards, by DLL mastery routines to repairing Changing the target software after parameter carries out testing research, and compared in prior art, test and appraisal personnel write for each test event The method that program is tested, the method for the embodiment of the present invention greatly alleviates the work of the heavy repetition of test and appraisal personnel.
It should be noted that:The software assessment device that above-described embodiment is provided when triggering software and testing and assessing, only with above-mentioned each The division of functional module is illustrated, and in practical application, as desired can distribute above-mentioned functions by different work( Can module complete, will the internal structure of equipment be divided into different functional modules, to complete whole described above or portion Divide function.In addition, the software assessment device that above-described embodiment is provided belongs to same design with software assessment method embodiment, its tool Body realizes that process refers to embodiment of the method, repeats no more here.
One of ordinary skill in the art will appreciate that realizing all or part of step of above-described embodiment can pass through hardware To complete, it is also possible to which the hardware that correlation is instructed by program is completed, and described program can be stored in a kind of computer-readable In storage medium, storage medium mentioned above can be read only memory, disk or CD etc..
The foregoing is only presently preferred embodiments of the present invention, not to limit the present invention, all spirit in the present invention and Within principle, any modification, equivalent substitution and improvements made etc. should be included within the scope of the present invention.

Claims (10)

1. a kind of software assessment method, it is characterised in that methods described includes:
Dynamic link library (DLL) mastery routine is injected in target process, the DLL mastery routines are used to obtain mesh currently to be tested and assessed The packet of reception or the transmission of mark software is simultaneously analyzed to the packet, and the target process is the target software Process;
The packet that the target software is received or sent is obtained from the target process by the DLL mastery routines;
When data packet analysis operation is detected, operated based on the data packet analysis, by the DLL mastery routines to acquisition Packet is analyzed, so that test and appraisal personnel are tested and assessed based on analysis result to the target software.
2. method according to claim 1, it is characterised in that described that the target software is obtained from the target process After the packet for receiving or sending, also include:
When detecting, function information checks instruction and the function information is checked and the ground of object function to be viewed is carried in instruction During location, address acquisition based on the object function simultaneously shows the parameter of the object function, and the address of the object function is Store the address of the object function;
When the parameter modification for detecting the object function is instructed, instructed to the object function based on the parameter modification Parameter is modified.
3. method according to claim 1, it is characterised in that described when detecting data packet analysis and operating, based on institute Data packet analysis operation is stated, the packet to obtaining is analyzed, including:
When filtering characters and filtering rule is carried during data packet analysis operation is for filter operation and the filter operation, base In the filtering characters, the data comprising the filtering characters are determined from the packet of the acquisition;
Based on the filtering rule, corresponding operation is performed to the data comprising the filtering characters.
4. method according to claim 1, it is characterised in that described when detecting data packet analysis and operating, based on institute Data packet analysis operation is stated, the packet to obtaining is analyzed, including:
When zone bit information is carried during data packet analysis operation is characterized statistical operation and characteristic statisticses operation, base In the zone bit information, condition code is determined from the packet of the acquisition, the zone bit information is used to indicating from described The specified location of the packet of acquisition determines the condition code of designated length;
Based on a determination that condition code, count the number of times that occurs in the packet of the acquisition of described document information.
5. according to the arbitrary described method of claim 1-4, it is characterised in that described when data packet analysis operation is detected, Operated based on the data packet analysis, before the packet to obtaining is analyzed, also included:
When the information that detects arranges instruction, display information arranges interface;
The configuration information that the test and appraisal personnel are input in described information arranges interface is obtained, the configuration information is included to described Filtering characters and filtering rule that the packet of acquisition is filtered, and the data of the acquisition are carried out with the mark of characteristic statisticses Will position information.
6. a kind of software assessment device, it is characterised in that described device includes:
Injection module, for when implant operation is detected, dynamic link library (DLL) mastery routine being injected in target process, institute DLL mastery routines are stated for obtaining the packet of reception or the transmission of target software currently to be tested and assessed and the packet being carried out Analysis, the target process is the process of the target software;
First acquisition module, for by the DLL mastery routines obtain from the target process target software receive or The packet of transmission;
Analysis module, for when data packet analysis operation is detected, being operated based on the data packet analysis, by the DLL Mastery routine is analyzed to the packet for obtaining, so that test and appraisal personnel are tested and assessed based on analysis result to the target software.
7. device according to claim 6, it is characterised in that described device also includes:
Second acquisition module, for function information to check instruction and the function information is checked in instruction and carries to be checked when detecting During the address of the object function seen, address acquisition based on the object function simultaneously shows the parameter of the object function, described The address of object function is the address for storing the object function;
Modified module, for when the parameter modification for detecting the object function is instructed, it to be right to be instructed based on the parameter modification The parameter of the object function is modified.
8. device according to claim 6, it is characterised in that the analysis module includes:
Acquisition submodule, for carrying filtering characters in operating as filter operation and the filter operation when the data packet analysis During with filtering rule, based on the filtering characters, the data comprising the filtering characters are determined from the packet of the acquisition;
Submodule is processed, for based on the filtering rule, to the data comprising the filtering characters corresponding behaviour being performed Make.
9. device according to claim 6, it is characterised in that the analysis module includes:
Determination sub-module, for carrying in being characterized statistical operation and characteristic statisticses operation when data packet analysis operation During zone bit information, based on the zone bit information, condition code, the zone bit information are determined from the packet of the acquisition For indicating from the specified location of the packet of the acquisition to determine the condition code of designated length;
Statistic submodule, for based on a determination that condition code, count described document information and occur in the packet of the acquisition Number of times.
10. according to the arbitrary described device of claim 6-9, it is characterised in that described device also includes:
Display module, for when the information that detects arranges instruction, display information to arrange interface;
Setup module, for obtaining the configuration information that the test and appraisal personnel are input in described information arranges interface, the setting Information includes filtering characters and the filtering rule filtered to the packet of the acquisition, and the data of the acquisition are entered The zone bit information of row characteristic statisticses.
CN201611249512.7A 2016-12-29 2016-12-29 A kind of software assessment method and device Active CN106681923B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611249512.7A CN106681923B (en) 2016-12-29 2016-12-29 A kind of software assessment method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611249512.7A CN106681923B (en) 2016-12-29 2016-12-29 A kind of software assessment method and device

Publications (2)

Publication Number Publication Date
CN106681923A true CN106681923A (en) 2017-05-17
CN106681923B CN106681923B (en) 2019-06-14

Family

ID=58873478

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611249512.7A Active CN106681923B (en) 2016-12-29 2016-12-29 A kind of software assessment method and device

Country Status (1)

Country Link
CN (1) CN106681923B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107329901A (en) * 2017-07-31 2017-11-07 腾讯科技(深圳)有限公司 Packet grasping means, terminal, server and storage medium
CN108536484A (en) * 2018-03-26 2018-09-14 平安普惠企业管理有限公司 Parameter amending method, device, terminal device and storage medium
CN110875858A (en) * 2018-08-31 2020-03-10 北京京东尚科信息技术有限公司 Application test data capturing method, system, equipment and storage medium
CN113535593A (en) * 2021-09-15 2021-10-22 广州锦行网络科技有限公司 Application program packet capturing method and device, electronic equipment and storage medium
CN113961240A (en) * 2021-12-20 2022-01-21 杭州安恒信息技术股份有限公司 Reverse analysis method for virtualization encryption program and related components
CN117473487A (en) * 2023-10-24 2024-01-30 联通(广东)产业互联网有限公司 Data processing method, electronic equipment and computer readable storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070234328A1 (en) * 2006-03-01 2007-10-04 Microsoft Corporation File handling for test environments
CN101997871A (en) * 2010-09-21 2011-03-30 电子科技大学 Device for quickly capturing, filtering and forwarding data
CN104156481A (en) * 2014-08-26 2014-11-19 北京软安科技有限公司 Android encryption communication detection device and method based on dynamic linking library injection

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070234328A1 (en) * 2006-03-01 2007-10-04 Microsoft Corporation File handling for test environments
CN101997871A (en) * 2010-09-21 2011-03-30 电子科技大学 Device for quickly capturing, filtering and forwarding data
CN104156481A (en) * 2014-08-26 2014-11-19 北京软安科技有限公司 Android encryption communication detection device and method based on dynamic linking library injection

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107329901A (en) * 2017-07-31 2017-11-07 腾讯科技(深圳)有限公司 Packet grasping means, terminal, server and storage medium
CN107329901B (en) * 2017-07-31 2021-09-28 腾讯科技(深圳)有限公司 Data packet capturing method, terminal, server and storage medium
CN108536484A (en) * 2018-03-26 2018-09-14 平安普惠企业管理有限公司 Parameter amending method, device, terminal device and storage medium
CN110875858A (en) * 2018-08-31 2020-03-10 北京京东尚科信息技术有限公司 Application test data capturing method, system, equipment and storage medium
CN110875858B (en) * 2018-08-31 2023-06-27 北京京东尚科信息技术有限公司 Application test data grabbing method, system, equipment and storage medium
CN113535593A (en) * 2021-09-15 2021-10-22 广州锦行网络科技有限公司 Application program packet capturing method and device, electronic equipment and storage medium
CN113961240A (en) * 2021-12-20 2022-01-21 杭州安恒信息技术股份有限公司 Reverse analysis method for virtualization encryption program and related components
CN113961240B (en) * 2021-12-20 2022-04-08 杭州安恒信息技术股份有限公司 Reverse analysis method for virtualization encryption program and related components
CN117473487A (en) * 2023-10-24 2024-01-30 联通(广东)产业互联网有限公司 Data processing method, electronic equipment and computer readable storage medium

Also Published As

Publication number Publication date
CN106681923B (en) 2019-06-14

Similar Documents

Publication Publication Date Title
CN106681923A (en) Software evaluation method and device
CN109145579A (en) Intelligent network joins automobile information secure authentication testing method and system
CN102468985B (en) The method and system of penetration testing is carried out for Network Security Device
CN110134400A (en) Data capture method, device, electronic equipment and computer readable storage medium
CN105787364B (en) Automatic testing method, device and system for tasks
CN111753306B (en) Intelligent contract vulnerability detection method and device, electronic equipment and storage medium
CN106326067A (en) Method and device for monitoring CPU (central processing unit) performance under pressure test
CN109491860A (en) Method for detecting abnormality, terminal device and the medium of application program
CN107370740A (en) Redirect hold-up interception method and device
CN103927473A (en) Method, device and system for detecting source code safety of mobile intelligent terminal
CN110245077A (en) A kind of response method and equipment of program exception
CN114285764A (en) Packet capturing method and device and storage medium
CN106161144A (en) Method for testing network performance of Smart Rack cabinet server
CN111258881A (en) Intelligent test system for workflow test
CN112506795A (en) Method, system, terminal and storage medium for testing security vulnerability of industrial control equipment
CN109491890A (en) The interface scans method and terminal device of application program
CN112579437A (en) Program operation process conformance verification method
CN107317708A (en) The monitoring method and device of a kind of Court business application system
CN106557412A (en) A kind of method and device of fuzz testing
CN111400171B (en) Interface testing method, system and device and readable storage medium
CN103368762A (en) Testing method, system and device for big data comparison
CN106294109A (en) Obtain the method and device of defect code
CN117472767A (en) Software interface testing method, device, equipment and storage medium
CN108427882B (en) Android software dynamic analysis detection method based on behavior feature extraction
CN110515829A (en) Application testing method, device, equipment and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant