CN106681923A - Software evaluation method and device - Google Patents
Software evaluation method and device Download PDFInfo
- Publication number
- CN106681923A CN106681923A CN201611249512.7A CN201611249512A CN106681923A CN 106681923 A CN106681923 A CN 106681923A CN 201611249512 A CN201611249512 A CN 201611249512A CN 106681923 A CN106681923 A CN 106681923A
- Authority
- CN
- China
- Prior art keywords
- packet
- information
- acquisition
- target
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3692—Test management for test results analysis
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a software evaluation method and device and belongs to the technical field of networks. The method comprises the steps that a dynamic link library DLL main program is injected into a target progress, wherein the DLL main program is used for obtaining and analyzing a data package received or sent by current to-be-evaluated target software; a data package received or sent by target software is obtained in the target progress through the DLL main program; when data package analyzing operation is detected, the obtained data package is analyzed through the DLL main program based on the data package analyzing operation. The DLL main program is directly injected into the target progress to obtain the data package of the target software and analyzes the data package, so that the process that in the prior art, the data package of the target software is determined from multiple data packages is omitted; besides, the data package is directly obtained from the target process and does not contain a great deal of hardware information, and when the data volume of the data package is reduced, the target software can be more easily evaluated by an evaluation personnel.
Description
Technical field
The present invention relates to networking technology area, more particularly to a kind of to be based on a kind of software assessment method and device.
Background technology
In software development, software test and appraisal are requisite processes.When software test and appraisal are carried out, need to software fortune
The packet for sending during row or receiving is captured, to obtain packet capturing information, afterwards, the packet capturing that test and appraisal personnel can be to getting
Information is analyzed, and software is further tested and assessed based on analysis result.
In prior art, when software test and appraisal are carried out, test and appraisal personnel need to install packet catcher on equipment, afterwards, if
It is standby receive on network interface card or send, multiple packets also not carrying out course allocation are captured by the packet catcher, when
After catching multiple packets, test and appraisal personnel need to check that the plurality of packet subsequently sets up the Target IP connected during process
(Internet Protocol, Internet protocol) and process creation port, just can determine that the plurality of packet is corresponding soft
Part, and therefrom determine the corresponding packet of target software to be tested and assessed.When it is determined that after the packet of target software, test and assess personnel
The packet of target software is analyzed by evaluation tool, and based on analysis result, writes correspondingly program to be measured to this
Software is commented further to be tested and assessed.
Because the plurality of packet is that reception on network interface card or the packet for sending are carried out crawl and obtained, therefore, grab
Multiple packets in not comprising the relevant information for including hardware layer in progress information, and the plurality of packet, determine target
The process of the packet of software is more complicated, and data volume is larger, is not easy to test and appraisal personnel and is tested and assessed.
The content of the invention
After capturing for the packet solved to receiving on network interface card or send, determine that the packet of target software is more multiple
It is miscellaneous, and packet data amount is larger, the problem for being not easy to test and assess, and embodiments provides a kind of software assessment method and dress
Put.The technical scheme is as follows:
On the one hand, there is provided a kind of software assessment method, methods described includes:
DLL (Dynamic Link Library, dynamic link library) mastery routine is injected in target process, the DLL
Mastery routine is used for the packet of reception or the transmission for obtaining target software currently to be tested and assessed and the packet is analyzed,
The target process is the process of the target software;
The packet that the target software is received or sent is obtained from the target process by the DLL mastery routines;
When data packet analysis operation is detected, operated based on the data packet analysis, by the DLL mastery routines to obtaining
The packet for taking is analyzed, so that test and appraisal personnel are tested and assessed based on analysis result to the target software.
Alternatively, after the packet that the target software reception or transmission are obtained from the target process, also
Including:
When detecting, function information checks instruction and the function information is checked in instruction and carries object function to be viewed
Address when, the address acquisition based on the object function simultaneously shows the parameter of the object function, the ground of the object function
Location is the address for storing the object function;
When the parameter modification for detecting the object function is instructed, instructed to the target letter based on the parameter modification
Several parameters are modified.
Alternatively, it is described to be operated based on the data packet analysis when data packet analysis operation is detected, to the number for obtaining
It is analyzed according to bag, including:
Filtering characters and filtering rule are carried in data packet analysis operation is for filter operation and the filter operation
When, based on the filtering characters, the data comprising the filtering characters are determined from the packet of the acquisition;
Based on the filtering rule, corresponding operation is performed to the data comprising the filtering characters.
Alternatively, it is described to be operated based on the data packet analysis when data packet analysis operation is detected, to the number for obtaining
It is analyzed according to bag, including:
Zone bit information is carried in data packet analysis operation is characterized statistical operation and characteristic statisticses operation
When, based on the zone bit information, determine condition code from the packet of the acquisition, the zone bit information be used to indicating from
The specified location of the packet of the acquisition determines the condition code of designated length;
Based on a determination that condition code, count the number of times that occurs in the packet of the acquisition of described document information.
Alternatively, it is described to be operated based on the data packet analysis when data packet analysis operation is detected, to the number for obtaining
Before being analyzed according to bag, also include:
When the information that detects arranges instruction, display information arranges interface;
The configuration information that the test and appraisal personnel are input in described information arranges interface is obtained, it is right that the configuration information includes
Filtering characters and filtering rule that the packet of the acquisition is filtered, and characteristic statisticses are carried out to the data of the acquisition
Zone bit information.
On the other hand, there is provided a kind of software assessment device, described device includes:
Injection module, for dynamic link library (DLL) mastery routine to be injected in target process, the DLL mastery routines are used for
Obtain the packet of reception or the transmission of target software currently to be tested and assessed and the packet is analyzed, the target is entered
Journey is the process of the target software;
First acquisition module, connects for the target software to be obtained from the target process by the DLL mastery routines
The packet received or send;
Analysis module, for when data packet analysis operation is detected, being operated based on the data packet analysis, by described
DLL mastery routines are analyzed to the packet for obtaining, so that test and appraisal personnel are surveyed based on analysis result to the target software
Comment.
Alternatively, described device also includes:
Second acquisition module, for function information to check instruction and the function information is checked in instruction and carried when detecting
During the address of object function to be viewed, address acquisition based on the object function simultaneously shows the parameter of the object function,
The address of the object function is the address for storing the object function;
Modified module, for when the parameter modification for detecting the object function is instructed, being referred to based on the parameter modification
The parameter to the object function is made to modify.
Alternatively, the analysis module includes:
Acquisition submodule, filters for the carrying in data packet analysis operation is filter operation and the filter operation
When character and filtering rule, based on the filtering characters, determine comprising the filtering characters from the packet of the acquisition
Data;
Submodule is processed, for based on the filtering rule, to the data comprising the filtering characters correspondence being performed
Operation.
Alternatively, the analysis module includes:
Determination sub-module, in being characterized statistical operation and characteristic statisticses operation when data packet analysis operation
When carrying zone bit information, based on the zone bit information, condition code, the flag bit are determined from the packet of the acquisition
Information is used for the condition code for indicating from the specified location of the packet of the acquisition to determine designated length;
Statistic submodule, for based on a determination that condition code, statistics described document information go out in the packet of the acquisition
Existing number of times.
Alternatively, described device also includes:
Display module, for when the information that detects arranges instruction, display information to arrange interface;
Setup module, it is described for obtaining the configuration information that the test and appraisal personnel are input in described information arranges interface
Configuration information includes filtering characters and the filtering rule filtered to the packet of the acquisition, and the number to the acquisition
According to the zone bit information for carrying out characteristic statisticses.
The beneficial effect that technical scheme provided in an embodiment of the present invention is brought is:The embodiment of the present invention is by by the main journeys of DLL
Sequence is directly injected in target process to capture the packet that target software is received or sent, and the packet to getting is carried out point
Analysis, because packet is directly to capture from the process of target software, in other words, the packet for grabbing belongs to target
The packet of software, therefore, the process that target software packet is determined from multiple packets is eliminated, solve correlation technique
In, cause the software that sets the goal really during by capturing the packet that course allocation is not carried out on network interface card and target software is tested and assessed
The difficult problem of packet, simultaneously as the packet of the target software directly grabbed in target process compared to from
The packet captured on network interface card, not comprising there is substantial amounts of hardware information, therefore, the data volume of packet is reduced, it is easier to tested and assessed
Personnel test and assess to target software.
Description of the drawings
Technical scheme in order to be illustrated more clearly that the embodiment of the present invention, below will be to making needed for embodiment description
Accompanying drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for
For those of ordinary skill in the art, on the premise of not paying creative work, can be obtaining other according to these accompanying drawings
Accompanying drawing.
Fig. 1 is a kind of software assessment method flow chart provided in an embodiment of the present invention;
Fig. 2 is a kind of software assessment method flow chart provided in an embodiment of the present invention;
Fig. 3 A are a kind of block diagrams of software assessment device provided in an embodiment of the present invention;
Fig. 3 B are a kind of block diagrams of software assessment device provided in an embodiment of the present invention;
Fig. 3 C are a kind of block diagrams of analysis module provided in an embodiment of the present invention;
Fig. 3 D are a kind of block diagrams of analysis module provided in an embodiment of the present invention;
Fig. 3 E are a kind of block diagrams of software assessment device provided in an embodiment of the present invention.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing to embodiment party of the present invention
Formula is described in further detail.
Before detailed explanation is carried out to the embodiment of the present invention, first the application scenarios of the embodiment of the present invention are given
Introduce.Generally, when software test and appraisal are carried out, it is necessary first to obtain the data that target software sends or receives by packet catcher
Wrap, and the packet to getting is analyzed, afterwards, test and appraisal personnel write script and target software are carried out based on analysis result
Further test and assess.In the related, due to packet catcher can only be directed to network interface card on receive or send, also do not carry out process
Multiple packets of distribution are captured, therefore, after multiple packets are grabbed, determine that target is soft from the plurality of packet
The process of the packet of part is more complicated, and the packet for being additionally, since target software is the directly crawl from network interface card, therefore, should
Include the relevant information of hardware layer in packet, data volume is larger, and these hardware informations for test and appraisal be it is unnecessary, because
This, is not easy to test and appraisal personnel and target software is tested and assessed.
In order to solve the above problems, a kind of software assessment method and device are embodiments provided.The method passes through
DLL mastery routines are directly injected into into target process to obtain the packet that target software is received and sent, and the data to getting
Bag is analyzed, and because packet is directly to obtain from the process of target software, that is to say, the packet for getting belongs to
In target software, therefore, the process of the packet for determining target software in prior art from multiple packets is eliminated, and
It is a large amount of not comprising having compared to the packet captured from network interface card because the packet is directly to obtain from target process
Hardware information, therefore, the data volume of packet is reduced, it is easier to which test and appraisal personnel test and assess to target software.
In addition, software assessment method provided in an embodiment of the present invention is also based on the data packet analysis operation for detecting,
The packet for getting is analyzed by DLL mastery routines, to facilitate test and appraisal personnel further to survey target software
Comment.In addition, method provided in an embodiment of the present invention applies also for carrying out conversed analysis and research to software, by the method
In filtering function and characteristic statisticses function, research worker can easily get want obtain target software dependency number
According to, and research and analysis are carried out to target software based on the data for getting.Meanwhile, checked by the function information in the method
Function, research worker can easily get the parameter of arbitrary function, and the parameter to the function is modified, afterwards,
Target software after DLL mastery routines are to changing parameter carries out debugging research, and compared in prior art, research worker is directed to
Each test event coding is debugged, and the method for the embodiment of the present invention greatly alleviates the heavy repetition of research worker
Work, is that conversed analysis and research bring convenience.
A kind of flow chart of software assessment method is embodiments provided, referring to Fig. 1, the method includes:
Step 101:DLL mastery routines are injected in target process, DLL mastery routines are used to obtain target currently to be tested and assessed
The packet of reception or the transmission of software is simultaneously analyzed to packet, and target process is the process of target software.
Step 102:The packet that target software is received or sent is obtained from target process by DLL mastery routines.
Step 103:When data packet analysis operation is detected, operated based on data packet analysis, by DLL mastery routines to obtaining
The packet for taking is analyzed, so that test and appraisal personnel are tested and assessed based on analysis result to target software.
In embodiments of the present invention, target software reception is captured by the way that DLL mastery routines are directly injected in target process
Or the packet for sending, and the packet to getting is analyzed, because packet is directly from the process of target software
Crawl, in other words, the packet for grabbing belongs to the packet of target software, therefore, eliminate from multiple packets
The middle process for determining target software packet, in solving correlation technique, by capturing the number that course allocation is not carried out on network interface card
Cause to set the goal really the difficult problem of packet of software when testing and assessing target software according to bag, simultaneously as in target
The packet of the target software directly grabbed in process is substantial amounts of hard not comprising having compared to the packet captured from network interface card
Part information, therefore, the data volume of packet is reduced, it is easier to which test and appraisal personnel test and assess to target software.
Alternatively, after the packet of target software reception or transmission is obtained from target process, also include:
When detecting, function information checks instruction and function information is checked and the ground of object function to be viewed is carried in instruction
During location, the parameter of address acquisition and display target function based on object function, the address of object function is storage object function
Address;
When the parameter modification for detecting object function is instructed, the parameter to object function is instructed to carry out based on parameter modification
Modification.
Alternatively, when data packet analysis operation is detected, operated based on data packet analysis, the packet to obtaining is carried out
Analysis, including:
When filtering characters and filtering rule is carried during data packet analysis operation is for filter operation and filter operation, it was based on
Filter character, determines the data comprising filtering characters from the packet for obtaining;
Based on filtering rule, corresponding operation is performed to the data comprising filtering characters.
Alternatively, when data packet analysis operation is detected, operated based on data packet analysis, the packet to obtaining is carried out
Analysis, including:
When zone bit information is carried during data packet analysis operation is characterized statistical operation and characteristic statisticses operation, based on mark
Will position information, determines condition code from the packet for obtaining, and zone bit information is used to indicate the specific bit from the packet for obtaining
Put the condition code for determining designated length;
Based on a determination that condition code, statistical nature code obtain packet in occur number of times.
Alternatively, when data packet analysis operation is detected, operated based on data packet analysis, the packet to obtaining is carried out
Before analysis, also include:
When the information that detects arranges instruction, display information arranges interface;
The configuration information that test and appraisal personnel are input in information arranges interface is obtained, configuration information includes the packet to obtaining
The filtering characters for being filtered and filtering rule, and the data to obtaining carry out the zone bit information of characteristic statisticses.
Above-mentioned all optional technical schemes, can be real according to the alternative embodiment for arbitrarily combining to form the present invention, the present invention
Apply example no longer to repeat this one by one.
Fig. 2 is a kind of flow chart of software assessment method provided in an embodiment of the present invention, as shown in Fig. 2 the method can be with
For terminal, comprise the following steps:
Step 201:DLL mastery routines are injected in target process, DLL mastery routines are used to obtain target currently to be tested and assessed
The packet of reception or the transmission of software is simultaneously analyzed to packet, and target process is the process of target software.
Alternatively, before testing and assessing to target software, the DLL mastery routines can be installed to winsock by test and appraisal personnel
Under (Windows Socket, interface for network programming) catalogue, when terminal detects the network operation for target software, then may be used
To directly invoke the DLL mastery routines, and the DLL mastery routines are injected in the target process of target software.
Certainly, before testing and assessing to software, the mode that test and appraisal personnel can also manually inject is by the DLL mastery routines
In being injected into target process.When being manually injected into, test and appraisal personnel can download implantation tool, and start the implantation tool.Work as end
When end detects implantation tool operation, dialog box can be selected with the current process list of display terminal and DLL injections.Test and appraisal people
Member selects the DLL mastery routines to be injected from selection target process in the process list of the display from terminal local storage.When
Terminal is detected after the target process of selection and DLL mastery routines, and the DLL mastery routines are injected in target process.
It should be noted that the injection mode that implantation tool is adopted can be LSP (Layered Service
Provider, layered service provider) the common injection mould such as injection way, message injection way, Remote thread injecting pattern
Formula.
Step 202:The packet that target software is received or sent is obtained from target process by DLL mastery routines.
After DLL mastery routines are injected into target process, by the DLL mastery routines, when obtaining current from the target process
Between target software receive and send all packets.Meanwhile, after DLL mastery routines are injected into target process, terminal can be with
Show the user interface of the DLL mastery routines.
After the packet of target software is got, the embodiment of the present invention can also pass through the Hook of arbitrary function address
(hook) to the parameter of the arbitrary function in the packet of the target software for getting being monitored.That is to say, when terminal inspection
Measure that function information checks instruction and function information is checked in instruction when carrying the address of object function to be viewed, can be based on
The address acquisition of the object function simultaneously shows the parameter of the object function, wherein, the address of object function is storage object function
Address;When the parameter modification that terminal detects the object function is instructed, can be instructed to object function based on parameter modification
Parameter modify.
Generally, test and appraisal personnel need the corresponding function parameter of certain function by checking target software, so as to judge this
Whether function parameter is changed, or, test and appraisal personnel need to modify the corresponding function parameter of certain function, to test ginseng
The safety of the amended software of number.In this case, test and appraisal personnel can select the high-level functions list of user interface to select
, the function address of the object function checked is wanted in input.Because DLL mastery routines include the Hook of arbitrary function address,
It is that the modification of the parameter of arbitrary function, shielding and output in terminal-pair packet can be intercepted and monitored, because
This, after terminal gets the function address of object function, the Hook of arbitrary function address can be based on the letter of the object function
Number address, obtains the parameter of the object function and including in the panel of user interface.When test and appraisal, personnel are needed to the mesh
During the safety that the parameter of scalar functions is modified with test software, the parameter of object function that can be to showing be modified.
After the parameter modification that terminal detects the object function is instructed, the parameter of modification is obtained, then by the arbitrary function address
Hook, the modification to the parameter of object function is realized, so, when test and appraisal personnel are wanted by Modification growth function parameter to software
When safety is tested, it is not necessary to which individually coding to be changing the function parameter, especially when needing test and appraisal to software
When multiple functions are tested and assessed, it is not necessary to tested come coding for each function, be software test and appraisal bring it is very big
Convenience, save the plenty of time.
Step 203:When the information that detects arranges instruction, display information arranges interface, and obtains test and appraisal personnel in information
The configuration information being input in interface is set.
Based on the description in step 202, after DLL mastery routines to be injected into target process, when terminal detects information
When instruction is set, interface can be arranged with display information, test and appraisal personnel can be input into configuration information in the information arranges interface, with
Analysis to follow-up data bag carries out basic information setting.After terminal gets the configuration information of test and appraisal personnel input, base
Packet is analyzed in the configuration information.
It should be noted that the configuration information includes that the filtering characters that the packet to obtaining is filtered are advised with filtering
Then, the data and to obtaining carry out the zone bit information of characteristic statisticses, meanwhile, the configuration information can also include target data
Segment information, for indicating to be analyzed the target data segment in the packet that gets.For example, the target data segment information can
Think beginning byte:0, byte number:2000, that is, represent and start to byte number 2000 from 0 byte in the packet for getting
Data segment be analyzed.
Which when terminal gets the packet of target software by step 201-203, and determine in packet
After data segment is analyzed, the packet of target software can be analyzed by step 204.
Step 204:When data packet analysis operation is detected, operated based on data packet analysis, by DLL mastery routines to obtaining
The packet for taking is analyzed, so that test and appraisal personnel are tested and assessed based on analysis result to target software.
Based on the description of step 203, terminal can both be directed to the entire packet for getting and be analyzed, it is also possible to be directed to
Certain data segment is analyzed in the packet for getting, and the difference of personnel's data as needed of testing and assessing, can be by not
Same data packet analysis operate to carry out different analyses to packet.
On the one hand, when test and appraisal personnel need to analyze the data of a certain class, because artificial filter is difficult, then can pass through
Filter operation to realize.When filtering characters and filtering rule is carried during terminal detects filter operation and filter operation, it was based on
Filter character, determines the data comprising filtering characters from the packet for obtaining;Afterwards, based on filtering rule, to comprising filtration word
The data of symbol perform corresponding operation.Wherein, filtering characters can be the condition code of the data that can be identified for that a certain type, also may be used
Being other characters for distinguishing in many data that the data of a certain class can be comformed.In addition, filtering rule can include screen
Cover, show, intercepting etc..
For example, it is assumed that filtering characters are " 00 ", filtering rule is shielding, then, terminal then can be from packet or mesh
All data for including " 00 " character are searched in mark data segment, afterwards, terminal can include " 00 " character by what is found
Data shielded.
By the filter operation, test and appraisal personnel easily can search and obtain the data wanted from substantial amounts of data,
Bring great convenience for software test and appraisal.In addition, when conversed analysis and research that the method is used for software, can be with
Filter false caused by avoiding due to neglecting during artificial filter, so as to avoid reverse mistake.
On the other hand, when zone bit information is carried during terminal detects characteristic statisticses operation and characteristic statisticses operation, base
In zone bit information, from the packet for obtaining condition code is determined, the zone bit information is used to indicate from the packet for obtaining
Specified location determines the condition code of designated length;Based on a determination that condition code, statistical nature code obtain packet in occur
Number of times.
Generally, when test and appraisal personnel want to obtain corresponding certain the class data of a certain function, but such data correspondence is not known
Condition code when, test and appraisal personnel can perform a certain function by target software first, and when determining the execution function, corresponding
Packet number.Then, test and appraisal personnel can estimate zone bit information by checking the packet for getting.Afterwards, test and assess people
Member can select characteristic statisticses option, and the zone bit information that input is estimated;When terminal detects characteristic statisticses to be operated, obtain
The zone bit information of test and appraisal personnel input, and based on the zone bit information, from the specified location of packet designated length is determined
Condition code;After condition code is determined, terminal can in the packet count the number of times that the condition code of the determination occurs, and will
The number of times of condition code and statistics is shown.Test and appraisal personnel can be by corresponding packet number and system when performing a certain function
The number of times of meter is compared, if identical, it is determined that the current condition code for determining is the feature of certain the class data for wanting to obtain
Code.
For example, when test and appraisal personnel want to obtain the bag of propagandaing directed to communicate in target software, but do not know that the condition code of bag of propagandaing directed to communicate is
What, now, test and appraisal personnel can perform operation of propagandaing directed to communicate by target software, it is assumed that operation of propagandaing directed to communicate has been continuously performed twice,
Then correspond to two bags of propagandaing directed to communicate.Afterwards, test and appraisal personnel check multiple packets, and the zone bit information for estimating bag of propagandaing directed to communicate is a line one
Row, two bytes, and by selecting characteristic statisticses option, in information arranges interface the zone bit information estimated is have input;
Terminal obtains the zone bit information after characteristic statisticses instruction is detected, and according to the zone bit information, in the first row first row
The data of 2 bytes are searched at place, and the data of find two bytes are defined as into condition code;Afterwards, terminal is in packet
The number of times that the middle condition code for counting two bytes occurs, and the number of times of this feature code and statistics is shown.Test and appraisal personnel
Judge that whether this feature code is the condition code of bag of propagandaing directed to communicate by the number of times for counting, when the number of times of statistics is for twice, with bag of propagandaing directed to communicate
Number is identical, and test and appraisal personnel then can determine that this feature code is the condition code of bag of propagandaing directed to communicate, otherwise, it is determined that be not.
By said method, test and appraisal personnel can easily determine condition code, compared in correlation technique by artificially looking into
The method that count feature code is looked for determine the condition code for wanting to obtain, saves the substantial amounts of time, improves work efficiency.
It should be noted that when test and appraisal personnel are carried out by the method in step 201-204 to the packet of target software
After analysis, based on analysis result, test and appraisal personnel can write script and target software is further tested and assessed.Now, survey
Personnel are commented to select the script option of user interface, terminal can be carried out when script option is detected to the script write
Compile and run, and show the compile error information in compilation process, personnel are subsequently modified for test and appraisal.Except this it
Outward, the embodiment of the present invention additionally provides the temporary interface for test, to facilitate test and appraisal personnel to complete software test code, it is to avoid
When code malfunctions in correlation technique, it has to be repeatedly injected the problem of DLL mastery routines, shorten the time of debugging interface.
In embodiments of the present invention, terminal obtains target software and connects by the way that DLL mastery routines are directly injected into into target process
The packet received and send, and the packet to getting is analyzed, because packet is obtained from the process of target software
Take, that is to say, the packet for getting belongs to the packet of target software, therefore, eliminate in prior art from multiple
The process of the packet of target software is determined in packet, and because the packet is directly to obtain from target process,
Compared to the packet captured from network interface card, not comprising there is substantial amounts of hardware information, therefore, the data volume of packet is reduced, more
It is easy to test and appraisal personnel to test and assess target software.
In addition, software assessment method provided in an embodiment of the present invention is also based on the data packet analysis operation for detecting,
Filter analysis and characteristic statisticses analysis are carried out to the packet for getting by DLL mastery routines, is that test and appraisal personnel acquisition is wanted to obtain
The data for taking bring convenience, and save the time.Meanwhile, by the function information look facility in the method, test and appraisal personnel can be with
The parameter of arbitrary function is easily got, and the parameter to the function is modified, afterwards, by DLL mastery routines to repairing
Changing the target software after parameter carries out testing research, and compared in prior art, test and appraisal personnel write for each test event
The method that program is tested, the method for the embodiment of the present invention greatly alleviates the work of the heavy repetition of test and appraisal personnel.
In addition, method provided in an embodiment of the present invention applies also for carrying out conversed analysis and research to software, passes through
Filtering function and characteristic statisticses function in the method, research worker can easily get the target software for wanting to obtain
Related data, and research and analysis are carried out to target software based on the data for getting, it is that conversed analysis and research are provided more
For the help of intelligence.
Fig. 3 A are a kind of block diagrams of software assessment device 300 provided in an embodiment of the present invention, referring to Fig. 3 A, the device bag
Include:Injection module 301, the first acquisition module 302 and analysis module 303.
Injection module 301, DLL mastery routines are injected in target process, and DLL mastery routines are used to obtain currently to be tested and assessed
The packet of reception or the transmission of target software is simultaneously analyzed to packet, and target process is the process of target software;
First acquisition module 302, for by DLL mastery routines obtains from target process target software receive or transmission
Packet;
Analysis module 303, for when data packet analysis operation is detected, being operated based on data packet analysis, by DLL master
Program is analyzed to the packet for obtaining, so that test and appraisal personnel are tested and assessed based on analysis result to target software.
Alternatively, referring to Fig. 3 B, the device 300 also includes:
Second acquisition module 304, for function information to check instruction and function information is checked in instruction and carried when detecting
During the address of object function to be viewed, the parameter of address acquisition and display target function based on object function, object function
Address be store object function address;
Modified module 305, for when the parameter modification for detecting object function is instructed, being instructed to mesh based on parameter modification
The parameter of scalar functions is modified.
Alternatively, referring to Fig. 3 C, analysis module 303 includes:
Acquisition submodule 3031, for carrying filtering characters in operating as filter operation and filter operation when data packet analysis
During with filtering rule, based on filtering characters, the data comprising filtering characters are determined from the packet for obtaining;
Submodule 3032 is processed, for based on filtering rule, to the data comprising filtering characters corresponding operation being performed.
Alternatively, referring to Fig. 3 D, analysis module 303 includes:
Determination sub-module 3033, for carrying in being characterized statistical operation and characteristic statisticses operation when data packet analysis operation
During zone bit information, based on zone bit information, condition code is determined from the packet for obtaining, zone bit information is used to indicating from obtaining
The specified location of the packet for taking determines the condition code of designated length;
Statistic submodule 3034, for based on a determination that condition code, statistical nature code obtain packet in occur
Number of times.
Alternatively, referring to Fig. 3 E, the device 300 also includes:
Display module 306, for when the information that detects arranges instruction, display information to arrange interface;
Setup module 307, for obtaining the configuration information that test and appraisal personnel are input in information arranges interface, configuration information bag
Filtering characters and filtering rule that the packet to obtaining is filtered are included, and the data to obtaining carry out the mark of characteristic statisticses
Will position information.
In sum, the embodiment of the present invention obtains target software and connects by the way that DLL mastery routines are directly injected into into target process
The packet received and send, and the packet to getting is analyzed, because packet is obtained from the process of target software
Take, that is to say, the packet for getting belongs to the packet of target software, therefore, eliminate in prior art from multiple
The process of the packet of target software is determined in packet, and because the packet is directly to obtain from target process,
Compared to the packet captured from network interface card, not comprising there is substantial amounts of hardware information, therefore, the data volume of packet is reduced, more
It is easy to test and appraisal personnel to test and assess target software.
In addition, software assessment method provided in an embodiment of the present invention is also based on the data packet analysis operation for detecting,
Filter analysis and characteristic statisticses analysis are carried out to the packet for getting by DLL mastery routines, is that test and appraisal personnel acquisition is wanted to obtain
The data for taking bring convenience, and save the time.Meanwhile, by the function information look facility in the method, test and appraisal personnel can be with
The parameter of arbitrary function is easily got, and the parameter to the function is modified, afterwards, by DLL mastery routines to repairing
Changing the target software after parameter carries out testing research, and compared in prior art, test and appraisal personnel write for each test event
The method that program is tested, the method for the embodiment of the present invention greatly alleviates the work of the heavy repetition of test and appraisal personnel.
It should be noted that:The software assessment device that above-described embodiment is provided when triggering software and testing and assessing, only with above-mentioned each
The division of functional module is illustrated, and in practical application, as desired can distribute above-mentioned functions by different work(
Can module complete, will the internal structure of equipment be divided into different functional modules, to complete whole described above or portion
Divide function.In addition, the software assessment device that above-described embodiment is provided belongs to same design with software assessment method embodiment, its tool
Body realizes that process refers to embodiment of the method, repeats no more here.
One of ordinary skill in the art will appreciate that realizing all or part of step of above-described embodiment can pass through hardware
To complete, it is also possible to which the hardware that correlation is instructed by program is completed, and described program can be stored in a kind of computer-readable
In storage medium, storage medium mentioned above can be read only memory, disk or CD etc..
The foregoing is only presently preferred embodiments of the present invention, not to limit the present invention, all spirit in the present invention and
Within principle, any modification, equivalent substitution and improvements made etc. should be included within the scope of the present invention.
Claims (10)
1. a kind of software assessment method, it is characterised in that methods described includes:
Dynamic link library (DLL) mastery routine is injected in target process, the DLL mastery routines are used to obtain mesh currently to be tested and assessed
The packet of reception or the transmission of mark software is simultaneously analyzed to the packet, and the target process is the target software
Process;
The packet that the target software is received or sent is obtained from the target process by the DLL mastery routines;
When data packet analysis operation is detected, operated based on the data packet analysis, by the DLL mastery routines to acquisition
Packet is analyzed, so that test and appraisal personnel are tested and assessed based on analysis result to the target software.
2. method according to claim 1, it is characterised in that described that the target software is obtained from the target process
After the packet for receiving or sending, also include:
When detecting, function information checks instruction and the function information is checked and the ground of object function to be viewed is carried in instruction
During location, address acquisition based on the object function simultaneously shows the parameter of the object function, and the address of the object function is
Store the address of the object function;
When the parameter modification for detecting the object function is instructed, instructed to the object function based on the parameter modification
Parameter is modified.
3. method according to claim 1, it is characterised in that described when detecting data packet analysis and operating, based on institute
Data packet analysis operation is stated, the packet to obtaining is analyzed, including:
When filtering characters and filtering rule is carried during data packet analysis operation is for filter operation and the filter operation, base
In the filtering characters, the data comprising the filtering characters are determined from the packet of the acquisition;
Based on the filtering rule, corresponding operation is performed to the data comprising the filtering characters.
4. method according to claim 1, it is characterised in that described when detecting data packet analysis and operating, based on institute
Data packet analysis operation is stated, the packet to obtaining is analyzed, including:
When zone bit information is carried during data packet analysis operation is characterized statistical operation and characteristic statisticses operation, base
In the zone bit information, condition code is determined from the packet of the acquisition, the zone bit information is used to indicating from described
The specified location of the packet of acquisition determines the condition code of designated length;
Based on a determination that condition code, count the number of times that occurs in the packet of the acquisition of described document information.
5. according to the arbitrary described method of claim 1-4, it is characterised in that described when data packet analysis operation is detected,
Operated based on the data packet analysis, before the packet to obtaining is analyzed, also included:
When the information that detects arranges instruction, display information arranges interface;
The configuration information that the test and appraisal personnel are input in described information arranges interface is obtained, the configuration information is included to described
Filtering characters and filtering rule that the packet of acquisition is filtered, and the data of the acquisition are carried out with the mark of characteristic statisticses
Will position information.
6. a kind of software assessment device, it is characterised in that described device includes:
Injection module, for when implant operation is detected, dynamic link library (DLL) mastery routine being injected in target process, institute
DLL mastery routines are stated for obtaining the packet of reception or the transmission of target software currently to be tested and assessed and the packet being carried out
Analysis, the target process is the process of the target software;
First acquisition module, for by the DLL mastery routines obtain from the target process target software receive or
The packet of transmission;
Analysis module, for when data packet analysis operation is detected, being operated based on the data packet analysis, by the DLL
Mastery routine is analyzed to the packet for obtaining, so that test and appraisal personnel are tested and assessed based on analysis result to the target software.
7. device according to claim 6, it is characterised in that described device also includes:
Second acquisition module, for function information to check instruction and the function information is checked in instruction and carries to be checked when detecting
During the address of the object function seen, address acquisition based on the object function simultaneously shows the parameter of the object function, described
The address of object function is the address for storing the object function;
Modified module, for when the parameter modification for detecting the object function is instructed, it to be right to be instructed based on the parameter modification
The parameter of the object function is modified.
8. device according to claim 6, it is characterised in that the analysis module includes:
Acquisition submodule, for carrying filtering characters in operating as filter operation and the filter operation when the data packet analysis
During with filtering rule, based on the filtering characters, the data comprising the filtering characters are determined from the packet of the acquisition;
Submodule is processed, for based on the filtering rule, to the data comprising the filtering characters corresponding behaviour being performed
Make.
9. device according to claim 6, it is characterised in that the analysis module includes:
Determination sub-module, for carrying in being characterized statistical operation and characteristic statisticses operation when data packet analysis operation
During zone bit information, based on the zone bit information, condition code, the zone bit information are determined from the packet of the acquisition
For indicating from the specified location of the packet of the acquisition to determine the condition code of designated length;
Statistic submodule, for based on a determination that condition code, count described document information and occur in the packet of the acquisition
Number of times.
10. according to the arbitrary described device of claim 6-9, it is characterised in that described device also includes:
Display module, for when the information that detects arranges instruction, display information to arrange interface;
Setup module, for obtaining the configuration information that the test and appraisal personnel are input in described information arranges interface, the setting
Information includes filtering characters and the filtering rule filtered to the packet of the acquisition, and the data of the acquisition are entered
The zone bit information of row characteristic statisticses.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611249512.7A CN106681923B (en) | 2016-12-29 | 2016-12-29 | A kind of software assessment method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611249512.7A CN106681923B (en) | 2016-12-29 | 2016-12-29 | A kind of software assessment method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106681923A true CN106681923A (en) | 2017-05-17 |
CN106681923B CN106681923B (en) | 2019-06-14 |
Family
ID=58873478
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611249512.7A Active CN106681923B (en) | 2016-12-29 | 2016-12-29 | A kind of software assessment method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106681923B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107329901A (en) * | 2017-07-31 | 2017-11-07 | 腾讯科技(深圳)有限公司 | Packet grasping means, terminal, server and storage medium |
CN108536484A (en) * | 2018-03-26 | 2018-09-14 | 平安普惠企业管理有限公司 | Parameter amending method, device, terminal device and storage medium |
CN110875858A (en) * | 2018-08-31 | 2020-03-10 | 北京京东尚科信息技术有限公司 | Application test data capturing method, system, equipment and storage medium |
CN113535593A (en) * | 2021-09-15 | 2021-10-22 | 广州锦行网络科技有限公司 | Application program packet capturing method and device, electronic equipment and storage medium |
CN113961240A (en) * | 2021-12-20 | 2022-01-21 | 杭州安恒信息技术股份有限公司 | Reverse analysis method for virtualization encryption program and related components |
CN117473487A (en) * | 2023-10-24 | 2024-01-30 | 联通(广东)产业互联网有限公司 | Data processing method, electronic equipment and computer readable storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070234328A1 (en) * | 2006-03-01 | 2007-10-04 | Microsoft Corporation | File handling for test environments |
CN101997871A (en) * | 2010-09-21 | 2011-03-30 | 电子科技大学 | Device for quickly capturing, filtering and forwarding data |
CN104156481A (en) * | 2014-08-26 | 2014-11-19 | 北京软安科技有限公司 | Android encryption communication detection device and method based on dynamic linking library injection |
-
2016
- 2016-12-29 CN CN201611249512.7A patent/CN106681923B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070234328A1 (en) * | 2006-03-01 | 2007-10-04 | Microsoft Corporation | File handling for test environments |
CN101997871A (en) * | 2010-09-21 | 2011-03-30 | 电子科技大学 | Device for quickly capturing, filtering and forwarding data |
CN104156481A (en) * | 2014-08-26 | 2014-11-19 | 北京软安科技有限公司 | Android encryption communication detection device and method based on dynamic linking library injection |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107329901A (en) * | 2017-07-31 | 2017-11-07 | 腾讯科技(深圳)有限公司 | Packet grasping means, terminal, server and storage medium |
CN107329901B (en) * | 2017-07-31 | 2021-09-28 | 腾讯科技(深圳)有限公司 | Data packet capturing method, terminal, server and storage medium |
CN108536484A (en) * | 2018-03-26 | 2018-09-14 | 平安普惠企业管理有限公司 | Parameter amending method, device, terminal device and storage medium |
CN110875858A (en) * | 2018-08-31 | 2020-03-10 | 北京京东尚科信息技术有限公司 | Application test data capturing method, system, equipment and storage medium |
CN110875858B (en) * | 2018-08-31 | 2023-06-27 | 北京京东尚科信息技术有限公司 | Application test data grabbing method, system, equipment and storage medium |
CN113535593A (en) * | 2021-09-15 | 2021-10-22 | 广州锦行网络科技有限公司 | Application program packet capturing method and device, electronic equipment and storage medium |
CN113961240A (en) * | 2021-12-20 | 2022-01-21 | 杭州安恒信息技术股份有限公司 | Reverse analysis method for virtualization encryption program and related components |
CN113961240B (en) * | 2021-12-20 | 2022-04-08 | 杭州安恒信息技术股份有限公司 | Reverse analysis method for virtualization encryption program and related components |
CN117473487A (en) * | 2023-10-24 | 2024-01-30 | 联通(广东)产业互联网有限公司 | Data processing method, electronic equipment and computer readable storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN106681923B (en) | 2019-06-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106681923A (en) | Software evaluation method and device | |
CN109145579A (en) | Intelligent network joins automobile information secure authentication testing method and system | |
CN102468985B (en) | The method and system of penetration testing is carried out for Network Security Device | |
CN110134400A (en) | Data capture method, device, electronic equipment and computer readable storage medium | |
CN105787364B (en) | Automatic testing method, device and system for tasks | |
CN111753306B (en) | Intelligent contract vulnerability detection method and device, electronic equipment and storage medium | |
CN106326067A (en) | Method and device for monitoring CPU (central processing unit) performance under pressure test | |
CN109491860A (en) | Method for detecting abnormality, terminal device and the medium of application program | |
CN107370740A (en) | Redirect hold-up interception method and device | |
CN103927473A (en) | Method, device and system for detecting source code safety of mobile intelligent terminal | |
CN110245077A (en) | A kind of response method and equipment of program exception | |
CN114285764A (en) | Packet capturing method and device and storage medium | |
CN106161144A (en) | Method for testing network performance of Smart Rack cabinet server | |
CN111258881A (en) | Intelligent test system for workflow test | |
CN112506795A (en) | Method, system, terminal and storage medium for testing security vulnerability of industrial control equipment | |
CN109491890A (en) | The interface scans method and terminal device of application program | |
CN112579437A (en) | Program operation process conformance verification method | |
CN107317708A (en) | The monitoring method and device of a kind of Court business application system | |
CN106557412A (en) | A kind of method and device of fuzz testing | |
CN111400171B (en) | Interface testing method, system and device and readable storage medium | |
CN103368762A (en) | Testing method, system and device for big data comparison | |
CN106294109A (en) | Obtain the method and device of defect code | |
CN117472767A (en) | Software interface testing method, device, equipment and storage medium | |
CN108427882B (en) | Android software dynamic analysis detection method based on behavior feature extraction | |
CN110515829A (en) | Application testing method, device, equipment and computer readable storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |