CN106681923B - A kind of software assessment method and device - Google Patents
A kind of software assessment method and device Download PDFInfo
- Publication number
- CN106681923B CN106681923B CN201611249512.7A CN201611249512A CN106681923B CN 106681923 B CN106681923 B CN 106681923B CN 201611249512 A CN201611249512 A CN 201611249512A CN 106681923 B CN106681923 B CN 106681923B
- Authority
- CN
- China
- Prior art keywords
- data packet
- acquisition
- information
- data
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3692—Test management for test results analysis
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a kind of software assessment method and devices, belong to network technique field.This method comprises: dynamic link library (DLL) main program is injected into target process, DLL main program is used to obtain the data packet of target software currently to be tested and assessed received or sent and analyzes data packet;The data packet that target software receives or sends is obtained from target process by DLL main program;When detecting data packet analysis operation, is operated based on data packet analysis, analyzed by data packet of the DLL main program to acquisition.The present invention obtains the data packet of target software by the way that DLL main program is directly injected into target process, and data packet is analyzed, eliminate the process for determining the data packet of target software from multiple data packets in the prior art, and since the data packet is directly obtained from target process, not comprising there is a large amount of hardware information, the data volume of data packet is reduced, it is easier to which assessment personnel test and assess to target software.
Description
Technical field
The present invention relates to network technique fields, in particular to a kind of to be based on a kind of software assessment method and device.
Background technique
In software development, software assessment is essential process.When carrying out software assessment, need to transport the software
The data packet sent or received when row is grabbed, and to obtain packet capturing information, later, assessment personnel can packet capturing to getting
Information is analyzed, and is further tested and assessed based on analysis result to software.
In the prior art, when carrying out software assessment, assessment personnel need to install packet catcher in equipment, later, if
It is standby by the packet catcher to it is being received or sent on network interface card, also do not carry out multiple data packets of process distribution and grab, when
After catching multiple data packets, Target IP that assessment personnel need to check that multiple data packet is subsequent and connect when establishing process
(Internet Protocol, Internet protocol) and process creation port can just determine that multiple data packet is corresponding soft
Part, and therefrom determine the corresponding data packet of target software to be tested and assessed.After determining the data packet of target software, test and assess personnel
It is analyzed by data packet of the evaluation tool to target software, and based on analysis as a result, to write correspondingly program to be measured to this
Software is commented further to be tested and assessed.
Since multiple data packet is to be grabbed to obtain to the data packet received or sent on network interface card, it grabs
Multiple data packets in do not include progress information, and include the relevant information of hardware layer in multiple data packet, determine target
The process of the data packet of software is more complex, and data volume is larger, is not easy to assessment personnel and tests and assesses.
Summary of the invention
After solving to grab the data packet received or sent on network interface card, determine that the data packet of target software is more multiple
It is miscellaneous, and packet data amount is larger, is not easy to the problem of testing and assessing, the embodiment of the invention provides a kind of software assessment method and dresses
It sets.The technical solution is as follows:
On the one hand, a kind of software assessment method is provided, which comprises
DLL (Dynamic Link Library, dynamic link library) main program is injected into target process, the DLL
Main program is used to obtain the data packet of target software currently to be tested and assessed received or sent and analyzes the data packet,
The target process is the process of the target software;
The data packet that the target software receives or sends is obtained from the target process by the DLL main program;
When detecting data packet analysis operation, packet analysis operation based on the data, by the DLL main program to obtaining
The data packet taken is analyzed, so that assessment personnel are based on analysis result and test and assess to the target software.
Optionally, described after obtaining the data packet that the target software receives or sends in the target process, also
Include:
When detect function information check instruction and the function information check instruction in carry objective function to be viewed
Address when, the address based on the objective function obtains and shows the parameter of the objective function, the ground of the objective function
Location is the address for storing the objective function;
When the parameter for detecting the objective function modifies instruction, modification instruction is to the target letter based on the parameter
Several parameters are modified.
Optionally, described when detecting data packet analysis operation, packet analysis operation based on the data, to the number of acquisition
It is analyzed according to packet, comprising:
When data packet analysis operation is to carry filtering characters and filtering rule in filter operation and the filter operation
When, the filtering characters are based on, the data comprising the filtering characters are determined from the data packet of the acquisition;
Based on the filtering rule, corresponding operation is executed to the data comprising the filtering characters.
Optionally, described when detecting data packet analysis operation, packet analysis operation based on the data, to the number of acquisition
It is analyzed according to packet, comprising:
Zone bit information is carried when data packet analysis operation is characterized in statistical operation and characteristic statistics operation
When, be based on the zone bit information, from the data packet of the acquisition determine condition code, the zone bit information be used to indicate from
The designated position of the data packet of the acquisition determines the condition code of designated length;
Based on determining condition code, the number that described document information occurs in the data packet of the acquisition is counted.
Optionally, described when detecting data packet analysis operation, packet analysis operation based on the data, to the number of acquisition
Before being analyzed according to packet, further includes:
When detecting information setting instruction, information set interface is shown;
The setting information that the assessment personnel input in the information set interface is obtained, the setting information includes pair
The filtering characters and filtering rule that the data packet of the acquisition is filtered, and characteristic statistics are carried out to the data of the acquisition
Zone bit information.
On the other hand, a kind of software assessment device is provided, described device includes:
Injection module, for dynamic link library (DLL) main program to be injected into target process, the DLL main program is used for
The data packet received or sent for obtaining target software currently to be tested and assessed simultaneously analyzes the data packet, the target into
Journey is the process of the target software;
First obtains module, connects for obtaining the target software from the target process by the DLL main program
The data packet received or sent;
Analysis module, for when detecting data packet analysis operation, packet analysis based on the data to be operated, by described
DLL main program analyzes the data packet of acquisition, so that assessment personnel are based on analysis result and survey to the target software
It comments.
Optionally, described device further include:
Second obtains module, detects that function information checks instruction and the function information is checked in instruction and carried for working as
When the address of objective function to be viewed, the address based on the objective function obtains and shows the parameter of the objective function,
The address of the objective function is the address for storing the objective function;
Modified module, for when the parameter for detecting the objective function modifies instruction, modification to refer to based on the parameter
Order modifies to the parameter of the objective function.
Optionally, the analysis module includes:
Acquisition submodule, for being to carry filtering in filter operation and the filter operation when data packet analysis operation
When character and filtering rule, the filtering characters are based on, are determined from the data packet of the acquisition comprising the filtering characters
Data;
Submodule is handled, for being based on the filtering rule, correspondence is executed to the data comprising the filtering characters
Operation.
Optionally, the analysis module includes:
Submodule is determined, for being characterized in statistical operation and characteristic statistics operation when data packet analysis operation
When carrying zone bit information, it is based on the zone bit information, condition code, the flag bit are determined from the data packet of the acquisition
Information is used to indicate the condition code that designated length is determined from the designated position of the data packet of the acquisition;
Statistic submodule, for counting described document information and going out in the data packet of the acquisition based on determining condition code
Existing number.
Optionally, described device further include:
Display module, for showing information set interface when detecting information setting instruction;
Setup module, the setting information inputted in the information set interface for obtaining the assessment personnel are described
Setting information includes the filtering characters and filtering rule being filtered to the data packet of the acquisition, and the number to the acquisition
According to the zone bit information for carrying out characteristic statistics.
Technical solution provided in an embodiment of the present invention has the benefit that the embodiment of the present invention by by the main journey of DLL
Sequence, which is directly injected into target process, grabs the data packet that target software receives or sends, and divides the data packet got
Analysis, since data packet is directly to grab from the process of target software, in other words, the data packet grabbed belongs to target
Therefore the data packet of software eliminates the process for determining target software data packet from multiple data packets, solves the relevant technologies
In, by not carried out when the data packet of process distribution tests and assesses target software on crawl network interface card caused by determine target software
Data packet difficulty problem, simultaneously as the data packet of the target software directly grabbed in target process compared to from
The data packet grabbed on network interface card, not comprising there is a large amount of hardware information, therefore, the data volume of data packet is reduced, it is easier to be tested and assessed
Personnel test and assess to target software.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for
For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other
Attached drawing.
Fig. 1 is a kind of software assessment method flow chart provided in an embodiment of the present invention;
Fig. 2 is a kind of software assessment method flow chart provided in an embodiment of the present invention;
Fig. 3 A is a kind of block diagram of software assessment device provided in an embodiment of the present invention;
Fig. 3 B is a kind of block diagram of software assessment device provided in an embodiment of the present invention;
Fig. 3 C is a kind of block diagram of analysis module provided in an embodiment of the present invention;
Fig. 3 D is a kind of block diagram of analysis module provided in an embodiment of the present invention;
Fig. 3 E is a kind of block diagram of software assessment device provided in an embodiment of the present invention.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached drawing to embodiment party of the present invention
Formula is described in further detail.
Before carrying out detailed explanation to the embodiment of the present invention, first the application scenarios of the embodiment of the present invention are given
It introduces.In general, when carrying out software assessment, it is necessary first to obtain target software transmission or received data by packet catcher
Packet, and the data packet got is analyzed, later, assessment personnel are based on analysis result and write script to target software progress
Further test and assess.In the related art, due to packet catcher can only for it is receiving or sending on network interface card, do not carry out process also
Multiple data packets of distribution are grabbed, and therefore, after grabbing multiple data packets, determine that target is soft from multiple data packet
The process of the data packet of part is more complex, moreover, because the data packet of target software is directly grabbed from network interface card, it therefore, should
Include the relevant information of hardware layer in data packet, data volume is larger, and these hardware informations for assessment be it is unnecessary, because
This, is not easy to assessment personnel and tests and assesses to target software.
To solve the above-mentioned problems, the embodiment of the invention provides a kind of software assessment method and devices.This method passes through
DLL main program is directly injected into target process to obtain the data packet that target software sends and receivees, and to the data got
Packet is analyzed, and since data packet is directly to obtain from the process of target software, that is to say, the data packet got belongs to
In target software, therefore, the process for determining the data packet of target software from multiple data packets in the prior art is eliminated, and
It is a large amount of not comprising having compared to the data packet grabbed from network interface card since the data packet is directly obtained from target process
Hardware information, therefore, the data volume of data packet is reduced, it is easier to which assessment personnel test and assess to target software.
In addition, software assessment method provided in an embodiment of the present invention is also based on the data packet analysis operation detected,
The data packet got is analyzed by DLL main program, to facilitate assessment personnel further to survey target software
It comments.In addition to this, method provided in an embodiment of the present invention applies also for carrying out conversed analysis and research to software, passes through this method
In filtering function and characteristic statistics function, what researcher can be convenient get want acquisition target software dependency number
According to, and research and analysis are carried out to target software based on the data got.Meanwhile it being checked by the function information in this method
Function, researcher can easily get the parameter of arbitrary function, and modify to the parameter of the function, later,
By DLL main program to modification parameter after target software carry out debugging research, compared to the prior art in, researcher is directed to
Each test item is write program and is debugged, and it is heavy duplicate that the method for the embodiment of the present invention greatly alleviates researcher
Work brings convenience for conversed analysis and research.
The embodiment of the invention provides a kind of flow charts of software assessment method, referring to Fig. 1, this method comprises:
Step 101: DLL main program being injected into target process, DLL main program is for obtaining target currently to be tested and assessed
The data packet of software received or sent simultaneously analyzes data packet, and target process is the process of target software.
Step 102: obtaining the data packet that target software receives or sends from target process by DLL main program.
Step 103: when detecting data packet analysis operation, being operated based on data packet analysis, by DLL main program to obtaining
The data packet taken is analyzed, so that assessment personnel are based on analysis result and test and assess to target software.
In embodiments of the present invention, target software reception is grabbed by the way that DLL main program to be directly injected into target process
Or the data packet sent, and the data packet got is analyzed, since data packet is directly from the process of target software
Crawl, in other words, the data packet grabbed belongs to the data packet of target software, therefore, eliminates from multiple data packets
The process of middle determining target software data packet solves in the related technology, by the number for not carrying out process distribution on crawl network interface card
The problem that the data packet difficulty of target software is determined caused by when testing and assessing according to packet target software, simultaneously as in target
The data packet of the target software directly grabbed in process is a large amount of hard not comprising having compared to the data packet grabbed from network interface card
Part information, therefore, the data volume of data packet are reduced, it is easier to which assessment personnel test and assess to target software.
Optionally, after obtaining the data packet that target software receives or sends in target process, further includes:
When detecting that function information checks instruction and function information checks in instruction and carries the ground of objective function to be viewed
When location, the address based on objective function obtains and the parameter of displaying target function, and the address of objective function is storage objective function
Address;
When the parameter for detecting objective function modifies instruction, carried out based on parameter of the parameter modification instruction to objective function
Modification.
Optionally, it when detecting data packet analysis operation, is operated based on data packet analysis, the data packet of acquisition is carried out
Analysis, comprising:
When data packet analysis operation is to carry filtering characters and filtering rule in filter operation and filter operation, it was based on
Character is filtered, the data comprising filtering characters are determined from the data packet of acquisition;
Based on filtering rule, corresponding operation is executed to the data comprising filtering characters.
Optionally, it when detecting data packet analysis operation, is operated based on data packet analysis, the data packet of acquisition is carried out
Analysis, comprising:
When data packet analysis operation, which is characterized, carries zone bit information in statistical operation and characteristic statistics operation, based on mark
Will position information determines that condition code, zone bit information are used to indicate the specific bit from the data packet of acquisition from the data packet of acquisition
Set the condition code of determining designated length;
Based on determining condition code, number that statistical nature code occurs in the data packet of acquisition.
Optionally, it when detecting data packet analysis operation, is operated based on data packet analysis, the data packet of acquisition is carried out
Before analysis, further includes:
When detecting information setting instruction, information set interface is shown;
The setting information that assessment personnel input in information set interface is obtained, setting information includes the data packet to acquisition
The filtering characters and filtering rule being filtered, and the data of acquisition are carried out with the zone bit information of characteristic statistics.
All the above alternatives, can form alternative embodiment of the invention according to any combination, and the present invention is real
It applies example and this is no longer repeated one by one.
Fig. 2 is a kind of flow chart of software assessment method provided in an embodiment of the present invention, as shown in Fig. 2, this method can be with
For terminal, comprising the following steps:
Step 201: DLL main program being injected into target process, DLL main program is for obtaining target currently to be tested and assessed
The data packet of software received or sent simultaneously analyzes data packet, and target process is the process of target software.
Optionally, before testing and assessing to target software, which can be installed to winsock by assessment personnel
Under (Windows Socket, interface for network programming) catalogue, when terminal detects the network operation for target software, then may be used
To call directly the DLL main program, and the DLL main program is injected into the target process of target software.
Certainly, before testing and assessing to software, assessment personnel can also be by way of being manually injected by the DLL main program
It is injected into target process.When being manually injected into, assessment personnel can download implantation tool, and start the implantation tool.Work as end
It, can be with the current process list of display terminal and DLL injection selection dialog box when end detects implantation tool operation.Test and assess people
Member's selection target process from the process list of the display, and the DLL main program to be injected is selected from terminal local storage.When
After terminal detects the target process and DLL main program of selection, which is injected into target process.
It should be noted that injection mode used by implantation tool can be LSP (Layered Service
Provider, layered service provider) the common injection mould such as injection way, message injection way, Remote thread injecting mode
Formula.
Step 202: obtaining the data packet that target software receives or sends from target process by DLL main program.
After DLL main program is injected into target process, by the DLL main program, when obtaining current from the target process
Between all data packets for sending and receiving of target software.Meanwhile after DLL main program is injected into target process, terminal can be with
Show the user interface of the DLL main program.
After getting the data packet of target software, the embodiment of the present invention can also pass through the Hook of arbitrary function address
(hook) is monitored come the parameter of the arbitrary function in the data packet to the target software got.It that is to say, when terminal is examined
It measures that function information checks instruction and function information is checked in instruction when carrying the address of objective function to be viewed, can be based on
The address of the objective function obtains and shows the parameter of the objective function, wherein the address of objective function is storage objective function
Address;It, can be based on parameter modification instruction to objective function when terminal detects the parameter modification instruction of the objective function
Parameter modify.
In general, assessment personnel need the corresponding function parameter of some function by checking target software, so that judgement should
Whether function parameter is modified, alternatively, assessment personnel need to modify to the corresponding function parameter of some function, to test ginseng
The safety of the modified software of number.In this case, assessment personnel can choose the high-level functions list choosing of user interface
, the function address for the objective function checked is wanted in input.Due to including the Hook of arbitrary function address in DLL main program,
It is that terminal log can be intercepted and be monitored according to the modification, shielding and output of the parameter of arbitrary function in packet, because
This, after terminal gets the function address of objective function, the Hook of arbitrary function address can be based on the letter of the objective function
Number address, obtains the parameter of the objective function and it will be shown in the panel of user interface.When assessment, personnel need to the mesh
When the safety that the parameter of scalar functions is modified with test software, it can modify to the parameter of the objective function of display.
After terminal detects the parameter modification instruction of the objective function, the parameter of modification is obtained, the arbitrary function address is then passed through
Hook, the modification to the parameter of objective function is realized, in this way, when assessment personnel want through Modification growth function parameter to software
When safety is tested, it is not necessary to individually write program to modify the function parameter, especially when needs are tested and assessed to software
When multiple functions are tested and assessed, it is not necessary to be tested, be brought for software assessment very big to write program for each function
Convenience, save the plenty of time.
Step 203: when detecting information setting instruction, showing information set interface, and obtain assessment personnel in information
The setting information inputted in set interface.
Based on the description in step 202, after DLL main program is injected into target process, when terminal detects information
When setting instruction, information set interface can be shown, assessment personnel can input setting information in the information set interface, with
Basic information setting is carried out to the analysis of follow-up data packet.After terminal gets the setting information of assessment personnel input, base
Data packet is analyzed in the setting information.
It should be noted that the setting information includes the filtering characters being filtered to the data packet of acquisition and filtering rule
Then, and to the data of acquisition the zone bit information of characteristic statistics is carried out, meanwhile, which can also include target data
Segment information is used to indicate and analyzes the target data segment in the data packet got.For example, the target data segment information can
Think beginning byte: 0, byte number: 2000, that is, indicate in the data packet got since 0 byte to byte number 2000
Data segment analyzed.
When terminal gets by step 201-203 the data packet of target software, and determine to which of data packet
After data segment is analyzed, it can be analyzed by data packet of the step 204 to target software.
Step 204: when detecting data packet analysis operation, being operated based on data packet analysis, by DLL main program to obtaining
The data packet taken is analyzed, so that assessment personnel are based on analysis result and test and assess to target software.
Description based on step 203, terminal can both be analyzed for the entire packet got, can also be directed to
Some data segment is analyzed in the data packet got, and the difference for personnel's data as needed of testing and assessing, can be by not
Same data packet analysis operates to carry out different analyses to data packet.
On the one hand, when assessment personnel need to analyze the data of certain one kind, due to artificial filter's difficulty, then can pass through
Filter operation is to realize.When terminal, which detects, carries filtering characters and filtering rule in filter operation and filter operation, it was based on
Character is filtered, the data comprising filtering characters are determined from the data packet of acquisition;Later, it is based on filtering rule, to comprising filtering word
The data of symbol execute corresponding operation.Wherein, filtering characters can be the condition code that can be identified for that the data of a certain type, can also
To be other most characters distinguished in that certain a kind of data can be comformed.In addition, filtering rule may include screen
Cover, show, intercept etc..
For example, it is assumed that filtering characters are " 00 ", filtering rule is shielding, then, terminal then can be from data packet or mesh
Mark data segment in search it is all include " 00 " character data, later, terminal can include " 00 " character by what is found
Data shielded.
By the filter operation, what assessment personnel can be convenient searches from a large amount of data and obtains desired data,
It brings great convenience for software assessment.It in addition to this, can be with when this method to be used for conversed analysis and the research of software
Filter false caused by neglecting when avoiding due to artificial filter, to avoid reverse mistake.
On the other hand, when terminal, which detects, carries zone bit information in characteristic statistics operation and characteristic statistics operation, base
In zone bit information, determine that condition code, the zone bit information are used to indicate from the data packet of acquisition from the data packet of acquisition
Designated position determines the condition code of designated length;Based on determining condition code, statistical nature code occurs in the data packet of acquisition
Number.
In general, when assessment personnel want to obtain certain corresponding class data of a certain function, but do not know that such data is corresponding
Condition code when, assessment personnel can execute a certain function by target software first, and determine when executing the function, corresponding
Data packet number.Then, assessment personnel can estimate zone bit information by checking the data packet got.Later, test and assess people
Member can choose characteristic statistics option, and input the zone bit information estimated;When terminal detects characteristic statistics operation, obtain
The zone bit information of assessment personnel input, and it is based on the zone bit information, designated length is determined from the designated position of data packet
Condition code;After condition code has been determined, terminal can count the number that the condition code of the determination occurs in the packet, and will
The number of condition code and statistics is shown.Assessment personnel can will execute corresponding data packet number and system when a certain function
The number of meter is compared, if identical, it is determined that currently determining condition code is to want the feature of certain the class data obtained
Code.
For example, when assessment personnel want to obtain the packet of propagandaing directed to communicate in target software, but do not know that the condition code of packet of propagandaing directed to communicate is
What, at this point, assessment personnel can execute operation of propagandaing directed to communicate by target software, it is assumed that operation of propagandaing directed to communicate has continuously performed twice,
Then correspond to two packets of propagandaing directed to communicate.Later, assessment personnel check multiple data packets, and the zone bit information for estimating packet of propagandaing directed to communicate is a line one
Column, two bytes, and by selection characteristic statistics option, the zone bit information estimated is had input in information set interface;
Terminal obtains the zone bit information, and according to the zone bit information, in the first row first row after detecting characteristic statistics instruction
The data of 2 bytes are searched at place, and the data of find two bytes are determined as condition code;Later, terminal is in data packet
The number that the middle condition code for counting two bytes occurs, and the number of this feature code and statistics is shown.Assessment personnel
Judge whether this feature code is the condition code of packet of propagandaing directed to communicate by the number of statistics, when the number of statistics is twice, with packet of propagandaing directed to communicate
Number is identical, and assessment personnel can then determine that this feature code is the condition code of packet of propagandaing directed to communicate, otherwise, it is determined that be not.
By the above method, the personnel of assessment can easily determine condition code, compared in the related technology by artificially looking into
The method for looking for count feature code to determine the condition code for wanting acquisition, saves a large amount of time, improves work efficiency.
It should be noted that when assessment personnel are carried out by data packet of the method in step 201-204 to target software
After analysis, based on analysis as a result, assessment personnel can write script and further be tested and assessed to target software.At this point, surveying
Personnel are commented to can choose the script option of user interface, terminal can carry out the script write when detecting script option
It compiles and runs, and show the compile error information in compilation process, so that assessment personnel carry out subsequent be modified.Except this it
Outside, the embodiment of the invention also provides the temporary interfaces for test is avoided with facilitating assessment personnel to complete software test code
When code malfunctions in the related technology, it has to which the problem of being repeatedly injected DLL main program shorten the time of debugging interface.
In embodiments of the present invention, terminal is connect by the way that DLL main program is directly injected into target process to obtain target software
The data packet received and sent, and the data packet got is analyzed, since data packet is obtained from the process of target software
It takes, that is to say, the data packet got belongs to the data packet of target software, therefore, eliminates in the prior art from multiple
The process of the data packet of target software is determined in data packet, and since the data packet is directly obtained from target process,
Compared to the data packet grabbed from network interface card, not comprising there is a large amount of hardware information, therefore, the data volume of data packet is reduced, more
It is easy to the personnel of testing and assessing to test and assess to target software.
In addition, software assessment method provided in an embodiment of the present invention is also based on the data packet analysis operation detected,
Analysis is filtered to the data packet got by DLL main program and characteristic statistics are analyzed, is obtained for assessment personnel and wants to obtain
The data taken are brought convenience, and save the time.Meanwhile by the function information look facility in this method, the personnel that test and assess can be with
The parameter of arbitrary function is easily got, and is modified to the parameter of the function, later, by DLL main program to repairing
Target software after changing parameter carries out testing research, compared to the prior art in, assessment personnel write for each test item
The method that program is tested, the method for the embodiment of the present invention greatly alleviate the heavy duplicate work of assessment personnel.
In addition to this, method provided in an embodiment of the present invention applies also for carrying out conversed analysis and research to software, passes through
Filtering function and characteristic statistics function in this method, what researcher can be convenient gets the target software for wanting acquisition
Related data, and research and analysis are carried out to target software based on the data got, it is provided more for conversed analysis and research
For the help of intelligence.
Fig. 3 A is a kind of block diagram of software assessment device 300 provided in an embodiment of the present invention, referring to Fig. 3 A, the device packet
Include: injection module 301, first obtains module 302 and analysis module 303.
DLL main program is injected into target process by injection module 301, and DLL main program is currently to be tested and assessed for obtaining
The data packet of target software received or sent simultaneously analyzes data packet, and target process is the process of target software;
First obtains module 302, for obtaining what target software received or sent from target process by DLL main program
Data packet;
Analysis module 303, for being operated based on data packet analysis, passing through DLL master when detecting data packet analysis operation
Program analyzes the data packet of acquisition, so that assessment personnel are based on analysis result and test and assess to target software.
Optionally, referring to Fig. 3 B, the device 300 further include:
Second obtains module 304, detects that function information checks instruction and function information is checked in instruction and carried for working as
When the address of objective function to be viewed, the address based on objective function obtains and the parameter of displaying target function, objective function
Address be store objective function address;
Modified module 305, for being instructed to mesh based on parameter modification when the parameter for detecting objective function modifies instruction
The parameter of scalar functions is modified.
Optionally, referring to Fig. 3 C, analysis module 303 includes:
Acquisition submodule 3031, for being to carry filtering characters in filter operation and filter operation when data packet analysis operation
When with filtering rule, filtering characters are based on, the data comprising filtering characters are determined from the data packet of acquisition;
Submodule 3032 is handled, for being based on filtering rule, corresponding operation is executed to the data comprising filtering characters.
Optionally, referring to Fig. 3 D, analysis module 303 includes:
Submodule 3033 is determined, for carrying when data packet analysis operation is characterized in statistical operation and characteristic statistics operation
When zone bit information, it is based on zone bit information, determines that condition code, zone bit information are used to indicate from obtaining from the data packet of acquisition
The designated position of the data packet taken determines the condition code of designated length;
Statistic submodule 3034, for what is occurred in the data packet of acquisition based on determining condition code, statistical nature code
Number.
Optionally, referring to Fig. 3 E, the device 300 further include:
Display module 306, for showing information set interface when detecting information setting instruction;
Setup module 307, the setting information inputted in information set interface for obtaining assessment personnel, setting information packet
The filtering characters and filtering rule being filtered to the data packet of acquisition are included, and the data of acquisition are carried out with the mark of characteristic statistics
Will position information.
In conclusion the embodiment of the present invention is connect by the way that DLL main program is directly injected into target process to obtain target software
The data packet received and sent, and the data packet got is analyzed, since data packet is obtained from the process of target software
It takes, that is to say, the data packet got belongs to the data packet of target software, therefore, eliminates in the prior art from multiple
The process of the data packet of target software is determined in data packet, and since the data packet is directly obtained from target process,
Compared to the data packet grabbed from network interface card, not comprising there is a large amount of hardware information, therefore, the data volume of data packet is reduced, more
It is easy to the personnel of testing and assessing to test and assess to target software.
In addition, software assessment method provided in an embodiment of the present invention is also based on the data packet analysis operation detected,
Analysis is filtered to the data packet got by DLL main program and characteristic statistics are analyzed, is obtained for assessment personnel and wants to obtain
The data taken are brought convenience, and save the time.Meanwhile by the function information look facility in this method, the personnel that test and assess can be with
The parameter of arbitrary function is easily got, and is modified to the parameter of the function, later, by DLL main program to repairing
Target software after changing parameter carries out testing research, compared to the prior art in, assessment personnel write for each test item
The method that program is tested, the method for the embodiment of the present invention greatly alleviate the heavy duplicate work of assessment personnel.
It should be understood that software assessment device provided by the above embodiment is when triggering software assessment, only with above-mentioned each
The division progress of functional module can according to need and for example, in practical application by above-mentioned function distribution by different function
Energy module is completed, i.e., the internal structure of equipment is divided into different functional modules, to complete whole described above or portion
Divide function.In addition, software assessment device provided by the above embodiment and software assessment method embodiment belong to same design, have
Body realizes that process is detailed in embodiment of the method, and which is not described herein again.
Those of ordinary skill in the art will appreciate that realizing that all or part of the steps of above-described embodiment can pass through hardware
It completes, relevant hardware can also be instructed to complete by program, the program can store in a kind of computer-readable
In storage medium, storage medium mentioned above can be read-only memory, disk or CD etc..
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all in spirit of the invention and
Within principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.
Claims (8)
1. a kind of software assessment method, which is characterized in that the described method includes:
Dynamic link library (DLL) main program is injected into target process, the DLL main program is for obtaining mesh currently to be tested and assessed
It marks the data packet of software received or sent and the data packet is analyzed, the target process is the target software
Process;
The data packet that the target software receives or sends is obtained from the target process by the DLL main program;
When detecting information setting instruction, information set interface is shown;
The setting information that assessment personnel input in the information set interface is obtained, the setting information includes to the acquisition
The data packet filtering characters and filtering rule that are filtered, and the data of the acquisition are carried out with the flag bit of characteristic statistics
Information;
When detecting data packet analysis operation, packet analysis operation and the setting information, pass through the DLL based on the data
Main program analyzes the data packet of acquisition, so that the assessment personnel are based on analysis result and survey to the target software
It comments.
2. the method according to claim 1, wherein described obtain the target software from the target process
After the data packet received or sent, further includes:
When detecting that function information checks instruction and the function information checks in instruction and carries the ground of objective function to be viewed
When location, the address based on the objective function obtains and shows the parameter of the objective function, and the address of the objective function is
Store the address of the objective function;
When the parameter for detecting the objective function modifies instruction, modification instruction is to the objective function based on the parameter
Parameter is modified.
3. the method according to claim 1, wherein it is described when detect data packet analysis operation when, be based on institute
Data packet analysis operation is stated, the data packet of acquisition is analyzed, comprising:
When data packet analysis operation is to carry filtering characters and filtering rule in filter operation and the filter operation, base
In the filtering characters, the data comprising the filtering characters are determined from the data packet of the acquisition;
Based on the filtering rule, corresponding operation is executed to the data comprising the filtering characters.
4. the method according to claim 1, wherein it is described when detect data packet analysis operation when, be based on institute
Data packet analysis operation is stated, the data packet of acquisition is analyzed, comprising:
When data packet analysis operation, which is characterized, carries zone bit information in statistical operation and characteristic statistics operation, base
In the zone bit information, determine that condition code, the zone bit information are used to indicate from described from the data packet of the acquisition
The designated position of the data packet of acquisition determines the condition code of designated length;
Based on determining condition code, the number that described document information occurs in the data packet of the acquisition is counted.
5. a kind of software assessment device, which is characterized in that described device includes:
Injection module, for when detecting implant operation, dynamic link library (DLL) main program to be injected into target process, institute
DLL main program is stated for obtaining the data packet of target software currently to be tested and assessed received or sent and carrying out to the data packet
Analysis, the target process are the process of the target software;
First obtains module, for by the DLL main program obtained from the target process target software receive or
The data packet of transmission;
Display module, for showing information set interface when detecting information setting instruction;
Setup module, the setting information inputted in the information set interface for obtaining assessment personnel, the setting information
Including the filtering characters and filtering rule being filtered to the data packet of the acquisition, and the data of the acquisition are carried out special
Levy the zone bit information of statistics;
Analysis module, for when detecting data packet analysis operation, packet analysis to be operated and setting letter based on the data
Breath, analyzes the data packet of acquisition by the DLL main program, so that the assessment personnel are based on analysis result to described
Target software is tested and assessed.
6. device according to claim 5, which is characterized in that described device further include:
Second obtain module, for when detect function information check instruction and the function information check instruction in carry it is to be checked
When the address for the objective function seen, the address based on the objective function obtains and shows the parameter of the objective function, described
The address of objective function is the address for storing the objective function;
Modified module, for modifying instruction pair based on the parameter when the parameter for detecting the objective function modifies instruction
The parameter of the objective function is modified.
7. device according to claim 5, which is characterized in that the analysis module includes:
Acquisition submodule, for being to carry filtering characters in filter operation and the filter operation when data packet analysis operation
When with filtering rule, the filtering characters are based on, the data comprising the filtering characters are determined from the data packet of the acquisition;
Submodule is handled, for being based on the filtering rule, corresponding behaviour is executed to the data comprising the filtering characters
Make.
8. device according to claim 5, which is characterized in that the analysis module includes:
Submodule is determined, for carrying when data packet analysis operation is characterized in statistical operation and characteristic statistics operation
When zone bit information, it is based on the zone bit information, condition code, the zone bit information are determined from the data packet of the acquisition
It is used to indicate the condition code that designated length is determined from the designated position of the data packet of the acquisition;
Statistic submodule, for counting what described document information occurred in the data packet of the acquisition based on determining condition code
Number.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611249512.7A CN106681923B (en) | 2016-12-29 | 2016-12-29 | A kind of software assessment method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611249512.7A CN106681923B (en) | 2016-12-29 | 2016-12-29 | A kind of software assessment method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106681923A CN106681923A (en) | 2017-05-17 |
CN106681923B true CN106681923B (en) | 2019-06-14 |
Family
ID=58873478
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611249512.7A Active CN106681923B (en) | 2016-12-29 | 2016-12-29 | A kind of software assessment method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106681923B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107329901B (en) * | 2017-07-31 | 2021-09-28 | 腾讯科技(深圳)有限公司 | Data packet capturing method, terminal, server and storage medium |
CN108536484A (en) * | 2018-03-26 | 2018-09-14 | 平安普惠企业管理有限公司 | Parameter amending method, device, terminal device and storage medium |
CN110875858B (en) * | 2018-08-31 | 2023-06-27 | 北京京东尚科信息技术有限公司 | Application test data grabbing method, system, equipment and storage medium |
CN113535593B (en) * | 2021-09-15 | 2022-10-11 | 广州锦行网络科技有限公司 | Application program packet capturing method and device, electronic equipment and storage medium |
CN113961240B (en) * | 2021-12-20 | 2022-04-08 | 杭州安恒信息技术股份有限公司 | Reverse analysis method for virtualization encryption program and related components |
CN117473487A (en) * | 2023-10-24 | 2024-01-30 | 联通(广东)产业互联网有限公司 | Data processing method, electronic equipment and computer readable storage medium |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101997871A (en) * | 2010-09-21 | 2011-03-30 | 电子科技大学 | Device for quickly capturing, filtering and forwarding data |
CN104156481A (en) * | 2014-08-26 | 2014-11-19 | 北京软安科技有限公司 | Android encryption communication detection device and method based on dynamic linking library injection |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070234328A1 (en) * | 2006-03-01 | 2007-10-04 | Microsoft Corporation | File handling for test environments |
-
2016
- 2016-12-29 CN CN201611249512.7A patent/CN106681923B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101997871A (en) * | 2010-09-21 | 2011-03-30 | 电子科技大学 | Device for quickly capturing, filtering and forwarding data |
CN104156481A (en) * | 2014-08-26 | 2014-11-19 | 北京软安科技有限公司 | Android encryption communication detection device and method based on dynamic linking library injection |
Also Published As
Publication number | Publication date |
---|---|
CN106681923A (en) | 2017-05-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106681923B (en) | A kind of software assessment method and device | |
CN102468985B (en) | The method and system of penetration testing is carried out for Network Security Device | |
CN109145579A (en) | Intelligent network joins automobile information secure authentication testing method and system | |
CN106649063A (en) | Method and system used for monitoring time consuming data when program runs | |
De Lucia et al. | An Eclipse plug-in for the detection of design pattern instances through static and dynamic analysis | |
CN103927473A (en) | Method, device and system for detecting source code safety of mobile intelligent terminal | |
AU2018202153B2 (en) | System and method for tool chain data capture through parser for empirical data analysis | |
CN107370740A (en) | Redirect hold-up interception method and device | |
CN106295348A (en) | The leak detection method of application program and device | |
CN105468508B (en) | code detection method and device | |
CN108268371A (en) | The intelligent fuzzy test method applied towards Android | |
CN105515909B (en) | A kind of data acquisition test method and apparatus | |
CN106371993A (en) | Testing method and testing device based on data packet | |
CN111753306B (en) | Intelligent contract vulnerability detection method and device, electronic equipment and storage medium | |
CN108234246A (en) | A kind of method and system of multidirectional server network performance | |
US10757402B2 (en) | Camera certification for video surveillance systems | |
CN111258881A (en) | Intelligent test system for workflow test | |
CN107317708A (en) | The monitoring method and device of a kind of Court business application system | |
CN109857672A (en) | A kind of formation gathering method, device, equipment and storage medium | |
CN103902590B (en) | Premises automation method of testing and its device | |
CN106156630A (en) | The leak detection method of a kind of application program installation kit and device | |
CN112506795A (en) | Method, system, terminal and storage medium for testing security vulnerability of industrial control equipment | |
CN108628744B (en) | Fault diagnosis method and device and electronic equipment | |
CN107733082A (en) | A kind of relay protection device device abnormal information collection method and system | |
CN108427882B (en) | Android software dynamic analysis detection method based on behavior feature extraction |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |