CN106681923B - A kind of software assessment method and device - Google Patents

A kind of software assessment method and device Download PDF

Info

Publication number
CN106681923B
CN106681923B CN201611249512.7A CN201611249512A CN106681923B CN 106681923 B CN106681923 B CN 106681923B CN 201611249512 A CN201611249512 A CN 201611249512A CN 106681923 B CN106681923 B CN 106681923B
Authority
CN
China
Prior art keywords
data packet
acquisition
information
data
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201611249512.7A
Other languages
Chinese (zh)
Other versions
CN106681923A (en
Inventor
王妍鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Huaduo Network Technology Co Ltd
Original Assignee
Guangzhou Huaduo Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Huaduo Network Technology Co Ltd filed Critical Guangzhou Huaduo Network Technology Co Ltd
Priority to CN201611249512.7A priority Critical patent/CN106681923B/en
Publication of CN106681923A publication Critical patent/CN106681923A/en
Application granted granted Critical
Publication of CN106681923B publication Critical patent/CN106681923B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3688Test management for test execution, e.g. scheduling of test suites
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3692Test management for test results analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Stored Programmes (AREA)

Abstract

The invention discloses a kind of software assessment method and devices, belong to network technique field.This method comprises: dynamic link library (DLL) main program is injected into target process, DLL main program is used to obtain the data packet of target software currently to be tested and assessed received or sent and analyzes data packet;The data packet that target software receives or sends is obtained from target process by DLL main program;When detecting data packet analysis operation, is operated based on data packet analysis, analyzed by data packet of the DLL main program to acquisition.The present invention obtains the data packet of target software by the way that DLL main program is directly injected into target process, and data packet is analyzed, eliminate the process for determining the data packet of target software from multiple data packets in the prior art, and since the data packet is directly obtained from target process, not comprising there is a large amount of hardware information, the data volume of data packet is reduced, it is easier to which assessment personnel test and assess to target software.

Description

A kind of software assessment method and device
Technical field
The present invention relates to network technique fields, in particular to a kind of to be based on a kind of software assessment method and device.
Background technique
In software development, software assessment is essential process.When carrying out software assessment, need to transport the software The data packet sent or received when row is grabbed, and to obtain packet capturing information, later, assessment personnel can packet capturing to getting Information is analyzed, and is further tested and assessed based on analysis result to software.
In the prior art, when carrying out software assessment, assessment personnel need to install packet catcher in equipment, later, if It is standby by the packet catcher to it is being received or sent on network interface card, also do not carry out multiple data packets of process distribution and grab, when After catching multiple data packets, Target IP that assessment personnel need to check that multiple data packet is subsequent and connect when establishing process (Internet Protocol, Internet protocol) and process creation port can just determine that multiple data packet is corresponding soft Part, and therefrom determine the corresponding data packet of target software to be tested and assessed.After determining the data packet of target software, test and assess personnel It is analyzed by data packet of the evaluation tool to target software, and based on analysis as a result, to write correspondingly program to be measured to this Software is commented further to be tested and assessed.
Since multiple data packet is to be grabbed to obtain to the data packet received or sent on network interface card, it grabs Multiple data packets in do not include progress information, and include the relevant information of hardware layer in multiple data packet, determine target The process of the data packet of software is more complex, and data volume is larger, is not easy to assessment personnel and tests and assesses.
Summary of the invention
After solving to grab the data packet received or sent on network interface card, determine that the data packet of target software is more multiple It is miscellaneous, and packet data amount is larger, is not easy to the problem of testing and assessing, the embodiment of the invention provides a kind of software assessment method and dresses It sets.The technical solution is as follows:
On the one hand, a kind of software assessment method is provided, which comprises
DLL (Dynamic Link Library, dynamic link library) main program is injected into target process, the DLL Main program is used to obtain the data packet of target software currently to be tested and assessed received or sent and analyzes the data packet, The target process is the process of the target software;
The data packet that the target software receives or sends is obtained from the target process by the DLL main program;
When detecting data packet analysis operation, packet analysis operation based on the data, by the DLL main program to obtaining The data packet taken is analyzed, so that assessment personnel are based on analysis result and test and assess to the target software.
Optionally, described after obtaining the data packet that the target software receives or sends in the target process, also Include:
When detect function information check instruction and the function information check instruction in carry objective function to be viewed Address when, the address based on the objective function obtains and shows the parameter of the objective function, the ground of the objective function Location is the address for storing the objective function;
When the parameter for detecting the objective function modifies instruction, modification instruction is to the target letter based on the parameter Several parameters are modified.
Optionally, described when detecting data packet analysis operation, packet analysis operation based on the data, to the number of acquisition It is analyzed according to packet, comprising:
When data packet analysis operation is to carry filtering characters and filtering rule in filter operation and the filter operation When, the filtering characters are based on, the data comprising the filtering characters are determined from the data packet of the acquisition;
Based on the filtering rule, corresponding operation is executed to the data comprising the filtering characters.
Optionally, described when detecting data packet analysis operation, packet analysis operation based on the data, to the number of acquisition It is analyzed according to packet, comprising:
Zone bit information is carried when data packet analysis operation is characterized in statistical operation and characteristic statistics operation When, be based on the zone bit information, from the data packet of the acquisition determine condition code, the zone bit information be used to indicate from The designated position of the data packet of the acquisition determines the condition code of designated length;
Based on determining condition code, the number that described document information occurs in the data packet of the acquisition is counted.
Optionally, described when detecting data packet analysis operation, packet analysis operation based on the data, to the number of acquisition Before being analyzed according to packet, further includes:
When detecting information setting instruction, information set interface is shown;
The setting information that the assessment personnel input in the information set interface is obtained, the setting information includes pair The filtering characters and filtering rule that the data packet of the acquisition is filtered, and characteristic statistics are carried out to the data of the acquisition Zone bit information.
On the other hand, a kind of software assessment device is provided, described device includes:
Injection module, for dynamic link library (DLL) main program to be injected into target process, the DLL main program is used for The data packet received or sent for obtaining target software currently to be tested and assessed simultaneously analyzes the data packet, the target into Journey is the process of the target software;
First obtains module, connects for obtaining the target software from the target process by the DLL main program The data packet received or sent;
Analysis module, for when detecting data packet analysis operation, packet analysis based on the data to be operated, by described DLL main program analyzes the data packet of acquisition, so that assessment personnel are based on analysis result and survey to the target software It comments.
Optionally, described device further include:
Second obtains module, detects that function information checks instruction and the function information is checked in instruction and carried for working as When the address of objective function to be viewed, the address based on the objective function obtains and shows the parameter of the objective function, The address of the objective function is the address for storing the objective function;
Modified module, for when the parameter for detecting the objective function modifies instruction, modification to refer to based on the parameter Order modifies to the parameter of the objective function.
Optionally, the analysis module includes:
Acquisition submodule, for being to carry filtering in filter operation and the filter operation when data packet analysis operation When character and filtering rule, the filtering characters are based on, are determined from the data packet of the acquisition comprising the filtering characters Data;
Submodule is handled, for being based on the filtering rule, correspondence is executed to the data comprising the filtering characters Operation.
Optionally, the analysis module includes:
Submodule is determined, for being characterized in statistical operation and characteristic statistics operation when data packet analysis operation When carrying zone bit information, it is based on the zone bit information, condition code, the flag bit are determined from the data packet of the acquisition Information is used to indicate the condition code that designated length is determined from the designated position of the data packet of the acquisition;
Statistic submodule, for counting described document information and going out in the data packet of the acquisition based on determining condition code Existing number.
Optionally, described device further include:
Display module, for showing information set interface when detecting information setting instruction;
Setup module, the setting information inputted in the information set interface for obtaining the assessment personnel are described Setting information includes the filtering characters and filtering rule being filtered to the data packet of the acquisition, and the number to the acquisition According to the zone bit information for carrying out characteristic statistics.
Technical solution provided in an embodiment of the present invention has the benefit that the embodiment of the present invention by by the main journey of DLL Sequence, which is directly injected into target process, grabs the data packet that target software receives or sends, and divides the data packet got Analysis, since data packet is directly to grab from the process of target software, in other words, the data packet grabbed belongs to target Therefore the data packet of software eliminates the process for determining target software data packet from multiple data packets, solves the relevant technologies In, by not carried out when the data packet of process distribution tests and assesses target software on crawl network interface card caused by determine target software Data packet difficulty problem, simultaneously as the data packet of the target software directly grabbed in target process compared to from The data packet grabbed on network interface card, not comprising there is a large amount of hardware information, therefore, the data volume of data packet is reduced, it is easier to be tested and assessed Personnel test and assess to target software.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other Attached drawing.
Fig. 1 is a kind of software assessment method flow chart provided in an embodiment of the present invention;
Fig. 2 is a kind of software assessment method flow chart provided in an embodiment of the present invention;
Fig. 3 A is a kind of block diagram of software assessment device provided in an embodiment of the present invention;
Fig. 3 B is a kind of block diagram of software assessment device provided in an embodiment of the present invention;
Fig. 3 C is a kind of block diagram of analysis module provided in an embodiment of the present invention;
Fig. 3 D is a kind of block diagram of analysis module provided in an embodiment of the present invention;
Fig. 3 E is a kind of block diagram of software assessment device provided in an embodiment of the present invention.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached drawing to embodiment party of the present invention Formula is described in further detail.
Before carrying out detailed explanation to the embodiment of the present invention, first the application scenarios of the embodiment of the present invention are given It introduces.In general, when carrying out software assessment, it is necessary first to obtain target software transmission or received data by packet catcher Packet, and the data packet got is analyzed, later, assessment personnel are based on analysis result and write script to target software progress Further test and assess.In the related art, due to packet catcher can only for it is receiving or sending on network interface card, do not carry out process also Multiple data packets of distribution are grabbed, and therefore, after grabbing multiple data packets, determine that target is soft from multiple data packet The process of the data packet of part is more complex, moreover, because the data packet of target software is directly grabbed from network interface card, it therefore, should Include the relevant information of hardware layer in data packet, data volume is larger, and these hardware informations for assessment be it is unnecessary, because This, is not easy to assessment personnel and tests and assesses to target software.
To solve the above-mentioned problems, the embodiment of the invention provides a kind of software assessment method and devices.This method passes through DLL main program is directly injected into target process to obtain the data packet that target software sends and receivees, and to the data got Packet is analyzed, and since data packet is directly to obtain from the process of target software, that is to say, the data packet got belongs to In target software, therefore, the process for determining the data packet of target software from multiple data packets in the prior art is eliminated, and It is a large amount of not comprising having compared to the data packet grabbed from network interface card since the data packet is directly obtained from target process Hardware information, therefore, the data volume of data packet is reduced, it is easier to which assessment personnel test and assess to target software.
In addition, software assessment method provided in an embodiment of the present invention is also based on the data packet analysis operation detected, The data packet got is analyzed by DLL main program, to facilitate assessment personnel further to survey target software It comments.In addition to this, method provided in an embodiment of the present invention applies also for carrying out conversed analysis and research to software, passes through this method In filtering function and characteristic statistics function, what researcher can be convenient get want acquisition target software dependency number According to, and research and analysis are carried out to target software based on the data got.Meanwhile it being checked by the function information in this method Function, researcher can easily get the parameter of arbitrary function, and modify to the parameter of the function, later, By DLL main program to modification parameter after target software carry out debugging research, compared to the prior art in, researcher is directed to Each test item is write program and is debugged, and it is heavy duplicate that the method for the embodiment of the present invention greatly alleviates researcher Work brings convenience for conversed analysis and research.
The embodiment of the invention provides a kind of flow charts of software assessment method, referring to Fig. 1, this method comprises:
Step 101: DLL main program being injected into target process, DLL main program is for obtaining target currently to be tested and assessed The data packet of software received or sent simultaneously analyzes data packet, and target process is the process of target software.
Step 102: obtaining the data packet that target software receives or sends from target process by DLL main program.
Step 103: when detecting data packet analysis operation, being operated based on data packet analysis, by DLL main program to obtaining The data packet taken is analyzed, so that assessment personnel are based on analysis result and test and assess to target software.
In embodiments of the present invention, target software reception is grabbed by the way that DLL main program to be directly injected into target process Or the data packet sent, and the data packet got is analyzed, since data packet is directly from the process of target software Crawl, in other words, the data packet grabbed belongs to the data packet of target software, therefore, eliminates from multiple data packets The process of middle determining target software data packet solves in the related technology, by the number for not carrying out process distribution on crawl network interface card The problem that the data packet difficulty of target software is determined caused by when testing and assessing according to packet target software, simultaneously as in target The data packet of the target software directly grabbed in process is a large amount of hard not comprising having compared to the data packet grabbed from network interface card Part information, therefore, the data volume of data packet are reduced, it is easier to which assessment personnel test and assess to target software.
Optionally, after obtaining the data packet that target software receives or sends in target process, further includes:
When detecting that function information checks instruction and function information checks in instruction and carries the ground of objective function to be viewed When location, the address based on objective function obtains and the parameter of displaying target function, and the address of objective function is storage objective function Address;
When the parameter for detecting objective function modifies instruction, carried out based on parameter of the parameter modification instruction to objective function Modification.
Optionally, it when detecting data packet analysis operation, is operated based on data packet analysis, the data packet of acquisition is carried out Analysis, comprising:
When data packet analysis operation is to carry filtering characters and filtering rule in filter operation and filter operation, it was based on Character is filtered, the data comprising filtering characters are determined from the data packet of acquisition;
Based on filtering rule, corresponding operation is executed to the data comprising filtering characters.
Optionally, it when detecting data packet analysis operation, is operated based on data packet analysis, the data packet of acquisition is carried out Analysis, comprising:
When data packet analysis operation, which is characterized, carries zone bit information in statistical operation and characteristic statistics operation, based on mark Will position information determines that condition code, zone bit information are used to indicate the specific bit from the data packet of acquisition from the data packet of acquisition Set the condition code of determining designated length;
Based on determining condition code, number that statistical nature code occurs in the data packet of acquisition.
Optionally, it when detecting data packet analysis operation, is operated based on data packet analysis, the data packet of acquisition is carried out Before analysis, further includes:
When detecting information setting instruction, information set interface is shown;
The setting information that assessment personnel input in information set interface is obtained, setting information includes the data packet to acquisition The filtering characters and filtering rule being filtered, and the data of acquisition are carried out with the zone bit information of characteristic statistics.
All the above alternatives, can form alternative embodiment of the invention according to any combination, and the present invention is real It applies example and this is no longer repeated one by one.
Fig. 2 is a kind of flow chart of software assessment method provided in an embodiment of the present invention, as shown in Fig. 2, this method can be with For terminal, comprising the following steps:
Step 201: DLL main program being injected into target process, DLL main program is for obtaining target currently to be tested and assessed The data packet of software received or sent simultaneously analyzes data packet, and target process is the process of target software.
Optionally, before testing and assessing to target software, which can be installed to winsock by assessment personnel Under (Windows Socket, interface for network programming) catalogue, when terminal detects the network operation for target software, then may be used To call directly the DLL main program, and the DLL main program is injected into the target process of target software.
Certainly, before testing and assessing to software, assessment personnel can also be by way of being manually injected by the DLL main program It is injected into target process.When being manually injected into, assessment personnel can download implantation tool, and start the implantation tool.Work as end It, can be with the current process list of display terminal and DLL injection selection dialog box when end detects implantation tool operation.Test and assess people Member's selection target process from the process list of the display, and the DLL main program to be injected is selected from terminal local storage.When After terminal detects the target process and DLL main program of selection, which is injected into target process.
It should be noted that injection mode used by implantation tool can be LSP (Layered Service Provider, layered service provider) the common injection mould such as injection way, message injection way, Remote thread injecting mode Formula.
Step 202: obtaining the data packet that target software receives or sends from target process by DLL main program.
After DLL main program is injected into target process, by the DLL main program, when obtaining current from the target process Between all data packets for sending and receiving of target software.Meanwhile after DLL main program is injected into target process, terminal can be with Show the user interface of the DLL main program.
After getting the data packet of target software, the embodiment of the present invention can also pass through the Hook of arbitrary function address (hook) is monitored come the parameter of the arbitrary function in the data packet to the target software got.It that is to say, when terminal is examined It measures that function information checks instruction and function information is checked in instruction when carrying the address of objective function to be viewed, can be based on The address of the objective function obtains and shows the parameter of the objective function, wherein the address of objective function is storage objective function Address;It, can be based on parameter modification instruction to objective function when terminal detects the parameter modification instruction of the objective function Parameter modify.
In general, assessment personnel need the corresponding function parameter of some function by checking target software, so that judgement should Whether function parameter is modified, alternatively, assessment personnel need to modify to the corresponding function parameter of some function, to test ginseng The safety of the modified software of number.In this case, assessment personnel can choose the high-level functions list choosing of user interface , the function address for the objective function checked is wanted in input.Due to including the Hook of arbitrary function address in DLL main program, It is that terminal log can be intercepted and be monitored according to the modification, shielding and output of the parameter of arbitrary function in packet, because This, after terminal gets the function address of objective function, the Hook of arbitrary function address can be based on the letter of the objective function Number address, obtains the parameter of the objective function and it will be shown in the panel of user interface.When assessment, personnel need to the mesh When the safety that the parameter of scalar functions is modified with test software, it can modify to the parameter of the objective function of display. After terminal detects the parameter modification instruction of the objective function, the parameter of modification is obtained, the arbitrary function address is then passed through Hook, the modification to the parameter of objective function is realized, in this way, when assessment personnel want through Modification growth function parameter to software When safety is tested, it is not necessary to individually write program to modify the function parameter, especially when needs are tested and assessed to software When multiple functions are tested and assessed, it is not necessary to be tested, be brought for software assessment very big to write program for each function Convenience, save the plenty of time.
Step 203: when detecting information setting instruction, showing information set interface, and obtain assessment personnel in information The setting information inputted in set interface.
Based on the description in step 202, after DLL main program is injected into target process, when terminal detects information When setting instruction, information set interface can be shown, assessment personnel can input setting information in the information set interface, with Basic information setting is carried out to the analysis of follow-up data packet.After terminal gets the setting information of assessment personnel input, base Data packet is analyzed in the setting information.
It should be noted that the setting information includes the filtering characters being filtered to the data packet of acquisition and filtering rule Then, and to the data of acquisition the zone bit information of characteristic statistics is carried out, meanwhile, which can also include target data Segment information is used to indicate and analyzes the target data segment in the data packet got.For example, the target data segment information can Think beginning byte: 0, byte number: 2000, that is, indicate in the data packet got since 0 byte to byte number 2000 Data segment analyzed.
When terminal gets by step 201-203 the data packet of target software, and determine to which of data packet After data segment is analyzed, it can be analyzed by data packet of the step 204 to target software.
Step 204: when detecting data packet analysis operation, being operated based on data packet analysis, by DLL main program to obtaining The data packet taken is analyzed, so that assessment personnel are based on analysis result and test and assess to target software.
Description based on step 203, terminal can both be analyzed for the entire packet got, can also be directed to Some data segment is analyzed in the data packet got, and the difference for personnel's data as needed of testing and assessing, can be by not Same data packet analysis operates to carry out different analyses to data packet.
On the one hand, when assessment personnel need to analyze the data of certain one kind, due to artificial filter's difficulty, then can pass through Filter operation is to realize.When terminal, which detects, carries filtering characters and filtering rule in filter operation and filter operation, it was based on Character is filtered, the data comprising filtering characters are determined from the data packet of acquisition;Later, it is based on filtering rule, to comprising filtering word The data of symbol execute corresponding operation.Wherein, filtering characters can be the condition code that can be identified for that the data of a certain type, can also To be other most characters distinguished in that certain a kind of data can be comformed.In addition, filtering rule may include screen Cover, show, intercept etc..
For example, it is assumed that filtering characters are " 00 ", filtering rule is shielding, then, terminal then can be from data packet or mesh Mark data segment in search it is all include " 00 " character data, later, terminal can include " 00 " character by what is found Data shielded.
By the filter operation, what assessment personnel can be convenient searches from a large amount of data and obtains desired data, It brings great convenience for software assessment.It in addition to this, can be with when this method to be used for conversed analysis and the research of software Filter false caused by neglecting when avoiding due to artificial filter, to avoid reverse mistake.
On the other hand, when terminal, which detects, carries zone bit information in characteristic statistics operation and characteristic statistics operation, base In zone bit information, determine that condition code, the zone bit information are used to indicate from the data packet of acquisition from the data packet of acquisition Designated position determines the condition code of designated length;Based on determining condition code, statistical nature code occurs in the data packet of acquisition Number.
In general, when assessment personnel want to obtain certain corresponding class data of a certain function, but do not know that such data is corresponding Condition code when, assessment personnel can execute a certain function by target software first, and determine when executing the function, corresponding Data packet number.Then, assessment personnel can estimate zone bit information by checking the data packet got.Later, test and assess people Member can choose characteristic statistics option, and input the zone bit information estimated;When terminal detects characteristic statistics operation, obtain The zone bit information of assessment personnel input, and it is based on the zone bit information, designated length is determined from the designated position of data packet Condition code;After condition code has been determined, terminal can count the number that the condition code of the determination occurs in the packet, and will The number of condition code and statistics is shown.Assessment personnel can will execute corresponding data packet number and system when a certain function The number of meter is compared, if identical, it is determined that currently determining condition code is to want the feature of certain the class data obtained Code.
For example, when assessment personnel want to obtain the packet of propagandaing directed to communicate in target software, but do not know that the condition code of packet of propagandaing directed to communicate is What, at this point, assessment personnel can execute operation of propagandaing directed to communicate by target software, it is assumed that operation of propagandaing directed to communicate has continuously performed twice, Then correspond to two packets of propagandaing directed to communicate.Later, assessment personnel check multiple data packets, and the zone bit information for estimating packet of propagandaing directed to communicate is a line one Column, two bytes, and by selection characteristic statistics option, the zone bit information estimated is had input in information set interface; Terminal obtains the zone bit information, and according to the zone bit information, in the first row first row after detecting characteristic statistics instruction The data of 2 bytes are searched at place, and the data of find two bytes are determined as condition code;Later, terminal is in data packet The number that the middle condition code for counting two bytes occurs, and the number of this feature code and statistics is shown.Assessment personnel Judge whether this feature code is the condition code of packet of propagandaing directed to communicate by the number of statistics, when the number of statistics is twice, with packet of propagandaing directed to communicate Number is identical, and assessment personnel can then determine that this feature code is the condition code of packet of propagandaing directed to communicate, otherwise, it is determined that be not.
By the above method, the personnel of assessment can easily determine condition code, compared in the related technology by artificially looking into The method for looking for count feature code to determine the condition code for wanting acquisition, saves a large amount of time, improves work efficiency.
It should be noted that when assessment personnel are carried out by data packet of the method in step 201-204 to target software After analysis, based on analysis as a result, assessment personnel can write script and further be tested and assessed to target software.At this point, surveying Personnel are commented to can choose the script option of user interface, terminal can carry out the script write when detecting script option It compiles and runs, and show the compile error information in compilation process, so that assessment personnel carry out subsequent be modified.Except this it Outside, the embodiment of the invention also provides the temporary interfaces for test is avoided with facilitating assessment personnel to complete software test code When code malfunctions in the related technology, it has to which the problem of being repeatedly injected DLL main program shorten the time of debugging interface.
In embodiments of the present invention, terminal is connect by the way that DLL main program is directly injected into target process to obtain target software The data packet received and sent, and the data packet got is analyzed, since data packet is obtained from the process of target software It takes, that is to say, the data packet got belongs to the data packet of target software, therefore, eliminates in the prior art from multiple The process of the data packet of target software is determined in data packet, and since the data packet is directly obtained from target process, Compared to the data packet grabbed from network interface card, not comprising there is a large amount of hardware information, therefore, the data volume of data packet is reduced, more It is easy to the personnel of testing and assessing to test and assess to target software.
In addition, software assessment method provided in an embodiment of the present invention is also based on the data packet analysis operation detected, Analysis is filtered to the data packet got by DLL main program and characteristic statistics are analyzed, is obtained for assessment personnel and wants to obtain The data taken are brought convenience, and save the time.Meanwhile by the function information look facility in this method, the personnel that test and assess can be with The parameter of arbitrary function is easily got, and is modified to the parameter of the function, later, by DLL main program to repairing Target software after changing parameter carries out testing research, compared to the prior art in, assessment personnel write for each test item The method that program is tested, the method for the embodiment of the present invention greatly alleviate the heavy duplicate work of assessment personnel.
In addition to this, method provided in an embodiment of the present invention applies also for carrying out conversed analysis and research to software, passes through Filtering function and characteristic statistics function in this method, what researcher can be convenient gets the target software for wanting acquisition Related data, and research and analysis are carried out to target software based on the data got, it is provided more for conversed analysis and research For the help of intelligence.
Fig. 3 A is a kind of block diagram of software assessment device 300 provided in an embodiment of the present invention, referring to Fig. 3 A, the device packet Include: injection module 301, first obtains module 302 and analysis module 303.
DLL main program is injected into target process by injection module 301, and DLL main program is currently to be tested and assessed for obtaining The data packet of target software received or sent simultaneously analyzes data packet, and target process is the process of target software;
First obtains module 302, for obtaining what target software received or sent from target process by DLL main program Data packet;
Analysis module 303, for being operated based on data packet analysis, passing through DLL master when detecting data packet analysis operation Program analyzes the data packet of acquisition, so that assessment personnel are based on analysis result and test and assess to target software.
Optionally, referring to Fig. 3 B, the device 300 further include:
Second obtains module 304, detects that function information checks instruction and function information is checked in instruction and carried for working as When the address of objective function to be viewed, the address based on objective function obtains and the parameter of displaying target function, objective function Address be store objective function address;
Modified module 305, for being instructed to mesh based on parameter modification when the parameter for detecting objective function modifies instruction The parameter of scalar functions is modified.
Optionally, referring to Fig. 3 C, analysis module 303 includes:
Acquisition submodule 3031, for being to carry filtering characters in filter operation and filter operation when data packet analysis operation When with filtering rule, filtering characters are based on, the data comprising filtering characters are determined from the data packet of acquisition;
Submodule 3032 is handled, for being based on filtering rule, corresponding operation is executed to the data comprising filtering characters.
Optionally, referring to Fig. 3 D, analysis module 303 includes:
Submodule 3033 is determined, for carrying when data packet analysis operation is characterized in statistical operation and characteristic statistics operation When zone bit information, it is based on zone bit information, determines that condition code, zone bit information are used to indicate from obtaining from the data packet of acquisition The designated position of the data packet taken determines the condition code of designated length;
Statistic submodule 3034, for what is occurred in the data packet of acquisition based on determining condition code, statistical nature code Number.
Optionally, referring to Fig. 3 E, the device 300 further include:
Display module 306, for showing information set interface when detecting information setting instruction;
Setup module 307, the setting information inputted in information set interface for obtaining assessment personnel, setting information packet The filtering characters and filtering rule being filtered to the data packet of acquisition are included, and the data of acquisition are carried out with the mark of characteristic statistics Will position information.
In conclusion the embodiment of the present invention is connect by the way that DLL main program is directly injected into target process to obtain target software The data packet received and sent, and the data packet got is analyzed, since data packet is obtained from the process of target software It takes, that is to say, the data packet got belongs to the data packet of target software, therefore, eliminates in the prior art from multiple The process of the data packet of target software is determined in data packet, and since the data packet is directly obtained from target process, Compared to the data packet grabbed from network interface card, not comprising there is a large amount of hardware information, therefore, the data volume of data packet is reduced, more It is easy to the personnel of testing and assessing to test and assess to target software.
In addition, software assessment method provided in an embodiment of the present invention is also based on the data packet analysis operation detected, Analysis is filtered to the data packet got by DLL main program and characteristic statistics are analyzed, is obtained for assessment personnel and wants to obtain The data taken are brought convenience, and save the time.Meanwhile by the function information look facility in this method, the personnel that test and assess can be with The parameter of arbitrary function is easily got, and is modified to the parameter of the function, later, by DLL main program to repairing Target software after changing parameter carries out testing research, compared to the prior art in, assessment personnel write for each test item The method that program is tested, the method for the embodiment of the present invention greatly alleviate the heavy duplicate work of assessment personnel.
It should be understood that software assessment device provided by the above embodiment is when triggering software assessment, only with above-mentioned each The division progress of functional module can according to need and for example, in practical application by above-mentioned function distribution by different function Energy module is completed, i.e., the internal structure of equipment is divided into different functional modules, to complete whole described above or portion Divide function.In addition, software assessment device provided by the above embodiment and software assessment method embodiment belong to same design, have Body realizes that process is detailed in embodiment of the method, and which is not described herein again.
Those of ordinary skill in the art will appreciate that realizing that all or part of the steps of above-described embodiment can pass through hardware It completes, relevant hardware can also be instructed to complete by program, the program can store in a kind of computer-readable In storage medium, storage medium mentioned above can be read-only memory, disk or CD etc..
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all in spirit of the invention and Within principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.

Claims (8)

1. a kind of software assessment method, which is characterized in that the described method includes:
Dynamic link library (DLL) main program is injected into target process, the DLL main program is for obtaining mesh currently to be tested and assessed It marks the data packet of software received or sent and the data packet is analyzed, the target process is the target software Process;
The data packet that the target software receives or sends is obtained from the target process by the DLL main program;
When detecting information setting instruction, information set interface is shown;
The setting information that assessment personnel input in the information set interface is obtained, the setting information includes to the acquisition The data packet filtering characters and filtering rule that are filtered, and the data of the acquisition are carried out with the flag bit of characteristic statistics Information;
When detecting data packet analysis operation, packet analysis operation and the setting information, pass through the DLL based on the data Main program analyzes the data packet of acquisition, so that the assessment personnel are based on analysis result and survey to the target software It comments.
2. the method according to claim 1, wherein described obtain the target software from the target process After the data packet received or sent, further includes:
When detecting that function information checks instruction and the function information checks in instruction and carries the ground of objective function to be viewed When location, the address based on the objective function obtains and shows the parameter of the objective function, and the address of the objective function is Store the address of the objective function;
When the parameter for detecting the objective function modifies instruction, modification instruction is to the objective function based on the parameter Parameter is modified.
3. the method according to claim 1, wherein it is described when detect data packet analysis operation when, be based on institute Data packet analysis operation is stated, the data packet of acquisition is analyzed, comprising:
When data packet analysis operation is to carry filtering characters and filtering rule in filter operation and the filter operation, base In the filtering characters, the data comprising the filtering characters are determined from the data packet of the acquisition;
Based on the filtering rule, corresponding operation is executed to the data comprising the filtering characters.
4. the method according to claim 1, wherein it is described when detect data packet analysis operation when, be based on institute Data packet analysis operation is stated, the data packet of acquisition is analyzed, comprising:
When data packet analysis operation, which is characterized, carries zone bit information in statistical operation and characteristic statistics operation, base In the zone bit information, determine that condition code, the zone bit information are used to indicate from described from the data packet of the acquisition The designated position of the data packet of acquisition determines the condition code of designated length;
Based on determining condition code, the number that described document information occurs in the data packet of the acquisition is counted.
5. a kind of software assessment device, which is characterized in that described device includes:
Injection module, for when detecting implant operation, dynamic link library (DLL) main program to be injected into target process, institute DLL main program is stated for obtaining the data packet of target software currently to be tested and assessed received or sent and carrying out to the data packet Analysis, the target process are the process of the target software;
First obtains module, for by the DLL main program obtained from the target process target software receive or The data packet of transmission;
Display module, for showing information set interface when detecting information setting instruction;
Setup module, the setting information inputted in the information set interface for obtaining assessment personnel, the setting information Including the filtering characters and filtering rule being filtered to the data packet of the acquisition, and the data of the acquisition are carried out special Levy the zone bit information of statistics;
Analysis module, for when detecting data packet analysis operation, packet analysis to be operated and setting letter based on the data Breath, analyzes the data packet of acquisition by the DLL main program, so that the assessment personnel are based on analysis result to described Target software is tested and assessed.
6. device according to claim 5, which is characterized in that described device further include:
Second obtain module, for when detect function information check instruction and the function information check instruction in carry it is to be checked When the address for the objective function seen, the address based on the objective function obtains and shows the parameter of the objective function, described The address of objective function is the address for storing the objective function;
Modified module, for modifying instruction pair based on the parameter when the parameter for detecting the objective function modifies instruction The parameter of the objective function is modified.
7. device according to claim 5, which is characterized in that the analysis module includes:
Acquisition submodule, for being to carry filtering characters in filter operation and the filter operation when data packet analysis operation When with filtering rule, the filtering characters are based on, the data comprising the filtering characters are determined from the data packet of the acquisition;
Submodule is handled, for being based on the filtering rule, corresponding behaviour is executed to the data comprising the filtering characters Make.
8. device according to claim 5, which is characterized in that the analysis module includes:
Submodule is determined, for carrying when data packet analysis operation is characterized in statistical operation and characteristic statistics operation When zone bit information, it is based on the zone bit information, condition code, the zone bit information are determined from the data packet of the acquisition It is used to indicate the condition code that designated length is determined from the designated position of the data packet of the acquisition;
Statistic submodule, for counting what described document information occurred in the data packet of the acquisition based on determining condition code Number.
CN201611249512.7A 2016-12-29 2016-12-29 A kind of software assessment method and device Active CN106681923B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611249512.7A CN106681923B (en) 2016-12-29 2016-12-29 A kind of software assessment method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611249512.7A CN106681923B (en) 2016-12-29 2016-12-29 A kind of software assessment method and device

Publications (2)

Publication Number Publication Date
CN106681923A CN106681923A (en) 2017-05-17
CN106681923B true CN106681923B (en) 2019-06-14

Family

ID=58873478

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611249512.7A Active CN106681923B (en) 2016-12-29 2016-12-29 A kind of software assessment method and device

Country Status (1)

Country Link
CN (1) CN106681923B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107329901B (en) * 2017-07-31 2021-09-28 腾讯科技(深圳)有限公司 Data packet capturing method, terminal, server and storage medium
CN108536484A (en) * 2018-03-26 2018-09-14 平安普惠企业管理有限公司 Parameter amending method, device, terminal device and storage medium
CN110875858B (en) * 2018-08-31 2023-06-27 北京京东尚科信息技术有限公司 Application test data grabbing method, system, equipment and storage medium
CN113535593B (en) * 2021-09-15 2022-10-11 广州锦行网络科技有限公司 Application program packet capturing method and device, electronic equipment and storage medium
CN113961240B (en) * 2021-12-20 2022-04-08 杭州安恒信息技术股份有限公司 Reverse analysis method for virtualization encryption program and related components
CN117473487A (en) * 2023-10-24 2024-01-30 联通(广东)产业互联网有限公司 Data processing method, electronic equipment and computer readable storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101997871A (en) * 2010-09-21 2011-03-30 电子科技大学 Device for quickly capturing, filtering and forwarding data
CN104156481A (en) * 2014-08-26 2014-11-19 北京软安科技有限公司 Android encryption communication detection device and method based on dynamic linking library injection

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070234328A1 (en) * 2006-03-01 2007-10-04 Microsoft Corporation File handling for test environments

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101997871A (en) * 2010-09-21 2011-03-30 电子科技大学 Device for quickly capturing, filtering and forwarding data
CN104156481A (en) * 2014-08-26 2014-11-19 北京软安科技有限公司 Android encryption communication detection device and method based on dynamic linking library injection

Also Published As

Publication number Publication date
CN106681923A (en) 2017-05-17

Similar Documents

Publication Publication Date Title
CN106681923B (en) A kind of software assessment method and device
CN102468985B (en) The method and system of penetration testing is carried out for Network Security Device
CN109145579A (en) Intelligent network joins automobile information secure authentication testing method and system
CN106649063A (en) Method and system used for monitoring time consuming data when program runs
De Lucia et al. An Eclipse plug-in for the detection of design pattern instances through static and dynamic analysis
CN103927473A (en) Method, device and system for detecting source code safety of mobile intelligent terminal
AU2018202153B2 (en) System and method for tool chain data capture through parser for empirical data analysis
CN107370740A (en) Redirect hold-up interception method and device
CN106295348A (en) The leak detection method of application program and device
CN105468508B (en) code detection method and device
CN108268371A (en) The intelligent fuzzy test method applied towards Android
CN105515909B (en) A kind of data acquisition test method and apparatus
CN106371993A (en) Testing method and testing device based on data packet
CN111753306B (en) Intelligent contract vulnerability detection method and device, electronic equipment and storage medium
CN108234246A (en) A kind of method and system of multidirectional server network performance
US10757402B2 (en) Camera certification for video surveillance systems
CN111258881A (en) Intelligent test system for workflow test
CN107317708A (en) The monitoring method and device of a kind of Court business application system
CN109857672A (en) A kind of formation gathering method, device, equipment and storage medium
CN103902590B (en) Premises automation method of testing and its device
CN106156630A (en) The leak detection method of a kind of application program installation kit and device
CN112506795A (en) Method, system, terminal and storage medium for testing security vulnerability of industrial control equipment
CN108628744B (en) Fault diagnosis method and device and electronic equipment
CN107733082A (en) A kind of relay protection device device abnormal information collection method and system
CN108427882B (en) Android software dynamic analysis detection method based on behavior feature extraction

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant