CN106897083A - A kind of method and device of security sweep - Google Patents
A kind of method and device of security sweep Download PDFInfo
- Publication number
- CN106897083A CN106897083A CN201510989505.XA CN201510989505A CN106897083A CN 106897083 A CN106897083 A CN 106897083A CN 201510989505 A CN201510989505 A CN 201510989505A CN 106897083 A CN106897083 A CN 106897083A
- Authority
- CN
- China
- Prior art keywords
- php
- function information
- interpreters
- information
- implementation procedure
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44594—Unloading
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Debugging And Monitoring (AREA)
Abstract
A kind of method and device of security sweep is the embodiment of the invention provides, PHP trace routines are created in PHP interpreters;The function information in the implementation procedure of the operation that the PHP interpreters are obtained for process compiling is tracked using the PHP trace routines;According to the function information, detect whether the utilization rate of processor corresponding with the PHP interpreters is less than predetermined threshold value;When the utilization rate for detecting the processor is less than the predetermined threshold value, pair terminal corresponding with the processor carries out security sweep.The embodiment of the present invention can in real time obtain the function information in the implementation procedure of operation and be exported, and the developer therefore, it is possible to facilitate PHP scripts quickly positions the problem of PHP scripts.
Description
Technical field
The present invention relates to field of computer technology, more particularly to a kind of method and device of security sweep.
Background technology
Generally operation has multiple processes in the operating systems such as Linux, Unix.At present, occur in process
During the problems such as long operational time, run-time error, it is necessary to by monitoring process come problem analysis the reason for.
Can be used in combination with for strace and pstack instruments by existing scheme, be used directly to find influence
The function call of process run time, then pair correlation function carries out code analysis and optimization targeted specifically.Its
In, strace instruments can track the first floor system that process uses and call, and exportable system is called and is performed
Time point and each call it is time-consuming;Pstack instruments can be to specifying PID (process ID, Process
Identity process output function call stack).
PHP (hypertext processor, Hypertext Preprocessor) script is a kind of by PHP explanations
Device is come the process that performs, but existing strace and pstack are merely capable of the system for providing PHP interpreters
Recalls information, and the information of PHP scripts cannot be provided, therefore, it is impossible to meet the analysis of PHP scripts
Demand.
The content of the invention
In view of the above problems, it is proposed that the present invention overcomes above mentioned problem or at least part of to provide one kind
The method and apparatus of a kind of security sweep that solve the above problems.
According to one aspect of the present invention, there is provided a kind of method of security sweep, methods described includes:
PHP trace routines are created in PHP interpreters;
The operation that the PHP interpreters are obtained for process compiling is tracked using the PHP trace routines
Implementation procedure in function information;
According to the function information, detecting the utilization rate of processor corresponding with the PHP interpreters is
It is no less than predetermined threshold value;
Detect the processor utilization rate be less than the predetermined threshold value when, pair with the processor pair
The terminal answered carries out security sweep.
Optionally, it is described to track the PHP interpreters for process volume using the PHP trace routines
The function information in the implementation procedure of the operation for obtaining is translated, is specifically included:
According to information to be monitored to the side-play amount of the relatively preset global variable of dependent variable, the variable is obtained
Address;And
Using the PHP trace routines, the implementation procedure of the address in the operation of the variable is monitored
In information.
Optionally, the PHP interpreters are tracked for process using the PHP trace routines described
Before function information in the implementation procedure of the operation that compiling is obtained, methods described also includes:
By reading shared drive, judge whether the corresponding pilot switch of the process is opened;
It is described using PHP trace routines tracking when the corresponding pilot switch of the process is opened
Function information in the implementation procedure of operation;
The function information is write into the shared drive, is read from the shared drive by command-line tool
Take the function information.
Optionally, the step of write-in shared drive by the function information, including:
The function information is write into the corresponding Memory Mapping File of process described in the shared drive.
Optionally, methods described also includes:
The operation that the PHP interpreters are obtained for process compiling is obtained using the PHP trace routines
Implementation procedure in call stack information.
Optionally, the opening and closing of the pilot switch are controlled by the command-line tool.
According to another aspect of the present invention, there is provided a kind of device of security sweep, described device includes:
Function creation unit, for creating PHP trace routines in PHP interpreters;
Monitoring unit, process is directed to for tracking the PHP interpreters using the PHP trace routines
Function information in the implementation procedure of the operation that compiling is obtained;
Detection unit, for according to the function information, detecting place corresponding with the PHP interpreters
Whether the utilization rate for managing device is less than predetermined threshold value;
Scanning element is right during for being less than the predetermined threshold value in the utilization rate for detecting the processor
Terminal corresponding with the processor carries out security sweep.
Optionally, the monitoring unit, specifically includes:
Address acquisition subelement, for according to information to be monitored to the inclined of the relatively preset global variable of dependent variable
Shifting amount, obtains the address of the variable;And
Monitoring subelement, for utilizing the PHP trace routines, monitors the address of the variable in institute
State the information in the implementation procedure of operation.
Optionally, described device also includes:
Judging unit, for tracking the PHP interpreters pin using the PHP trace routines described
Before function information in the implementation procedure of the operation obtained to process compiling, by reading shared drive,
Judge whether the corresponding pilot switch of the process is opened;
The monitoring unit, specifically for when the corresponding pilot switch of the process is opened, using described
PHP trace routines track the function information in the implementation procedure of the operation;
Then described device also includes:
Writing unit, for the function information to be write into the shared drive, by command-line tool from institute
State and read the function information in shared drive.
Optionally, said write unit, specifically for by the function information write-in shared drive
The corresponding Memory Mapping File of the process.
Optionally, described device also includes:
Stack information acquisition unit, for obtaining the PHP interpreters pin using the PHP trace routines
Call stack information in the implementation procedure of the operation obtained to process compiling;.
Optionally, the opening and closing of the pilot switch are controlled by the command-line tool.
A kind of method and device of security sweep according to embodiments of the present invention, creates in PHP interpreters
Build PHP trace routines;The PHP interpreters are tracked using the PHP trace routines to be compiled for process
The function information in the implementation procedure of the operation for obtaining is translated, function information here can be PHP functions
All function informations in the process of implementation, such as function name, function parameter, line number, filename information,
Also, the information such as function return value, function call time can also be obtained after the completion of function execution, this
Sample, can in real time obtain the function information in the implementation procedure of operation and be exported, therefore, it is possible to side
Just the developer of PHP scripts quickly positions the problem of PHP scripts;But also can be according to the letter
Number information, when the utilization rate for detecting processor corresponding with the PHP interpreters is less than predetermined threshold value,
The inessential process is chosen and removed from the process being currently running, in this way, can also be according to the letter
The utilization rate of number information monitor in real time processor, when utilization rate is less than the predetermined threshold value, removes described
Inessential process, so that the operating efficiency of the processor is improved.
Described above is only the general introduction of technical solution of the present invention, in order to better understand skill of the invention
Art means, and can be practiced according to the content of specification, and it is of the invention above and other in order to allow
Objects, features and advantages can become apparent, below especially exemplified by specific embodiment of the invention.
Brief description of the drawings
By reading the detailed description of hereafter optional embodiment, various other advantages and benefit are for this
Field those of ordinary skill will be clear understanding.Accompanying drawing is only used for showing the purpose of optional embodiment,
And it is not considered as limitation of the present invention.And in whole accompanying drawing, be denoted by the same reference numerals
Identical part.In the accompanying drawings:
Fig. 1 shows a kind of the first flow of the method for security sweep according to an embodiment of the invention
Figure;
Fig. 2 shows a kind of second flow of the method for security sweep according to an embodiment of the invention
Figure;
Fig. 3 shows a kind of structure chart of the device of security sweep according to an embodiment of the invention.
Specific embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although being shown in accompanying drawing
The exemplary embodiment of the disclosure, it being understood, however, that may be realized in various forms the disclosure without
Should be limited by embodiments set forth here.Conversely, there is provided these embodiments are able to more thoroughly
Understand the disclosure, and can by the scope of the present disclosure it is complete convey to those skilled in the art.
Referring to Fig. 1, a kind of method of security sweep is provided according to one embodiment of the invention, specifically may be used
To comprise the following steps:
S101, the establishment PHP trace routines in PHP interpreters;And
S102, the PHP interpreters are tracked using the PHP trace routines obtained for process compiling
Operation implementation procedure in function information;
S103, according to the function information, detection makes with the corresponding processor of PHP interpreters
Whether predetermined threshold value is less than with rate;
S104, detect the processor utilization rate be less than the predetermined threshold value when, pair with the place
The corresponding terminal of reason device carries out security sweep.
Wherein, PHP scripts typically can be by morphology parsing, syntax parsing, volume in PHP interpreters
Translate generation intermediate code and perform the steps such as intermediate code;Wherein, intermediate code is performed under default situations
Step has been performed by the zend_execute function calls in zend/zend_vm_execute.h files
Into for all of intermediate code, acquiescence realization is to perform in order, when function is run into
Execution is jumped out, the position jumped out is returned after having performed and is continued executing with.
In step S101, PHP trace routines, the PHP tracking are created in PHP interpreters
Program is specially PHPtrace functions, and PHPtrace functions are specifically a realization of class strace, different
, strace is called for tracing system, and PHPtrace functions can be used for following the trail of PHP functions tune
With so that the PHP trace routines for creating being capable of monitor in real time PHP function call informations.
Can be specifically a realization of class strace due to PHPtrace functions in specific implementation process,
The PHP trace routines are created such that it is able to framework directly according to strace.
Next step S102 is performed, it is in this step, described using PHP trace routines tracking
Function information in the implementation procedure of the operation that PHP interpreters are obtained for process compiling.
In specific implementation process, because the PHP trace routines are specifically a realization of class strace,
Obtained for process compiling such that it is able to monitor the PHP interpreters using the PHP trace routines
Operation implementation procedure in function information.
Specifically, being compiled for process by PHP interpreters described in the PHP trace routines monitor in real time
The all function call informations in the implementation procedure of the operation for obtaining are translated, it is of course also possible to monitor described
All function call informations of other scripts performed in PHP interpreters, the application is not specifically limited.
One of the core concepts of the embodiments of the present invention is that PHP tracking journeys are created in PHP interpreters
Sequence, the PHP trace routines are specially PHPtrace functions, and PHPtrace functions can be specifically class
One realization of strace, unlike, strace is called for tracing system, and PHPtrace functions
Can be used for following the trail of PHP function calls, and then cause after the PHP trace routines are created, profit
With described in the PHP trace routines operate (op, operation) implementation procedure in function information,
Here function information can be PHP functions all function informations in the process of implementation, such as function name,
The information such as function parameter, line number, filename, also, function can also be obtained after the completion of function execution
The information such as return value, function call time, so, can in real time obtain the letter in the implementation procedure of operation
Number information is simultaneously exported, and the developer therefore, it is possible to facilitate PHP scripts quickly positions PHP scripts
Problem.
In actual applications, each information of the acquisition can be write * data files, and by the * data
File is exported.Certainly, the embodiment of the present invention is not any limitation as to the specific way of output.
Next perform step S103, according to the function information, detection and the PHP interpreters pair
Whether the utilization rate of the processor answered is less than predetermined threshold value.
In specific implementation process, in the implementation procedure for getting the operation by step S102
After function information, during step S103 is performed, due to the operation be with the processor
The process of operation is corresponding, and the function information includes the information such as call function title, quantity,
In this way, the use of the processor by analyzing the function information, can be obtained according to analysis result
Whether rate, be less than the predetermined threshold value, less than the default threshold in the utilization rate for detecting the processor
During value, step S104 is performed, when not less than the predetermined threshold value, can continue to keep the state.
Specifically, the predetermined threshold value can set according to actual conditions, specifically could be arranged to small
In 20% numerical value, for example, can be 19%, 10%, 5% etc., to ensure being in for the processor
Idle condition, wherein, the span of the utilization rate is 0~100%.
For example, the function detected using the PHP trace routines in the implementation procedure of the operation is believed
After breath, the function information is analyzed, the use of the processor is characterized in the analysis result
When rate is 8%, if the predetermined threshold value is 10%, due to 8%<10%, then detect the processor
Utilization rate be less than the predetermined threshold value, perform step S104.
When the utilization rate for detecting the processor is less than the predetermined threshold value, step S104 is performed,
Pair terminal corresponding with the processor carries out security sweep.
In specific implementation process, when the utilization rate is detected less than the predetermined threshold value, using institute
Stating the fail-safe software installed in terminal carries out security sweep to the terminal, and the fail-safe software for example can be with
It is security guard's software such as 360 security guards.
Specifically, when the utilization rate is less than the predetermined threshold value, then may determine that the processor
Idle condition is in, at this moment, security sweep is carried out to the terminal by the fail-safe software, so that
Utilization rate of the processor in idle condition can be improved.
For example, the function detected using the PHP trace routines in the implementation procedure of the operation is believed
After breath, the function information is analyzed, the use of the processor is characterized in the analysis result
When rate is 8%, if the predetermined threshold value is 10%, due to 8%<10%, then detect the processor
Utilization rate be less than the predetermined threshold value, then using in the terminal install 360 fail-safe softwares pacified
Full scan.
In a kind of application scenarios of the invention, the execution of the address in the operation of variable can be monitored
Information in journey, to realize the purpose of the PHP code for analyzing information of interest.Correspondingly, the profit
The step of function information in the implementation procedure of the operation being tracked with the PHP trace routines, specifically
Can include:According to information to be monitored to the side-play amount of the relatively preset global variable of dependent variable, obtain described
The address of variable;And the PHP trace routines are utilized, the address of the variable is monitored in the behaviour
Information in the implementation procedure of work.Wherein, the information to be monitored can be various information of interest, example
Such as, it is possible to use GDB (GNU detects wrong device, GNU Debugger) obtains PHP script process
The preset global variable of some cores, and the PHP trace routines are utilized, monitor the ground of the variable
Information of the location in the implementation procedure of the operation.
In another application scenarios of the invention, " do not have when being shown in the online interface of PHP scripts
Have file " and when there is this document in file, it is possible to use the PHP trace routines positioning is above-mentioned
The reason for file inconsistence problems.Correspondingly, the function information in the implementation procedure for monitoring the operation
In, it is found that the return value of function opendir () reports an error, and opendir () is for opening catalogue
The function of handle, therefore be the reason for above-mentioned file inconsistence problems can be positioned:Catalogue is opened to go wrong,
Rather than in file do not exist file.
Certainly, above-mentioned application scenarios are intended only as example, those skilled in the art can according to the actual requirements,
The embodiment of the present invention is applied to other application scene, is such as used to position " certain function timing is long "
The reason for, or, for positioning the reason for " it is long that PHP scripts perform the time " etc., the present invention is implemented
Example is not any limitation as to specific application scenarios.
To sum up, the operation of PHP interpreters is performed function and replaces with preset monitoring by the embodiment of the present invention
Function, and track what the PHP interpreters were obtained for process compiling using the PHP trace routines
Function information in the implementation procedure of operation, function information here can performed for PHP functions
All function informations in journey, such as function name, function parameter, line number, filename information, also,
The information such as function return value, function call time can also be obtained after the completion of function execution, so, can
With it is real-time obtain operation implementation procedure in function information and exported, therefore, it is possible to facilitate PHP
The developer of script quickly positions the problem of PHP scripts;But also can according to the function information,
When the utilization rate for detecting processor corresponding with the PHP interpreters is less than predetermined threshold value, from
The inessential process is chosen and removed in the process of operation, in this way, can also be according to the function information
The utilization rate of monitor in real time processor, when utilization rate is less than the predetermined threshold value, removes described inessential
Process, so that the operating efficiency of the processor is improved.
Referring to Fig. 2, one embodiment of the invention provides a kind of method of security sweep, can specifically wrap
Include following steps:
S201, the establishment PHP trace routines in PHP interpreters;
S202, by reading shared drive, judge whether the corresponding pilot switch of the process is opened;
S203, when the corresponding pilot switch of the process is opened, using the PHP trace routines with
Function information in the implementation procedure of the operation that PHP interpreters described in track are obtained for process compiling;
S204, the function information is write into the shared drive, by command-line tool from it is described it is shared in
Deposit the middle reading function information;
S205, according to the function information, detection makes with the corresponding processor of PHP interpreters
Whether predetermined threshold value is less than with rate;
S206, detect the processor utilization rate be less than the predetermined threshold value when, pair with the place
The corresponding terminal of reason device carries out security sweep.
Relative to embodiment illustrated in fig. 1, the present embodiment creates PHP trace routines in PHP interpreters
Afterwards, can in shared drive the corresponding pilot switch of storage process, and sentenced by reading shared drive
Whether the corresponding pilot switch of the process of breaking is opened, such that it is able to be determined whether to open according to judged result
Or close monitoring function;Wherein, when the corresponding pilot switch of the process is opened, monitoring can be opened
Function, and track what the PHP interpreters were obtained for process compiling using the PHP trace routines
Function information in the implementation procedure of operation;When the corresponding pilot switch of the process is closed, Ke Yiguan
Close monitoring function.
In actual applications, it is the pilot switch of all processes in storage program area, can in shared drive
With the pilot switch of the preset number that is stored with, preset number can be 2 as described16Etc., certainly, this
Inventive embodiments are not any limitation as to the concrete numerical value of the preset number.
It is described that the function information is write into the shared drive in a kind of alternative embodiment of the invention
The step of, can specifically include:The function information is write into process correspondence described in the shared drive
Memory Mapping File.One region of address space can be retained by Memory Mapping File, while will
Physical storage submits to this region, and simply the physical storage of memory limited has been deposited from one
It is the file on disk, and the page file of nonsystematic, and it is necessary before being operated to this document
File is mapped first, internal memory is loaded into from disk just as by whole file.It can thus be seen that
When being stored in the file on disk using Memory Mapping File treatment, it will not be necessary to perform I/O to file again (defeated
Enter/export, Input/Output) operation, it means that when processing file need not be again text
Part application simultaneously distributes caching, and all of file cache operation is directly managed by operating system, due to cancelling
File data is loaded into internal memory, data to be walked from the interior write-back for being stored to file and releasing memory block etc.
Suddenly so that it is fast fast with reading that Memory Mapping File can play writing speed when the file of big data quantity is processed
The fast effect of degree.Mmap files are a kind of example of Memory Mapping File, certain embodiment of the present invention pair
Specific Memory Mapping File is not any limitation as.
In another embodiment, the invention provides a kind of method of security sweep, methods described is also wrapped
Include:
The operation that the PHP interpreters are obtained for process compiling is obtained using the PHP trace routines
Implementation procedure in call stack information.
Relative to embodiment illustrated in fig. 1, the present embodiment is except can be with the execution of monitoring process respective operations
Outside function information in journey, PHP interpreters can also be obtained using PHP trace routines lookup and held
Call stack information in capable each operation implementation procedure, namely each of PHP interpreters execution can be provided
The snapshot functions of the call stack information in operation implementation procedure, PHP is directly obtained relative to using pstack
The call stack information of interpreter is merely capable of reflecting the execution information of PHP interpreters, for example:
pstack 3130
0x00000035ee6accc0in__nanosleep_nocancel()from/lib64/libc.so.6
0x00000035ee6acb50in sleep()from/lib64/libc.so.6
0x0000000000714f23in zif_sleep()
0x00000000008e36cd in execute_internal()
0x00007f27b38b2b77in phptrace_execute_core()from/home/renyongquan
/opt/php5.4.35/lib/php/extensions/debug-non-zts-20100525/phptrace.so
0x00007f27b38b2c04in phptrace_execute_internal()from/home/renyongq
uan/opt/php5.4.35/lib/php/extensions/debug-non-zts-20100525/phptrace.so
0x00000000008e44bc in zend_do_fcall_common_helper_SPEC()
3130 for php-fpm process ID, the call stack of PHP interpreters when being viewed by pstack,
But for a PHP developer, it is desirable that the call stack of PHP scripts in PHP interpreters,
Can specifically be obtained by phptrace functions, it is specific as follows:
./phptrace-p 3130-s
phptrace 0.1demo,published by infra webcore team
Process id=3130
Script_filename=/home/renyongquan/opt/nginx//webapp/bloc k.php
[0x7f27b9a99dc8]sleep/home/renyongquan/opt/nginx/webapp/block.php:6
[0x7f27b9a99d08]say/home/renyongquan/opt/nginx/webapp/block.php:3
[0x7f27b9a99c50]run/home/renyongquan/opt/nginx/webapp/block.php:10
The first row of program output is version information, and the second row shows its process PID, and the third line is to work as
The PHP scripts of preceding execution, are exactly call stack information since fourth line, from above- mentioned information as can be seen that
Outermost layer run function calls say functions, finally have invoked sleep functions, in this way, can be by institute
Stating PHPtrace functions can obtain the running state information of PHP scripts, therefore, it is possible to facilitate PHP pin
This developer quickly positions the problem of PHP scripts.
For embodiment of the method, in order to be briefly described, therefore it is all expressed as a series of combination of actions,
But those skilled in the art should know, the embodiment of the present invention is not limited by described sequence of movement
System, because according to the embodiment of the present invention, some steps can sequentially or simultaneously be carried out using other.Its
Secondary, those skilled in the art should also know, embodiment described in this description belongs to optional implementation
Example, necessary to the involved action not necessarily embodiment of the present invention.
Based on technology design same as mentioned above, one embodiment of the invention provides a kind of safety and sweeps
The device retouched, referring to Fig. 3, described device includes:
Function creation unit 301, for creating PHP trace routines in PHP interpreters;
Monitoring unit 302, is directed to for tracking the PHP interpreters using the PHP trace routines
Function information in the implementation procedure of the operation that process compiling is obtained;
Detection unit 303, for according to the function information, detecting corresponding with the PHP interpreters
Whether the utilization rate of processor is less than predetermined threshold value;
Scanning element 304, during for being less than the predetermined threshold value in the utilization rate for detecting the processor,
Pair terminal corresponding with the processor carries out security sweep.
Specifically, monitoring unit 302, specifically includes:
Address acquisition subelement, for according to information to be monitored to the inclined of the relatively preset global variable of dependent variable
Shifting amount, obtains the address of the variable;And
Monitoring subelement, for utilizing the PHP trace routines, monitors the address of the variable in institute
State the information in the implementation procedure of operation.
Specifically, described device also includes:
Judging unit, for tracking the PHP interpreters pin using the PHP trace routines described
Before function information in the implementation procedure of the operation obtained to process compiling, by reading shared drive,
Judge whether the corresponding pilot switch of the process is opened;
Monitoring unit 302, specifically for when the corresponding pilot switch of the process is opened, using described
PHP trace routines track the function information in the implementation procedure of the operation;
Then described device also includes:
Writing unit, for the function information to be write into the shared drive, by command-line tool from institute
State and read the function information in shared drive.
Specifically, said write unit, specifically for by the function information write-in shared drive
The corresponding Memory Mapping File of the process.
Specifically, described device also includes:
Stack information acquisition unit, for obtaining the PHP interpreters pin using the PHP trace routines
Call stack information in the implementation procedure of the operation obtained to process compiling.
Specifically, the opening and closing of the pilot switch are controlled by the command-line tool.
In actual applications, described device and command-line tool can also be communicated by heartbeat mechanism,
Wherein, described device and command-line tool can mutually send heartbeat message, wherein, when described device exists
When the heartbeat message of command-line tool transmission is not received in heart beat cycle, it is believed that the communication connection of the two
Disconnect, therefore monitoring function can be closed, to save the resource of necessary for monitoring.
For device embodiment, because it is substantially similar to embodiment of the method, so the comparing of description
Simply, the relevent part can refer to the partial explaination of embodiments of method.
Algorithm and display be not solid with any certain computer, virtual system or miscellaneous equipment provided herein
There is correlation.Various general-purpose systems can also be used together with based on teaching in this.As described above,
It is obvious to construct the structure required by this kind of system.Additionally, the present invention is not also for any specific
Programming language.It is understood that, it is possible to use various programming languages realize the content of invention described herein,
And the description done to language-specific above is to disclose preferred forms of the invention.
In specification mentioned herein, numerous specific details are set forth.It is to be appreciated, however, that this
Inventive embodiment can be put into practice in the case of without these details.In some instances, not
Known method, structure and technology are shown specifically, so as not to obscure the understanding of this description.
Similarly, it will be appreciated that in order to simplify the disclosure and help understand in each inventive aspect
Or it is multiple, in above to the description of exemplary embodiment of the invention, each feature of the invention is sometimes
It is grouped together into single embodiment, figure or descriptions thereof.However, should not be by the disclosure
Method be construed to reflect following intention:I.e. the present invention for required protection requirement ratio is in each claim
The middle more features of feature be expressly recited.More precisely, as the following claims reflect
As, inventive aspect is all features less than single embodiment disclosed above.Therefore, it then follows
Thus claims of specific embodiment are expressly incorporated in the specific embodiment, wherein each right
It is required that in itself all as separate embodiments of the invention.
Those skilled in the art are appreciated that can be carried out certainly to the module in the equipment in embodiment
Adaptively change and they are arranged in one or more equipment different from the embodiment.Can be with
Module or unit or component in embodiment is combined into a module or unit or component, and in addition may be used
To be divided into multiple submodule or subelement or sub-component.Except such feature and/or process or
Outside at least some in unit exclude each other, can be using any combinations to this specification (including companion
With claim, summary and accompanying drawing) disclosed in all features and so disclosed any method or
All processes or unit of person's equipment are combined.Unless expressly stated otherwise, this specification (including companion
With claim, summary and accompanying drawing) disclosed in each feature can it is identical by offers, equally or phase
Replace like the alternative features of purpose.
Although additionally, it will be appreciated by those of skill in the art that some embodiments described herein include it
Some included features are rather than further feature, but the group of the feature of different embodiments in its embodiment
Conjunction means to be within the scope of the present invention and formed different embodiments.For example, in following power
In sharp claim, the one of any of embodiment required for protection mode can make in any combination
With.
All parts embodiment of the invention can be realized with hardware, or be processed with one or more
The software module run on device is realized, or is realized with combinations thereof.Those skilled in the art should
Understand, basis can be realized using microprocessor or digital signal processor (DSP) in practice
Some or all parts in the method and apparatus of the security sweep of the embodiment of the present invention some or
Repertoire.The present invention is also implemented as the part or complete for performing method as described herein
The equipment or program of device (for example, computer program and computer program product) in portion.Such reality
Existing program of the invention can be stored on a computer-readable medium, or can have one or more
The form of signal.Such signal can be downloaded from Internet platform and obtained, or on carrier signal
There is provided, or provided in any other form.
It should be noted that above-described embodiment the present invention will be described rather than limiting the invention,
And those skilled in the art can design replacement without departing from the scope of the appended claims
Embodiment.In the claims, any reference symbol being located between bracket should not be configured to right
It is required that limitation.Word " including " do not exclude the presence of element or step not listed in the claims.Position
Word "a" or "an" before element does not exclude the presence of element as multiple.The present invention can
To be realized by means of the hardware for including some different elements and by means of properly programmed computer.
If in the unit claim for listing equipment for drying, several in these devices can be by same
Individual hardware branch is embodied.The use of word first, second, and third does not indicate that any order.
These words can be construed to title.
The present invention discloses A1, a kind of method of security sweep, it is characterised in that methods described includes:
PHP trace routines are created in PHP interpreters;
The operation that the PHP interpreters are obtained for process compiling is tracked using the PHP trace routines
Implementation procedure in function information;
According to the function information, detecting the utilization rate of processor corresponding with the PHP interpreters is
It is no less than predetermined threshold value;
Detect the processor utilization rate be less than the predetermined threshold value when, pair with the processor pair
The terminal answered carries out security sweep.
A2, the method as described in A1, it is characterised in that described using PHP trace routines tracking
Function information in the implementation procedure of the operation that the PHP interpreters are obtained for process compiling, specifically
Including:
According to information to be monitored to the side-play amount of the relatively preset global variable of dependent variable, the variable is obtained
Address;And
Using the PHP trace routines, the implementation procedure of the address in the operation of the variable is monitored
In information.
A3, the method as described in A1, it is characterised in that it is described using the PHP trace routines with
Before function information in the implementation procedure of the operation that PHP interpreters described in track are obtained for process compiling,
Methods described also includes:
By reading shared drive, judge whether the corresponding pilot switch of the process is opened;
It is described using PHP trace routines tracking when the corresponding pilot switch of the process is opened
Function information in the implementation procedure of operation;
The function information is write into the shared drive, is read from the shared drive by command-line tool
Take the function information.
A4, the method as described in A3, it is characterised in that described that function information write-in is described common
The step of enjoying internal memory, including:
The function information is write into the corresponding Memory Mapping File of process described in the shared drive.
A5, the method as described in A1 or A2 or A3 or A4, it is characterised in that methods described is also wrapped
Include:
The operation that the PHP interpreters are obtained for process compiling is obtained using the PHP trace routines
Implementation procedure in call stack information.
A6, the method as described in A3, it is characterised in that the opening and closing of the pilot switch are by institute
State command-line tool control.
B7, a kind of device of security sweep, it is characterised in that described device includes:
Function creation unit, for creating PHP trace routines in PHP interpreters;
Monitoring unit, process is directed to for tracking the PHP interpreters using the PHP trace routines
Function information in the implementation procedure of the operation that compiling is obtained;
Detection unit, for according to the function information, detecting place corresponding with the PHP interpreters
Whether the utilization rate for managing device is less than predetermined threshold value;
Scanning element is right during for being less than the predetermined threshold value in the utilization rate for detecting the processor
Terminal corresponding with the processor carries out security sweep.
B8, the device as described in B7, it is characterised in that the monitoring unit, specifically include:
Address acquisition subelement, for according to information to be monitored to the inclined of the relatively preset global variable of dependent variable
Shifting amount, obtains the address of the variable;And
Monitoring subelement, for utilizing the PHP trace routines, monitors the address of the variable in institute
State the information in the implementation procedure of operation.
B9, the device as described in B7, it is characterised in that described device also includes:
Judging unit, for tracking the PHP interpreters pin using the PHP trace routines described
Before function information in the implementation procedure of the operation obtained to process compiling, by reading shared drive,
Judge whether the corresponding pilot switch of the process is opened;
The monitoring unit, specifically for when the corresponding pilot switch of the process is opened, using described
PHP trace routines track the function information in the implementation procedure of the operation;
Then described device also includes:
Writing unit, for the function information to be write into the shared drive, by command-line tool from institute
State and read the function information in shared drive.
B10, the device as described in B9, it is characterised in that said write unit, specifically for by institute
State function information and write the corresponding Memory Mapping File of process described in the shared drive.
B11, the device as described in B7 or B8 or B9 or B10, it is characterised in that described device is also
Including:
Stack information acquisition unit, for obtaining the PHP interpreters pin using the PHP trace routines
Call stack information in the implementation procedure of the operation obtained to process compiling.
B12, the device as described in B9, it is characterised in that the opening and closing of the pilot switch by
The command-line tool control.
Claims (10)
1. a kind of method of security sweep, it is characterised in that methods described includes:
PHP trace routines are created in PHP interpreters;
The operation that the PHP interpreters are obtained for process compiling is tracked using the PHP trace routines
Implementation procedure in function information;
According to the function information, detecting the utilization rate of processor corresponding with the PHP interpreters is
It is no less than predetermined threshold value;
Detect the processor utilization rate be less than the predetermined threshold value when, pair with the processor pair
The terminal answered carries out security sweep.
2. the method for claim 1, it is characterised in that described to track journey using the PHP
Sequence tracks the function information in the implementation procedure of the operation that the PHP interpreters are obtained for process compiling,
Specifically include:
According to information to be monitored to the side-play amount of the relatively preset global variable of dependent variable, the variable is obtained
Address;And
Using the PHP trace routines, the implementation procedure of the address in the operation of the variable is monitored
In information.
3. the method for claim 1, it is characterised in that described using PHP tracking
Program tracks the function letter in the implementation procedure of the operation that the PHP interpreters are obtained for process compiling
Before breath, methods described also includes:
By reading shared drive, judge whether the corresponding pilot switch of the process is opened;
It is described using PHP trace routines tracking when the corresponding pilot switch of the process is opened
Function information in the implementation procedure of operation;
The function information is write into the shared drive, is read from the shared drive by command-line tool
Take the function information.
4. method as claimed in claim 3, it is characterised in that described by function information write-in
The step of shared drive, including:
The function information is write into the corresponding Memory Mapping File of process described in the shared drive.
5. method as claimed in claim 1 or 2 or 3 or 4, it is characterised in that methods described is also
Including:
The operation that the PHP interpreters are obtained for process compiling is obtained using the PHP trace routines
Implementation procedure in call stack information.
6. method as claimed in claim 3, it is characterised in that the unlatching of the pilot switch and pass
Close and controlled by the command-line tool.
7. a kind of device of security sweep, it is characterised in that described device includes:
Function creation unit, for creating PHP trace routines in PHP interpreters;
Monitoring unit, process is directed to for tracking the PHP interpreters using the PHP trace routines
Function information in the implementation procedure of the operation that compiling is obtained;
Detection unit, for according to the function information, detecting place corresponding with the PHP interpreters
Whether the utilization rate for managing device is less than predetermined threshold value;
Scanning element is right during for being less than the predetermined threshold value in the utilization rate for detecting the processor
Terminal corresponding with the processor carries out security sweep.
8. device as claimed in claim 7, it is characterised in that the monitoring unit, specifically includes:
Address acquisition subelement, for according to information to be monitored to the inclined of the relatively preset global variable of dependent variable
Shifting amount, obtains the address of the variable;And
Monitoring subelement, for utilizing the PHP trace routines, monitors the address of the variable in institute
State the information in the implementation procedure of operation.
9. device as claimed in claim 7, it is characterised in that described device also includes:
Judging unit, for tracking the PHP interpreters pin using the PHP trace routines described
Before function information in the implementation procedure of the operation obtained to process compiling, by reading shared drive,
Judge whether the corresponding pilot switch of the process is opened;
The monitoring unit, specifically for when the corresponding pilot switch of the process is opened, using described
PHP trace routines track the function information in the implementation procedure of the operation;
Then described device also includes:
Writing unit, for the function information to be write into the shared drive, by command-line tool from institute
State and read the function information in shared drive.
10. device as claimed in claim 9, it is characterised in that said write unit, specifically for
The function information is write into the corresponding Memory Mapping File of process described in the shared drive.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510989505.XA CN106897083A (en) | 2015-12-24 | 2015-12-24 | A kind of method and device of security sweep |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510989505.XA CN106897083A (en) | 2015-12-24 | 2015-12-24 | A kind of method and device of security sweep |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106897083A true CN106897083A (en) | 2017-06-27 |
Family
ID=59191169
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510989505.XA Pending CN106897083A (en) | 2015-12-24 | 2015-12-24 | A kind of method and device of security sweep |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106897083A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113946500A (en) * | 2021-04-30 | 2022-01-18 | 重庆电子工程职业学院 | Tracking test method, system, storage medium and equipment for multi-mode mobile terminal |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104298711A (en) * | 2014-09-12 | 2015-01-21 | 百度在线网络技术(北京)有限公司 | Method and device for scanning information to be scanned and computer equipment |
| CN104462983A (en) * | 2013-09-22 | 2015-03-25 | 深圳市腾讯计算机系统有限公司 | PHP source code processing method and system |
| CN104536870A (en) * | 2014-12-31 | 2015-04-22 | 北京奇虎科技有限公司 | Process monitoring method and device |
| CN104766010A (en) * | 2015-03-10 | 2015-07-08 | 北京汉柏科技有限公司 | Method for solving scanning storm of antivirus program |
| CN105045661A (en) * | 2015-08-05 | 2015-11-11 | 北京瑞星信息技术有限公司 | Scan task scheduling method and system |
-
2015
- 2015-12-24 CN CN201510989505.XA patent/CN106897083A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104462983A (en) * | 2013-09-22 | 2015-03-25 | 深圳市腾讯计算机系统有限公司 | PHP source code processing method and system |
| CN104298711A (en) * | 2014-09-12 | 2015-01-21 | 百度在线网络技术(北京)有限公司 | Method and device for scanning information to be scanned and computer equipment |
| CN104536870A (en) * | 2014-12-31 | 2015-04-22 | 北京奇虎科技有限公司 | Process monitoring method and device |
| CN104766010A (en) * | 2015-03-10 | 2015-07-08 | 北京汉柏科技有限公司 | Method for solving scanning storm of antivirus program |
| CN105045661A (en) * | 2015-08-05 | 2015-11-11 | 北京瑞星信息技术有限公司 | Scan task scheduling method and system |
Non-Patent Citations (1)
| Title |
|---|
| 山外青山: "phptrace 统计功能", 《HTTP://UDN.YYUAP.COM/THREAD-42551-1-1.HTML》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113946500A (en) * | 2021-04-30 | 2022-01-18 | 重庆电子工程职业学院 | Tracking test method, system, storage medium and equipment for multi-mode mobile terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10380350B1 (en) | Efficient and comprehensive source code fuzzing | |
| US10664601B2 (en) | Method and system automatic buffer overflow warning inspection and bug repair | |
| Shu et al. | Javapdg: A new platform for program dependence analysis | |
| KR20190041912A (en) | System for detecting security vulnerability based on binary, method and program thereof | |
| JP7047969B2 (en) | Systems and methods for parallel execution and comparison of related processes for fault protection | |
| Hedin et al. | Value-sensitive hybrid information flow control for a javascript-like language | |
| CN104536870B (en) | A kind of process monitoring method and device | |
| CN103389939A (en) | Detection method and detection system for controlled heap allocation bug | |
| EP2972828B1 (en) | Operating system support for contracts | |
| US20230050691A1 (en) | System for detecting malicious programmable logic controller code | |
| Endo et al. | Noderacer: Event race detection for node. js applications | |
| Park et al. | unicorn: a unified approach for localizing non‐deadlock concurrency bugs | |
| Van Deursen et al. | A systematic aspect-oriented refactoring and testing strategy, and its application to JHotDraw | |
| Zhou et al. | Ferry:{State-Aware} symbolic execution for exploring {State-Dependent} program paths | |
| Jeon et al. | Automated crash filtering using interprocedural static analysis for binary codes | |
| CN106897083A (en) | A kind of method and device of security sweep | |
| US9841960B2 (en) | Dynamic provision of debuggable program code | |
| CN106897051A (en) | A kind of method and device of process cleaning | |
| EP2972880A1 (en) | Kernel functionality checker | |
| US20160077950A1 (en) | Methods, circuits, apparatus, systems and associated software modules for evaluating code behavior | |
| CN106897050A (en) | A kind of method and device of process cleaning | |
| Musliner et al. | Fuzzbomb: Autonomous cyber vulnerability detection and repair | |
| Meng et al. | Interactive WCET prediction with warning for timeout risk | |
| Viticchié et al. | Remotely assessing integrity of software applications by monitoring invariants: Present limitations and future directions | |
| CN109426601B (en) | Method and device for carrying out stateless detection on program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170627 |