CN107329901B - Data packet capturing method, terminal, server and storage medium - Google Patents

Data packet capturing method, terminal, server and storage medium Download PDF

Info

Publication number
CN107329901B
CN107329901B CN201710641338.9A CN201710641338A CN107329901B CN 107329901 B CN107329901 B CN 107329901B CN 201710641338 A CN201710641338 A CN 201710641338A CN 107329901 B CN107329901 B CN 107329901B
Authority
CN
China
Prior art keywords
application program
target
target application
logic
data packet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710641338.9A
Other languages
Chinese (zh)
Other versions
CN107329901A (en
Inventor
范保成
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201710641338.9A priority Critical patent/CN107329901B/en
Publication of CN107329901A publication Critical patent/CN107329901A/en
Application granted granted Critical
Publication of CN107329901B publication Critical patent/CN107329901B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3604Software analysis for verifying properties of programs
    • G06F11/3612Software analysis for verifying properties of programs by runtime analysis

Abstract

The invention discloses a data packet capturing method, a terminal, a server and a storage medium, and belongs to the technical field of computer networks. The method comprises the following steps: after the target application program is started, calling an algorithm logic of the target application program according to a Hook function in a dynamic loading library of the target application program; the target application program is an application program installed according to the target installation package, and the dynamic loading library of the target installation package comprises a Hook function and capturing logic; and operating the algorithm logic to obtain a data packet, and capturing the data packet according to the capturing logic. The problem that in the related technology, a network agent cannot capture a loop data packet, namely the captured data packet is limited is solved; when the application program runs, the data packet is directly captured through the capture logic, the loop data packet can be captured, and the captured data packet is more comprehensive.

Description

Data packet capturing method, terminal, server and storage medium
Technical Field
The embodiment of the invention relates to the technical field of computer networks, in particular to a data packet capturing method, a terminal, a server and a storage medium.
Background
When analyzing an application, it is often necessary to capture data packets sent and received by the application and analyze the function of the application according to the captured data packets.
In the prior art, data packets are captured by a network proxy. Specifically, the method comprises the following steps: the network agent sends an acquisition request to the network card and receives a data packet returned by the network card, wherein the acquisition request is used for requesting to acquire the data packet from the target application program or sent to the target application program.
However, for a loop data packet in the application program (the loop means that both the sender and the receiver are local), since such a data packet does not pass through the network card, the network agent in the above scheme cannot capture such a data packet, that is, the captured data packet in the above scheme is limited.
Disclosure of Invention
In order to solve the problems in the prior art, embodiments of the present invention provide a data packet capturing method, a terminal, a server, and a storage medium. The technical scheme is as follows:
according to a first aspect of the embodiments of the present invention, there is provided a data packet capturing method, including:
after a target application program is started, calling an algorithm logic of the target application program according to a Hook function in a dynamic loading library of the target application program; the target application program is an application program installed according to a target installation package, and the dynamic loading library of the target installation package comprises the Hook function and the capturing logic;
and operating the algorithm logic to obtain a data packet, and capturing the data packet according to the capturing logic.
According to a second aspect of the embodiments of the present invention, there is provided a packet capture method, including:
generating target content, wherein the target content comprises a Hook function and grabbing logic, the Hook function is used for calling algorithm logic of a target application program when the target application program runs, and the grabbing logic is used for grabbing a data packet generated by the algorithm logic in the running process;
and injecting the target content into a dynamic loading library of the target application program.
According to a third aspect of embodiments of the present invention, there is provided a terminal, including a processor and a memory, where at least one instruction, at least one program, a set of codes, or a set of instructions is stored in the memory, and the at least one instruction, the at least one program, the set of codes, or the set of instructions is loaded and executed by the processor to implement the following operations:
after a target application program is started, calling an algorithm logic of the target application program according to a Hook function in a dynamic loading library of the target application program; the target application program is an application program installed according to a target installation package, and the dynamic loading library of the target installation package comprises the Hook function and the capturing logic;
and operating the algorithm logic to obtain a data packet, and capturing the data packet according to the capturing logic.
According to a fourth aspect of embodiments of the present invention, there is provided a generation server, including a processor and a memory, the memory having stored therein at least one instruction, at least one program, a set of codes, or a set of instructions, the at least one instruction, the at least one program, the set of codes, or the set of instructions being loaded and executed by the processor to implement the following operations:
generating target content, wherein the target content comprises a Hook function and grabbing logic, the Hook function is used for calling algorithm logic of a target application program when the target application program runs, and the grabbing logic is used for grabbing a data packet generated by the algorithm logic in the running process;
and injecting the target content into a dynamic loading library of the target application program.
According to a fifth aspect of embodiments of the present invention, there is provided a computer storage medium having at least one instruction, at least one program, set of codes, or set of instructions stored therein, the at least one instruction, the at least one program, the set of codes, or the set of instructions being loaded and executed by the processor to implement the following operations:
after a target application program is started, calling an algorithm logic of the application program according to a Hook function in a dynamic loading library of the target application program; the target application program is an application program installed according to a target installation package, and the dynamic loading library of the target installation package comprises the Hook function and the capturing logic;
and operating the algorithm logic to obtain a data packet, and capturing the data packet according to the capturing logic.
According to a sixth aspect of embodiments of the present invention, there is provided a computer storage medium having at least one instruction, at least one program, set of codes, or set of instructions stored therein, the at least one instruction, the at least one program, the set of codes, or the set of instructions being loaded and executed by the processor to implement the following operations:
generating target content, wherein the target content comprises a Hook function and grabbing logic, the Hook function is used for calling algorithm logic of a target application program when the target application program runs, and the grabbing logic is used for grabbing a data packet generated by the algorithm logic in the running process;
and injecting the target content into a dynamic loading library of the target application program.
The technical scheme provided by the embodiment of the invention has the following beneficial effects:
when the application program runs, the algorithm logic of the application program is called through a Hook function, and then when the algorithm logic runs, the data packet generated by the application program is captured through the capture logic in the dynamic loading library; the problem that in the related technology, a network agent cannot capture a loop data packet, namely the captured data packet is limited is solved; when the application program runs, the data packet is directly captured through the capture logic, the loop data packet can be captured, and the captured data packet is more comprehensive.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a schematic illustration of an implementation environment in which various embodiments of the present invention are involved;
FIG. 2 is a flow chart of a method for packet fetching according to an embodiment of the present invention;
FIG. 3 is a diagram illustrating the injection of target content into a dynamically loaded library, according to an embodiment of the invention;
fig. 4 is a schematic flow chart of capturing a data packet by a terminal according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a packet capture device according to an embodiment of the present invention;
FIG. 6 is a diagram of a packet capture device according to an embodiment of the present invention;
fig. 7 is a schematic diagram of a terminal provided by an embodiment of the present invention;
fig. 8 is a schematic diagram of a server provided by an embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
First, for the sake of understanding, the terms referred to in the following embodiments will be briefly described.
TCP (Transmission Control Protocol) loop: for example, IP (Internet Protocol ) addresses of the sender and the receiver are 127.0.0.1.
Packet grabbing: and storing the data transmitted and received by the TCP network and recording the data to a file.
Dylib: a dynamic library is provided in an IOS system.
Referring to fig. 1, a schematic diagram of an implementation environment according to various embodiments of the present invention is shown, and as shown in fig. 1, the implementation environment may include a generation server 110, a terminal 120, and a parsing server 130.
The generation server 110 may be one server or a server cluster including a plurality of servers. In various embodiments described below, the generation server 110 may obtain an installation package of an application program, repackage the installation package, and provide the terminal 120 with the target installation package after encapsulation.
The terminal 120 refers to a terminal using a closed system, for example, the terminal 120 may be a terminal of an IOS system. In practical implementation, the terminal 120 may be a smart phone, or may be a terminal such as a tablet computer or a desktop computer. In the following embodiments, the terminal 120 may be a post-jail terminal or a non-jail terminal, and the packet capture method provided in the following embodiments is mainly applied to a non-jail terminal. In the scenarios described in the following embodiments, the terminal 120 may have an application installed therein, for example, after the terminal 120 acquires the target installation package provided by the generation server 110, the terminal installs the target application according to the acquired target installation package.
Alternatively, the terminal 120 may be connected to the resolution server 130 through a wired or wireless network.
The parsing server 130 may be one server or a server cluster including a plurality of servers.
It should be noted that fig. 1 is only illustrated as an implementation environment including several devices described above, and optionally, the implementation environment may further include more or fewer devices, for example, the implementation environment may further include a usb disk for providing the target installation package generated by the generation server 110 to the terminal 120. As another example, the resolution server 130 may not be included in the implementation environment.
Referring to fig. 2, a flowchart of a method for packet capturing according to an embodiment of the present invention is shown, where the embodiment is exemplified by using the packet capturing method in the implementation environment shown in fig. 1, and as shown in fig. 2, the method includes:
step 201, the generation server generates target content, and the target content includes a Hook function and a capture logic.
The designer can write the capture logic according to the writing mode of the dynamic language, and the generation server receives the written capture logic. The capture logic is used for capturing a data packet generated by the application program in the running process, and the capture logic may be a segment of program. In addition, the capture logic in this embodiment may be implemented to capture a data packet generated by an application, and the actual implementation of the capture logic is not limited.
Alternatively, the designer may write a Hook function, which the generation server may receive. Wherein the Hook function is used for calling the algorithm logic of the target application program when the target application program runs. Optionally, after capturing the data packet, the captured data may be further sent to the parsing server, and therefore, in this embodiment, the Hook function is further configured to invoke a preset logic when the target application runs, where the preset logic includes an algorithm logic and a sending logic of the target application, and if the sending logic is sendDataToSVR. Alternatively, the algorithmic logic of the target application refers to the logic of the application during its execution, which is determined by the installation package of the application.
For example, the following shows an illustration of the preset logic called by the Hook function.
Figure BDA0001365969120000051
In the above code, self newMethod refers to the algorithmic logic in the installation package of the application.
After the generation server obtains the grab logic and the Hook function, the generation server may package the two into a dylib (dynamic library) including the Hook function and the grab logic.
Step 202, the generation server injects the target content into the dynamic loading library of the target application program.
Alternatively, the generation server may first obtain the installation package of the target application program, and inject dylib into the dynamically loaded library of the target application program through the yollib tool. For example, please refer to fig. 3, which shows a possible schematic diagram of injecting target content into a dynamically loaded library.
Of course, in practical implementation, the generation server may also inject the dylib into the dynamically loaded library of the target application program through other injection manners.
For example, only the Hook function and the grab logic are simultaneously injected into the dynamic load library, alternatively, the generation server may inject the Hook function into the dynamic load library first and then inject the grab logic into the dynamic load library, or inject the grab logic into the dynamic load library first and then inject the Hook function into the dynamic load library.
Optionally, the installation package after the target content is injected into the dynamic loading library is called a target installation package.
Step 203, the generation server provides the target installation package including the dynamic loading library to the terminal.
Optionally, this step may include several possible implementations as follows:
first, the generation server may copy the target installation package to the terminal through a usb disk. For example, after the generation server generates the target installation package, when a tester tests the application program in a certain terminal, the tester may copy the target installation package in the generation server to the terminal.
Secondly, the target installation package is sent to the terminal through a WIreless network such as a bluetooth or Wi-Fi (WIreless-Fidelity) local area network. For example, the generation server may send the target installation package to the terminal through the social application via Wi-Fi.
And thirdly, the generation server sends the target installation package to the terminal through a cable.
And step 204, the terminal acquires the target installation package provided by the generation server and installs the target installation package.
After receiving the target installation package, the terminal may install the target installation package.
Step 205, after the terminal starts the target application program, the terminal calls the algorithm logic of the target application program according to the Hook function in the dynamic loading library of the target application program.
After the terminal installs the target application, the terminal may run the target application. In addition, in this embodiment, since the Hook function for calling the algorithm logic of the target application program when the target application program is running is set in the dynamic loading library of the target application program, after the terminal starts running the target application program, the terminal may call the algorithm logic according to the Hook function.
Optionally, after receiving a start signal for starting the target application, the terminal calls the algorithm logic according to the Hook function. For example, after installing the target application program, the algorithm logic is called according to the Hook function after receiving an open signal for opening the target application program. For another example, when the user wants to open the target application, the user may trigger an icon of the target application displayed in the desktop, and accordingly, the terminal may receive the trigger signal and call the algorithm logic according to the Hook function after receiving the trigger signal.
And step 206, the terminal runs the algorithm logic to obtain a data packet, and the data packet is captured according to the capture logic.
After the algorithm logic of the target application program is called, the terminal can run the called algorithm logic, and in the process of running the algorithm logic, the terminal can grab the data packet generated in the running process of the target application program through the grabbing logic in the dynamic library.
Optionally, the capture logic includes content to be captured, for example, the capture logic includes capturing a data packet in an opening process when a preset interface is opened, and the terminal may capture a corresponding installation package according to a specific implementation of the capture logic.
Optionally, the data packet captured by the capture logic may include a loop data packet sent by the target application program, and may also include a data packet sent by the target application program to another receiver outside the terminal.
And step 207, the terminal sends the captured data packet to an analysis server.
Optionally, after the terminal captures the data packet, if the captured data packet needs to be analyzed by the analysis server, the logic called when Hook is called includes a sending logic in addition to the algorithm logic, and then after the data packet is captured, the data packet is sent to the analysis server through the sending logic.
Alternatively, assuming that the target content is dylib, please refer to fig. 4, which shows a flowchart of a grabbing process of the terminal grabbing the data packet.
It should be noted that this step is an optional step, and in actual implementation, after the terminal captures the data packet, the terminal may also directly store the data packet, or directly analyze the data packet, which is not described herein again.
And step 208, analyzing the data packet sent by the server receiving terminal.
After the analysis server receives the data packet sent by the terminal, the analysis server can execute corresponding operation according to design requirements.
For example, when the method is used in a scenario of parsing an application, after the parsing server receives the data packets, the parsing server may parse whether an exception occurs in the target application according to each received data packet. Optionally, when the analysis result is that an anomaly occurs, the analysis server may send out a prompt message. Of course, when the analysis result is abnormal, the analysis server may also display the reason of the abnormal.
In an application scenario of the above embodiment, when an application program is abnormal and further needs to be tested, a tester may generate an installation package into which target content is injected by using the above scheme, capture a data package by running the generated installation package, and further perform testing according to the captured data package.
In another application scenario of the above embodiment, when the implementation of a third-party application program needs to be studied, an installation package into which target content is injected may be generated by the above scheme, and the generated installation package is run to capture a data package, so as to analyze the data package according to the captured data package.
In summary, in the data packet capturing method provided in this embodiment, when the application program runs, the Hook function is used to call the algorithm logic of the application program, and when the algorithm logic runs, the capturing logic in the dynamic loading library is used to capture the data packet generated by the application program; the problem that in the related technology, a network agent cannot capture a loop data packet, namely the captured data packet is limited is solved; when the application program runs, the algorithm logic of the application program is called through a Hook function, and then when the algorithm logic runs, the data packet generated by the application program is captured through the capture logic in the dynamic loading library; the problem that in the related technology, a network agent cannot capture a loop data packet, namely the captured data packet is limited is solved; when the application program runs, the data packet is directly captured through the capture logic, the loop data packet can be captured, and the captured data packet is more comprehensive.
It should be noted that, in the above embodiment, after injecting the target content into the dynamic database, the generation server may further perform the following steps:
and re-signing the installation package after target content is injected into the dynamic database to obtain a target data package. Optionally, the generation server may perform re-signing on the installation package after the target content is injected through an enterprise certificate, or the generation server may perform re-signing on the installation package after the target content is injected through a resign APP tool. Currently, the generation server may also perform re-signing on the installation package injected with the target content in other re-signing manners.
Correspondingly, for the target installation package, before the terminal starts the application program, the terminal can perform re-signature authentication on the target installation package, and if the authentication is passed, the terminal releases the application program, namely the application program normally runs; otherwise, if the authentication fails, the terminal prompts that the opening of the application program fails.
It should be noted that, in this embodiment, performing re-signing authentication on the target installation package before starting the application includes: and performing re-signature authentication on the target installation package when the application program is installed, or performing re-signature authentication on the target installation package when an opening instruction for opening the application program is received.
The installation package is signed by using the enterprise certificate, so that the terminal can release the target application program after the target installation package is installed in the terminal, and the target application program can be ensured to normally run in the terminal.
It should be noted that, as an example, only all data packets required by the capture logic are captured, optionally, the capture logic may also capture only loop data packets, and continue to capture data packets passing through the network card through the network agent, and then perform subsequent operations according to the data packets captured by the capture logic and the data packets captured by the network tape, which is not limited in this embodiment.
Referring to fig. 5, which shows a schematic structural diagram of a packet forwarding apparatus according to an embodiment of the present invention, as shown in fig. 5, the packet forwarding apparatus may include: a calling module 510 and a grabbing module 520.
A calling module 510, configured to call, after a target application program is started, an algorithm logic of the target application program according to a Hook function in a dynamic load library of the target application program; the target application program is an application program installed according to a target installation package, and the dynamic loading library of the target installation package comprises the Hook function and the capturing logic;
and the capturing module 520 is configured to operate the algorithm logic to obtain a data packet, and capture the data packet according to the capturing logic.
In summary, in the data packet capturing apparatus provided in this embodiment, when the application program runs, the Hook function is used to call the algorithm logic of the application program, and then when the algorithm logic runs, the capturing logic in the dynamic loading library is used to capture the data packet generated by the application program; the problem that in the related technology, a network agent cannot capture a loop data packet, namely the captured data packet is limited is solved; when the application program runs, the data packet is directly captured through the capture logic, the loop data packet can be captured, and the captured data packet is more comprehensive.
Based on the data packet capturing apparatus provided in the foregoing embodiment, optionally, the apparatus further includes:
the authentication module is used for authenticating the signature of the target application program after the target application program is started and before a preset logic is called according to a Hook function in a dynamic loading library of the target application program, wherein the signature of the application program is a signature calculated according to an enterprise certificate;
the calling module 510 is further configured to, after the signature authentication of the authentication module passes, execute the step of calling the algorithm logic of the target application program according to the Hook function in the dynamic load library of the target application program after the target application program is started.
The installation package is signed by using the enterprise certificate, so that the terminal can release the target application program after the target installation package is installed in the terminal, and the target application program can be ensured to normally run in the terminal.
Optionally, the apparatus further comprises: a sending module;
and the sending module is used for sending the data packet to an analysis server, and the analysis server is used for analyzing the target application program according to the data packet.
Referring to fig. 6, which shows a schematic structural diagram of a packet forwarding apparatus according to an embodiment of the present invention, as shown in fig. 6, the packet forwarding apparatus may include: a generation module 610 and an injection module 620.
The generating module 610 is configured to generate target content, where the target content includes a Hook function and grab logic, the Hook function is configured to call an algorithm logic of a target application program when the target application program runs, and the grab logic is configured to grab a data packet generated by the algorithm logic in a running process;
an injection module 620, configured to inject the target content into the dynamically loaded library of the target application.
In summary, in the data packet capturing apparatus provided in this embodiment, the target content including the Hook function and the capture logic is generated, where the Hook function is used to call the algorithm logic of the application program itself when the program runs, and the capture logic is used to capture the data packet generated by the algorithm logic in the running process, and inject the target content into the dynamic loading library of the application program; after the terminal installs the target application program according to the installation package of the dynamic loading library injected with the target content, the data package can be captured through a Hook function and capture logic after the target application program is operated; the problem that in the related technology, a network agent cannot capture a loop data packet, namely the captured data packet is limited is solved; when the application program runs, the data packet is directly captured through the capture logic, the loop data packet can be captured, and the captured data packet is more comprehensive.
Based on the data packet capturing device provided in the foregoing embodiment, optionally, the device further includes: a signature module;
and the signature module is used for re-signing the installation package comprising the dynamic loading library according to the enterprise certificate to obtain the signed target installation package.
The installation package is signed by using the enterprise certificate, so that the terminal can release the target application program after the target installation package is installed in the terminal, and the target application program can be ensured to normally run in the terminal.
It should be noted that: the data packet capturing apparatus provided in the foregoing embodiment is only illustrated by dividing the functional modules, and in practical applications, the functions may be distributed by different functional modules according to needs, that is, the internal structure of the server is divided into different functional modules, so as to complete all or part of the functions described above. In addition, the embodiments of the data packet capturing apparatus and the data packet capturing method provided in the foregoing embodiments belong to the same concept, and specific implementation processes thereof are described in the method embodiments and are not described herein again.
Embodiments of the present invention also provide a computer-readable storage medium, which may be a computer-readable storage medium contained in a memory; or it may be a computer-readable storage medium that exists separately, not assembled into a terminal or server. The computer readable storage medium has stored thereon at least one instruction, at least one program, a set of codes, or a set of instructions, and when the computer readable storage medium is used in a terminal, the at least one instruction, the at least one program, the set of codes, or the set of instructions is loaded and executed by the processor to implement the following operations:
after a target application program is started, calling an algorithm logic of the target application program according to a Hook function in a dynamic loading library of the target application program; the target application program is an application program installed according to a target installation package, and the dynamic loading library of the target installation package comprises the Hook function and the capturing logic;
and operating the algorithm logic to obtain a data packet, and capturing the data packet according to the capturing logic.
Optionally, the at least one instruction, the at least one program, the set of codes, or the set of instructions is loaded and executed by the processor to implement the following operations:
authenticating the signature of the target application program, wherein the signature of the application program is calculated according to an enterprise certificate;
and after the signature authentication is passed, executing the step of calling the algorithm logic of the target application program according to the Hook function in the dynamic loading library of the target application program after the target application program is started.
Optionally, the at least one instruction, the at least one program, the set of codes, or the set of instructions is loaded and executed by the processor to implement the following operations:
and sending the data packet to an analysis server, wherein the analysis server is used for analyzing the target application program according to the data packet.
And when the computer readable storage medium is used in a server, the at least one instruction, the at least one program, the set of codes, or the set of instructions are loaded and executed by the processor to perform the operations of:
generating target content, wherein the target content comprises a Hook function and grabbing logic, the Hook function is used for calling algorithm logic of a target application program when the target application program runs, and the grabbing logic is used for grabbing a data packet generated by the algorithm logic in the running process;
and injecting the target content into a dynamic loading library of the target application program.
Optionally, the at least one instruction, the at least one program, the set of codes, or the set of instructions is loaded and executed by the processor to implement the following operations:
and re-signing the installation package comprising the dynamic loading library according to the enterprise certificate to obtain a signed target installation package.
Fig. 7 is a block diagram of a terminal 700 according to an embodiment of the present invention, which may include Radio Frequency (RF) circuits 701, a memory 702 including one or more computer-readable storage media, an input unit 703, a display unit 704, a sensor 705, an audio circuit 706, a Wireless Fidelity (WiFi) module 707, a processor 708 including one or more processing cores, and a power supply 709. Those skilled in the art will appreciate that the terminal structure shown in fig. 7 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components. Wherein:
the RF circuit 701 may be used for receiving and transmitting signals during a message transmission or communication process, and in particular, for receiving downlink information of a base station and then sending the received downlink information to the one or more processors 708 for processing; in addition, data relating to uplink is transmitted to the base station. In general, the RF circuitry 701 includes, but is not limited to, an antenna, at least one Amplifier, a tuner, one or more oscillators, a Subscriber Identity Module (SIM) card, a transceiver, a coupler, a Low Noise Amplifier (LNA), a duplexer, and the like. In addition, RF circuit 701 may also communicate with networks and other devices via wireless communications. The wireless communication may use any communication standard or protocol, including but not limited to Global System for Mobile communications (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), email, Short Message Service (SMS), and the like.
The memory 702 may be used to store software programs and modules, and the processor 708 executes various functional applications and data processing by operating the software programs and modules stored in the memory 702. The memory 702 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the terminal, etc. Further, the memory 702 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, the memory 702 may also include a memory controller to provide the processor 708 and the input unit 703 access to the memory 702.
The input unit 703 may be used to receive input numeric or character information and generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function control. In particular, in a particular embodiment, the input unit 703 may include a touch-sensitive surface as well as other input devices. The touch-sensitive surface, also referred to as a touch display screen or a touch pad, may collect touch operations by a user (e.g., operations by a user on or near the touch-sensitive surface using a finger, a stylus, or any other suitable object or attachment) thereon or nearby, and drive the corresponding connection device according to a predetermined program. Alternatively, the touch sensitive surface may comprise two parts, a touch detection means and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 708, and can receive and execute commands sent by the processor 708. In addition, touch sensitive surfaces may be implemented using various types of resistive, capacitive, infrared, and surface acoustic waves. The input unit 703 may include other input devices in addition to the touch-sensitive surface. In particular, other input devices may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like.
The display unit 704 may be used to display information input by or provided to the user and various graphical user interfaces of the terminal, which may be made up of graphics, text, icons, video, and any combination thereof. The Display unit 704 may include a Display panel, and optionally, the Display panel may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like. Further, the touch-sensitive surface may overlay the display panel, and when a touch operation is detected on or near the touch-sensitive surface, the touch operation is communicated to the processor 708 to determine the type of touch event, and the processor 708 provides a corresponding visual output on the display panel according to the type of touch event. Although in FIG. 7 the touch-sensitive surface and the display panel are two separate components to implement input and output functions, in some embodiments the touch-sensitive surface may be integrated with the display panel to implement input and output functions.
The terminal may also include at least one sensor 705, such as a light sensor, motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor that may adjust the brightness of the display panel according to the brightness of ambient light, and a proximity sensor that may turn off the display panel and/or the backlight when the terminal is moved to the ear. As one of the motion sensors, the gravity acceleration sensor can detect the magnitude of acceleration in each direction (generally, three axes), can detect the magnitude and direction of gravity when the mobile phone is stationary, and can be used for applications of recognizing the posture of the mobile phone (such as horizontal and vertical screen switching, related games, magnetometer posture calibration), vibration recognition related functions (such as pedometer and tapping), and the like; as for other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which can be configured in the terminal, detailed description is omitted here.
Audio circuitry 706, a speaker, and a microphone may provide an audio interface between the user and the terminal. The audio circuit 706 can transmit the electrical signal converted from the received audio data to a loudspeaker, and the electrical signal is converted into a sound signal by the loudspeaker and output; on the other hand, the microphone converts the collected sound signal into an electric signal, which is received by the audio circuit 706 and converted into audio data, which is then processed by the audio data output processor 708, and then transmitted to, for example, another terminal via the RF circuit 701, or the audio data is output to the memory 702 for further processing. The audio circuitry 706 may also include an earbud jack to provide communication of peripheral headphones with the terminal.
WiFi belongs to short-distance wireless transmission technology, and the terminal can help a user to send and receive e-mails, browse webpages, access streaming media and the like through the WiFi module 707, and provides wireless broadband internet access for the user. Although fig. 7 shows the WiFi module 707, it is understood that it does not belong to the essential constitution of the terminal, and may be omitted entirely as needed within the scope not changing the essence of the invention.
The processor 708 is a control center of the terminal, connects various parts of the entire handset using various interfaces and lines, and performs various functions of the terminal and processes data by operating or executing software programs and/or modules stored in the memory 702 and calling data stored in the memory 702, thereby performing overall monitoring of the handset. Optionally, processor 708 may include one or more processing cores; preferably, the processor 708 may integrate an application processor, which primarily handles operating systems, user interfaces, applications, etc., and a modem processor, which primarily handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into processor 708.
The terminal also includes a power source 709 (e.g., a battery) for powering the various components, which may preferably be logically coupled to the processor 708 via a power management system that may be configured to manage charging, discharging, and power consumption. The power supply 709 may also include any component of one or more dc or ac power sources, recharging systems, power failure detection circuitry, power converters or inverters, power status indicators, and the like.
Although not shown, the terminal may further include a camera, a bluetooth module, and the like, which will not be described herein. In this embodiment, the processor 708 in the terminal may execute at least one instruction, at least one program, a set of codes, or a set of instructions stored in the memory 702, and the at least one instruction, the at least one program, the set of codes, or the set of instructions is loaded and executed by the processor to implement the following operations:
after a target application program is started, calling an algorithm logic of the target application program according to a Hook function in a dynamic loading library of the target application program; the target application program is an application program installed according to a target installation package, and the dynamic loading library of the target installation package comprises the Hook function and the capturing logic;
and operating the algorithm logic to obtain a data packet, and capturing the data packet according to the capturing logic.
Optionally, the at least one instruction, the at least one program, the set of codes, or the set of instructions is loaded and executed by the processor to implement the following operations:
authenticating the signature of the target application program, wherein the signature of the application program is calculated according to an enterprise certificate;
and after the signature authentication is passed, executing the step of calling the algorithm logic of the application program according to the Hook function in the dynamic loading library of the target application program after the target application program is started.
Optionally, the at least one instruction, the at least one program, the set of codes, or the set of instructions is loaded and executed by the processor to implement the following operations:
and sending the data packet to an analysis server, wherein the analysis server is used for analyzing the target application program according to the data packet.
Referring to fig. 8, a schematic structural diagram of a server according to an embodiment of the present invention is shown. The server is used for implementing the data packet capturing method on the server side provided in the above embodiment. Specifically, the method comprises the following steps:
the server 800 includes a Central Processing Unit (CPU)801, a system memory 804 including a Random Access Memory (RAM)802 and a Read Only Memory (ROM)803, and a system bus 805 connecting the system memory 804 and the central processing unit 801. The server 800 also includes a basic input/output system (I/O system) 806, which facilitates transfer of information between devices within the computer, and a mass storage device 807 for storing an operating system 813, application programs 814, and other program modules 815.
The basic input/output system 806 includes a display 808 for displaying information and an input device 809 such as a mouse, keyboard, etc. for user input of information. Wherein the display 808 and the input device 809 are connected to the central processing unit 801 through an input output controller 810 connected to the system bus 805. The basic input/output system 806 may also include an input/output controller 810 for receiving and processing input from a number of other devices, such as a keyboard, mouse, or electronic stylus. Similarly, input-output controller 810 also provides output to a display screen, a printer, or other type of output device.
The mass storage device 807 is connected to the central processing unit 801 through a mass storage controller (not shown) connected to the system bus 805. The mass storage device 807 and its associated computer-readable media provide non-volatile storage for the server 800. That is, the mass storage device 807 may include a computer-readable medium (not shown) such as a hard disk or CD-ROM drive.
Without loss of generality, the computer-readable media may comprise computer storage media and communication media. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Computer storage media includes RAM, ROM, EPROM, EEPROM, flash memory or other solid state memory technology, CD-ROM, DVD, or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices. Of course, those skilled in the art will appreciate that the computer storage media is not limited to the foregoing. The system memory 804 and mass storage 807 described above may be collectively referred to as memory.
The server 800 may also operate as a remote computer connected to a network via a network, such as the internet, in accordance with various embodiments of the invention. That is, the server 800 may be connected to the network 812 through the network interface unit 811 coupled to the system bus 805, or may be connected to other types of networks or remote computer systems (not shown) using the network interface unit 811.
The memory further includes at least one instruction, at least one program, set of codes, or set of instructions that is loaded and executed by the processor to perform the following:
generating target content, wherein the target content comprises a Hook function and grabbing logic, the Hook function is used for calling algorithm logic of a target application program when the target application program runs, and the grabbing logic is used for grabbing a data packet generated by the algorithm logic in the running process;
and injecting the target content into a dynamic loading library of the target application program.
Optionally, the at least one instruction, the at least one program, the set of codes, or the set of instructions is loaded and executed by the processor to implement the following operations:
and re-signing the installation package comprising the dynamic loading library according to the enterprise certificate to obtain a signed target installation package.
It should be understood that, as used herein, the singular forms "a," "an," "the" are intended to include the plural forms as well, unless the context clearly supports the exception. It should also be understood that "and/or" as used herein is meant to include any and all possible combinations of one or more of the associated listed items.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (12)

1. An application data packet capturing method, which is applied to a terminal using a closed system, and comprises the following steps:
after a target application program is started, calling an algorithm logic of the target application program according to a Hook function in a dynamic loading library of the target application program; the target application program is an application program installed according to a target installation package, and the dynamic loading library of the target installation package comprises the Hook function and the capturing logic;
and operating the algorithm logic to obtain a data packet, and capturing the data packet according to the capturing logic.
2. The method of claim 1, wherein after the target application is started, before the method calls the algorithmic logic of the target application according to a Hook function in a dynamically loaded library of the target application, the method further comprises:
authenticating the signature of the target application program, wherein the signature of the application program is calculated according to an enterprise certificate;
and after the signature authentication is passed, executing the step of calling the algorithm logic of the target application program according to the Hook function in the dynamic loading library of the target application program after the target application program is started.
3. The method of claim 1, further comprising:
and sending the data packet to an analysis server, wherein the analysis server is used for analyzing the target application program according to the data packet.
4. A data packet capturing method is applied to a generating server, and comprises the following steps:
generating target content, wherein the target content comprises a Hook function and grabbing logic, the Hook function is used for calling algorithm logic of a target application program when the target application program runs, and the grabbing logic is used for grabbing a data packet generated by the algorithm logic in the running process;
acquiring an installation package of the target application program, and injecting the target content into a dynamic loading library of the target application program, wherein the target installation package is the installation package after the target content is injected;
and providing the target installation package comprising the dynamic loading library to a terminal, wherein the terminal is a terminal using a closed system.
5. The method of claim 4, further comprising:
and re-signing the installation package comprising the dynamic loading library according to the enterprise certificate to obtain a signed target installation package.
6. A terminal, characterized in that the terminal is a terminal using a closed system, the terminal comprising a processor and a memory, the memory having stored therein at least one instruction, at least one program, a set of codes, or a set of instructions, the at least one instruction, the at least one program, the set of codes, or the set of instructions being loaded and executed by the processor to implement the following operations:
after a target application program is started, calling an algorithm logic of the target application program according to a Hook function in a dynamic loading library of the target application program; the target application program is an application program installed according to a target installation package, and the dynamic loading library of the target installation package comprises the Hook function and the capturing logic;
and operating the algorithm logic to obtain a data packet, and capturing the data packet according to the capturing logic.
7. The terminal of claim 6, wherein the at least one instruction, the at least one program, the set of codes, or the set of instructions is loaded and executed by the processor to perform the following:
authenticating the signature of the target application program, wherein the signature of the application program is calculated according to an enterprise certificate;
and after the signature authentication is passed, executing the step of calling the algorithm logic of the target application program according to the Hook function in the dynamic loading library of the target application program after the target application program is started.
8. The terminal of claim 6, wherein the at least one instruction, the at least one program, the set of codes, or the set of instructions is loaded and executed by the processor to perform the following:
and sending the data packet to an analysis server, wherein the analysis server is used for analyzing the target application program according to the data packet.
9. A generation server comprising a processor and a memory, the memory having stored therein at least one instruction, at least one program, set of codes, or set of instructions, the at least one instruction, the at least one program, set of codes, or set of instructions being loaded and executed by the processor to perform operations comprising:
generating target content, wherein the target content comprises a Hook function and grabbing logic, the Hook function is used for calling algorithm logic of a target application program when the target application program runs, and the grabbing logic is used for grabbing a data packet generated by the algorithm logic in the running process;
acquiring an installation package of the target application program, and injecting the target content into a dynamic loading library of the target application program, wherein the target installation package is the installation package after the target content is injected;
and providing the target installation package comprising the dynamic loading library to a terminal, wherein the terminal is a terminal using a closed system.
10. The generation server of claim 9, wherein the at least one instruction, the at least one program, the set of codes, or the set of instructions is loaded and executed by the processor to implement the following operations:
and re-signing the installation package comprising the dynamic loading library according to the enterprise certificate to obtain a signed target installation package.
11. A computer readable storage medium having stored therein at least one instruction, at least one program, a set of codes, or a set of instructions that is loaded and executed by a processor of a terminal using a closed system to perform the operations of:
after a target application program is started, calling an algorithm logic of the target application program according to a Hook function in a dynamic loading library of the target application program; the target application program is an application program installed according to a target installation package, and the dynamic loading library of the target installation package comprises the Hook function and the capturing logic;
and operating the algorithm logic to obtain a data packet, and capturing the data packet according to the capturing logic.
12. A computer-readable storage medium having stored therein at least one instruction, at least one program, a set of codes, or a set of instructions that is loaded and executed by a processor of a production server to perform the operations of:
generating target content, wherein the target content comprises a Hook function and grabbing logic, the Hook function is used for calling algorithm logic of a target application program when the target application program runs, and the grabbing logic is used for grabbing a data packet generated by the algorithm logic in the running process;
acquiring an installation package of the target application program, and injecting the target content into a dynamic loading library of the target application program, wherein the target installation package is the installation package after the target content is injected;
and providing the target installation package comprising the dynamic loading library to a terminal, wherein the terminal is a terminal using a closed system.
CN201710641338.9A 2017-07-31 2017-07-31 Data packet capturing method, terminal, server and storage medium Active CN107329901B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710641338.9A CN107329901B (en) 2017-07-31 2017-07-31 Data packet capturing method, terminal, server and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710641338.9A CN107329901B (en) 2017-07-31 2017-07-31 Data packet capturing method, terminal, server and storage medium

Publications (2)

Publication Number Publication Date
CN107329901A CN107329901A (en) 2017-11-07
CN107329901B true CN107329901B (en) 2021-09-28

Family

ID=60200447

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710641338.9A Active CN107329901B (en) 2017-07-31 2017-07-31 Data packet capturing method, terminal, server and storage medium

Country Status (1)

Country Link
CN (1) CN107329901B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109995534B (en) * 2017-12-29 2022-04-26 北京京东尚科信息技术有限公司 Method and device for carrying out security authentication on application program
CN110297643B (en) * 2019-06-04 2024-01-30 平安科技(深圳)有限公司 Method, device, equipment and storage medium for injecting application program into dynamic library
CN111147445B (en) * 2019-11-29 2022-05-31 杭州数梦工场科技有限公司 Packet capturing method, device, system and storage medium
CN111752636A (en) * 2020-06-23 2020-10-09 网易传媒科技(北京)有限公司 Data capture method and device, electronic equipment and storage medium
CN112084494A (en) * 2020-09-21 2020-12-15 百度在线网络技术(北京)有限公司 Sensitive information detection method, device, equipment and storage medium
CN113489705B (en) * 2021-06-30 2023-03-24 中国银联股份有限公司 Method and device storage medium for capturing HTTP (hyper text transport protocol) communication data of application program
CN113535592B (en) * 2021-09-15 2022-08-05 广州锦行网络科技有限公司 Method, device and equipment for packet capturing of DPDK application program and storage medium
CN113535593B (en) * 2021-09-15 2022-10-11 广州锦行网络科技有限公司 Application program packet capturing method and device, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103957214A (en) * 2014-05-06 2014-07-30 重庆邮电大学 Computer network data package grabbing method for teaching
CN104156481A (en) * 2014-08-26 2014-11-19 北京软安科技有限公司 Android encryption communication detection device and method based on dynamic linking library injection
CN106126290A (en) * 2016-06-27 2016-11-16 微梦创科网络科技(中国)有限公司 Application program optimization method, Apparatus and system
CN106681923A (en) * 2016-12-29 2017-05-17 广州华多网络科技有限公司 Software evaluation method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4108524B2 (en) * 2003-04-14 2008-06-25 日本電気株式会社 ATM bridge device and loop detection method in ATM bridge

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103957214A (en) * 2014-05-06 2014-07-30 重庆邮电大学 Computer network data package grabbing method for teaching
CN104156481A (en) * 2014-08-26 2014-11-19 北京软安科技有限公司 Android encryption communication detection device and method based on dynamic linking library injection
CN106126290A (en) * 2016-06-27 2016-11-16 微梦创科网络科技(中国)有限公司 Application program optimization method, Apparatus and system
CN106681923A (en) * 2016-12-29 2017-05-17 广州华多网络科技有限公司 Software evaluation method and device

Also Published As

Publication number Publication date
CN107329901A (en) 2017-11-07

Similar Documents

Publication Publication Date Title
CN107329901B (en) Data packet capturing method, terminal, server and storage medium
US10853437B2 (en) Method and apparatus for invoking application programming interface
CN106371964B (en) Method and device for prompting message
CN108039963B (en) Container configuration method and device and storage medium
CN106649126B (en) Method and device for testing application program
CN111142930B (en) Installation package file packaging method and device, terminal device and storage medium
CN109088844B (en) Information interception method, terminal, server and system
WO2018077041A1 (en) Method and apparatus for running application
CN104965722B (en) A kind of method and device of display information
CN106953898B (en) Method and device for acquiring software package
EP2869604A1 (en) Method, apparatus and device for processing a mobile terminal resource
WO2014166307A1 (en) Method for determining performance of process of application and computer system
CN109067751B (en) ARP spoofing detection method and device under non-Root environment and terminal
CN112749074A (en) Test case recommendation method and device
CN105278942B (en) Component management method and device
CN108959062B (en) Webpage element acquisition method and device
CN106709330B (en) Method and device for recording file execution behaviors
EP2869233A1 (en) Method, device and terminal for protecting application program
CN107967203B (en) Function judgment method and device based on executable file
CN107463395B (en) Component calling method and device
CN112199246A (en) Terminal testing method and device, storage medium and mobile terminal
US10073957B2 (en) Method and terminal device for protecting application program
CN107122204B (en) Application unloading state detection method and device
CN112732548B (en) Interface testing method and device
CN105791253B (en) Method and device for acquiring authentication information of website

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant