Disclosure of Invention
In view of this, embodiments of the present invention provide a code detection method and apparatus, an electronic device, and a storage medium, which can detect a code loaded in a code loading manner without an entity, and reduce a security risk of a device supporting the code loading manner without the entity.
In a first aspect, an embodiment of the present invention provides a code detection method, where the method includes:
when it is monitored that a system allocates a first memory, determining whether the first memory has an executable authority or not;
if the first memory has the executable authority, analyzing a first loading process of a first code stored in the first memory;
if the first loading process is different from the standard loading process corresponding to the system, recording the address of the first memory, and performing virus detection on the first code to obtain a first detection result;
if the first detection result is that the first code is a malicious code, terminating the execution of the first code, and deleting the first code stored in the first memory according to the recorded address of the first memory.
Preferably, the analyzing a first loading process of the first code stored in the first memory includes: analyzing a stack corresponding to the first loading process; if the recorded function calling sequence in the stack is the same as the standard function calling sequence when the code corresponding to the system is loaded, determining that the first loading process is the same as the standard loading process corresponding to the system; and if the recorded function call sequence in the stack is different from the standard function call sequence when the code corresponding to the system is loaded, determining that the first loading process is different from the standard loading process corresponding to the system.
Preferably, the method further comprises: and if the first detection result is that the first code is a non-malicious code, adding authentication information in the first code to a white list.
Preferably, the recording the address of the first memory, and performing virus detection on the first code to obtain a first detection result includes: if the white list does not include the authentication information in the first code, recording the address of the first memory, and performing virus detection on the first code to obtain a first detection result.
Preferably, the method further comprises: when the fact that the system is ready to release a second memory is monitored, whether the second memory has an executable authority or not is determined; if the second memory does not have the executable authority, releasing the second memory; if the second memory has the executable authority, determining whether the address of the second memory is recorded; if the address of the second memory is recorded, releasing the second memory; if the address of the second memory is not recorded, before the second memory is released, the address of the second memory is recorded, and virus detection is performed on a second code stored in the second memory to obtain a detection result.
Preferably, after the recording the address of the first memory, the method further includes: outputting prompt information for prompting the suspicious code, wherein the prompt information comprises: an address of the first memory.
In a second aspect, an embodiment of the present invention provides a code detection apparatus, including:
the system comprises a determining unit and a judging unit, wherein the determining unit is used for determining whether a first memory has an executable authority or not when the fact that the first memory is distributed by a system is monitored;
the analysis unit is used for analyzing a first loading process of a first code stored in the first memory if the first memory has an executable authority;
the detection unit is used for recording the address of the first memory and carrying out virus detection on the first code to obtain a first detection result if the first loading process is different from the standard loading process corresponding to the system;
and the terminating unit is used for terminating the execution of the first code if the first detection result indicates that the first code is a malicious code, and deleting the first code stored in the first memory according to the recorded address of the first memory.
Preferably, the analysis unit is specifically configured to: analyzing a stack corresponding to the first loading process; if the recorded function calling sequence in the stack is the same as the standard function calling sequence when the code corresponding to the system is loaded, determining that the first loading process is the same as the standard loading process corresponding to the system; and if the recorded function calling sequence in the stack is different from the standard function calling sequence when the code corresponding to the system is loaded, determining that the first loading process is different from the standard loading process corresponding to the system.
Preferably, the apparatus further comprises: an adding unit, configured to add, if the first detection result is that the first code is a non-malicious code, authentication information in the first code to a white list.
Preferably, the detection unit is specifically configured to: if the first loading process is different from a standard loading process corresponding to the system and the white list does not include the authentication information in the first code, recording the address of the first memory, and performing virus detection on the first code to obtain a first detection result.
Preferably, the determining unit is further configured to determine whether the second memory has an executable right when it is monitored that the system is ready to release the second memory; the device further comprises: a release unit, configured to release the second memory if the second memory does not have the executable authority; the determining unit is further configured to determine whether an address of the second memory is recorded if the second memory has an executable authority; the release unit is further configured to release the second memory if the address of the second memory is recorded; the detection unit is further configured to, if the address of the second memory is not recorded, record the address of the second memory before releasing the second memory, and perform virus detection on a second code stored in the second memory to obtain a detection result.
Preferably, the apparatus further comprises: an output unit, configured to output, after the recording of the address of the first memory, prompt information for prompting a suspicious code, where the prompt information includes: an address of the first memory.
In a third aspect, an embodiment of the present invention provides an electronic device, where the electronic device includes: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor runs a program corresponding to the executable program code by reading the executable program code stored in the memory, for executing the code detection method described in the foregoing first aspect.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium storing one or more programs, which are executable by one or more processors to implement the code detection method of the first aspect.
According to the code detection method, the code detection device, the electronic equipment and the storage medium, after the system is determined to be allocated with the memory with the executable authority, the current loading mode can be judged according to the loading process, and generally if the system loads codes without entities, the loading process of the codes is different from the standard loading process corresponding to the system, so that if the current loading process is different from the standard loading process corresponding to the system, the current loading mode can be determined to be loading without entities, the codes loaded in the mode of loading the codes without entities can be detected, and when the codes are detected to be malicious codes, the codes are stopped to be executed, so that the safety risk of equipment supporting the mode of loading the codes without entities is reduced.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
It should be understood that the described embodiments are only some embodiments of the invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic flowchart of a code detection method according to an embodiment of the present invention. The code detection method can be applied to electronic equipment.
As shown in fig. 1, the code detection method of the present embodiment may include:
step 101, when it is monitored that the system allocates the first memory, determining whether the first memory has an executable right.
If the first memory has an executable attribute, executing step 102; if the first memory has no executable attribute from allocation to release, the process ends.
In one example, the system calls the VirtualAlloc function when allocating the memory, and thus when the system calls the VirtualAlloc function, it is determined that the system allocates the memory. And if the memory attribute comprises any one of PAGE _ EXECUTE, PAGE _ EXECUTE _ READ, PAGE _ EXECUTE _ READWRITE, PAGE _ EXECUTE _ write copy, determining that the memory has the executable authority, otherwise, determining that the memory does not have the executable authority.
In one example, when the system calls the VirtualAlloc function to allocate the memory, the allocated memory may not have the executable right, but the system may modify the executable right of the memory by calling the VirtualProtect function after calling the VirtualAlloc function, that is, the executable right of the memory is modified from having no right to having right. That is to say, after detecting that the system calls the VirtualAlloc function, if the current memory does not have the executable right, the memory needs to be detected, if the VirtualProtect function that is commonly used by the system for the memory is detected, the memory attribute is judged again to include any one of PAGE _ EXECUTE, PAGE _ EXECUTE _ READ, PAGE _ EXECUTE _ READWRITE, PAGE _ EXECUTE _ write copy, and the memory is determined to have the executable right, otherwise, the memory is determined to have no executable right.
Step 102, a first loading process of a first code stored in the first memory is analyzed.
In one example, step 102 may specifically include: analyzing a stack corresponding to the first loading process; if the recorded function calling sequence in the stack is the same as the standard function calling sequence when the code corresponding to the system is loaded, determining that the first loading process is the same as the standard loading process when the code corresponding to the system is loaded; and if the recorded function calling sequence in the stack is different from the standard function calling sequence when the code corresponding to the system is loaded, determining that the first loading process is different from the standard loading process corresponding to the system.
It should be noted that, generally, if the code is loaded without an entity, the loading process of the code is different from the standard loading process corresponding to the system, and the function call sequence recorded in the stack corresponding to the code loading process can well reflect the loading process of the code, so that the function call sequence recorded in the stack corresponding to the first loading process is different from the standard function call sequence when the code corresponding to the system is loaded, and it can be determined that the first loading process is different from the standard loading process corresponding to the system, and the first loading process is determined to be a process of loading the code without an entity.
It should be further noted that the standard loading processes corresponding to different systems may be different, but the standard loading processes corresponding to different systems can be obtained by analyzing the systems, and the analysis process may adopt the prior art, and is not described herein again.
In a specific example, taking the Windows10 system as an example, the standard loading procedure of the Windows10 system corresponds to the recorded contents in the stack as follows:
“ntd11_77cc0000!NtAllocateVirtualMemory
ntd11_77cc0000!RtlCreateHeap+0x36d
ntd11_77cc0000!RtlDebugCreateHeap+0x21f
ntd11_77cc0000!RtlCreatHeap+0x62a8e
KERNELBASE!HeapCreat+0x45
msvcrt!_heap_init+0x1b
msvcrt!_core_crt_dll_init+0xd0
msvcrt!_CRTDLL_INIT+0x13
ntd11_77cc0000!LdrxCallInitRoutine+0x16
ntd11_77cc0000!LdrpCallInitRoutine+0x7f
ntd11_77cc0000!LdrpInitializeNode+0x10e
ntd11_77cc0000!LdrpInitializeGraphRecurse+0x5d
ntd11_77cc0000!LdrpInitializeGraphRecurse+0x7c
ntd11_77cc0000!LdrpInitializeGraphRecurse+0x7c
ntd11_77cc0000!LdrpPrepareModuleForExecution+0x8f
ntd11_77cc0000!LdrpLoadDllInternal+0x128
ntd11_77cc0000!LdrpLoadDll+0xa2
ntd11_77cc0000!LdrLoadDll+0x7e
KERNELBASE!LoadLibraryExW+0x144
KERNELBASE!LoadLibraryW+0x11”
under the Windows10 system, the loading process of the entity-free loading code corresponds to the recorded contents in the stack as follows:
“ntd11_77cc0000!NtAllocateVirtualMemory
KERNELBASE!VirtualAlloc+0x41
LoaderTest!wmain+0x34
LoaderTest!__tmainCRTStartup+0x1a8
LoaderTest!wmainCRTStartup+0xf
KERNEL32!BaseThreadInitThunk+0x24
ntd11_77cc0000!__RtlUserThreadstart+0x2f
ntd11_77cc0000!_RtlUserThreadstart+0x1b”
where ntdll _77cc000, KERNELBASE, msvcrt, KERNEL32 represent the system space, LoaderTest represents the user space, exclamation Point! The latter content indicates the address of a function in the corresponding space, i.e. a function can be uniquely indicated by this address. The function call sequence of the standard loading process and the loading process of the entity-free loading code of the Windows10 system can be respectively determined from the function address sequence recorded in the two specific stacks. It can be seen that the standard loading process and the loading process of the code without entity of the Windows10 system are different. Therefore, whether the process is a process of loading code without entity can be determined by analyzing the loading process of the code, namely, if the loading process is different from the standard loading process of the Windows10 system, the loading process is determined as the process of loading code without entity.
In order to detect the code loaded in the way of loading code without entity, if the first loading process is different from the standard loading process corresponding to the system, step 103 is executed; if the first loading process is the same as the standard loading process corresponding to the system, the process is a normal loading process, and the process is ended.
Step 103, if the first loading process is different from the standard loading process corresponding to the system, recording the address of the first memory, and performing virus detection on the first code to obtain a first detection result.
In one example, after recording the address of the first memory, the method may further include: outputting prompt information for prompting the suspicious code, wherein the prompt information comprises: the address of the first memory. Therefore, the first code can be terminated or the memory can be released in advance by manpower while virus detection is carried out, so that the safety of the equipment is improved.
For the first detection result, if the first detection result is that the first code is a malicious code, step 104 is executed. If the first detection result is a non-malicious code, the process is ended.
And 104, terminating the execution of the first code, and deleting the first code stored in the first memory according to the recorded address of the first memory.
It should be noted that steps 102-104 are performed after the first code is copied to the first memory, for example, steps 102-104 are typically performed after the system calls the VirtualProtect function for the first memory. However, after the system allocates the first memory with the executable right, the first code may not be stored in the first memory in time, so that after it is determined that the first memory has the executable right, there may be a case that the first code cannot be acquired, and at this time, the first code in the first memory is defaulted to be non-malicious code, that is, the steps 102 to 104 are not performed, and the process is directly ended. For example, after the system calls the VirtualProtect function for the first memory, if no code is stored in the first memory within a preset time period, the code in the first memory is defaulted to be a non-malicious code, and the process is ended.
By using the code detection method provided by the embodiment of the invention, after the system is determined to be allocated with the memory with the executable authority, the current loading mode can be judged according to the loading process, and generally, if the system loads the code without the entity, the loading process of the code is different from the standard loading process corresponding to the system, so that if the current loading process is different from the standard loading process corresponding to the system, the current loading mode can be determined as loading without the entity, the code loaded in the mode of loading the code without the entity can be detected, and when the code is detected to be a malicious code, the code is stopped to be executed, thereby reducing the security risk of equipment supporting the mode of loading the code without the entity.
Fig. 2 is a flowchart illustrating another code detection method according to an embodiment of the present invention. The code detection method can be applied to electronic equipment.
As shown in fig. 2, the code detection method of the present embodiment may include:
step 201, when it is monitored that the system allocates the first memory, determining whether the first memory has an executable right.
If the first memory has an executable attribute, go to step 202; if the first memory has no executable attribute from allocation to release, the process ends.
In one example, the system calls the VirtualAlloc function when allocating the memory, and thus when the system calls the VirtualAlloc function, it is determined that the system allocates the memory. And if the memory attribute comprises any one of PAGE _ EXECUTE, PAGE _ EXECUTE _ READ, PAGE _ EXECUTE _ READWRITE, PAGE _ EXECUTE _ write copy, determining that the memory has the executable authority, otherwise, determining that the memory does not have the executable authority.
In one example, when the system calls the VirtualAlloc function to allocate the memory, the allocated memory may not have the executable right, but the system may modify the executable right of the memory by calling the VirtualProtect function after calling the VirtualAlloc function, that is, the executable right of the memory is modified from having no right to having right. That is to say, after detecting that the system calls the VirtualAlloc function, if the current memory does not have the executable right, the memory needs to be detected, if the VirtualProtect function that is common to the system and is specific to the memory is detected, it is determined again that the memory attribute includes any one of PAGE _ EXECUTE, PAGE _ EXECUTE _ READ, PAGE _ EXECUTE _ READWRITE, PAGE _ EXECUTE _ write copy, and if not, it is determined that the memory does not have the executable right.
Step 202, a first loading process of a first code stored in the first memory is analyzed.
In one example, step 202 may specifically include: analyzing a stack corresponding to the first loading process; if the recorded function calling sequence in the stack is the same as the standard function calling sequence when the code corresponding to the system is loaded, determining that the first loading process is the same as the standard loading process when the code corresponding to the system is loaded; and if the recorded function calling sequence in the stack is different from the standard function calling sequence when the code corresponding to the system is loaded, determining that the first loading process is different from the standard loading process corresponding to the system.
It should be noted that, generally, if the code is loaded without an entity, the loading process of the code is different from the standard loading process corresponding to the system, and the function call sequence recorded in the stack corresponding to the code loading process can well reflect the loading process of the code, so that the function call sequence recorded in the stack corresponding to the first loading process is different from the standard function call sequence when the code corresponding to the system is loaded, it can be determined that the first loading process is different from the standard loading process corresponding to the system, and it is determined that the first loading process is a process of loading the code without an entity.
It should be further noted that the standard loading processes corresponding to different systems may be different, but the standard loading processes corresponding to different systems can be obtained by analyzing the systems, and the analysis process may adopt the prior art, and is not described herein again.
In order to detect the code loaded in a manner of loading code without entity in time, if the first loading process is different from the standard loading process corresponding to the system, step 203 is executed; if the first loading process is the same as the standard loading process corresponding to the system, the first loading process is a normal loading process, and the process is ended.
Step 203, if the first loading process is different from the standard loading process corresponding to the system, determining whether the white list includes the authentication information in the first code.
If the white list includes the authentication information in the first code, which indicates that the code is detected and determined to be a non-malicious code, the process may be ended; if the white list does not include the authentication information in the first code, the code is identified as malicious or undetected, so step 204 is performed.
Step 204, recording the address of the first memory, and performing virus detection on the first code to obtain a first detection result.
In one example, after recording the address of the first memory, the method may further include: outputting prompt information for prompting the suspicious code, wherein the prompt information comprises: an address of the first memory. Therefore, the first code can be terminated or the memory can be released in advance by manpower while virus detection is carried out, so that the safety of the equipment is improved.
For the first detection result, if the first detection result is that the first code is a malicious code, step 205 is executed. If the first detection result is non-malicious code, step 206 is executed.
Step 205, terminate the execution of the first code, and delete the first code stored in the first memory according to the recorded address of the first memory.
Step 206, add the authentication information in the first code to the white list.
It should be noted that steps 202-206 are performed after the second code is copied to the second memory, for example, steps 202-206 are typically performed after the system calls the VirtualProtect function to the second memory. However, after the system allocates the second memory with the executable authority, the second code may not be stored in the second memory in time, so that after it is determined that the second memory has the executable authority, there may be a case that the second code cannot be acquired, at this time, the second code in the second memory is defaulted to be non-malicious code, that is, the steps 202 to 206 are not performed, and the process is directly ended. For example, after the system calls the VirtualProtect function for the second memory, within the preset time length, no code is stored in the second memory, and the code in the second memory is defaulted to be a non-malicious code, and the process is ended.
By using the code detection method provided by the embodiment of the invention, after the system is determined to be allocated with the memory with the executable authority, the current loading mode can be judged according to the loading process, and generally, if the system loads the code without the entity, the loading process of the code is different from the standard loading process corresponding to the system, so that if the current loading process is different from the standard loading process corresponding to the system, the current loading mode can be determined as loading without the entity, the code loaded in the mode of loading the code without the entity can be detected, and when the code is detected to be a malicious code, the code is stopped to be executed, thereby reducing the security risk of equipment supporting the mode of loading the code without the entity.
Fig. 3 is a flowchart illustrating another code detection method according to an embodiment of the present invention. The code detection method can be applied to electronic equipment.
As shown in fig. 3, the code detection method of the present embodiment may include:
step 301, when it is monitored that the system is ready to release the second memory, determining whether the second memory has an executable right.
The second memory is any memory allocated by the system.
Based on this, if the second memory does not have the executable right, go to step 302; if the second memory has the executable right, go to step 303.
In one example, the system calls the VirtualFree function when it is ready to release memory, so when it is detected that the system calls the VirtualFree function for the second memory, it is determined that the system is ready to release the second memory.
Step 302, releasing the second memory.
Step 303, determine whether the address of the second memory is recorded.
If the address of the second memory is recorded, which indicates that the second code stored in the second memory is detected, and the second memory is directly released, step 302 is executed; if the address of the second memory is not recorded, which indicates that the second code stored in the second memory is detected and needs to be detected, step 304 is executed.
Step 304, recording the address of the second memory, and performing virus detection on the second code stored in the second memory to obtain a detection result.
After step 304 is performed, step 302 is performed.
It should be noted that, after the system allocates the memory with the executable right, the code may not be stored in the memory in time, and therefore, after it is determined that the memory has the executable right, there may be a case that the code cannot be acquired, and at this time, the code in the memory is a non-malicious code by default. However, after that, there may be codes stored in the memory, and these codes are not detected, so a mechanism for performing supplementary detection on the codes is needed, that is, the method shown in fig. 3. The method shown in fig. 3 may be used in combination with the method shown in fig. 1 or fig. 2.
Fig. 4 is a schematic structural diagram of a code detection apparatus according to an embodiment of the present invention. The apparatus may be applied to an electronic device.
As shown in fig. 4, the apparatus of the present embodiment may include: determination section 401, analysis section 402, detection section 403, and termination section 404.
The determining unit 401 is configured to determine whether the first memory has an executable right when it is monitored that the system allocates the first memory.
The analysis unit 402 is configured to analyze a first loading process of a first code stored in a first memory if the first memory has an executable right.
The detecting unit 403 is configured to record an address of the first memory if the first loading process is different from a standard loading process corresponding to the system, and perform virus detection on the first code to obtain a first detection result.
The terminating unit 404 is configured to terminate executing the first code if the first detection result indicates that the first code is a malicious code, and delete the first code stored in the first memory according to the recorded address of the first memory.
Preferably, the analysis unit 402 is specifically configured to analyze a stack corresponding to the first loading process; if the recorded function calling sequence in the stack is the same as the standard function calling sequence when the code corresponding to the system is loaded, determining that the first loading process is the same as the standard loading process corresponding to the system; and if the recorded function calling sequence in the stack is different from the standard function calling sequence when the code corresponding to the system is loaded, determining that the first loading process is different from the standard loading process corresponding to the system.
Preferably, as shown in fig. 5, the apparatus further comprises: an adding unit 405. The adding unit 405 is configured to add the authentication information in the first code to the white list if the first detection result is that the first code is a non-malicious code.
Preferably, the detecting unit 403 is specifically configured to record an address of the first memory and perform virus detection on the first code to obtain a first detection result, if the first loading process is different from a standard loading process corresponding to the system and the white list does not include the authentication information in the first code.
Preferably, as shown in fig. 6, the apparatus may further include: releasing the unit 406. Correspondingly, the determining unit 401 is further configured to determine whether the second memory has the executable right when it is monitored that the system is ready to release the second memory. The releasing unit 406 is configured to release the second memory if the second memory does not have the executable right. The determining unit 401 is further configured to determine whether to record an address of the second memory if the second memory has an executable right. The releasing unit 406 is further configured to release the second memory if the address of the second memory is recorded. The detecting unit 403 is further configured to, if the address of the second memory is not recorded, record the address of the second memory before releasing the second memory, and perform virus detection on the second code stored in the second memory to obtain a detection result.
Preferably, as shown in fig. 7, the apparatus further comprises: an output unit 407. The output unit 407 is configured to output a prompt message for prompting the suspicious code after recording the address of the first memory, where the prompt message includes: an address of the first memory.
The code detection device provided by the embodiment of the invention can judge the current loading mode according to the loading process after determining that the system allocates the memory with the executable authority, and generally, if the system loads the code without an entity, the loading process of the code is different from the standard loading process corresponding to the system, so that if the current loading process is different from the standard loading process corresponding to the system, the current loading mode can be determined as loading without an entity, the code loaded in the mode of loading the code without an entity can be detected, and when the code is detected to be a malicious code, the code is stopped to be executed, thereby reducing the safety risk of equipment supporting the mode of loading the code without an entity.
The embodiment of the invention also provides the electronic equipment. Fig. 8 is a schematic structural diagram of an embodiment of an electronic device of the present invention, which may implement the processes of the embodiments shown in fig. 1, fig. 2, or fig. 3 of the present invention, and as shown in fig. 8, the electronic device may include: a housing 81, a processor 82, a memory 83, a circuit board 84, and a power supply circuit 85, wherein the circuit board 84 is disposed inside a space surrounded by the housing 81, and the processor 82 and the memory 83 are provided on the circuit board 84; a power supply circuit 85 for supplying power to each circuit or device of the electronic apparatus; the memory 83 is used for storing executable program codes; the processor 82 runs a program corresponding to the executable program code by reading the executable program code stored in the memory 83, and is configured to perform the code detection method according to any of the foregoing embodiments.
The electronic device exists in a variety of forms, including but not limited to:
(1) a mobile communication device: such devices are characterized by mobile communications capabilities and are primarily targeted at providing voice and data communications. Such terminals include: smart phones (e.g., iphones), multimedia phones, functional phones, and low-end phones, among others.
(2) Ultra mobile personal computer device: the equipment belongs to the category of personal computers, has calculation and processing functions and generally has mobile internet access characteristics. Such terminals include: PDA, MID, and UMPC devices, etc., such as ipads.
(3) A portable entertainment device: such devices may display and play multimedia content. This kind of equipment includes: audio, video playing modules (e.g., ipods), handheld game consoles, electronic books, and smart toys and portable car navigation devices.
(4) A server: the device for providing the computing service comprises a processor, a hard disk, a memory, a system bus and the like, and the server is similar to a general computer architecture, but has higher requirements on processing capacity, stability, reliability, safety, expandability, manageability and the like because of the need of providing high-reliability service.
(5) And other electronic equipment with a data interaction function.
Embodiments of the present invention provide a computer-readable storage medium, which stores one or more programs, where the one or more programs are executable by one or more processors to implement a code detection method as described in any of the foregoing embodiments.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and reference may be made to the partial description of the method embodiment for relevant points.
For convenience of description, the above devices are described separately in terms of functional division into various units/modules. Of course, the functionality of the units/modules may be implemented in one or more software and/or hardware implementations of the invention.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.