CN108970122A - Prevent plug-in method, apparatus, terminal and storage medium - Google Patents
Prevent plug-in method, apparatus, terminal and storage medium Download PDFInfo
- Publication number
- CN108970122A CN108970122A CN201810689257.0A CN201810689257A CN108970122A CN 108970122 A CN108970122 A CN 108970122A CN 201810689257 A CN201810689257 A CN 201810689257A CN 108970122 A CN108970122 A CN 108970122A
- Authority
- CN
- China
- Prior art keywords
- address
- verification
- function
- destination application
- check results
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- A—HUMAN NECESSITIES
- A63—SPORTS; GAMES; AMUSEMENTS
- A63F—CARD, BOARD, OR ROULETTE GAMES; INDOOR GAMES USING SMALL MOVING PLAYING BODIES; VIDEO GAMES; GAMES NOT OTHERWISE PROVIDED FOR
- A63F13/00—Video games, i.e. games using an electronically generated display having two or more dimensions
- A63F13/70—Game security or game management aspects
- A63F13/75—Enforcing rules, e.g. detecting foul play or generating lists of cheating players
-
- A—HUMAN NECESSITIES
- A63—SPORTS; GAMES; AMUSEMENTS
- A63F—CARD, BOARD, OR ROULETTE GAMES; INDOOR GAMES USING SMALL MOVING PLAYING BODIES; VIDEO GAMES; GAMES NOT OTHERWISE PROVIDED FOR
- A63F2300/00—Features of games using an electronically generated display having two or more dimensions, e.g. on a television screen, showing representations related to the game
- A63F2300/50—Features of games using an electronically generated display having two or more dimensions, e.g. on a television screen, showing representations related to the game characterized by details of game servers
- A63F2300/55—Details of game data or player data management
- A63F2300/5586—Details of game data or player data management for enforcing rights or rules, e.g. to prevent foul play
Landscapes
- Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Business, Economics & Management (AREA)
- Computer Security & Cryptography (AREA)
- General Business, Economics & Management (AREA)
- Stored Programmes (AREA)
Abstract
Plug-in method, apparatus, terminal and storage medium are prevented the invention discloses a kind of, belongs to Internet technical field.The described method includes: when receiving checking command, terminal obtains target string, the target string is written in the first address, which is the character string verified after function conversion, and the verification function is for whether there is program breakpoint in verification object application program;The target string is converted to the verification function by terminal;By the verification function, which is verified, check results are obtained;When determining that there are when program breakpoint in the destination application based on the check results, interrupt the destination application, to ensure that the destination application can operate normally, in the destination application in the case where being tampered, pass through terminal operating, the possibility for preventing the destination application to hang by over, ensure that the safety of destination application.
Description
Technical field
The present invention relates to Internet technical fields, in particular to a kind of that plug-in method, apparatus, terminal and storage is prevented to be situated between
Matter.
Background technique
With the development of network technology, game application is increasingly popularized, and in many game applications, user can lead to
The mode hung over crossing, is that oneself game object in gaming increases some privileges, for example, in game, not over swim when hanging
It is only 1 meter that object of playing, which steps the length of a step, over when hanging, game object steps the length of a step up to 100 meters, it is clear that over hang
Mode seriously affected the fairness of game.
In this field, generally by way of preventing debugging, the plug-in personnel that prevent from looking on the bright side of things are answered by plug-in dynamic analysis
It with program, that is to say, whether terminal detection debugger port is called, to prevent this by calling debugger port mode from answering
Use program.However, in the related technology, generally in such a way that program breakpoint is set over hang, that is to say, terminal is based on applying journey
One section of program code that needs in sequence are modified, the write break point characteristic value in the corresponding memory address of this section of program, from forming
Program breakpoint is arranged in the application program in function.When terminal starts the application program, this runs to the target program section, stops fortune
Row, over hang personnel can analyze at this modification the application program.Obviously, the above-mentioned mode for preventing debugging, is only capable of examining
Whether extension personnel pass through debugger port and debug to application program over measuring, and can not detect the journey in application program
Sequence breakpoint.Therefore, need at present it is a kind of prevent plug-in method, in a manner of preventing from through write break point characteristic value over hang.
Summary of the invention
Plug-in method, apparatus, terminal and storage medium are prevented the embodiment of the invention provides a kind of, can solve correlation
The problem of hanging over by way of write break point characteristic value cannot be prevented in technology.The technical solution is as follows:
On the one hand, providing a kind of prevents plug-in method, which comprises
When receiving checking command, target string is obtained, the target string is written in the first address, it is described
Target string is the character string verified after function conversion, and the verification function in verification object application program for whether there is
Program breakpoint;
The target string is converted into the verification function;
By the verification function, the destination application is verified, check results are obtained;
When determining that there are the mesh that when program breakpoint, interrupts in the destination application based on the check results
Mark application program.
Optionally, the triggered time of the checking command is any time, and first address is any in the terminal
Size is the corresponding address of memory space of preset threshold, and the numerical value of the preset threshold is deposited not less than shared by the verification function
Store up the size in space.
Optionally, the acquisition target string, before the target string is written in the first address, the method
Further include:
According to the size of the target string, the first address is distributed for the target string, first address
Storage size is not less than the size of the target string.
Optionally, the verification function is that filling data Shellcode verifies function, described to obtain the target string
Before, the method also includes:
It constructs Shellcode and verifies function, the Shellcode verification function is used for by adjusting back default checking algorithm pair
The destination application is verified;
Shellcode verification function is converted into the target string, the target string is encrypted
Processing.
Optionally, after the building Shellcode verification function, the method also includes:
Second address, call back function and third address are written in the Shellcode verification function, second address
For the storage address of the destination application, the third address is the storage address of the default checking algorithm;
In Shellcode verification function after write, by call back function, it is based on second address, described in calling
Default checking algorithm;
By the default checking algorithm, the destination application is verified, obtains initial check results.
Optionally, described that the destination application is verified by the verification function, obtain check results it
Before, the method also includes:
According to the second address, call back function and third address, building verification structural body, second address is the target
The storage address of application program, the third address are the storage address of default checking algorithm;
The verification structural body is written in the verification function.
Optionally, described based on the process that is verified of verification function that the verification structural body is written are as follows: by described the
Parameter of three addresses as the call back function calls the default checking algorithm, by described pre- by the call back function
If checking algorithm verifies the destination application, the check results are obtained.
Optionally, described that the destination application is verified by the verification function, obtain check results packet
It includes:
By obtaining multiple blocks of the destination application from function is realized;
Traverse out multiple target blocks to be verified in the multiple block;
By the verification function, the multiple target block is verified, obtains the check results of each block.
Optionally, described that the destination application is verified by the verification function, obtain check results it
Afterwards, the method also includes:
When the check results and the initial check results of the destination application mismatch, determine that the target is answered
With, there are program breakpoint, the initial check results are to verify to the destination application there is no program breakpoint in program
Result;
When the check results are matched with the initial check results, determine that there is no journeys in the destination application
Sequence breakpoint.
Optionally, described that the destination application is verified by the verification function, obtain check results it
Afterwards, the method also includes:
The check results are sent to server;
The verification function is deleted, first address is discharged.
On the one hand, provide it is a kind of prevent plug-in device, described device includes:
Module is obtained, for when receiving checking command, obtains target string, by target string write-in the
In one address, the target string is the character string verified after function conversion, and the verification function is used for verification object application
It whether there is program breakpoint in program;
Conversion module, for the target string to be converted to the verification function;
Correction verification module obtains verification knot for being verified to the destination application by the verification function
Fruit;
Interrupt module, for determining in the destination application when based on the check results there are when program breakpoint,
Interrupt the destination application.
Optionally, the triggered time of the checking command is any time, and first address is any in the terminal
Size is the corresponding address of memory space of preset threshold, and the numerical value of the preset threshold is deposited not less than shared by the verification function
Store up the size in space.
Optionally, described device further include:
Distribution module distributes the first address, institute for the size according to the target string for the target string
The storage size for stating the first address is not less than the size of the target string.
Optionally, the verification function is that filling data Shellcode verifies function, described device further include:
First building module, for constructing Shellcode verification function, the Shellcode verification function is for passing through
Default checking algorithm is adjusted back to verify the destination application;
Conversion module, for Shellcode verification function to be converted to the target string, to the target word
Symbol string is encrypted.
Optionally, described device further include:
Calling module verifies function for the Shellcode to be written in the second address, call back function and third address
In, second address is the storage address of the destination application, and the third address is the default checking algorithm
Storage address;In Shellcode verification function after write, by call back function, it is based on second address, described in calling
Default checking algorithm;
Correction verification module obtains initial for being verified to the destination application by the default checking algorithm
Check results.
Optionally, described device further include:
Second building module, for according to the second address, call back function and third address, building verification structural body to be described
Second address is the storage address of the destination application, and the third address is the storage address of default checking algorithm;
Writing module, for the verification structural body to be written in the verification function.
Optionally, described based on the process that is verified of verification function that the verification structural body is written are as follows: by described the
Parameter of three addresses as the call back function calls the default checking algorithm, by described pre- by the call back function
If checking algorithm verifies the destination application, the check results are obtained.
Optionally, the correction verification module, comprising:
Acquiring unit, for by obtaining multiple blocks of the destination application from function is realized;
Traversal Unit, for traversing out multiple target blocks to be verified in the multiple block;
Verification unit, for being verified to the multiple target block, obtaining each block by the verification function
Check results.
Optionally, described device further include:
Determining module, for when the initial check results of the check results and the destination application mismatch,
Determine that, there are program breakpoint in the destination application, the initial check results are to answer the target there is no program breakpoint
The result verified with program;
The determining module is also used to determine the mesh when the check results are matched with the initial check results
It marks and program breakpoint is not present in application program.
Optionally, described device further include:
Sending module, for sending the check results to server;
Removing module discharges first address for deleting the verification function.
On the one hand, provide a kind of terminal, the terminal includes processor and memory, be stored in the memory to
A few instruction, described instruction are loaded as the processor and are executed to realize as above-mentioned prevents behaviour performed by plug-in method
Make.
On the one hand, a kind of computer readable storage medium is provided, at least one instruction is stored in the storage medium,
Described instruction is loaded as processor and is executed to realize as above-mentioned prevents operation performed by plug-in method.
Technical solution provided in an embodiment of the present invention has the benefit that
By the way that when receiving checking command, terminal obtains target string, which is written into the first address
In, which is the character string verified after function conversion, the verification function in verification object application program whether
There are program breakpoints;The target string is converted to the verification function by terminal;By the verification function, to the target application journey
Sequence is verified, and check results are obtained;It determines in the destination application when based on the check results there are when program breakpoint, in
The disconnected destination application that runs exists to ensure that the destination application can be operated normally in the destination application
In the case where being tampered, pass through terminal operating, it is therefore prevented that the possibility that the destination application is hung by over ensure that target application
The safety of program.
Also, by the process for carrying out dynamic check based on the verification function, so that verification is all to carry out at random every time, lead to
Target string is crossed, ensure that verification function cannot be distorted arbitrarily;When determining the destination application based on the check results
In there are the destination application that when program breakpoint, interrupts, further ensure destination application safety and can
By property.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for
For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other
Attached drawing.
Fig. 1 is provided in an embodiment of the present invention a kind of to prevent plug-in method flow diagram;
Fig. 2 is provided in an embodiment of the present invention a kind of to prevent plug-in method flow diagram;
Fig. 3 is a kind of schematic diagram of target string provided in an embodiment of the present invention;
Fig. 4 is a kind of schematic diagram of encrypted target string provided in an embodiment of the present invention;
Fig. 5 is a kind of structural schematic diagram for preventing plug-in device provided in an embodiment of the present invention;
Fig. 6 is a kind of structural schematic diagram of terminal provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are some of the embodiments of the present invention, instead of all the embodiments.Based on this hair
Embodiment in bright, every other implementation obtained by those of ordinary skill in the art without making creative efforts
Example, shall fall within the protection scope of the present invention.
Fig. 1 is provided in an embodiment of the present invention a kind of to prevent plug-in method flow diagram.The execution master of the inventive embodiments
Body is terminal, referring to Fig. 1, this method comprises:
101, when receiving checking command, target string is obtained, which is written in the first address.
Wherein, which is the character string verified after function conversion, which is used for verification object application
It whether there is program breakpoint in program;
102, the target string is converted into the verification function;
103, by the verification function, which is verified, check results are obtained;
104, when determining that there are the targets that when program breakpoint, interrupts in the destination application based on the check results
Application program.
Optionally, the triggered time of the checking command is any time, which is that any size is in the terminal
The numerical value of the corresponding address of the memory space of preset threshold, the preset threshold is big not less than memory space shared by the verification function
It is small.
Optionally, the acquisition target string, before which is written in the first address, this method is also wrapped
It includes:
According to the size of the target string, the first address is distributed for the target string, the storage of first address is empty
Between size be not less than the target string size.
Optionally, which is to fill data Shellcode verification function, before the acquisition target string,
This method further include:
It constructs Shellcode and verifies function, which verifies function and be used for by adjusting back default checking algorithm to this
Destination application is verified;
Shellcode verification function is converted into the target string, which is encrypted.
Optionally, after building Shellcode verifies function, this method further include:
Second address, call back function and third address are written in Shellcode verification function, which is should
The storage address of destination application, the third address are the storage address of the default checking algorithm;
In Shellcode verification function after write, by call back function, it is based on second address, calls this default
Checking algorithm;
Checking algorithm is preset by this, which is verified, obtains initial check results.
Optionally, the destination application should be verified by the verification function, it, should before obtaining check results
Method further include:
According to the second address, call back function and third address, building verification structural body, which is the target application
The storage address of program, the third address are the storage address of default checking algorithm;
The verification structural body is written in the verification function.
Optionally, the process that should be verified based on the verification function that the verification structural body is written are as follows: by the third address
As the parameter of the call back function, by the call back function, the default checking algorithm is called, checking algorithm is preset to this by this
Destination application is verified, and the check results are obtained.
Optionally, the destination application should be verified, obtaining check results includes: by the verification function
By obtaining multiple blocks of the destination application from function is realized;
Traverse out multiple target blocks to be verified in multiple block;
By the verification function, multiple target block is verified, obtains the check results of each block.
Optionally, the destination application should be verified by the verification function, it, should after obtaining check results
Method further include:
When the check results and the initial check results of the destination application mismatch, the destination application is determined
In there are program breakpoint, which is the result verified to the destination application there is no program breakpoint;
When the check results are matched with the initial check results, determine that there is no programs to break in the destination application
Point.
Optionally, the destination application should be verified by the verification function, it, should after obtaining check results
Method further include:
The check results are sent to server;
The verification function is deleted, first address is discharged.
In the embodiment of the present invention, when receiving checking command, terminal obtains target string, which is write
Enter in the first address, which is the character string verified after function conversion, which is used for verification object application
It whether there is program breakpoint in program;The target string is converted to the verification function by terminal;By the verification function, to this
Destination application is verified, and check results are obtained;When determining that there are journeys in the destination application based on the check results
When sequence breakpoint, interrupt the destination application, to ensure that the destination application can operate normally, in the target
Application program passes through terminal operating in the case where being tampered, it is therefore prevented that the possibility that the destination application is hung by over guarantees
The safety of destination application.
Also, by the process for carrying out dynamic check based on the verification function, so that verification is all to carry out at random every time, lead to
Target string is crossed, ensure that verification function cannot be distorted arbitrarily;When determining the destination application based on the check results
In there are the destination application that when program breakpoint, interrupts, further ensure destination application safety and can
By property.
Fig. 2 is provided in an embodiment of the present invention a kind of to prevent plug-in method flow diagram.The execution master of the inventive embodiments
Body is terminal, referring to fig. 2, this method comprises:
201, when receiving checking command, terminal is distributed according to the size of the target string for the target string
First address.
Wherein, the storage size of first address is not less than the size of the target string, which is
Character string after verifying function conversion, the verification function is for whether there is program breakpoint in verification object application program;Wherein,
The target string can also be to be converted by verification function and pass through the encrypted character string of predetermined encryption algorithm.The present invention is real
It applies in example, when terminal receives checking command, which can be based on preset threshold, distribute the preset threshold for verification function
The memory space of size, and obtain the first address of the memory space of the preset threshold size.Wherein, the numerical value of the preset threshold
Not less than the size of memory space shared by the verification function.
Wherein, the triggered time of the checking command is any time.It that is to say, which can be by terminal any
Time is triggered.First address is the corresponding address of memory space that any size is preset threshold in the terminal, namely
It is that terminal is that the verification function is randomly assigned an address.In a kind of possible embodiment, which can be had previously been based on
The preset threshold is set the size not less than memory space shared by the verification function by the size of verification function ready for use,
When getting verification function in order to subsequent terminal, which can be written to first address.
Wherein, the preset threshold, the predetermined encryption algorithm can be based on needing to be configured, and the embodiment of the present invention is pre- to this
If threshold value is simultaneously not specifically limited.For example, the predetermined encryption algorithm can be AES (Advanced Encryption
Standard, Advanced Encryption Standard) Encryption Algorithm.
Further, which the storage attribute of first address can be arranged are as follows: and it can be performed, can be read, is writable,
So that first address has code segment attribute, terminal can be decrypted the target string, after the decryption
First address is written in target string, and is the verification function converted by target string by the first address unsteady state operation
Storage address, so as to execute the verification function in first address.
Wherein, which can be forced first address by forcing Transformation Program to convert first address
Be converted to the storage address of verification function.The unsteady state operation program be it is any can force be by first address conversion verification letter
The program of several storage address, the embodiment of the present invention is to the unsteady state operation program and is not specifically limited.For example, the unsteady state operation
Program can be such that
Pfn_CheckSection pCS=
(pfn_CheckSection)DecryptShellCode();
It should be noted that since the triggered time of the checking command is set any time by terminal, the terminal
Can destination application is verified with not timing, prevent verification of the plug-in personnel to the destination application of looking on the bright side of things
Journey is modified, and has further ensured the safety of the destination application.
202, terminal obtains target string, which is written in first address.
In the embodiment of the present invention, terminal stores the verification function in the form of character string, which is based on the target character
The storage address of string obtains the target string, and the target string is copied to the corresponding memory space in the first address
In.In a kind of possible embodiment, which is encrypted character string, which can also be close by decrypting
The target string is decrypted in key, and the target string after decryption is stored to the corresponding memory space in the first address
In.
It should be noted that the verification function can be Shellcode (filling data) verification letter in the embodiment of the present invention
Number, terminal can have previously been based on Shellcode verification function, generate the target string before obtaining target string, should
Process can be with are as follows: terminal constructs Shellcode and verifies function, and Shellcode verification function is converted to target string, right
The target string is encrypted.Wherein, which verifies function and is used for by adjusting back default checking algorithm to this
Destination application is verified.
Wherein, which can verify the storage address of function according to write-in Shellcode, since initial address,
Shellcode verification function is traversed, until traversing end address, generates the corresponding target of Shellcode verification function
Character string, the target string can be the character data of machine code form.
Wherein, which can be encrypted the target string by predetermined encryption algorithm.The terminal may be used also
Encrypted target string is converted to global character list.Wherein, which can be based on needing to carry out
Setting, the present invention is not especially limit this.For example, the predetermined encryption algorithm can be AES (Advanced
Encryption Standard, Advanced Encryption Standard) Encryption Algorithm.
Further, which can also be the verification function converted by target string by the first address unsteady state operation
Storage address, so as to execute the verification function in first address.
As shown in figure 3, the target string can be hexadecimal data, progress is encrypted to become as shown in Figure 4
Hexadecimal data.Obviously, before relative to encryption, encrypted hexadecimal data is the data after upsetting, thus into
One step ensure that the safety of verification function.
It should be noted that since encrypted target string is converted to global character list, after that is to say encryption
Shellcode machine code, which is stored in the form of global variable, is not stored at executable code
In block, so even if the plug-in personnel that look on the bright side of things by static analysis tools come analytic function list, can not also find
Shellcode verifies function.Also, since the form of global variable is the character lists of dispersion, so the plug-in personnel that look on the bright side of things
Shellcode verification function can not be also found by character string list.Simultaneously as encrypted by AES encryption algorithm, it should
Encrypted Shellcode verification function call size and content all have changed, and are a verification functions it is even more impossible to allow people to associate this,
To protect the safety and tightness of Shellcode verification function layer by layer, further prevent plug-in.
When further, due to executing checking procedure every time, terminal all can dynamic random distribute an address, to guarantee
The address of verification function is all random every time, and only a step enhances the concealment of verification function, ensure that destination application
Safety.
In the embodiment of the present invention, terminal can construct Shellcode verification function when generating application program, thus
Function can be verified based on the Shellcode, obtain initial check results, since the initial check results are just to generate to apply journey
Check results when sequence are the corresponding check results of destination application there is no program breakpoint.Therefore, in order to subsequent base
In the initial check results, judge whether current check results are correct.Wherein, terminal building Shellcode verification function it
Afterwards, which is based on the Shellcode and verifies function, and the process for obtaining initial check results can be with are as follows: terminal by the second address,
Call back function and third address are written in Shellcode verification function;Wherein, which is the destination application
Storage address, the third address are the storage address of default checking algorithm.The Shellcode of terminal after write verifies function
In, by call back function, it is based on second address, calls the default checking algorithm;Checking algorithm is preset by this, to the target
Application program is verified, and initial check results are obtained.
Wherein, the step in Shellcode verification function is written in the second address, call back function and third address by terminal
It can be with are as follows: terminal is according to second address, the call back function and the third address, building verification structural body, by the verification structure
Body is written in Shellcode verification function.
203, the target string is converted to the verification function by terminal.
In this step, after terminal obtains the target string, in the corresponding memory space in the first address, force the mesh
Mark character string is converted to Shellcode verification function, and Shellcode verification function is actually one interim
Shellcode verifies function.
204, terminal verifies the destination application, obtains check results by the verification function.
In this step, which may include in multiple blocks, and terminal can be obtained by from function is realized
Multiple blocks of the destination application, terminal traverse out multiple target blocks to be verified in multiple block, pass through the school
Function is tested, multiple target block is verified, obtains the check results of each block.Wherein, the target area to be verified
Block can be can be performed, can be read in multiple block, writable and not droppable block.
Further, which stores the check results into check list, and the check list is for storing multiple mesh
Mark the check results of block verification.
It should be noted that in multiple blocks that destination application includes, some not executable or unreadable
In the block write, look on the bright side of things plug-in personnel can not write-in program breakpoint, therefore, terminal can only obtain target block and carry out school
It tests, to save memory space shared by checking procedure, improves the efficiency of verification.
In a kind of possible embodiment, terminal can be by default checking algorithm ready for use and checking procedure institute
The parameter needed, is passed in the verification function in the form of structural body and is verified, which can be with are as follows: terminal is according to the verification letter
Before number is verified, for the terminal according to second address, the call back function and the third address, building verification structural body should
Second address is the storage address of the destination application, which is the storage address of default checking algorithm;By the school
Structural body is tested to be written in the verification function.
Wherein, which that is to say terminal base to the process that the destination application is verified by the verification function
In the process that the verification function that the verification structural body is written is verified.The process can be with are as follows: terminal using the third address as
The parameter of the call back function calls the default checking algorithm, presets checking algorithm to the target by this by the call back function
Application program is verified, and the check results are obtained.
Wherein, the quantity of the default checking algorithm can have one, can also be by multiple, which can be
CRC (Cyclic Redundancy Check, cyclic redundancy check) algorithm, or MD5 (Message-Digest
Algorithm 5, Message Digest 5 version 5), the embodiment of the present invention does not do the number amount and type for presetting checking algorithm
It is specific to limit.
205, terminal judges in the destination application according to the check results with the presence or absence of program breakpoint.
In the embodiment of the present invention, which obtains in advance and stores the initial check results of the destination application.This is first
Beginning check results are the result verified to the destination application there is no program breakpoint.In this step, terminal is according to this
Check results and the initial check results, judge whether the check results and the initial check results match, when the check results
When matching with the initial check results, terminal determines that there is no program breakpoints in the destination application.When the check results with
When the initial check results mismatch, terminal determines that there are program breakpoints in the destination application.
Further, terminal can also send the check results to server.In a kind of possible embodiment, the end
End can also only there are program breakpoints in destination application, just the check results are sent to server, so that server needle
Taking the check results prevents plug-in measure, which can be with are as follows: when the check results and the destination application just
When beginning check results mismatch, terminal determines that there are program breakpoints in the destination application, and sends the verification to server
As a result.
Wherein, which calculates data included in data included in the check results and the initial check results
It is whether identical, when identical, just determine that check results are matched with the initial check results, otherwise, to mismatch;Alternatively, when should
When check results include multiple characters, which can also calculate data included in the check results and the initial verification is tied
Registration between data included in fruit just determines check results and the initial school when registration reaches default value
Result matching is tested, otherwise, to mismatch.Wherein, which can be based on needing to be configured, and the embodiment of the present invention is to this
It is not specifically limited.For example, the default value can be 99%, 98% etc..
In a kind of possible embodiment, which can also verify multiple target blocks, by multiple mesh
The check results of mark block are stored into check list, and therefore, in this step, which can also obtain initial check list,
And be compared the initial check list of the check list and the destination application, judge the check list and the initial school
Test whether list matches.When the check list and the initial check list match, terminal is determined in the destination application not
There are program breakpoints.When the check results and the initial check results mismatch, terminal determines deposits in the destination application
In program breakpoint.
206, when being determined in the destination application based on the check results there is no program breakpoint, terminal is continued to run
The destination application.
Wherein, terminal can also send the check results to server.
207, it determines in the destination application when based on the check results there are when program breakpoint, terminal to server hair
The check results are given, interrupt the destination application.
In this step, which executes interrupt routine, and interrupt the destination application, so that target application journey
Sequence forces collapse, and then prevents the plug-in behavior for the plug-in personnel that look on the bright side of things, and has ensured the safety of destination application.
Further, after terminal obtains check results, the terminal deletion verification function discharges first address.
It should be noted that an address can be all dynamically distributed when verifying every time due to terminal, it is copying encrypted
Shellcode verifies function decryption into the corresponding memory space in the address, so that guaranteeing the address of verification function every time is all
Random, also, after verification, the memory space can be discharged, so that only a step enhances the concealment of verification function, is protected
The safety of destination application is demonstrate,proved.
In the embodiment of the present invention, when receiving checking command, terminal obtains target string, which is write
Enter in the first address, which is the character string verified after function conversion, which is used for verification object application
It whether there is program breakpoint in program;The target string is converted to the verification function by terminal;By the verification function, to this
Destination application is verified, and check results are obtained;When determining that there are journeys in the destination application based on the check results
When sequence breakpoint, interrupt the destination application, to ensure that the destination application can operate normally, in the target
Application program passes through terminal operating in the case where being tampered, it is therefore prevented that the possibility that the destination application is hung by over guarantees
The safety of destination application.
Also, by the process for carrying out dynamic check based on the verification function, so that verification is all to carry out at random every time, lead to
Target string is crossed, ensure that verification function cannot be distorted arbitrarily;When determining the destination application based on the check results
In there are the destination application that when program breakpoint, interrupts, further ensure destination application safety and can
By property.
Fig. 5 is a kind of structural schematic diagram for preventing plug-in device provided in an embodiment of the present invention.Referring to Fig. 5, the device
It include: to obtain module 501, conversion module 502, correction verification module 503 and interrupt module 504.
Module 501 is obtained, for target string being obtained, which being written when receiving checking command
In first address, which is the character string verified after function conversion, which is used for verification object application journey
It whether there is program breakpoint in sequence;
Conversion module 502, for the target string to be converted to the verification function;
Correction verification module 503, for being verified to the destination application, obtaining check results by the verification function;
Interrupt module 504, for determining in the destination application when based on the check results there are when program breakpoint, in
It is disconnected to run the destination application.
Optionally, the triggered time of the checking command is any time, which is that any size is in the terminal
The numerical value of the corresponding address of the memory space of preset threshold, the preset threshold is big not less than memory space shared by the verification function
It is small.
Optionally, the device further include:
Distribution module distributes the first address for the size according to the target string for the target string, this first
The storage size of address is not less than the size of the target string.
Optionally, which is that filling data Shellcode verifies function, the device further include:
First building module, for constructing Shellcode verification function, Shellcode verification function is for passing through back
Default checking algorithm is adjusted to verify the destination application;
Conversion module, for by the Shellcode verification function be converted to the target string, to the target string into
Row encryption.
Optionally, the device further include:
Calling module, for the second address, call back function and third address to be written in Shellcode verification function,
Second address is the storage address of the destination application, which is the storage address of the default checking algorithm;?
In Shellcode verification function after write-in, by call back function, it is based on second address, calls the default checking algorithm;
Correction verification module, for verifying to the destination application, initially being verified by the default checking algorithm
As a result.
Optionally, the device further include:
Second building module, for according to the second address, call back function and third address, building verification structural body, this
Double-address is the storage address of the destination application, which is the storage address of default checking algorithm;
Writing module, for the verification structural body to be written in the verification function.
Optionally, the process that should be verified based on the verification function that the verification structural body is written are as follows: by the third address
As the parameter of the call back function, by the call back function, the default checking algorithm is called, checking algorithm is preset to this by this
Destination application is verified, and the check results are obtained.
Optionally, the correction verification module, comprising:
Acquiring unit, for by obtaining multiple blocks of the destination application from function is realized;
Traversal Unit, for traversing out multiple target blocks to be verified in multiple block;
Verification unit, for being verified to multiple target block, obtaining the school of each block by the verification function
Test result.
Optionally, the device further include:
Determining module, for determining when the initial check results of the check results and the destination application mismatch
There are program breakpoint in the destination application, the initial check results be to there is no the destination application of program breakpoint into
The result of row verification;
The determining module is also used to determine the target application journey when the check results are matched with the initial check results
Program breakpoint is not present in sequence.
Optionally, the device further include:
Sending module, for sending the check results to server;
Removing module discharges first address for deleting the verification function.
In the embodiment of the present invention, when receiving checking command, terminal obtains target string, which is write
Enter in first address, which is the character string verified after function conversion, which answers for verification object
With in program whether there is program breakpoint;The target string is converted to the verification function by terminal;It is right by the verification function
The destination application is verified, and check results are obtained;When determining in the destination application exist based on the check results
When program breakpoint, interrupt the destination application, to ensure that the destination application can operate normally, in the mesh
Application program is marked in the case where being tampered, passes through terminal operating, it is therefore prevented that the possibility that the destination application is hung by over is protected
The safety of destination application is demonstrate,proved.
Also, by the process for carrying out dynamic check based on the verification function, so that verification is all to carry out at random every time, lead to
Target string is crossed, ensure that verification function cannot be distorted arbitrarily;When determining the destination application based on the check results
In there are the destination application that when program breakpoint, interrupts, further ensure destination application safety and can
By property.
All the above alternatives can form the alternative embodiment of the disclosure, herein no longer using any combination
It repeats one by one.
It should be understood that provided by the above embodiment prevent plug-in device when preventing plug-in, only with above-mentioned each function
Can module division progress for example, in practical application, can according to need and by above-mentioned function distribution by different functions
Module is completed, i.e., the internal structure of terminal is divided into different functional modules, described above all or part of to complete
Function.In addition, provided by the above embodiment prevent plug-in device and plug-in embodiment of the method prevented to belong to same design,
Specific implementation process is detailed in embodiment of the method, and which is not described herein again.
Fig. 6 is a kind of structural schematic diagram of terminal provided in an embodiment of the present invention.The terminal 600 may is that smart phone,
Tablet computer, MP3 player (Moving Picture Experts Group Audio Layer III, dynamic image expert
Compression standard audio level 3), (Moving Picture Experts Group Audio Layer IV, dynamic image are special by MP4
Family's compression standard audio level 4) player, laptop or desktop computer.Terminal 600 be also possible to referred to as user equipment,
Other titles such as portable terminal, laptop terminal, terminal console.
In general, terminal 600 includes: processor 601 and memory 602.
Processor 601 may include one or more processing cores, such as 4 core processors, 8 core processors etc..Place
Reason device 601 can use DSP (Digital Signal Processing, Digital Signal Processing), FPGA (Field-
Programmable Gate Array, field programmable gate array), PLA (Programmable Logic Array, may be programmed
Logic array) at least one of example, in hardware realize.Processor 601 also may include primary processor and coprocessor, master
Processor is the processor for being handled data in the awake state, also referred to as CPU (Central Processing
Unit, central processing unit);Coprocessor is the low power processor for being handled data in the standby state.?
In some embodiments, processor 601 can be integrated with GPU (Graphics Processing Unit, image processor),
GPU is used to be responsible for the rendering and drafting of content to be shown needed for display screen.In some embodiments, processor 601 can also be wrapped
AI (Artificial Intelligence, artificial intelligence) processor is included, the AI processor is for handling related machine learning
Calculating operation.
Memory 602 may include one or more computer readable storage mediums, which can
To be non-transient.Memory 602 may also include high-speed random access memory and nonvolatile memory, such as one
Or multiple disk storage equipments, flash memory device.In some embodiments, the non-transient computer in memory 602 can
Storage medium is read for storing at least one instruction, at least one instruction performed by processor 601 for realizing this Shen
Please in embodiment of the method provide prevent plug-in method.
In some embodiments, terminal 600 is also optional includes: peripheral device interface 603 and at least one peripheral equipment.
It can be connected by bus or signal wire between processor 601, memory 602 and peripheral device interface 603.Each peripheral equipment
It can be connected by bus, signal wire or circuit board with peripheral device interface 603.Specifically, peripheral equipment includes: radio circuit
604, at least one of touch display screen 605, camera 606, voicefrequency circuit 607, positioning component 608 and power supply 609.
Peripheral device interface 603 can be used for I/O (Input/Output, input/output) is relevant outside at least one
Peripheral equipment is connected to processor 601 and memory 602.In some embodiments, processor 601, memory 602 and peripheral equipment
Interface 603 is integrated on same chip or circuit board;In some other embodiments, processor 601, memory 602 and outer
Any one or two in peripheral equipment interface 603 can realize on individual chip or circuit board, the present embodiment to this not
It is limited.
Radio circuit 604 is for receiving and emitting RF (Radio Frequency, radio frequency) signal, also referred to as electromagnetic signal.It penetrates
Frequency circuit 604 is communicated by electromagnetic signal with communication network and other communication equipments.Radio circuit 604 turns electric signal
It is changed to electromagnetic signal to be sent, alternatively, the electromagnetic signal received is converted to electric signal.Optionally, radio circuit 604 wraps
It includes: antenna system, RF transceiver, one or more amplifiers, tuner, oscillator, digital signal processor, codec chip
Group, user identity module card etc..Radio circuit 604 can be carried out by least one wireless communication protocol with other terminals
Communication.The wireless communication protocol includes but is not limited to: Metropolitan Area Network (MAN), each third generation mobile communication network (2G, 3G, 4G and 5G), wireless office
Domain net and/or WiFi (Wireless Fidelity, Wireless Fidelity) network.In some embodiments, radio circuit 604 may be used also
To include the related circuit of NFC (Near Field Communication, wireless near field communication), the application is not subject to this
It limits.
Display screen 605 is for showing UI (User Interface, user interface).The UI may include figure, text, figure
Mark, video and its their any combination.When display screen 605 is touch display screen, display screen 605 also there is acquisition to show
The ability of the touch signal on the surface or surface of screen 605.The touch signal can be used as control signal and be input to processor
601 are handled.At this point, display screen 605 can be also used for providing virtual push button and/or dummy keyboard, also referred to as soft button and/or
Soft keyboard.In some embodiments, display screen 605 can be one, and the front panel of terminal 600 is arranged;In other embodiments
In, display screen 605 can be at least two, be separately positioned on the different surfaces of terminal 600 or in foldover design;In still other reality
It applies in example, display screen 605 can be flexible display screen, be arranged on the curved surface of terminal 600 or on fold plane.Even, it shows
Display screen 605 can also be arranged to non-rectangle irregular figure, namely abnormity screen.Display screen 605 can use LCD (Liquid
Crystal Display, liquid crystal display), OLED (Organic Light-Emitting Diode, Organic Light Emitting Diode)
Etc. materials preparation.
CCD camera assembly 606 is for acquiring image or video.Optionally, CCD camera assembly 606 include front camera and
Rear camera.In general, the front panel of terminal is arranged in front camera, the back side of terminal is arranged in rear camera.One
In a little embodiments, rear camera at least two is main camera, depth of field camera, wide-angle camera, focal length camera shooting respectively
Any one in head, to realize that main camera and the fusion of depth of field camera realize background blurring function, main camera and wide-angle
Camera fusion realizes that pan-shot and VR (Virtual Reality, virtual reality) shooting function or other fusions are clapped
Camera shooting function.In some embodiments, CCD camera assembly 606 can also include flash lamp.Flash lamp can be monochromatic warm flash lamp,
It is also possible to double-colored temperature flash lamp.Double-colored temperature flash lamp refers to the combination of warm light flash lamp and cold light flash lamp, can be used for not
With the light compensation under colour temperature.
Voicefrequency circuit 607 may include microphone and loudspeaker.Microphone is used to acquire the sound wave of user and environment, and will
Sound wave, which is converted to electric signal and is input to processor 601, to be handled, or is input to radio circuit 604 to realize voice communication.
For stereo acquisition or the purpose of noise reduction, microphone can be separately positioned on the different parts of terminal 600 to be multiple.Mike
Wind can also be array microphone or omnidirectional's acquisition type microphone.Loudspeaker is then used to that processor 601 or radio circuit will to be come from
604 electric signal is converted to sound wave.Loudspeaker can be traditional wafer speaker, be also possible to piezoelectric ceramic loudspeaker.When
When loudspeaker is piezoelectric ceramic loudspeaker, the audible sound wave of the mankind can be not only converted electrical signals to, it can also be by telecommunications
Number the sound wave that the mankind do not hear is converted to carry out the purposes such as ranging.In some embodiments, voicefrequency circuit 607 can also include
Earphone jack.
Positioning component 608 is used for the current geographic position of positioning terminal 600, to realize navigation or LBS (Location
Based Service, location based service).Positioning component 608 can be the GPS (Global based on the U.S.
Positioning System, global positioning system), the dipper system of China, Russia Gray receive this system or European Union
The positioning component of Galileo system.
Power supply 609 is used to be powered for the various components in terminal 600.Power supply 609 can be alternating current, direct current,
Disposable battery or rechargeable battery.When power supply 609 includes rechargeable battery, which can support wired charging
Or wireless charging.The rechargeable battery can be also used for supporting fast charge technology.
In some embodiments, terminal 600 further includes having one or more sensors 610.The one or more sensors
610 include but is not limited to: acceleration transducer 611, gyro sensor 612, pressure sensor 613, fingerprint sensor 614,
Optical sensor 615 and proximity sensor 616.
The acceleration that acceleration transducer 611 can detecte in three reference axis of the coordinate system established with terminal 600 is big
It is small.For example, acceleration transducer 611 can be used for detecting component of the acceleration of gravity in three reference axis.Processor 601 can
With the acceleration of gravity signal acquired according to acceleration transducer 611, touch display screen 605 is controlled with transverse views or longitudinal view
Figure carries out the display of user interface.Acceleration transducer 611 can be also used for the acquisition of game or the exercise data of user.
Gyro sensor 612 can detecte body direction and the rotational angle of terminal 600, and gyro sensor 612 can
To cooperate with acquisition user to act the 3D of terminal 600 with acceleration transducer 611.Processor 601 is according to gyro sensor 612
Following function may be implemented in the data of acquisition: when action induction (for example changing UI according to the tilt operation of user), shooting
Image stabilization, game control and inertial navigation.
The lower layer of side frame and/or touch display screen 605 in terminal 600 can be set in pressure sensor 613.Work as pressure
When the side frame of terminal 600 is arranged in sensor 613, user can detecte to the gripping signal of terminal 600, by processor 601
Right-hand man's identification or prompt operation are carried out according to the gripping signal that pressure sensor 613 acquires.When the setting of pressure sensor 613 exists
When the lower layer of touch display screen 605, the pressure operation of touch display screen 605 is realized to UI circle according to user by processor 601
Operability control on face is controlled.Operability control includes button control, scroll bar control, icon control, menu
At least one of control.
Fingerprint sensor 614 is used to acquire the fingerprint of user, collected according to fingerprint sensor 614 by processor 601
The identity of fingerprint recognition user, alternatively, by fingerprint sensor 614 according to the identity of collected fingerprint recognition user.It is identifying
When the identity of user is trusted identity out, the user is authorized to execute relevant sensitive operation, the sensitive operation packet by processor 601
Include solution lock screen, check encryption information, downloading software, payment and change setting etc..Terminal can be set in fingerprint sensor 614
600 front, the back side or side.When being provided with physical button or manufacturer Logo in terminal 600, fingerprint sensor 614 can be with
It is integrated with physical button or manufacturer Logo.
Optical sensor 615 is for acquiring ambient light intensity.In one embodiment, processor 601 can be according to optics
The ambient light intensity that sensor 615 acquires controls the display brightness of touch display screen 605.Specifically, when ambient light intensity is higher
When, the display brightness of touch display screen 605 is turned up;When ambient light intensity is lower, the display for turning down touch display screen 605 is bright
Degree.In another embodiment, the ambient light intensity that processor 601 can also be acquired according to optical sensor 615, dynamic adjust
The acquisition parameters of CCD camera assembly 606.
Proximity sensor 616, also referred to as range sensor are generally arranged at the front panel of terminal 600.Proximity sensor 616
For acquiring the distance between the front of user Yu terminal 600.In one embodiment, when proximity sensor 616 detects use
When family and the distance between the front of terminal 600 gradually become smaller, touch display screen 605 is controlled from bright screen state by processor 601
It is switched to breath screen state;When proximity sensor 616 detects user and the distance between the front of terminal 600 becomes larger,
Touch display screen 605 is controlled by processor 601 and is switched to bright screen state from breath screen state.
It will be understood by those skilled in the art that the restriction of structure shown in Fig. 6 not structure paired terminal 600, can wrap
It includes than illustrating more or fewer components, perhaps combine certain components or is arranged using different components.
In the exemplary embodiment, a kind of computer readable storage medium is additionally provided, the memory for example including instruction,
Above-metioned instruction can be executed by the processor in terminal to complete to prevent plug-in method in above-described embodiment.For example, the meter
Calculation machine readable storage medium storing program for executing can be ROM, random access memory (RAM), CD-ROM, tape, floppy disk and optical data storage and set
It is standby etc..
Those of ordinary skill in the art will appreciate that realizing that all or part of the steps of above-described embodiment can pass through hardware
It completes, relevant hardware can also be instructed to complete by program, the program can store in a kind of computer-readable
In storage medium, storage medium mentioned above can be read-only memory, disk or CD etc..
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all in spirit of the invention and
Within principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.
Claims (15)
1. a kind of prevent plug-in method, which is characterized in that the described method includes:
When receiving checking command, target string is obtained, the target string is written in the first address, the target
Character string is the character string verified after function conversion, and the verification function is for whether there is program in verification object application program
Breakpoint;
The target string is converted into the verification function;
By the verification function, the destination application is verified, check results are obtained;
When determining that there are the targets that when program breakpoint, interrupts to answer in the destination application based on the check results
Use program.
2. the method according to claim 1, wherein the triggered time of the checking command is any time, institute
Stating the first address is the corresponding address of memory space that any size is preset threshold in the terminal, the number of the preset threshold
Size of the value not less than memory space shared by the verification function.
3. the method according to claim 1, wherein the acquisition target string, by the target string
Before being written in the first address, the method also includes:
According to the size of the target string, first address is distributed for the target string, first address
Storage size is not less than the size of the target string.
4. the method according to claim 1, wherein the verification function is filling data Shellcode verification
Function, it is described obtain the target string before, the method also includes:
It constructs Shellcode and verifies function, the Shellcode verification function is used for by adjusting back default checking algorithm to described
Destination application is verified;
Shellcode verification function is converted into the target string, the target string is encrypted.
5. according to the method described in claim 4, it is characterized in that, the building Shellcode verification function after, the side
Method further include:
Second address, call back function and third address are written in the Shellcode verification function, second address is institute
The storage address of destination application is stated, the third address is the storage address of the default checking algorithm;
In Shellcode verification function after write, by call back function, it is based on second address, is called described default
Checking algorithm;
By the default checking algorithm, the destination application is verified, obtains initial check results.
6. the method according to claim 1, wherein described by the verification function, to the target application
Program is verified, before obtaining check results, the method also includes:
According to the second address, call back function and third address, building verification structural body, second address is the target application
The storage address of program, the third address are the storage address of default checking algorithm;
The verification structural body is written in the verification function.
7. according to the method described in claim 6, it is characterized in that, described based on the verification function that the verification structural body is written
The process verified are as follows: institute is called by the call back function using the third address as the parameter of the call back function
Default checking algorithm is stated, the destination application is verified by the default checking algorithm, obtains the verification knot
Fruit.
8. the method according to claim 1, wherein described by the verification function, to the target application
Program is verified, and is obtained check results and is included:
By obtaining multiple blocks of the destination application from function is realized;
Traverse out multiple target blocks to be verified in the multiple block;
By the verification function, the multiple target block is verified, obtains the check results of each block.
9. the method according to claim 1, wherein described by the verification function, to the target application
Program is verified, after obtaining check results, the method also includes:
When the check results and the initial check results of the destination application mismatch, the target application journey is determined
There are program breakpoint in sequence, the initial check results are the knot verified to the destination application there is no program breakpoint
Fruit;
When the check results are matched with the initial check results, determine that there is no programs to break in the destination application
Point.
10. the method according to claim 1, wherein described by the verification function, to the target application
Program is verified, after obtaining check results, the method also includes:
The check results are sent to server;
The verification function is deleted, first address is discharged.
11. a kind of prevent plug-in device, which is characterized in that described device includes:
Module is obtained, for obtaining target string when receiving checking command, the first ground is written into the target string
In location, the target string is the character string verified after function conversion, and the verification function is used for verification object application program
In whether there is program breakpoint;
Conversion module, for the target string to be converted to the verification function;
Correction verification module, for being verified to the destination application, obtaining check results by the verification function;
Interrupt module is interrupted for being determined in the destination application when based on the check results there are when program breakpoint
Run the destination application.
12. device according to claim 11, which is characterized in that described device further include:
First building module, for constructing Shellcode verification function, the Shellcode verification function is for passing through readjustment
Default checking algorithm verifies the destination application;
Conversion module, for Shellcode verification function to be converted to the target string, to the target string
It is encrypted.
13. device according to claim 11, which is characterized in that described device further include:
Second building module, for constructing and verifying structural body according to the second address, call back function and third address, described second
Address is the storage address of the destination application, and the third address is the storage address of default checking algorithm;
Writing module, for the verification structural body to be written in the verification function.
14. a kind of terminal, which is characterized in that the terminal includes processor and memory, is stored at least in the memory
One instruction, described instruction are loaded by the processor and are executed to realize such as any one of claim 1 to claim 10 institute
That states prevents operation performed by plug-in method.
15. a kind of computer readable storage medium, which is characterized in that be stored at least one instruction, institute in the storage medium
Instruction is stated to be loaded by processor and executed to realize as claim 1 prevents plug-in method to claim 10 is described in any item
Performed operation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810689257.0A CN108970122B (en) | 2018-06-28 | 2018-06-28 | Method, device, terminal and storage medium for preventing plug-in |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810689257.0A CN108970122B (en) | 2018-06-28 | 2018-06-28 | Method, device, terminal and storage medium for preventing plug-in |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108970122A true CN108970122A (en) | 2018-12-11 |
CN108970122B CN108970122B (en) | 2021-06-08 |
Family
ID=64539499
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810689257.0A Active CN108970122B (en) | 2018-06-28 | 2018-06-28 | Method, device, terminal and storage medium for preventing plug-in |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108970122B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1648873A (en) * | 2005-02-01 | 2005-08-03 | 苏州超锐微电子有限公司 | Method for realizing break point debugging function |
JP5326062B1 (en) * | 2012-05-11 | 2013-10-30 | アンラブ,インコーポレイテッド | Non-executable file inspection apparatus and method |
CN104731708A (en) * | 2015-03-25 | 2015-06-24 | 北京信息控制研究所 | Dynamic detection method of Shellcode |
CN105233499A (en) * | 2015-09-25 | 2016-01-13 | 广州华多网络科技有限公司 | Game code checking method and game client side and system |
CN107844703A (en) * | 2017-10-13 | 2018-03-27 | 珠海金山网络游戏科技有限公司 | A kind of client secure detection method and device based on Android platform Unity3D game |
-
2018
- 2018-06-28 CN CN201810689257.0A patent/CN108970122B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1648873A (en) * | 2005-02-01 | 2005-08-03 | 苏州超锐微电子有限公司 | Method for realizing break point debugging function |
JP5326062B1 (en) * | 2012-05-11 | 2013-10-30 | アンラブ,インコーポレイテッド | Non-executable file inspection apparatus and method |
CN104731708A (en) * | 2015-03-25 | 2015-06-24 | 北京信息控制研究所 | Dynamic detection method of Shellcode |
CN105233499A (en) * | 2015-09-25 | 2016-01-13 | 广州华多网络科技有限公司 | Game code checking method and game client side and system |
CN107844703A (en) * | 2017-10-13 | 2018-03-27 | 珠海金山网络游戏科技有限公司 | A kind of client secure detection method and device based on Android platform Unity3D game |
Non-Patent Citations (1)
Title |
---|
自动送头机器人: "【CSGO游戏分析】VAC反作弊系统分析", 《HTTPS://WWW.BILIBILI.COM/READ/CV217289》 * |
Also Published As
Publication number | Publication date |
---|---|
CN108970122B (en) | 2021-06-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR102350462B1 (en) | Signature generation method, electronic device and storage medium | |
CN111444528B (en) | Data security protection method, device and storage medium | |
US11574009B2 (en) | Method, apparatus and computer device for searching audio, and storage medium | |
CN109491924A (en) | Code detection method, device, terminal and storage medium | |
CN110502308A (en) | Style sheet switching method, device, computer equipment and storage medium | |
CN110210219A (en) | Recognition methods, device, equipment and the storage medium of virus document | |
CN109117635A (en) | Method for detecting virus, device, computer equipment and the storage medium of application program | |
CN109547495A (en) | Sensitive operation processing method, device, server, terminal and storage medium | |
CN110837473A (en) | Application program debugging method, device, terminal and storage medium | |
CN109522146A (en) | The method, apparatus and storage medium of abnormality test are carried out to client | |
CN108810019A (en) | Refusal service attack defending method, apparatus, equipment and storage medium | |
CN110147380A (en) | Data-updating method, device, server and storage medium | |
CN109711832A (en) | The methods, devices and systems paid | |
CN109889325A (en) | Method of calibration, device, electronic equipment and medium | |
CN110401648A (en) | Obtain method, apparatus, electronic equipment and the medium of cloud service | |
CN110288689A (en) | The method and apparatus that electronic map is rendered | |
CN110032384A (en) | Method, apparatus, equipment and the storage medium of resource updates | |
CN109254775A (en) | Image processing method, terminal and storage medium based on face | |
CN110109770A (en) | Adjustment method, device, electronic equipment and medium | |
CN109783176A (en) | Switch the method and apparatus of the page | |
CN111128115B (en) | Information verification method and device, electronic equipment and storage medium | |
CN107943484A (en) | The method and apparatus for performing business function | |
CN109842593B (en) | Information acquisition method and device and computer readable storage medium | |
CN108970122A (en) | Prevent plug-in method, apparatus, terminal and storage medium | |
CN109107163A (en) | Analogue-key detection method, device, computer equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |