CN108970122A - Prevent plug-in method, apparatus, terminal and storage medium - Google Patents

Prevent plug-in method, apparatus, terminal and storage medium Download PDF

Info

Publication number
CN108970122A
CN108970122A CN201810689257.0A CN201810689257A CN108970122A CN 108970122 A CN108970122 A CN 108970122A CN 201810689257 A CN201810689257 A CN 201810689257A CN 108970122 A CN108970122 A CN 108970122A
Authority
CN
China
Prior art keywords
address
verification
function
destination application
check results
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810689257.0A
Other languages
Chinese (zh)
Other versions
CN108970122B (en
Inventor
黄国友
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Huaduo Network Technology Co Ltd
Original Assignee
Guangzhou Huaduo Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Huaduo Network Technology Co Ltd filed Critical Guangzhou Huaduo Network Technology Co Ltd
Priority to CN201810689257.0A priority Critical patent/CN108970122B/en
Publication of CN108970122A publication Critical patent/CN108970122A/en
Application granted granted Critical
Publication of CN108970122B publication Critical patent/CN108970122B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • AHUMAN NECESSITIES
    • A63SPORTS; GAMES; AMUSEMENTS
    • A63FCARD, BOARD, OR ROULETTE GAMES; INDOOR GAMES USING SMALL MOVING PLAYING BODIES; VIDEO GAMES; GAMES NOT OTHERWISE PROVIDED FOR
    • A63F13/00Video games, i.e. games using an electronically generated display having two or more dimensions
    • A63F13/70Game security or game management aspects
    • A63F13/75Enforcing rules, e.g. detecting foul play or generating lists of cheating players
    • AHUMAN NECESSITIES
    • A63SPORTS; GAMES; AMUSEMENTS
    • A63FCARD, BOARD, OR ROULETTE GAMES; INDOOR GAMES USING SMALL MOVING PLAYING BODIES; VIDEO GAMES; GAMES NOT OTHERWISE PROVIDED FOR
    • A63F2300/00Features of games using an electronically generated display having two or more dimensions, e.g. on a television screen, showing representations related to the game
    • A63F2300/50Features of games using an electronically generated display having two or more dimensions, e.g. on a television screen, showing representations related to the game characterized by details of game servers
    • A63F2300/55Details of game data or player data management
    • A63F2300/5586Details of game data or player data management for enforcing rights or rules, e.g. to prevent foul play

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • General Business, Economics & Management (AREA)
  • Stored Programmes (AREA)

Abstract

Plug-in method, apparatus, terminal and storage medium are prevented the invention discloses a kind of, belongs to Internet technical field.The described method includes: when receiving checking command, terminal obtains target string, the target string is written in the first address, which is the character string verified after function conversion, and the verification function is for whether there is program breakpoint in verification object application program;The target string is converted to the verification function by terminal;By the verification function, which is verified, check results are obtained;When determining that there are when program breakpoint in the destination application based on the check results, interrupt the destination application, to ensure that the destination application can operate normally, in the destination application in the case where being tampered, pass through terminal operating, the possibility for preventing the destination application to hang by over, ensure that the safety of destination application.

Description

Prevent plug-in method, apparatus, terminal and storage medium
Technical field
The present invention relates to Internet technical fields, in particular to a kind of that plug-in method, apparatus, terminal and storage is prevented to be situated between Matter.
Background technique
With the development of network technology, game application is increasingly popularized, and in many game applications, user can lead to The mode hung over crossing, is that oneself game object in gaming increases some privileges, for example, in game, not over swim when hanging It is only 1 meter that object of playing, which steps the length of a step, over when hanging, game object steps the length of a step up to 100 meters, it is clear that over hang Mode seriously affected the fairness of game.
In this field, generally by way of preventing debugging, the plug-in personnel that prevent from looking on the bright side of things are answered by plug-in dynamic analysis It with program, that is to say, whether terminal detection debugger port is called, to prevent this by calling debugger port mode from answering Use program.However, in the related technology, generally in such a way that program breakpoint is set over hang, that is to say, terminal is based on applying journey One section of program code that needs in sequence are modified, the write break point characteristic value in the corresponding memory address of this section of program, from forming Program breakpoint is arranged in the application program in function.When terminal starts the application program, this runs to the target program section, stops fortune Row, over hang personnel can analyze at this modification the application program.Obviously, the above-mentioned mode for preventing debugging, is only capable of examining Whether extension personnel pass through debugger port and debug to application program over measuring, and can not detect the journey in application program Sequence breakpoint.Therefore, need at present it is a kind of prevent plug-in method, in a manner of preventing from through write break point characteristic value over hang.
Summary of the invention
Plug-in method, apparatus, terminal and storage medium are prevented the embodiment of the invention provides a kind of, can solve correlation The problem of hanging over by way of write break point characteristic value cannot be prevented in technology.The technical solution is as follows:
On the one hand, providing a kind of prevents plug-in method, which comprises
When receiving checking command, target string is obtained, the target string is written in the first address, it is described Target string is the character string verified after function conversion, and the verification function in verification object application program for whether there is Program breakpoint;
The target string is converted into the verification function;
By the verification function, the destination application is verified, check results are obtained;
When determining that there are the mesh that when program breakpoint, interrupts in the destination application based on the check results Mark application program.
Optionally, the triggered time of the checking command is any time, and first address is any in the terminal Size is the corresponding address of memory space of preset threshold, and the numerical value of the preset threshold is deposited not less than shared by the verification function Store up the size in space.
Optionally, the acquisition target string, before the target string is written in the first address, the method Further include:
According to the size of the target string, the first address is distributed for the target string, first address Storage size is not less than the size of the target string.
Optionally, the verification function is that filling data Shellcode verifies function, described to obtain the target string Before, the method also includes:
It constructs Shellcode and verifies function, the Shellcode verification function is used for by adjusting back default checking algorithm pair The destination application is verified;
Shellcode verification function is converted into the target string, the target string is encrypted Processing.
Optionally, after the building Shellcode verification function, the method also includes:
Second address, call back function and third address are written in the Shellcode verification function, second address For the storage address of the destination application, the third address is the storage address of the default checking algorithm;
In Shellcode verification function after write, by call back function, it is based on second address, described in calling Default checking algorithm;
By the default checking algorithm, the destination application is verified, obtains initial check results.
Optionally, described that the destination application is verified by the verification function, obtain check results it Before, the method also includes:
According to the second address, call back function and third address, building verification structural body, second address is the target The storage address of application program, the third address are the storage address of default checking algorithm;
The verification structural body is written in the verification function.
Optionally, described based on the process that is verified of verification function that the verification structural body is written are as follows: by described the Parameter of three addresses as the call back function calls the default checking algorithm, by described pre- by the call back function If checking algorithm verifies the destination application, the check results are obtained.
Optionally, described that the destination application is verified by the verification function, obtain check results packet It includes:
By obtaining multiple blocks of the destination application from function is realized;
Traverse out multiple target blocks to be verified in the multiple block;
By the verification function, the multiple target block is verified, obtains the check results of each block.
Optionally, described that the destination application is verified by the verification function, obtain check results it Afterwards, the method also includes:
When the check results and the initial check results of the destination application mismatch, determine that the target is answered With, there are program breakpoint, the initial check results are to verify to the destination application there is no program breakpoint in program Result;
When the check results are matched with the initial check results, determine that there is no journeys in the destination application Sequence breakpoint.
Optionally, described that the destination application is verified by the verification function, obtain check results it Afterwards, the method also includes:
The check results are sent to server;
The verification function is deleted, first address is discharged.
On the one hand, provide it is a kind of prevent plug-in device, described device includes:
Module is obtained, for when receiving checking command, obtains target string, by target string write-in the In one address, the target string is the character string verified after function conversion, and the verification function is used for verification object application It whether there is program breakpoint in program;
Conversion module, for the target string to be converted to the verification function;
Correction verification module obtains verification knot for being verified to the destination application by the verification function Fruit;
Interrupt module, for determining in the destination application when based on the check results there are when program breakpoint, Interrupt the destination application.
Optionally, the triggered time of the checking command is any time, and first address is any in the terminal Size is the corresponding address of memory space of preset threshold, and the numerical value of the preset threshold is deposited not less than shared by the verification function Store up the size in space.
Optionally, described device further include:
Distribution module distributes the first address, institute for the size according to the target string for the target string The storage size for stating the first address is not less than the size of the target string.
Optionally, the verification function is that filling data Shellcode verifies function, described device further include:
First building module, for constructing Shellcode verification function, the Shellcode verification function is for passing through Default checking algorithm is adjusted back to verify the destination application;
Conversion module, for Shellcode verification function to be converted to the target string, to the target word Symbol string is encrypted.
Optionally, described device further include:
Calling module verifies function for the Shellcode to be written in the second address, call back function and third address In, second address is the storage address of the destination application, and the third address is the default checking algorithm Storage address;In Shellcode verification function after write, by call back function, it is based on second address, described in calling Default checking algorithm;
Correction verification module obtains initial for being verified to the destination application by the default checking algorithm Check results.
Optionally, described device further include:
Second building module, for according to the second address, call back function and third address, building verification structural body to be described Second address is the storage address of the destination application, and the third address is the storage address of default checking algorithm;
Writing module, for the verification structural body to be written in the verification function.
Optionally, described based on the process that is verified of verification function that the verification structural body is written are as follows: by described the Parameter of three addresses as the call back function calls the default checking algorithm, by described pre- by the call back function If checking algorithm verifies the destination application, the check results are obtained.
Optionally, the correction verification module, comprising:
Acquiring unit, for by obtaining multiple blocks of the destination application from function is realized;
Traversal Unit, for traversing out multiple target blocks to be verified in the multiple block;
Verification unit, for being verified to the multiple target block, obtaining each block by the verification function Check results.
Optionally, described device further include:
Determining module, for when the initial check results of the check results and the destination application mismatch, Determine that, there are program breakpoint in the destination application, the initial check results are to answer the target there is no program breakpoint The result verified with program;
The determining module is also used to determine the mesh when the check results are matched with the initial check results It marks and program breakpoint is not present in application program.
Optionally, described device further include:
Sending module, for sending the check results to server;
Removing module discharges first address for deleting the verification function.
On the one hand, provide a kind of terminal, the terminal includes processor and memory, be stored in the memory to A few instruction, described instruction are loaded as the processor and are executed to realize as above-mentioned prevents behaviour performed by plug-in method Make.
On the one hand, a kind of computer readable storage medium is provided, at least one instruction is stored in the storage medium, Described instruction is loaded as processor and is executed to realize as above-mentioned prevents operation performed by plug-in method.
Technical solution provided in an embodiment of the present invention has the benefit that
By the way that when receiving checking command, terminal obtains target string, which is written into the first address In, which is the character string verified after function conversion, the verification function in verification object application program whether There are program breakpoints;The target string is converted to the verification function by terminal;By the verification function, to the target application journey Sequence is verified, and check results are obtained;It determines in the destination application when based on the check results there are when program breakpoint, in The disconnected destination application that runs exists to ensure that the destination application can be operated normally in the destination application In the case where being tampered, pass through terminal operating, it is therefore prevented that the possibility that the destination application is hung by over ensure that target application The safety of program.
Also, by the process for carrying out dynamic check based on the verification function, so that verification is all to carry out at random every time, lead to Target string is crossed, ensure that verification function cannot be distorted arbitrarily;When determining the destination application based on the check results In there are the destination application that when program breakpoint, interrupts, further ensure destination application safety and can By property.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other Attached drawing.
Fig. 1 is provided in an embodiment of the present invention a kind of to prevent plug-in method flow diagram;
Fig. 2 is provided in an embodiment of the present invention a kind of to prevent plug-in method flow diagram;
Fig. 3 is a kind of schematic diagram of target string provided in an embodiment of the present invention;
Fig. 4 is a kind of schematic diagram of encrypted target string provided in an embodiment of the present invention;
Fig. 5 is a kind of structural schematic diagram for preventing plug-in device provided in an embodiment of the present invention;
Fig. 6 is a kind of structural schematic diagram of terminal provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are some of the embodiments of the present invention, instead of all the embodiments.Based on this hair Embodiment in bright, every other implementation obtained by those of ordinary skill in the art without making creative efforts Example, shall fall within the protection scope of the present invention.
Fig. 1 is provided in an embodiment of the present invention a kind of to prevent plug-in method flow diagram.The execution master of the inventive embodiments Body is terminal, referring to Fig. 1, this method comprises:
101, when receiving checking command, target string is obtained, which is written in the first address.
Wherein, which is the character string verified after function conversion, which is used for verification object application It whether there is program breakpoint in program;
102, the target string is converted into the verification function;
103, by the verification function, which is verified, check results are obtained;
104, when determining that there are the targets that when program breakpoint, interrupts in the destination application based on the check results Application program.
Optionally, the triggered time of the checking command is any time, which is that any size is in the terminal The numerical value of the corresponding address of the memory space of preset threshold, the preset threshold is big not less than memory space shared by the verification function It is small.
Optionally, the acquisition target string, before which is written in the first address, this method is also wrapped It includes:
According to the size of the target string, the first address is distributed for the target string, the storage of first address is empty Between size be not less than the target string size.
Optionally, which is to fill data Shellcode verification function, before the acquisition target string, This method further include:
It constructs Shellcode and verifies function, which verifies function and be used for by adjusting back default checking algorithm to this Destination application is verified;
Shellcode verification function is converted into the target string, which is encrypted.
Optionally, after building Shellcode verifies function, this method further include:
Second address, call back function and third address are written in Shellcode verification function, which is should The storage address of destination application, the third address are the storage address of the default checking algorithm;
In Shellcode verification function after write, by call back function, it is based on second address, calls this default Checking algorithm;
Checking algorithm is preset by this, which is verified, obtains initial check results.
Optionally, the destination application should be verified by the verification function, it, should before obtaining check results Method further include:
According to the second address, call back function and third address, building verification structural body, which is the target application The storage address of program, the third address are the storage address of default checking algorithm;
The verification structural body is written in the verification function.
Optionally, the process that should be verified based on the verification function that the verification structural body is written are as follows: by the third address As the parameter of the call back function, by the call back function, the default checking algorithm is called, checking algorithm is preset to this by this Destination application is verified, and the check results are obtained.
Optionally, the destination application should be verified, obtaining check results includes: by the verification function
By obtaining multiple blocks of the destination application from function is realized;
Traverse out multiple target blocks to be verified in multiple block;
By the verification function, multiple target block is verified, obtains the check results of each block.
Optionally, the destination application should be verified by the verification function, it, should after obtaining check results Method further include:
When the check results and the initial check results of the destination application mismatch, the destination application is determined In there are program breakpoint, which is the result verified to the destination application there is no program breakpoint;
When the check results are matched with the initial check results, determine that there is no programs to break in the destination application Point.
Optionally, the destination application should be verified by the verification function, it, should after obtaining check results Method further include:
The check results are sent to server;
The verification function is deleted, first address is discharged.
In the embodiment of the present invention, when receiving checking command, terminal obtains target string, which is write Enter in the first address, which is the character string verified after function conversion, which is used for verification object application It whether there is program breakpoint in program;The target string is converted to the verification function by terminal;By the verification function, to this Destination application is verified, and check results are obtained;When determining that there are journeys in the destination application based on the check results When sequence breakpoint, interrupt the destination application, to ensure that the destination application can operate normally, in the target Application program passes through terminal operating in the case where being tampered, it is therefore prevented that the possibility that the destination application is hung by over guarantees The safety of destination application.
Also, by the process for carrying out dynamic check based on the verification function, so that verification is all to carry out at random every time, lead to Target string is crossed, ensure that verification function cannot be distorted arbitrarily;When determining the destination application based on the check results In there are the destination application that when program breakpoint, interrupts, further ensure destination application safety and can By property.
Fig. 2 is provided in an embodiment of the present invention a kind of to prevent plug-in method flow diagram.The execution master of the inventive embodiments Body is terminal, referring to fig. 2, this method comprises:
201, when receiving checking command, terminal is distributed according to the size of the target string for the target string First address.
Wherein, the storage size of first address is not less than the size of the target string, which is Character string after verifying function conversion, the verification function is for whether there is program breakpoint in verification object application program;Wherein, The target string can also be to be converted by verification function and pass through the encrypted character string of predetermined encryption algorithm.The present invention is real It applies in example, when terminal receives checking command, which can be based on preset threshold, distribute the preset threshold for verification function The memory space of size, and obtain the first address of the memory space of the preset threshold size.Wherein, the numerical value of the preset threshold Not less than the size of memory space shared by the verification function.
Wherein, the triggered time of the checking command is any time.It that is to say, which can be by terminal any Time is triggered.First address is the corresponding address of memory space that any size is preset threshold in the terminal, namely It is that terminal is that the verification function is randomly assigned an address.In a kind of possible embodiment, which can be had previously been based on The preset threshold is set the size not less than memory space shared by the verification function by the size of verification function ready for use, When getting verification function in order to subsequent terminal, which can be written to first address.
Wherein, the preset threshold, the predetermined encryption algorithm can be based on needing to be configured, and the embodiment of the present invention is pre- to this If threshold value is simultaneously not specifically limited.For example, the predetermined encryption algorithm can be AES (Advanced Encryption Standard, Advanced Encryption Standard) Encryption Algorithm.
Further, which the storage attribute of first address can be arranged are as follows: and it can be performed, can be read, is writable, So that first address has code segment attribute, terminal can be decrypted the target string, after the decryption First address is written in target string, and is the verification function converted by target string by the first address unsteady state operation Storage address, so as to execute the verification function in first address.
Wherein, which can be forced first address by forcing Transformation Program to convert first address Be converted to the storage address of verification function.The unsteady state operation program be it is any can force be by first address conversion verification letter The program of several storage address, the embodiment of the present invention is to the unsteady state operation program and is not specifically limited.For example, the unsteady state operation Program can be such that
Pfn_CheckSection pCS=
(pfn_CheckSection)DecryptShellCode();
It should be noted that since the triggered time of the checking command is set any time by terminal, the terminal Can destination application is verified with not timing, prevent verification of the plug-in personnel to the destination application of looking on the bright side of things Journey is modified, and has further ensured the safety of the destination application.
202, terminal obtains target string, which is written in first address.
In the embodiment of the present invention, terminal stores the verification function in the form of character string, which is based on the target character The storage address of string obtains the target string, and the target string is copied to the corresponding memory space in the first address In.In a kind of possible embodiment, which is encrypted character string, which can also be close by decrypting The target string is decrypted in key, and the target string after decryption is stored to the corresponding memory space in the first address In.
It should be noted that the verification function can be Shellcode (filling data) verification letter in the embodiment of the present invention Number, terminal can have previously been based on Shellcode verification function, generate the target string before obtaining target string, should Process can be with are as follows: terminal constructs Shellcode and verifies function, and Shellcode verification function is converted to target string, right The target string is encrypted.Wherein, which verifies function and is used for by adjusting back default checking algorithm to this Destination application is verified.
Wherein, which can verify the storage address of function according to write-in Shellcode, since initial address, Shellcode verification function is traversed, until traversing end address, generates the corresponding target of Shellcode verification function Character string, the target string can be the character data of machine code form.
Wherein, which can be encrypted the target string by predetermined encryption algorithm.The terminal may be used also Encrypted target string is converted to global character list.Wherein, which can be based on needing to carry out Setting, the present invention is not especially limit this.For example, the predetermined encryption algorithm can be AES (Advanced Encryption Standard, Advanced Encryption Standard) Encryption Algorithm.
Further, which can also be the verification function converted by target string by the first address unsteady state operation Storage address, so as to execute the verification function in first address.
As shown in figure 3, the target string can be hexadecimal data, progress is encrypted to become as shown in Figure 4 Hexadecimal data.Obviously, before relative to encryption, encrypted hexadecimal data is the data after upsetting, thus into One step ensure that the safety of verification function.
It should be noted that since encrypted target string is converted to global character list, after that is to say encryption Shellcode machine code, which is stored in the form of global variable, is not stored at executable code In block, so even if the plug-in personnel that look on the bright side of things by static analysis tools come analytic function list, can not also find Shellcode verifies function.Also, since the form of global variable is the character lists of dispersion, so the plug-in personnel that look on the bright side of things Shellcode verification function can not be also found by character string list.Simultaneously as encrypted by AES encryption algorithm, it should Encrypted Shellcode verification function call size and content all have changed, and are a verification functions it is even more impossible to allow people to associate this, To protect the safety and tightness of Shellcode verification function layer by layer, further prevent plug-in.
When further, due to executing checking procedure every time, terminal all can dynamic random distribute an address, to guarantee The address of verification function is all random every time, and only a step enhances the concealment of verification function, ensure that destination application Safety.
In the embodiment of the present invention, terminal can construct Shellcode verification function when generating application program, thus Function can be verified based on the Shellcode, obtain initial check results, since the initial check results are just to generate to apply journey Check results when sequence are the corresponding check results of destination application there is no program breakpoint.Therefore, in order to subsequent base In the initial check results, judge whether current check results are correct.Wherein, terminal building Shellcode verification function it Afterwards, which is based on the Shellcode and verifies function, and the process for obtaining initial check results can be with are as follows: terminal by the second address, Call back function and third address are written in Shellcode verification function;Wherein, which is the destination application Storage address, the third address are the storage address of default checking algorithm.The Shellcode of terminal after write verifies function In, by call back function, it is based on second address, calls the default checking algorithm;Checking algorithm is preset by this, to the target Application program is verified, and initial check results are obtained.
Wherein, the step in Shellcode verification function is written in the second address, call back function and third address by terminal It can be with are as follows: terminal is according to second address, the call back function and the third address, building verification structural body, by the verification structure Body is written in Shellcode verification function.
203, the target string is converted to the verification function by terminal.
In this step, after terminal obtains the target string, in the corresponding memory space in the first address, force the mesh Mark character string is converted to Shellcode verification function, and Shellcode verification function is actually one interim Shellcode verifies function.
204, terminal verifies the destination application, obtains check results by the verification function.
In this step, which may include in multiple blocks, and terminal can be obtained by from function is realized Multiple blocks of the destination application, terminal traverse out multiple target blocks to be verified in multiple block, pass through the school Function is tested, multiple target block is verified, obtains the check results of each block.Wherein, the target area to be verified Block can be can be performed, can be read in multiple block, writable and not droppable block.
Further, which stores the check results into check list, and the check list is for storing multiple mesh Mark the check results of block verification.
It should be noted that in multiple blocks that destination application includes, some not executable or unreadable In the block write, look on the bright side of things plug-in personnel can not write-in program breakpoint, therefore, terminal can only obtain target block and carry out school It tests, to save memory space shared by checking procedure, improves the efficiency of verification.
In a kind of possible embodiment, terminal can be by default checking algorithm ready for use and checking procedure institute The parameter needed, is passed in the verification function in the form of structural body and is verified, which can be with are as follows: terminal is according to the verification letter Before number is verified, for the terminal according to second address, the call back function and the third address, building verification structural body should Second address is the storage address of the destination application, which is the storage address of default checking algorithm;By the school Structural body is tested to be written in the verification function.
Wherein, which that is to say terminal base to the process that the destination application is verified by the verification function In the process that the verification function that the verification structural body is written is verified.The process can be with are as follows: terminal using the third address as The parameter of the call back function calls the default checking algorithm, presets checking algorithm to the target by this by the call back function Application program is verified, and the check results are obtained.
Wherein, the quantity of the default checking algorithm can have one, can also be by multiple, which can be CRC (Cyclic Redundancy Check, cyclic redundancy check) algorithm, or MD5 (Message-Digest Algorithm 5, Message Digest 5 version 5), the embodiment of the present invention does not do the number amount and type for presetting checking algorithm It is specific to limit.
205, terminal judges in the destination application according to the check results with the presence or absence of program breakpoint.
In the embodiment of the present invention, which obtains in advance and stores the initial check results of the destination application.This is first Beginning check results are the result verified to the destination application there is no program breakpoint.In this step, terminal is according to this Check results and the initial check results, judge whether the check results and the initial check results match, when the check results When matching with the initial check results, terminal determines that there is no program breakpoints in the destination application.When the check results with When the initial check results mismatch, terminal determines that there are program breakpoints in the destination application.
Further, terminal can also send the check results to server.In a kind of possible embodiment, the end End can also only there are program breakpoints in destination application, just the check results are sent to server, so that server needle Taking the check results prevents plug-in measure, which can be with are as follows: when the check results and the destination application just When beginning check results mismatch, terminal determines that there are program breakpoints in the destination application, and sends the verification to server As a result.
Wherein, which calculates data included in data included in the check results and the initial check results It is whether identical, when identical, just determine that check results are matched with the initial check results, otherwise, to mismatch;Alternatively, when should When check results include multiple characters, which can also calculate data included in the check results and the initial verification is tied Registration between data included in fruit just determines check results and the initial school when registration reaches default value Result matching is tested, otherwise, to mismatch.Wherein, which can be based on needing to be configured, and the embodiment of the present invention is to this It is not specifically limited.For example, the default value can be 99%, 98% etc..
In a kind of possible embodiment, which can also verify multiple target blocks, by multiple mesh The check results of mark block are stored into check list, and therefore, in this step, which can also obtain initial check list, And be compared the initial check list of the check list and the destination application, judge the check list and the initial school Test whether list matches.When the check list and the initial check list match, terminal is determined in the destination application not There are program breakpoints.When the check results and the initial check results mismatch, terminal determines deposits in the destination application In program breakpoint.
206, when being determined in the destination application based on the check results there is no program breakpoint, terminal is continued to run The destination application.
Wherein, terminal can also send the check results to server.
207, it determines in the destination application when based on the check results there are when program breakpoint, terminal to server hair The check results are given, interrupt the destination application.
In this step, which executes interrupt routine, and interrupt the destination application, so that target application journey Sequence forces collapse, and then prevents the plug-in behavior for the plug-in personnel that look on the bright side of things, and has ensured the safety of destination application.
Further, after terminal obtains check results, the terminal deletion verification function discharges first address.
It should be noted that an address can be all dynamically distributed when verifying every time due to terminal, it is copying encrypted Shellcode verifies function decryption into the corresponding memory space in the address, so that guaranteeing the address of verification function every time is all Random, also, after verification, the memory space can be discharged, so that only a step enhances the concealment of verification function, is protected The safety of destination application is demonstrate,proved.
In the embodiment of the present invention, when receiving checking command, terminal obtains target string, which is write Enter in the first address, which is the character string verified after function conversion, which is used for verification object application It whether there is program breakpoint in program;The target string is converted to the verification function by terminal;By the verification function, to this Destination application is verified, and check results are obtained;When determining that there are journeys in the destination application based on the check results When sequence breakpoint, interrupt the destination application, to ensure that the destination application can operate normally, in the target Application program passes through terminal operating in the case where being tampered, it is therefore prevented that the possibility that the destination application is hung by over guarantees The safety of destination application.
Also, by the process for carrying out dynamic check based on the verification function, so that verification is all to carry out at random every time, lead to Target string is crossed, ensure that verification function cannot be distorted arbitrarily;When determining the destination application based on the check results In there are the destination application that when program breakpoint, interrupts, further ensure destination application safety and can By property.
Fig. 5 is a kind of structural schematic diagram for preventing plug-in device provided in an embodiment of the present invention.Referring to Fig. 5, the device It include: to obtain module 501, conversion module 502, correction verification module 503 and interrupt module 504.
Module 501 is obtained, for target string being obtained, which being written when receiving checking command In first address, which is the character string verified after function conversion, which is used for verification object application journey It whether there is program breakpoint in sequence;
Conversion module 502, for the target string to be converted to the verification function;
Correction verification module 503, for being verified to the destination application, obtaining check results by the verification function;
Interrupt module 504, for determining in the destination application when based on the check results there are when program breakpoint, in It is disconnected to run the destination application.
Optionally, the triggered time of the checking command is any time, which is that any size is in the terminal The numerical value of the corresponding address of the memory space of preset threshold, the preset threshold is big not less than memory space shared by the verification function It is small.
Optionally, the device further include:
Distribution module distributes the first address for the size according to the target string for the target string, this first The storage size of address is not less than the size of the target string.
Optionally, which is that filling data Shellcode verifies function, the device further include:
First building module, for constructing Shellcode verification function, Shellcode verification function is for passing through back Default checking algorithm is adjusted to verify the destination application;
Conversion module, for by the Shellcode verification function be converted to the target string, to the target string into Row encryption.
Optionally, the device further include:
Calling module, for the second address, call back function and third address to be written in Shellcode verification function, Second address is the storage address of the destination application, which is the storage address of the default checking algorithm;? In Shellcode verification function after write-in, by call back function, it is based on second address, calls the default checking algorithm;
Correction verification module, for verifying to the destination application, initially being verified by the default checking algorithm As a result.
Optionally, the device further include:
Second building module, for according to the second address, call back function and third address, building verification structural body, this Double-address is the storage address of the destination application, which is the storage address of default checking algorithm;
Writing module, for the verification structural body to be written in the verification function.
Optionally, the process that should be verified based on the verification function that the verification structural body is written are as follows: by the third address As the parameter of the call back function, by the call back function, the default checking algorithm is called, checking algorithm is preset to this by this Destination application is verified, and the check results are obtained.
Optionally, the correction verification module, comprising:
Acquiring unit, for by obtaining multiple blocks of the destination application from function is realized;
Traversal Unit, for traversing out multiple target blocks to be verified in multiple block;
Verification unit, for being verified to multiple target block, obtaining the school of each block by the verification function Test result.
Optionally, the device further include:
Determining module, for determining when the initial check results of the check results and the destination application mismatch There are program breakpoint in the destination application, the initial check results be to there is no the destination application of program breakpoint into The result of row verification;
The determining module is also used to determine the target application journey when the check results are matched with the initial check results Program breakpoint is not present in sequence.
Optionally, the device further include:
Sending module, for sending the check results to server;
Removing module discharges first address for deleting the verification function.
In the embodiment of the present invention, when receiving checking command, terminal obtains target string, which is write Enter in first address, which is the character string verified after function conversion, which answers for verification object With in program whether there is program breakpoint;The target string is converted to the verification function by terminal;It is right by the verification function The destination application is verified, and check results are obtained;When determining in the destination application exist based on the check results When program breakpoint, interrupt the destination application, to ensure that the destination application can operate normally, in the mesh Application program is marked in the case where being tampered, passes through terminal operating, it is therefore prevented that the possibility that the destination application is hung by over is protected The safety of destination application is demonstrate,proved.
Also, by the process for carrying out dynamic check based on the verification function, so that verification is all to carry out at random every time, lead to Target string is crossed, ensure that verification function cannot be distorted arbitrarily;When determining the destination application based on the check results In there are the destination application that when program breakpoint, interrupts, further ensure destination application safety and can By property.
All the above alternatives can form the alternative embodiment of the disclosure, herein no longer using any combination It repeats one by one.
It should be understood that provided by the above embodiment prevent plug-in device when preventing plug-in, only with above-mentioned each function Can module division progress for example, in practical application, can according to need and by above-mentioned function distribution by different functions Module is completed, i.e., the internal structure of terminal is divided into different functional modules, described above all or part of to complete Function.In addition, provided by the above embodiment prevent plug-in device and plug-in embodiment of the method prevented to belong to same design, Specific implementation process is detailed in embodiment of the method, and which is not described herein again.
Fig. 6 is a kind of structural schematic diagram of terminal provided in an embodiment of the present invention.The terminal 600 may is that smart phone, Tablet computer, MP3 player (Moving Picture Experts Group Audio Layer III, dynamic image expert Compression standard audio level 3), (Moving Picture Experts Group Audio Layer IV, dynamic image are special by MP4 Family's compression standard audio level 4) player, laptop or desktop computer.Terminal 600 be also possible to referred to as user equipment, Other titles such as portable terminal, laptop terminal, terminal console.
In general, terminal 600 includes: processor 601 and memory 602.
Processor 601 may include one or more processing cores, such as 4 core processors, 8 core processors etc..Place Reason device 601 can use DSP (Digital Signal Processing, Digital Signal Processing), FPGA (Field- Programmable Gate Array, field programmable gate array), PLA (Programmable Logic Array, may be programmed Logic array) at least one of example, in hardware realize.Processor 601 also may include primary processor and coprocessor, master Processor is the processor for being handled data in the awake state, also referred to as CPU (Central Processing Unit, central processing unit);Coprocessor is the low power processor for being handled data in the standby state.? In some embodiments, processor 601 can be integrated with GPU (Graphics Processing Unit, image processor), GPU is used to be responsible for the rendering and drafting of content to be shown needed for display screen.In some embodiments, processor 601 can also be wrapped AI (Artificial Intelligence, artificial intelligence) processor is included, the AI processor is for handling related machine learning Calculating operation.
Memory 602 may include one or more computer readable storage mediums, which can To be non-transient.Memory 602 may also include high-speed random access memory and nonvolatile memory, such as one Or multiple disk storage equipments, flash memory device.In some embodiments, the non-transient computer in memory 602 can Storage medium is read for storing at least one instruction, at least one instruction performed by processor 601 for realizing this Shen Please in embodiment of the method provide prevent plug-in method.
In some embodiments, terminal 600 is also optional includes: peripheral device interface 603 and at least one peripheral equipment. It can be connected by bus or signal wire between processor 601, memory 602 and peripheral device interface 603.Each peripheral equipment It can be connected by bus, signal wire or circuit board with peripheral device interface 603.Specifically, peripheral equipment includes: radio circuit 604, at least one of touch display screen 605, camera 606, voicefrequency circuit 607, positioning component 608 and power supply 609.
Peripheral device interface 603 can be used for I/O (Input/Output, input/output) is relevant outside at least one Peripheral equipment is connected to processor 601 and memory 602.In some embodiments, processor 601, memory 602 and peripheral equipment Interface 603 is integrated on same chip or circuit board;In some other embodiments, processor 601, memory 602 and outer Any one or two in peripheral equipment interface 603 can realize on individual chip or circuit board, the present embodiment to this not It is limited.
Radio circuit 604 is for receiving and emitting RF (Radio Frequency, radio frequency) signal, also referred to as electromagnetic signal.It penetrates Frequency circuit 604 is communicated by electromagnetic signal with communication network and other communication equipments.Radio circuit 604 turns electric signal It is changed to electromagnetic signal to be sent, alternatively, the electromagnetic signal received is converted to electric signal.Optionally, radio circuit 604 wraps It includes: antenna system, RF transceiver, one or more amplifiers, tuner, oscillator, digital signal processor, codec chip Group, user identity module card etc..Radio circuit 604 can be carried out by least one wireless communication protocol with other terminals Communication.The wireless communication protocol includes but is not limited to: Metropolitan Area Network (MAN), each third generation mobile communication network (2G, 3G, 4G and 5G), wireless office Domain net and/or WiFi (Wireless Fidelity, Wireless Fidelity) network.In some embodiments, radio circuit 604 may be used also To include the related circuit of NFC (Near Field Communication, wireless near field communication), the application is not subject to this It limits.
Display screen 605 is for showing UI (User Interface, user interface).The UI may include figure, text, figure Mark, video and its their any combination.When display screen 605 is touch display screen, display screen 605 also there is acquisition to show The ability of the touch signal on the surface or surface of screen 605.The touch signal can be used as control signal and be input to processor 601 are handled.At this point, display screen 605 can be also used for providing virtual push button and/or dummy keyboard, also referred to as soft button and/or Soft keyboard.In some embodiments, display screen 605 can be one, and the front panel of terminal 600 is arranged;In other embodiments In, display screen 605 can be at least two, be separately positioned on the different surfaces of terminal 600 or in foldover design;In still other reality It applies in example, display screen 605 can be flexible display screen, be arranged on the curved surface of terminal 600 or on fold plane.Even, it shows Display screen 605 can also be arranged to non-rectangle irregular figure, namely abnormity screen.Display screen 605 can use LCD (Liquid Crystal Display, liquid crystal display), OLED (Organic Light-Emitting Diode, Organic Light Emitting Diode) Etc. materials preparation.
CCD camera assembly 606 is for acquiring image or video.Optionally, CCD camera assembly 606 include front camera and Rear camera.In general, the front panel of terminal is arranged in front camera, the back side of terminal is arranged in rear camera.One In a little embodiments, rear camera at least two is main camera, depth of field camera, wide-angle camera, focal length camera shooting respectively Any one in head, to realize that main camera and the fusion of depth of field camera realize background blurring function, main camera and wide-angle Camera fusion realizes that pan-shot and VR (Virtual Reality, virtual reality) shooting function or other fusions are clapped Camera shooting function.In some embodiments, CCD camera assembly 606 can also include flash lamp.Flash lamp can be monochromatic warm flash lamp, It is also possible to double-colored temperature flash lamp.Double-colored temperature flash lamp refers to the combination of warm light flash lamp and cold light flash lamp, can be used for not With the light compensation under colour temperature.
Voicefrequency circuit 607 may include microphone and loudspeaker.Microphone is used to acquire the sound wave of user and environment, and will Sound wave, which is converted to electric signal and is input to processor 601, to be handled, or is input to radio circuit 604 to realize voice communication. For stereo acquisition or the purpose of noise reduction, microphone can be separately positioned on the different parts of terminal 600 to be multiple.Mike Wind can also be array microphone or omnidirectional's acquisition type microphone.Loudspeaker is then used to that processor 601 or radio circuit will to be come from 604 electric signal is converted to sound wave.Loudspeaker can be traditional wafer speaker, be also possible to piezoelectric ceramic loudspeaker.When When loudspeaker is piezoelectric ceramic loudspeaker, the audible sound wave of the mankind can be not only converted electrical signals to, it can also be by telecommunications Number the sound wave that the mankind do not hear is converted to carry out the purposes such as ranging.In some embodiments, voicefrequency circuit 607 can also include Earphone jack.
Positioning component 608 is used for the current geographic position of positioning terminal 600, to realize navigation or LBS (Location Based Service, location based service).Positioning component 608 can be the GPS (Global based on the U.S. Positioning System, global positioning system), the dipper system of China, Russia Gray receive this system or European Union The positioning component of Galileo system.
Power supply 609 is used to be powered for the various components in terminal 600.Power supply 609 can be alternating current, direct current, Disposable battery or rechargeable battery.When power supply 609 includes rechargeable battery, which can support wired charging Or wireless charging.The rechargeable battery can be also used for supporting fast charge technology.
In some embodiments, terminal 600 further includes having one or more sensors 610.The one or more sensors 610 include but is not limited to: acceleration transducer 611, gyro sensor 612, pressure sensor 613, fingerprint sensor 614, Optical sensor 615 and proximity sensor 616.
The acceleration that acceleration transducer 611 can detecte in three reference axis of the coordinate system established with terminal 600 is big It is small.For example, acceleration transducer 611 can be used for detecting component of the acceleration of gravity in three reference axis.Processor 601 can With the acceleration of gravity signal acquired according to acceleration transducer 611, touch display screen 605 is controlled with transverse views or longitudinal view Figure carries out the display of user interface.Acceleration transducer 611 can be also used for the acquisition of game or the exercise data of user.
Gyro sensor 612 can detecte body direction and the rotational angle of terminal 600, and gyro sensor 612 can To cooperate with acquisition user to act the 3D of terminal 600 with acceleration transducer 611.Processor 601 is according to gyro sensor 612 Following function may be implemented in the data of acquisition: when action induction (for example changing UI according to the tilt operation of user), shooting Image stabilization, game control and inertial navigation.
The lower layer of side frame and/or touch display screen 605 in terminal 600 can be set in pressure sensor 613.Work as pressure When the side frame of terminal 600 is arranged in sensor 613, user can detecte to the gripping signal of terminal 600, by processor 601 Right-hand man's identification or prompt operation are carried out according to the gripping signal that pressure sensor 613 acquires.When the setting of pressure sensor 613 exists When the lower layer of touch display screen 605, the pressure operation of touch display screen 605 is realized to UI circle according to user by processor 601 Operability control on face is controlled.Operability control includes button control, scroll bar control, icon control, menu At least one of control.
Fingerprint sensor 614 is used to acquire the fingerprint of user, collected according to fingerprint sensor 614 by processor 601 The identity of fingerprint recognition user, alternatively, by fingerprint sensor 614 according to the identity of collected fingerprint recognition user.It is identifying When the identity of user is trusted identity out, the user is authorized to execute relevant sensitive operation, the sensitive operation packet by processor 601 Include solution lock screen, check encryption information, downloading software, payment and change setting etc..Terminal can be set in fingerprint sensor 614 600 front, the back side or side.When being provided with physical button or manufacturer Logo in terminal 600, fingerprint sensor 614 can be with It is integrated with physical button or manufacturer Logo.
Optical sensor 615 is for acquiring ambient light intensity.In one embodiment, processor 601 can be according to optics The ambient light intensity that sensor 615 acquires controls the display brightness of touch display screen 605.Specifically, when ambient light intensity is higher When, the display brightness of touch display screen 605 is turned up;When ambient light intensity is lower, the display for turning down touch display screen 605 is bright Degree.In another embodiment, the ambient light intensity that processor 601 can also be acquired according to optical sensor 615, dynamic adjust The acquisition parameters of CCD camera assembly 606.
Proximity sensor 616, also referred to as range sensor are generally arranged at the front panel of terminal 600.Proximity sensor 616 For acquiring the distance between the front of user Yu terminal 600.In one embodiment, when proximity sensor 616 detects use When family and the distance between the front of terminal 600 gradually become smaller, touch display screen 605 is controlled from bright screen state by processor 601 It is switched to breath screen state;When proximity sensor 616 detects user and the distance between the front of terminal 600 becomes larger, Touch display screen 605 is controlled by processor 601 and is switched to bright screen state from breath screen state.
It will be understood by those skilled in the art that the restriction of structure shown in Fig. 6 not structure paired terminal 600, can wrap It includes than illustrating more or fewer components, perhaps combine certain components or is arranged using different components.
In the exemplary embodiment, a kind of computer readable storage medium is additionally provided, the memory for example including instruction, Above-metioned instruction can be executed by the processor in terminal to complete to prevent plug-in method in above-described embodiment.For example, the meter Calculation machine readable storage medium storing program for executing can be ROM, random access memory (RAM), CD-ROM, tape, floppy disk and optical data storage and set It is standby etc..
Those of ordinary skill in the art will appreciate that realizing that all or part of the steps of above-described embodiment can pass through hardware It completes, relevant hardware can also be instructed to complete by program, the program can store in a kind of computer-readable In storage medium, storage medium mentioned above can be read-only memory, disk or CD etc..
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all in spirit of the invention and Within principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.

Claims (15)

1. a kind of prevent plug-in method, which is characterized in that the described method includes:
When receiving checking command, target string is obtained, the target string is written in the first address, the target Character string is the character string verified after function conversion, and the verification function is for whether there is program in verification object application program Breakpoint;
The target string is converted into the verification function;
By the verification function, the destination application is verified, check results are obtained;
When determining that there are the targets that when program breakpoint, interrupts to answer in the destination application based on the check results Use program.
2. the method according to claim 1, wherein the triggered time of the checking command is any time, institute Stating the first address is the corresponding address of memory space that any size is preset threshold in the terminal, the number of the preset threshold Size of the value not less than memory space shared by the verification function.
3. the method according to claim 1, wherein the acquisition target string, by the target string Before being written in the first address, the method also includes:
According to the size of the target string, first address is distributed for the target string, first address Storage size is not less than the size of the target string.
4. the method according to claim 1, wherein the verification function is filling data Shellcode verification Function, it is described obtain the target string before, the method also includes:
It constructs Shellcode and verifies function, the Shellcode verification function is used for by adjusting back default checking algorithm to described Destination application is verified;
Shellcode verification function is converted into the target string, the target string is encrypted.
5. according to the method described in claim 4, it is characterized in that, the building Shellcode verification function after, the side Method further include:
Second address, call back function and third address are written in the Shellcode verification function, second address is institute The storage address of destination application is stated, the third address is the storage address of the default checking algorithm;
In Shellcode verification function after write, by call back function, it is based on second address, is called described default Checking algorithm;
By the default checking algorithm, the destination application is verified, obtains initial check results.
6. the method according to claim 1, wherein described by the verification function, to the target application Program is verified, before obtaining check results, the method also includes:
According to the second address, call back function and third address, building verification structural body, second address is the target application The storage address of program, the third address are the storage address of default checking algorithm;
The verification structural body is written in the verification function.
7. according to the method described in claim 6, it is characterized in that, described based on the verification function that the verification structural body is written The process verified are as follows: institute is called by the call back function using the third address as the parameter of the call back function Default checking algorithm is stated, the destination application is verified by the default checking algorithm, obtains the verification knot Fruit.
8. the method according to claim 1, wherein described by the verification function, to the target application Program is verified, and is obtained check results and is included:
By obtaining multiple blocks of the destination application from function is realized;
Traverse out multiple target blocks to be verified in the multiple block;
By the verification function, the multiple target block is verified, obtains the check results of each block.
9. the method according to claim 1, wherein described by the verification function, to the target application Program is verified, after obtaining check results, the method also includes:
When the check results and the initial check results of the destination application mismatch, the target application journey is determined There are program breakpoint in sequence, the initial check results are the knot verified to the destination application there is no program breakpoint Fruit;
When the check results are matched with the initial check results, determine that there is no programs to break in the destination application Point.
10. the method according to claim 1, wherein described by the verification function, to the target application Program is verified, after obtaining check results, the method also includes:
The check results are sent to server;
The verification function is deleted, first address is discharged.
11. a kind of prevent plug-in device, which is characterized in that described device includes:
Module is obtained, for obtaining target string when receiving checking command, the first ground is written into the target string In location, the target string is the character string verified after function conversion, and the verification function is used for verification object application program In whether there is program breakpoint;
Conversion module, for the target string to be converted to the verification function;
Correction verification module, for being verified to the destination application, obtaining check results by the verification function;
Interrupt module is interrupted for being determined in the destination application when based on the check results there are when program breakpoint Run the destination application.
12. device according to claim 11, which is characterized in that described device further include:
First building module, for constructing Shellcode verification function, the Shellcode verification function is for passing through readjustment Default checking algorithm verifies the destination application;
Conversion module, for Shellcode verification function to be converted to the target string, to the target string It is encrypted.
13. device according to claim 11, which is characterized in that described device further include:
Second building module, for constructing and verifying structural body according to the second address, call back function and third address, described second Address is the storage address of the destination application, and the third address is the storage address of default checking algorithm;
Writing module, for the verification structural body to be written in the verification function.
14. a kind of terminal, which is characterized in that the terminal includes processor and memory, is stored at least in the memory One instruction, described instruction are loaded by the processor and are executed to realize such as any one of claim 1 to claim 10 institute That states prevents operation performed by plug-in method.
15. a kind of computer readable storage medium, which is characterized in that be stored at least one instruction, institute in the storage medium Instruction is stated to be loaded by processor and executed to realize as claim 1 prevents plug-in method to claim 10 is described in any item Performed operation.
CN201810689257.0A 2018-06-28 2018-06-28 Method, device, terminal and storage medium for preventing plug-in Active CN108970122B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810689257.0A CN108970122B (en) 2018-06-28 2018-06-28 Method, device, terminal and storage medium for preventing plug-in

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810689257.0A CN108970122B (en) 2018-06-28 2018-06-28 Method, device, terminal and storage medium for preventing plug-in

Publications (2)

Publication Number Publication Date
CN108970122A true CN108970122A (en) 2018-12-11
CN108970122B CN108970122B (en) 2021-06-08

Family

ID=64539499

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810689257.0A Active CN108970122B (en) 2018-06-28 2018-06-28 Method, device, terminal and storage medium for preventing plug-in

Country Status (1)

Country Link
CN (1) CN108970122B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1648873A (en) * 2005-02-01 2005-08-03 苏州超锐微电子有限公司 Method for realizing break point debugging function
JP5326062B1 (en) * 2012-05-11 2013-10-30 アンラブ,インコーポレイテッド Non-executable file inspection apparatus and method
CN104731708A (en) * 2015-03-25 2015-06-24 北京信息控制研究所 Dynamic detection method of Shellcode
CN105233499A (en) * 2015-09-25 2016-01-13 广州华多网络科技有限公司 Game code checking method and game client side and system
CN107844703A (en) * 2017-10-13 2018-03-27 珠海金山网络游戏科技有限公司 A kind of client secure detection method and device based on Android platform Unity3D game

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1648873A (en) * 2005-02-01 2005-08-03 苏州超锐微电子有限公司 Method for realizing break point debugging function
JP5326062B1 (en) * 2012-05-11 2013-10-30 アンラブ,インコーポレイテッド Non-executable file inspection apparatus and method
CN104731708A (en) * 2015-03-25 2015-06-24 北京信息控制研究所 Dynamic detection method of Shellcode
CN105233499A (en) * 2015-09-25 2016-01-13 广州华多网络科技有限公司 Game code checking method and game client side and system
CN107844703A (en) * 2017-10-13 2018-03-27 珠海金山网络游戏科技有限公司 A kind of client secure detection method and device based on Android platform Unity3D game

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
自动送头机器人: "【CSGO游戏分析】VAC反作弊系统分析", 《HTTPS://WWW.BILIBILI.COM/READ/CV217289》 *

Also Published As

Publication number Publication date
CN108970122B (en) 2021-06-08

Similar Documents

Publication Publication Date Title
KR102350462B1 (en) Signature generation method, electronic device and storage medium
CN111444528B (en) Data security protection method, device and storage medium
US11574009B2 (en) Method, apparatus and computer device for searching audio, and storage medium
CN109491924A (en) Code detection method, device, terminal and storage medium
CN110502308A (en) Style sheet switching method, device, computer equipment and storage medium
CN110210219A (en) Recognition methods, device, equipment and the storage medium of virus document
CN109117635A (en) Method for detecting virus, device, computer equipment and the storage medium of application program
CN109547495A (en) Sensitive operation processing method, device, server, terminal and storage medium
CN110837473A (en) Application program debugging method, device, terminal and storage medium
CN109522146A (en) The method, apparatus and storage medium of abnormality test are carried out to client
CN108810019A (en) Refusal service attack defending method, apparatus, equipment and storage medium
CN110147380A (en) Data-updating method, device, server and storage medium
CN109711832A (en) The methods, devices and systems paid
CN109889325A (en) Method of calibration, device, electronic equipment and medium
CN110401648A (en) Obtain method, apparatus, electronic equipment and the medium of cloud service
CN110288689A (en) The method and apparatus that electronic map is rendered
CN110032384A (en) Method, apparatus, equipment and the storage medium of resource updates
CN109254775A (en) Image processing method, terminal and storage medium based on face
CN110109770A (en) Adjustment method, device, electronic equipment and medium
CN109783176A (en) Switch the method and apparatus of the page
CN111128115B (en) Information verification method and device, electronic equipment and storage medium
CN107943484A (en) The method and apparatus for performing business function
CN109842593B (en) Information acquisition method and device and computer readable storage medium
CN108970122A (en) Prevent plug-in method, apparatus, terminal and storage medium
CN109107163A (en) Analogue-key detection method, device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant