CN108970122B - Method, device, terminal and storage medium for preventing plug-in - Google Patents

Method, device, terminal and storage medium for preventing plug-in Download PDF

Info

Publication number
CN108970122B
CN108970122B CN201810689257.0A CN201810689257A CN108970122B CN 108970122 B CN108970122 B CN 108970122B CN 201810689257 A CN201810689257 A CN 201810689257A CN 108970122 B CN108970122 B CN 108970122B
Authority
CN
China
Prior art keywords
verification
function
address
application program
target application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810689257.0A
Other languages
Chinese (zh)
Other versions
CN108970122A (en
Inventor
黄国友
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Huaduo Network Technology Co Ltd
Original Assignee
Guangzhou Huaduo Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Huaduo Network Technology Co Ltd filed Critical Guangzhou Huaduo Network Technology Co Ltd
Priority to CN201810689257.0A priority Critical patent/CN108970122B/en
Publication of CN108970122A publication Critical patent/CN108970122A/en
Application granted granted Critical
Publication of CN108970122B publication Critical patent/CN108970122B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • AHUMAN NECESSITIES
    • A63SPORTS; GAMES; AMUSEMENTS
    • A63FCARD, BOARD, OR ROULETTE GAMES; INDOOR GAMES USING SMALL MOVING PLAYING BODIES; VIDEO GAMES; GAMES NOT OTHERWISE PROVIDED FOR
    • A63F13/00Video games, i.e. games using an electronically generated display having two or more dimensions
    • A63F13/70Game security or game management aspects
    • A63F13/75Enforcing rules, e.g. detecting foul play or generating lists of cheating players
    • AHUMAN NECESSITIES
    • A63SPORTS; GAMES; AMUSEMENTS
    • A63FCARD, BOARD, OR ROULETTE GAMES; INDOOR GAMES USING SMALL MOVING PLAYING BODIES; VIDEO GAMES; GAMES NOT OTHERWISE PROVIDED FOR
    • A63F2300/00Features of games using an electronically generated display having two or more dimensions, e.g. on a television screen, showing representations related to the game
    • A63F2300/50Features of games using an electronically generated display having two or more dimensions, e.g. on a television screen, showing representations related to the game characterized by details of game servers
    • A63F2300/55Details of game data or player data management
    • A63F2300/5586Details of game data or player data management for enforcing rights or rules, e.g. to prevent foul play

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • General Business, Economics & Management (AREA)
  • Stored Programmes (AREA)

Abstract

The invention discloses a method, a device, a terminal and a storage medium for preventing plug-in, and belongs to the technical field of internet. The method comprises the following steps: when a verification instruction is received, the terminal acquires a target character string and writes the target character string into a first address, wherein the target character string is a character string converted by a verification function, and the verification function is used for verifying whether a program breakpoint exists in a target application program; the terminal converts the target character string into the check function; verifying the target application program through the verification function to obtain a verification result; and when the target application program is determined to have the program breakpoint based on the verification result, interrupting the running of the target application program, so that the normal running of the target application program is ensured, the possibility that the target application program is opened and hung is prevented through the running of the terminal under the condition that the target application program is tampered, and the safety of the target application program is ensured.

Description

Method, device, terminal and storage medium for preventing plug-in
Technical Field
The invention relates to the technical field of internet, in particular to a method, a device, a terminal and a storage medium for preventing plug-in.
Background
With the development of network technology, game application programs are increasingly popularized, and in many game application programs, a user can add some privileges to a game object in a game in a plug-in opening mode, for example, in the game, the length of the game object taking one step is only 1 meter when the plug-in is not opened, and the length of the game object taking one step can reach 100 meters when the plug-in is opened, and obviously, the plug-in opening mode seriously affects the fairness of the game.
In the field, generally, a person who wants to open a plug-in is prevented from dynamically analyzing an application program through the plug-in by a debugging prevention method, that is, a terminal detects whether a debugger port is called, so that the application program is prevented from being called by calling the debugger port. However, in the related art, a plug-in is generally opened by setting a program breakpoint, that is, a terminal writes a breakpoint characteristic value in a memory address corresponding to a segment of program based on a segment of program code that needs to be modified in the application program, so as to successfully set a program breakpoint in the application program. When the terminal starts the application program, the terminal operates to the target program segment and stops operating, and the external hanging personnel can analyze and modify the application program at the point. Obviously, the above-mentioned debugging prevention method can only detect whether the plug-in operator debugs the application program through the debugger port, and cannot detect the program breakpoint in the application program. Therefore, a method for preventing plug-in is needed to prevent plug-in by writing breakpoint characteristic values.
Disclosure of Invention
The embodiment of the invention provides a method, a device, a terminal and a storage medium for preventing plug-in, which can solve the problem that plug-in can not be prevented by writing breakpoint characteristic values in the related art. The technical scheme is as follows:
in one aspect, a method of preventing cheating is provided, the method comprising:
when a verification instruction is received, acquiring a target character string, and writing the target character string into a first address, wherein the target character string is a character string converted by a verification function, and the verification function is used for verifying whether a program breakpoint exists in a target application program;
converting the target character string into the check function;
verifying the target application program through the verification function to obtain a verification result;
and when determining that a program breakpoint exists in the target application program based on the verification result, interrupting the running of the target application program.
Optionally, the triggering time of the check instruction is any time, the first address is an address corresponding to any storage space in the terminal, where the size of the storage space is a preset threshold, and the value of the preset threshold is not less than the size of the storage space occupied by the check function.
Optionally, before the obtaining the target character string and writing the target character string into the first address, the method further includes:
and according to the size of the target character string, allocating a first address to the target character string, wherein the size of a storage space of the first address is not smaller than the size of the target character string.
Optionally, the check function is a padding data Shellcode check function, and before the target character string is obtained, the method further includes:
constructing a Shellcode check function, wherein the Shellcode check function is used for checking the target application program through a callback preset check algorithm;
and converting the Shellcode check function into the target character string, and encrypting the target character string.
Optionally, after the Shellcode check function is constructed, the method further includes:
writing a second address, a callback function and a third address into the Shellcode check function, wherein the second address is a storage address of the target application program, and the third address is a storage address of the preset check algorithm;
calling the preset check algorithm based on the second address through a callback function in the written Shellcode check function;
and verifying the target application program through the preset verification algorithm to obtain an initial verification result.
Optionally, before the target application is verified through the verification function and a verification result is obtained, the method further includes:
constructing a verification structure body according to a second address, a callback function and a third address, wherein the second address is a storage address of the target application program, and the third address is a storage address of a preset verification algorithm;
and writing the check structure body into the check function.
Optionally, the process of performing verification based on the verification function written in the verification structure body is as follows: and taking the third address as a parameter of the callback function, calling the preset verification algorithm through the callback function, and verifying the target application program through the preset verification algorithm to obtain the verification result.
Optionally, the verifying the target application program through the verification function to obtain a verification result includes:
acquiring a plurality of blocks of the target application program through a self-realization function;
traversing a plurality of target blocks to be checked in the plurality of blocks;
and verifying the target blocks through the verification function to obtain a verification result of each block.
Optionally, after the target application is verified through the verification function and a verification result is obtained, the method further includes:
when the verification result is not matched with the initial verification result of the target application program, determining that a program breakpoint exists in the target application program, wherein the initial verification result is a result of verifying the target application program without the program breakpoint;
and when the verification result is matched with the initial verification result, determining that no program breakpoint exists in the target application program.
Optionally, after the target application is verified through the verification function and a verification result is obtained, the method further includes:
sending the verification result to a server;
deleting the check function and releasing the first address.
In one aspect, there is provided a device for preventing external hanging, the device including:
the system comprises an acquisition module, a verification module and a processing module, wherein the acquisition module is used for acquiring a target character string when a verification instruction is received, and writing the target character string into a first address, the target character string is a character string converted by a verification function, and the verification function is used for verifying whether a program breakpoint exists in a target application program;
the conversion module is used for converting the target character string into the check function;
the verification module is used for verifying the target application program through the verification function to obtain a verification result;
and the interruption module is used for interrupting the running of the target application program when determining that a program breakpoint exists in the target application program based on the verification result.
Optionally, the triggering time of the check instruction is any time, the first address is an address corresponding to any storage space in the terminal, where the size of the storage space is a preset threshold, and the value of the preset threshold is not less than the size of the storage space occupied by the check function.
Optionally, the apparatus further comprises:
and the allocation module is used for allocating a first address to the target character string according to the size of the target character string, wherein the size of the storage space of the first address is not smaller than the size of the target character string.
Optionally, the check function is a padding data Shellcode check function, and the apparatus further includes:
the system comprises a first construction module, a second construction module and a third construction module, wherein the first construction module is used for constructing a Shellcode check function, and the Shellcode check function is used for checking the target application program through a callback preset check algorithm;
and the conversion module is used for converting the Shellcode check function into the target character string and encrypting the target character string.
Optionally, the apparatus further comprises:
the calling module is used for writing a second address, a callback function and a third address into the Shellcode check function, wherein the second address is a storage address of the target application program, and the third address is a storage address of the preset check algorithm; calling the preset check algorithm based on the second address through a callback function in the written Shellcode check function;
and the checking module is used for checking the target application program through the preset checking algorithm to obtain an initial checking result.
Optionally, the apparatus further comprises:
the second construction module is used for constructing a verification structure body according to a second address, a callback function and a third address, wherein the second address is a storage address of the target application program, and the third address is a storage address of a preset verification algorithm;
and the writing module is used for writing the check structure body into the check function.
Optionally, the process of performing verification based on the verification function written in the verification structure body is as follows: and taking the third address as a parameter of the callback function, calling the preset verification algorithm through the callback function, and verifying the target application program through the preset verification algorithm to obtain the verification result.
Optionally, the verification module includes:
an obtaining unit, configured to obtain, through a self-implementation function, a plurality of blocks of the target application program;
the traversal unit is used for traversing a plurality of target blocks to be verified in the plurality of blocks;
and the checking unit is used for checking the target blocks through the checking function to obtain a checking result of each block.
Optionally, the apparatus further comprises:
a determining module, configured to determine that a program breakpoint exists in the target application program when the verification result is not matched with an initial verification result of the target application program, where the initial verification result is a result of verifying the target application program that does not have the program breakpoint;
the determining module is further configured to determine that no program breakpoint exists in the target application program when the verification result matches the initial verification result.
Optionally, the apparatus further comprises:
the sending module is used for sending the verification result to a server;
and the deleting module is used for deleting the check function and releasing the first address.
In one aspect, a terminal is provided, where the terminal includes a processor and a memory, where the memory stores at least one instruction, and the instruction is loaded and executed by the processor to implement an operation performed by the method for preventing a plug-in as described above.
In one aspect, a computer-readable storage medium is provided, in which at least one instruction is stored, and the instruction is loaded and executed by a processor to implement the operation performed by the method for preventing a plug-in as described above.
The technical scheme provided by the embodiment of the invention has the following beneficial effects:
when a verification instruction is received, a terminal acquires a target character string and writes the target character string into a first address, wherein the target character string is a character string converted by a verification function, and the verification function is used for verifying whether a program breakpoint exists in a target application program; the terminal converts the target character string into the check function; verifying the target application program through the verification function to obtain a verification result; and when the target application program is determined to have the program breakpoint based on the verification result, interrupting the running of the target application program, so that the normal running of the target application program is ensured, the possibility that the target application program is opened and hung is prevented through the running of the terminal under the condition that the target application program is tampered, and the safety of the target application program is ensured.
Moreover, each check is carried out randomly through the process of carrying out dynamic check based on the check function, and the check function can not be tampered randomly through the target character string; and when the target application program is determined to have the program breakpoint based on the verification result, the target application program is interrupted to run, and the safety and the reliability of the target application program are further ensured.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a flowchart of a method for preventing a plug-in according to an embodiment of the present invention;
FIG. 2 is a flowchart of a method for preventing a plug-in according to an embodiment of the present invention;
FIG. 3 is a diagram illustrating a target string according to an embodiment of the present invention;
FIG. 4 is a diagram illustrating an encrypted target string according to an embodiment of the present invention;
FIG. 5 is a schematic structural diagram of a device for preventing plug-in according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a terminal according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a flowchart of a method for preventing a plug-in according to an embodiment of the present invention. The execution subject of the embodiment of the invention is a terminal, and referring to fig. 1, the method comprises the following steps:
101. and when a verification instruction is received, acquiring a target character string, and writing the target character string into the first address.
The target character string is a character string converted by a check function, and the check function is used for checking whether a program breakpoint exists in a target application program or not;
102. converting the target character string into the check function;
103. verifying the target application program through the verification function to obtain a verification result;
104. and when the target application program is determined to have the program breakpoint based on the verification result, interrupting the running of the target application program.
Optionally, the triggering time of the check instruction is any time, the first address is an address corresponding to any storage space in the terminal, where the size of the storage space is a preset threshold, and a value of the preset threshold is not less than the size of the storage space occupied by the check function.
Optionally, before obtaining the target character string and writing the target character string into the first address, the method further includes:
and according to the size of the target character string, allocating a first address to the target character string, wherein the size of the storage space of the first address is not smaller than the size of the target character string.
Optionally, the check function is a padding data Shellcode check function, and before the target character string is obtained, the method further includes:
constructing a Shellcode check function, wherein the Shellcode check function is used for checking the target application program through a callback preset check algorithm;
and converting the Shellcode check function into the target character string, and encrypting the target character string.
Optionally, after the Shellcode check function is constructed, the method further includes:
writing a second address, a callback function and a third address into the Shellcode check function, wherein the second address is a storage address of the target application program, and the third address is a storage address of the preset check algorithm;
calling the preset check algorithm based on the second address through a callback function in the written Shellcode check function;
and checking the target application program through the preset checking algorithm to obtain an initial checking result.
Optionally, before the target application is verified through the verification function and a verification result is obtained, the method further includes:
constructing a verification structure body according to a second address, a callback function and a third address, wherein the second address is a storage address of the target application program, and the third address is a storage address of a preset verification algorithm;
and writing the check structure body into the check function.
Optionally, the process of performing verification based on the verification function written in the verification structure body is as follows: and taking the third address as a parameter of the callback function, calling the preset verification algorithm through the callback function, and verifying the target application program through the preset verification algorithm to obtain the verification result.
Optionally, the verifying the target application program through the verification function to obtain a verification result includes:
acquiring a plurality of blocks of the target application program through a self-realization function;
traversing a plurality of target blocks to be checked in the plurality of blocks;
and checking the target blocks through the checking function to obtain a checking result of each block.
Optionally, after the target application is verified through the verification function and a verification result is obtained, the method further includes:
when the verification result is not matched with the initial verification result of the target application program, determining that a program breakpoint exists in the target application program, wherein the initial verification result is a result of verifying the target application program without the program breakpoint;
and when the verification result is matched with the initial verification result, determining that no program breakpoint exists in the target application program.
Optionally, after the target application is verified through the verification function and a verification result is obtained, the method further includes:
sending the checking result to a server;
deleting the check function and releasing the first address.
In the embodiment of the invention, when a verification instruction is received, a terminal acquires a target character string and writes the target character string into a first address, wherein the target character string is a character string converted by a verification function, and the verification function is used for verifying whether a program breakpoint exists in a target application program; the terminal converts the target character string into the check function; verifying the target application program through the verification function to obtain a verification result; and when the target application program is determined to have the program breakpoint based on the verification result, interrupting the running of the target application program, so that the normal running of the target application program is ensured, the possibility that the target application program is opened and hung is prevented through the running of the terminal under the condition that the target application program is tampered, and the safety of the target application program is ensured.
Moreover, each check is carried out randomly through the process of carrying out dynamic check based on the check function, and the check function can not be tampered randomly through the target character string; and when the target application program is determined to have the program breakpoint based on the verification result, the target application program is interrupted to run, and the safety and the reliability of the target application program are further ensured.
Fig. 2 is a flowchart of a method for preventing a plug-in according to an embodiment of the present invention. The execution subject of the embodiment of the present invention is a terminal, and referring to fig. 2, the method includes:
201. and when a verification instruction is received, the terminal allocates a first address for the target character string according to the size of the target character string.
The size of the storage space of the first address is not smaller than that of the target character string, the target character string is a character string converted by a check function, and the check function is used for checking whether a program breakpoint exists in a target application program or not; the target character string may also be a character string converted by a check function and encrypted by a preset encryption algorithm. In the embodiment of the present invention, when the terminal receives the verification instruction, the terminal may allocate a storage space with the size of the preset threshold to the verification function based on the preset threshold, and obtain the first address of the storage space with the size of the preset threshold. And the value of the preset threshold is not less than the size of the storage space occupied by the check function.
Wherein, the trigger time of the check instruction is any time. That is, the check instruction may be triggered by the terminal at any time. The first address is an address corresponding to any storage space with a size of a preset threshold value in the terminal, that is, the terminal randomly allocates an address to the check function. In a possible implementation manner, the terminal may set the preset threshold to be not smaller than the size of the storage space occupied by the check function in advance based on the size of the check function to be used, so that when a subsequent terminal acquires the check function, the terminal can write the check function into the first address.
The preset threshold and the preset encryption algorithm may be set based on needs, and the preset threshold is not specifically limited in the embodiment of the present invention. For example, the preset Encryption algorithm may be an AES (Advanced Encryption Standard) Encryption algorithm.
Further, the terminal may set the storage attribute of the first address to: the terminal can decrypt the target character string, write the decrypted target character string into the first address, and forcibly convert the first address into a storage address of a check function converted from the target character string, so that the check function can be executed in the first address.
The terminal can convert the first address through a forced conversion program, and forcibly convert the first address into a storage address of the check function. The forced conversion program is any program that can forcibly convert the first address into the storage address of the check function, and the forced conversion program is not particularly limited in the embodiment of the present invention. For example, the forced conversion procedure may be as follows:
pfn_CheckSection pCS=
(pfn_CheckSection)DecryptShellCode();
it should be noted that, because the terminal sets the trigger time of the verification instruction to any time, the terminal can verify the target application program at irregular time, prevent a person who wants to open a plug-in from modifying the verification process of the target application program, and further ensure the security of the target application program.
202. And the terminal acquires a target character string and writes the target character string into the first address.
In the embodiment of the invention, the terminal stores the check function in a character string mode, and the terminal acquires the target character string based on the storage address of the target character string and copies the target character string to the storage space corresponding to the first address. In a possible implementation manner, the target character string is an encrypted character string, and the terminal may further decrypt the target character string through a decryption key, and store the decrypted target character string in the storage space corresponding to the first address.
It should be noted that, in the embodiment of the present invention, the check function may be a Shellcode (padding data) check function, and before the terminal acquires the target character string, the terminal may generate the target character string based on the Shellcode check function in advance, where the process may be: and the terminal constructs a Shellcode check function, converts the Shellcode check function into a target character string and encrypts the target character string. The Shellcode check function is used for checking the target application program through a callback preset check algorithm.
The terminal may traverse the Shellcode check function from the initial address to the end address according to the storage address written in the Shellcode check function, and generate a target character string corresponding to the Shellcode check function, where the target character string may be character data in a machine code form.
The terminal can encrypt the target character string through a preset encryption algorithm. The terminal can also convert the encrypted target character string into a global character list. The preset encryption algorithm may be set based on needs, which is not specifically limited in this embodiment of the present invention. For example, the preset Encryption algorithm may be an AES (Advanced Encryption Standard) Encryption algorithm.
Further, the terminal may also forcibly convert the first address into a storage address of a check function converted from the target character string, so that the check function may be executed in the first address.
As shown in fig. 3, the target character string may be hexadecimal data, and the encrypted target character string becomes the hexadecimal data shown in fig. 4. Obviously, compared with the data before encryption, the encrypted hexadecimal data is the scrambled data, so that the security of the check function is further ensured.
It should be noted that, since the encrypted target character string is converted into a global character list, that is, the encrypted Shellcode machine code, and the global character list is stored in a global variable form and is not stored in the executable code block, even if a person who wants to open a plug-in analyzes the function list through a static analysis tool, the Shellcode check function cannot be found. Moreover, because the global variable is in a scattered character list form, a person who wants to open a plug-in cannot find the Shellcode check function through the character string list. Meanwhile, as the encryption is carried out by the AES encryption algorithm, the size and the content of the encrypted Shellcode check function are changed, and the Shellcode check function cannot be associated as a check function, so that the safety and the tightness of the Shellcode check function are protected layer by layer, and plug-in is further prevented.
Furthermore, as the terminal dynamically and randomly allocates an address each time the verification process is executed, the address of the verification function is ensured to be random each time, the concealment of the verification function is only further enhanced, and the security of the target application program is ensured.
In the embodiment of the invention, the terminal can construct the Shellcode check function when the application program is generated, so that an initial check result can be obtained based on the Shellcode check function, and the initial check result is the check result just generated when the application program is generated and is the check result corresponding to the target application program without program breakpoints. Therefore, whether the current verification result is correct or not is judged conveniently based on the initial verification result. After the terminal constructs the Shellcode check function, the process of obtaining the initial check result by the terminal based on the Shellcode check function can be as follows: the terminal writes the second address, the callback function and the third address into the Shellcode check function; the second address is a storage address of the target application program, and the third address is a storage address of a preset check algorithm. The terminal calls the preset check algorithm based on the second address through a callback function in the written Shellcode check function; and checking the target application program through the preset checking algorithm to obtain an initial checking result.
The step of writing the second address, the callback function and the third address into the Shellcode check function by the terminal may be: and the terminal constructs a check structure body according to the second address, the callback function and the third address, and writes the check structure body into the Shellcode check function.
203. The terminal converts the target character string into the check function.
In this step, after the terminal obtains the target character string, the terminal forcibly converts the target character string into a Shellcode check function in the storage space corresponding to the first address, wherein the Shellcode check function is actually a temporary Shellcode check function.
204. And the terminal checks the target application program through the check function to obtain a check result.
In this step, the target application program may be included in a plurality of blocks, the terminal may obtain the plurality of blocks of the target application program through a self-implementation function, the terminal traverses a plurality of target blocks to be verified in the plurality of blocks, and the plurality of target blocks are verified through the verification function to obtain a verification result of each block. The target block to be verified may be an executable, readable, writable, and non-discardable block of the plurality of blocks.
Further, the terminal stores the verification result into a verification list, and the verification list is used for storing the verification results of the multiple target blocks.
It should be noted that, in some non-executable or non-readable blocks among the plurality of blocks included in the target application program, a person who wants to open a plug-in cannot write a program breakpoint, so that the terminal can only acquire the target block for verification, thereby saving the storage space occupied by the verification process and improving the verification efficiency.
In a possible implementation manner, the terminal may transmit a preset verification algorithm to be used and parameters required by a verification process into the verification function in the form of a structural body for verification, where the process may be: before the terminal carries out verification according to the verification function, the terminal constructs a verification structure according to the second address, the callback function and the third address, wherein the second address is a storage address of the target application program, and the third address is a storage address of a preset verification algorithm; and writing the check structure body into the check function.
The terminal performs a verification process on the target application program through the verification function, that is, the terminal performs the verification process based on the verification function written in the verification structure. The process may be: and the terminal takes the third address as a parameter of the callback function, calls the preset verification algorithm through the callback function, and verifies the target application program through the preset verification algorithm to obtain the verification result.
The number of the preset Check Algorithm may be one or multiple, the preset Check Algorithm may be a Cyclic Redundancy Check (CRC) Algorithm, or an MD5(Message-Digest Algorithm version 5), and the number and the type of the preset Check Algorithm are not specifically limited in the embodiment of the present invention.
205. And the terminal judges whether a program breakpoint exists in the target application program or not according to the checking result.
In the embodiment of the invention, the terminal acquires and stores the initial verification result of the target application program in advance. The initial verification result is a result of verifying the target application program without the program breakpoint. In this step, the terminal determines whether the verification result matches the initial verification result according to the verification result and the initial verification result, and when the verification result matches the initial verification result, the terminal determines that no program breakpoint exists in the target application program. And when the verification result is not matched with the initial verification result, the terminal determines that a program breakpoint exists in the target application program.
Further, the terminal may send the verification result to the server. In a possible implementation manner, the terminal may further send the verification result to the server only when a program breakpoint exists in the target application program, so that the server takes measures for preventing a plug-in for the verification result, where the process may be: and when the verification result is not matched with the initial verification result of the target application program, the terminal determines that a program breakpoint exists in the target application program and sends the verification result to the server.
The terminal calculates whether the data contained in the verification result is the same as the data contained in the initial verification result, and if so, the verification result is determined to be matched with the initial verification result, otherwise, the verification result is not matched; or, when the verification result includes a plurality of characters, the terminal may further calculate a coincidence degree between data included in the verification result and data included in the initial verification result, and when the coincidence degree reaches a preset value, it is determined that the verification result matches the initial verification result, otherwise, it is not matched. The preset value may be set based on needs, and this is not specifically limited in the embodiment of the present invention. For example, the preset value may be 99%, 98%, etc.
In a possible implementation manner, the terminal may further check a plurality of target blocks, and store the check results of the plurality of target blocks in a check list, so in this step, the terminal may further obtain an initial check list, compare the check list with the initial check list of the target application, and determine whether the check list and the initial check list are matched. And when the check list is matched with the initial check list, the terminal determines that no program breakpoint exists in the target application program. And when the verification result is not matched with the initial verification result, the terminal determines that a program breakpoint exists in the target application program.
206. And when the target application program is determined to have no program breakpoint based on the verification result, the terminal continues to run the target application program.
Wherein, the terminal may also send the verification result to the server.
207. And when determining that the target application program has a program breakpoint based on the verification result, the terminal sends the verification result to the server, and the target application program is interrupted to run.
In the step, the terminal executes the interrupt program to interrupt the running of the target application program, so that the target application program is forced to crash, the plug-in behavior of a person who wants to open the plug-in is prevented, and the safety of the target application program is guaranteed.
Further, after the terminal obtains the verification result, the terminal deletes the verification function and releases the first address.
It should be noted that, because the terminal dynamically allocates an address during each verification, and copies the encrypted Shellcode check function to decrypt the encrypted Shellcode check function into the storage space corresponding to the address, it is ensured that the address of the check function is random each time, and after the verification is finished, the storage space is released, so that the concealment of the check function is enhanced only by one step, and the security of the target application program is ensured.
In the embodiment of the invention, when a verification instruction is received, a terminal acquires a target character string and writes the target character string into a first address, wherein the target character string is a character string converted by a verification function, and the verification function is used for verifying whether a program breakpoint exists in a target application program; the terminal converts the target character string into the check function; verifying the target application program through the verification function to obtain a verification result; and when the target application program is determined to have the program breakpoint based on the verification result, interrupting the running of the target application program, so that the normal running of the target application program is ensured, the possibility that the target application program is opened and hung is prevented through the running of the terminal under the condition that the target application program is tampered, and the safety of the target application program is ensured.
Moreover, each check is carried out randomly through the process of carrying out dynamic check based on the check function, and the check function can not be tampered randomly through the target character string; and when the target application program is determined to have the program breakpoint based on the verification result, the target application program is interrupted to run, and the safety and the reliability of the target application program are further ensured.
Fig. 5 is a schematic structural diagram of a device for preventing plug-in according to an embodiment of the present invention. Referring to fig. 5, the apparatus includes: an acquisition module 501, a conversion module 502, a verification module 503, and an interruption module 504.
An obtaining module 501, configured to, when a check instruction is received, obtain a target character string, and write the target character string into a first address, where the target character string is a character string converted by a check function, and the check function is used to check whether a program breakpoint exists in a target application program;
a conversion module 502, configured to convert the target character string into the check function;
the checking module 503 is configured to check the target application program through the checking function to obtain a checking result;
and an interruption module 504, configured to interrupt running of the target application when it is determined that a program breakpoint exists in the target application based on the verification result.
Optionally, the triggering time of the check instruction is any time, the first address is an address corresponding to any storage space in the terminal, where the size of the storage space is a preset threshold, and a value of the preset threshold is not less than the size of the storage space occupied by the check function.
Optionally, the apparatus further comprises:
and the allocation module is used for allocating a first address to the target character string according to the size of the target character string, and the size of the storage space of the first address is not smaller than the size of the target character string.
Optionally, the check function is a padding data Shellcode check function, and the apparatus further includes:
the system comprises a first construction module, a second construction module and a third construction module, wherein the first construction module is used for constructing a Shellcode check function, and the Shellcode check function is used for checking the target application program through a callback preset check algorithm;
and the conversion module is used for converting the Shellcode check function into the target character string and encrypting the target character string.
Optionally, the apparatus further comprises:
a calling module, configured to write a second address, a callback function, and a third address into the Shellcode check function, where the second address is a storage address of the target application program, and the third address is a storage address of the preset check algorithm; calling the preset check algorithm based on the second address through a callback function in the written Shellcode check function;
and the checking module is used for checking the target application program through the preset checking algorithm to obtain an initial checking result.
Optionally, the apparatus further comprises:
the second construction module is used for constructing a verification structure body according to a second address, a callback function and a third address, wherein the second address is a storage address of the target application program, and the third address is a storage address of a preset verification algorithm;
and the writing module is used for writing the check structure body into the check function.
Optionally, the process of performing verification based on the verification function written in the verification structure body is as follows: and taking the third address as a parameter of the callback function, calling the preset verification algorithm through the callback function, and verifying the target application program through the preset verification algorithm to obtain the verification result.
Optionally, the verification module includes:
an obtaining unit, configured to obtain, through a self-implementation function, a plurality of blocks of the target application program;
the traversal unit is used for traversing a plurality of target blocks to be verified in the plurality of blocks;
and the checking unit is used for checking the target blocks through the checking function to obtain a checking result of each block.
Optionally, the apparatus further comprises:
the determining module is used for determining that a program breakpoint exists in the target application program when the verification result is not matched with the initial verification result of the target application program, and the initial verification result is a result of verifying the target application program without the program breakpoint;
the determining module is further configured to determine that no program breakpoint exists in the target application program when the verification result matches the initial verification result.
Optionally, the apparatus further comprises:
the sending module is used for sending the checking result to the server;
and the deleting module is used for deleting the check function and releasing the first address.
In the embodiment of the invention, when a verification instruction is received, a terminal acquires a target character string and writes the target character string into the first address, wherein the target character string is a character string converted by a verification function, and the verification function is used for verifying whether a program breakpoint exists in a target application program; the terminal converts the target character string into the check function; verifying the target application program through the verification function to obtain a verification result; and when the target application program is determined to have the program breakpoint based on the verification result, interrupting the running of the target application program, so that the normal running of the target application program is ensured, the possibility that the target application program is opened and hung is prevented through the running of the terminal under the condition that the target application program is tampered, and the safety of the target application program is ensured.
Moreover, each check is carried out randomly through the process of carrying out dynamic check based on the check function, and the check function can not be tampered randomly through the target character string; and when the target application program is determined to have the program breakpoint based on the verification result, the target application program is interrupted to run, and the safety and the reliability of the target application program are further ensured.
All the above optional technical solutions may be combined arbitrarily to form the optional embodiments of the present disclosure, and are not described herein again.
It should be noted that: in the device for preventing plug-in according to the above embodiment, only the division of the functional modules is described as an example when the plug-in is prevented, and in practical applications, the function distribution may be completed by different functional modules according to needs, that is, the internal structure of the terminal is divided into different functional modules to complete all or part of the functions described above. In addition, the device for preventing plug-in and the method for preventing plug-in provided by the above embodiments belong to the same concept, and the specific implementation process is detailed in the method embodiments and will not be described herein again.
Fig. 6 is a schematic structural diagram of a terminal according to an embodiment of the present invention. The terminal 600 may be: a smart phone, a tablet computer, an MP3 player (Moving Picture Experts Group Audio Layer III, motion video Experts compression standard Audio Layer 3), an MP4 player (Moving Picture Experts Group Audio Layer IV, motion video Experts compression standard Audio Layer 4), a notebook computer, or a desktop computer. The terminal 600 may also be referred to by other names such as user equipment, portable terminal, laptop terminal, desktop terminal, etc.
In general, the terminal 600 includes: a processor 601 and a memory 602.
The processor 601 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and so on. The processor 601 may be implemented in at least one hardware form of a DSP (Digital Signal Processing), an FPGA (Field-Programmable Gate Array), and a PLA (Programmable Logic Array). The processor 601 may also include a main processor and a coprocessor, where the main processor is a processor for Processing data in an awake state, and is also called a Central Processing Unit (CPU); a coprocessor is a low power processor for processing data in a standby state. In some embodiments, the processor 601 may be integrated with a GPU (Graphics Processing Unit), which is responsible for rendering and drawing the content required to be displayed on the display screen. In some embodiments, processor 601 may also include an AI (Artificial Intelligence) processor for processing computational operations related to machine learning.
The memory 602 may include one or more computer-readable storage media, which may be non-transitory. The memory 602 may also include high-speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In some embodiments, a non-transitory computer readable storage medium in memory 602 is used to store at least one instruction for execution by processor 601 to implement the method of preventing a plug-in provided by the method embodiments of the present application.
In some embodiments, the terminal 600 may further optionally include: a peripheral interface 603 and at least one peripheral. The processor 601, memory 602, and peripheral interface 603 may be connected by buses or signal lines. Various peripheral devices may be connected to the peripheral interface 603 via a bus, signal line, or circuit board. Specifically, the peripheral device includes: at least one of a radio frequency circuit 604, a display 605, a camera assembly 606, an audio circuit 607, a positioning component 608, and a power supply 609.
The peripheral interface 603 may be used to connect at least one peripheral related to I/O (Input/Output) to the processor 601 and the memory 602. In some embodiments, the processor 601, memory 602, and peripheral interface 603 are integrated on the same chip or circuit board; in some other embodiments, any one or two of the processor 601, the memory 602, and the peripheral interface 603 may be implemented on a separate chip or circuit board, which is not limited in this embodiment.
The Radio Frequency circuit 604 is used for receiving and transmitting RF (Radio Frequency) signals, also called electromagnetic signals. The radio frequency circuitry 604 communicates with communication networks and other communication devices via electromagnetic signals. The rf circuit 604 converts an electrical signal into an electromagnetic signal to transmit, or converts a received electromagnetic signal into an electrical signal. Optionally, the radio frequency circuit 604 comprises: an antenna system, an RF transceiver, one or more amplifiers, a tuner, an oscillator, a digital signal processor, a codec chipset, a subscriber identity module card, and so forth. The radio frequency circuitry 604 may communicate with other terminals via at least one wireless communication protocol. The wireless communication protocols include, but are not limited to: metropolitan area networks, various generation mobile communication networks (2G, 3G, 4G, and 5G), Wireless local area networks, and/or WiFi (Wireless Fidelity) networks. In some embodiments, the rf circuit 604 may further include NFC (Near Field Communication) related circuits, which are not limited in this application.
The display 605 is used to display a UI (User Interface). The UI may include graphics, text, icons, video, and any combination thereof. When the display screen 605 is a touch display screen, the display screen 605 also has the ability to capture touch signals on or over the surface of the display screen 605. The touch signal may be input to the processor 601 as a control signal for processing. At this point, the display 605 may also be used to provide virtual buttons and/or a virtual keyboard, also referred to as soft buttons and/or a soft keyboard. In some embodiments, the display 605 may be one, providing the front panel of the terminal 600; in other embodiments, the display 605 may be at least two, respectively disposed on different surfaces of the terminal 600 or in a folded design; in still other embodiments, the display 605 may be a flexible display disposed on a curved surface or on a folded surface of the terminal 600. Even more, the display 605 may be arranged in a non-rectangular irregular pattern, i.e., a shaped screen. The Display 605 may be made of LCD (Liquid Crystal Display), OLED (Organic Light-Emitting Diode), and the like.
The camera assembly 606 is used to capture images or video. Optionally, camera assembly 606 includes a front camera and a rear camera. Generally, a front camera is disposed at a front panel of the terminal, and a rear camera is disposed at a rear surface of the terminal. In some embodiments, the number of the rear cameras is at least two, and each rear camera is any one of a main camera, a depth-of-field camera, a wide-angle camera and a telephoto camera, so that the main camera and the depth-of-field camera are fused to realize a background blurring function, and the main camera and the wide-angle camera are fused to realize panoramic shooting and VR (Virtual Reality) shooting functions or other fusion shooting functions. In some embodiments, camera assembly 606 may also include a flash. The flash lamp can be a monochrome temperature flash lamp or a bicolor temperature flash lamp. The double-color-temperature flash lamp is a combination of a warm-light flash lamp and a cold-light flash lamp, and can be used for light compensation at different color temperatures.
Audio circuitry 607 may include a microphone and a speaker. The microphone is used for collecting sound waves of a user and the environment, converting the sound waves into electric signals, and inputting the electric signals to the processor 601 for processing or inputting the electric signals to the radio frequency circuit 604 to realize voice communication. For the purpose of stereo sound collection or noise reduction, a plurality of microphones may be provided at different portions of the terminal 600. The microphone may also be an array microphone or an omni-directional pick-up microphone. The speaker is used to convert electrical signals from the processor 601 or the radio frequency circuit 604 into sound waves. The loudspeaker can be a traditional film loudspeaker or a piezoelectric ceramic loudspeaker. When the speaker is a piezoelectric ceramic speaker, the speaker can be used for purposes such as converting an electric signal into a sound wave audible to a human being, or converting an electric signal into a sound wave inaudible to a human being to measure a distance. In some embodiments, audio circuitry 607 may also include a headphone jack.
The positioning component 608 is used for positioning the current geographic Location of the terminal 600 to implement navigation or LBS (Location Based Service). The Positioning component 608 can be a Positioning component based on the united states GPS (Global Positioning System), the chinese beidou System, the russian graves System, or the european union's galileo System.
Power supply 609 is used to provide power to the various components in terminal 600. The power supply 609 may be ac, dc, disposable or rechargeable. When the power supply 609 includes a rechargeable battery, the rechargeable battery may support wired or wireless charging. The rechargeable battery may also be used to support fast charge technology.
In some embodiments, the terminal 600 also includes one or more sensors 610. The one or more sensors 610 include, but are not limited to: acceleration sensor 611, gyro sensor 612, pressure sensor 613, fingerprint sensor 614, optical sensor 615, and proximity sensor 616.
The acceleration sensor 611 may detect the magnitude of acceleration in three coordinate axes of the coordinate system established with the terminal 600. For example, the acceleration sensor 611 may be used to detect components of the gravitational acceleration in three coordinate axes. The processor 601 may control the touch screen display 605 to display the user interface in a landscape view or a portrait view according to the gravitational acceleration signal collected by the acceleration sensor 611. The acceleration sensor 611 may also be used for acquisition of motion data of a game or a user.
The gyro sensor 612 may detect a body direction and a rotation angle of the terminal 600, and the gyro sensor 612 and the acceleration sensor 611 may cooperate to acquire a 3D motion of the user on the terminal 600. The processor 601 may implement the following functions according to the data collected by the gyro sensor 612: motion sensing (such as changing the UI according to a user's tilting operation), image stabilization at the time of photographing, game control, and inertial navigation.
The pressure sensor 613 may be disposed on a side frame of the terminal 600 and/or on a lower layer of the touch display screen 605. When the pressure sensor 613 is disposed on the side frame of the terminal 600, a user's holding signal of the terminal 600 can be detected, and the processor 601 performs left-right hand recognition or shortcut operation according to the holding signal collected by the pressure sensor 613. When the pressure sensor 613 is disposed at the lower layer of the touch display screen 605, the processor 601 controls the operability control on the UI interface according to the pressure operation of the user on the touch display screen 605. The operability control comprises at least one of a button control, a scroll bar control, an icon control and a menu control.
The fingerprint sensor 614 is used for collecting a fingerprint of a user, and the processor 601 identifies the identity of the user according to the fingerprint collected by the fingerprint sensor 614, or the fingerprint sensor 614 identifies the identity of the user according to the collected fingerprint. Upon identifying that the user's identity is a trusted identity, the processor 601 authorizes the user to perform relevant sensitive operations including unlocking the screen, viewing encrypted information, downloading software, paying, and changing settings, etc. The fingerprint sensor 614 may be disposed on the front, back, or side of the terminal 600. When a physical button or vendor Logo is provided on the terminal 600, the fingerprint sensor 614 may be integrated with the physical button or vendor Logo.
The optical sensor 615 is used to collect the ambient light intensity. In one embodiment, processor 601 may control the display brightness of touch display 605 based on the ambient light intensity collected by optical sensor 615. Specifically, when the ambient light intensity is high, the display brightness of the touch display screen 605 is increased; when the ambient light intensity is low, the display brightness of the touch display screen 605 is turned down. In another embodiment, the processor 601 may also dynamically adjust the shooting parameters of the camera assembly 606 according to the ambient light intensity collected by the optical sensor 615.
A proximity sensor 616, also known as a distance sensor, is typically disposed on the front panel of the terminal 600. The proximity sensor 616 is used to collect the distance between the user and the front surface of the terminal 600. In one embodiment, when the proximity sensor 616 detects that the distance between the user and the front surface of the terminal 600 gradually decreases, the processor 601 controls the touch display 605 to switch from the bright screen state to the dark screen state; when the proximity sensor 616 detects that the distance between the user and the front surface of the terminal 600 gradually becomes larger, the processor 601 controls the touch display 605 to switch from the breath screen state to the bright screen state.
Those skilled in the art will appreciate that the configuration shown in fig. 6 is not intended to be limiting of terminal 600 and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components may be used.
In an exemplary embodiment, a computer-readable storage medium, such as a memory including instructions executable by a processor in a terminal, is also provided to perform the method of preventing a plug-in the above embodiments. For example, the computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (15)

1. A method of preventing cheating, the method comprising:
when a verification instruction is received, acquiring a target character string, and writing the target character string into a first address, wherein the target character string is a character string converted by a verification function, and the verification function is used for verifying whether a program breakpoint exists in a target application program;
converting the target character string into the check function;
verifying the target application program through the verification function to obtain a verification result;
and when determining that a program breakpoint exists in the target application program based on the verification result, interrupting the running of the target application program.
2. The method according to claim 1, wherein the trigger time of the verification instruction is any time, the first address is an address corresponding to any storage space in the terminal, the size of which is a preset threshold, and a value of the preset threshold is not less than the size of the storage space occupied by the verification function.
3. The method of claim 1, wherein before obtaining the target string and writing the target string to the first address, the method further comprises:
and allocating the first address to the target character string according to the size of the target character string, wherein the size of the storage space of the first address is not smaller than the size of the target character string.
4. The method according to claim 1, wherein the check function is a padding data Shellcode check function, and before the obtaining the target string, the method further comprises:
constructing a Shellcode check function, wherein the Shellcode check function is used for checking the target application program through a callback preset check algorithm;
and converting the Shellcode check function into the target character string, and encrypting the target character string.
5. The method according to claim 4, wherein after the constructing the Shellcode check function, the method further comprises:
writing a second address, a callback function and a third address into the Shellcode check function, wherein the second address is a storage address of the target application program, and the third address is a storage address of the preset check algorithm;
calling the preset check algorithm based on the second address through a callback function in the written Shellcode check function;
and verifying the target application program through the preset verification algorithm to obtain an initial verification result.
6. The method according to claim 1, wherein before the target application is verified by the verification function to obtain a verification result, the method further comprises:
constructing a verification structure body according to a second address, a callback function and a third address, wherein the second address is a storage address of the target application program, and the third address is a storage address of a preset verification algorithm;
and writing the check structure body into the check function.
7. The method according to claim 6, wherein the verification based on the verification function written into the verification structure is performed by: and taking the third address as a parameter of the callback function, calling the preset verification algorithm through the callback function, and verifying the target application program through the preset verification algorithm to obtain the verification result.
8. The method according to claim 1, wherein the verifying the target application program by the verification function, and obtaining a verification result comprises:
acquiring a plurality of blocks of the target application program through a self-realization function;
traversing a plurality of target blocks to be checked in the plurality of blocks;
and verifying the target blocks through the verification function to obtain a verification result of each block.
9. The method according to claim 1, wherein after the target application is verified by the verification function and a verification result is obtained, the method further comprises:
when the verification result is not matched with the initial verification result of the target application program, determining that a program breakpoint exists in the target application program, wherein the initial verification result is a result of verifying the target application program without the program breakpoint;
and when the verification result is matched with the initial verification result, determining that no program breakpoint exists in the target application program.
10. The method according to claim 1, wherein after the target application is verified by the verification function and a verification result is obtained, the method further comprises:
sending the verification result to a server;
deleting the check function and releasing the first address.
11. An apparatus for preventing external hanging, the apparatus comprising:
the system comprises an acquisition module, a verification module and a processing module, wherein the acquisition module is used for acquiring a target character string when a verification instruction is received, and writing the target character string into a first address, the target character string is a character string converted by a verification function, and the verification function is used for verifying whether a program breakpoint exists in a target application program;
the conversion module is used for converting the target character string into the check function;
the verification module is used for verifying the target application program through the verification function to obtain a verification result;
and the interruption module is used for interrupting the running of the target application program when determining that a program breakpoint exists in the target application program based on the verification result.
12. The apparatus of claim 11, further comprising:
the system comprises a first construction module, a second construction module and a third construction module, wherein the first construction module is used for constructing a Shellcode check function, and the Shellcode check function is used for checking the target application program through a callback preset check algorithm;
and the conversion module is used for converting the Shellcode check function into the target character string and encrypting the target character string.
13. The apparatus of claim 11, further comprising:
the second construction module is used for constructing a verification structure body according to a second address, a callback function and a third address, wherein the second address is a storage address of the target application program, and the third address is a storage address of a preset verification algorithm;
and the writing module is used for writing the check structure body into the check function.
14. A terminal, comprising a processor and a memory, wherein the memory has stored therein at least one instruction, which is loaded and executed by the processor to perform operations performed by the method for preventing a cheating function according to any one of claims 1 to 10.
15. A computer-readable storage medium having stored therein at least one instruction which is loaded and executed by a processor to perform operations performed by the method of preventing a cheating function according to any one of claims 1 to 10.
CN201810689257.0A 2018-06-28 2018-06-28 Method, device, terminal and storage medium for preventing plug-in Active CN108970122B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810689257.0A CN108970122B (en) 2018-06-28 2018-06-28 Method, device, terminal and storage medium for preventing plug-in

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810689257.0A CN108970122B (en) 2018-06-28 2018-06-28 Method, device, terminal and storage medium for preventing plug-in

Publications (2)

Publication Number Publication Date
CN108970122A CN108970122A (en) 2018-12-11
CN108970122B true CN108970122B (en) 2021-06-08

Family

ID=64539499

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810689257.0A Active CN108970122B (en) 2018-06-28 2018-06-28 Method, device, terminal and storage medium for preventing plug-in

Country Status (1)

Country Link
CN (1) CN108970122B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1648873A (en) * 2005-02-01 2005-08-03 苏州超锐微电子有限公司 Method for realizing break point debugging function
JP5326062B1 (en) * 2012-05-11 2013-10-30 アンラブ,インコーポレイテッド Non-executable file inspection apparatus and method
CN104731708A (en) * 2015-03-25 2015-06-24 北京信息控制研究所 Dynamic detection method of Shellcode
CN105233499A (en) * 2015-09-25 2016-01-13 广州华多网络科技有限公司 Game code checking method and game client side and system
CN107844703A (en) * 2017-10-13 2018-03-27 珠海金山网络游戏科技有限公司 A kind of client secure detection method and device based on Android platform Unity3D game

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1648873A (en) * 2005-02-01 2005-08-03 苏州超锐微电子有限公司 Method for realizing break point debugging function
JP5326062B1 (en) * 2012-05-11 2013-10-30 アンラブ,インコーポレイテッド Non-executable file inspection apparatus and method
CN104731708A (en) * 2015-03-25 2015-06-24 北京信息控制研究所 Dynamic detection method of Shellcode
CN105233499A (en) * 2015-09-25 2016-01-13 广州华多网络科技有限公司 Game code checking method and game client side and system
CN107844703A (en) * 2017-10-13 2018-03-27 珠海金山网络游戏科技有限公司 A kind of client secure detection method and device based on Android platform Unity3D game

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
【CSGO游戏分析】VAC反作弊系统分析;自动送头机器人;《https://www.bilibili.com/read/cv217289》;20180213;全文 *

Also Published As

Publication number Publication date
CN108970122A (en) 2018-12-11

Similar Documents

Publication Publication Date Title
CN111444528B (en) Data security protection method, device and storage medium
CN107959727B (en) Method and device for communication between webpage and client
CN110837473A (en) Application program debugging method, device, terminal and storage medium
CN110417710B (en) Attack data capturing method and device and storage medium
CN109726064B (en) Method, device and system for simulating abnormal operation of client and storage medium
CN112131556A (en) Authority control method, device, equipment and storage medium
CN111062323A (en) Face image transmission method, numerical value transfer method, device and electronic equipment
CN111241499A (en) Application program login method, device, terminal and storage medium
CN110290191B (en) Resource transfer result processing method, device, server, terminal and storage medium
CN111191227A (en) Method and device for preventing malicious code from executing
CN111986700A (en) Method, device, equipment and storage medium for triggering non-contact operation
CN111881423A (en) Method, device and system for limiting function use authorization
CN108132817B (en) Object management method and device
CN110825465A (en) Log data processing method and device, electronic equipment and storage medium
CN115329309A (en) Verification method, verification device, electronic equipment and storage medium
CN108970122B (en) Method, device, terminal and storage medium for preventing plug-in
CN112764824B (en) Method, device, equipment and storage medium for triggering identity verification in application program
CN110971692B (en) Method and device for opening service and computer storage medium
CN114595019A (en) Theme setting method, device and equipment of application program and storage medium
CN108959938B (en) Method, device, storage medium and equipment for detecting vulnerability exploitation
CN107948171B (en) User account management method and device
CN113312249A (en) Log data generation method, log data display method and device
CN112000576A (en) Code data detection method, device, equipment and storage medium
CN111128115A (en) Information verification method and device, electronic equipment and storage medium
CN110580754A (en) Face authentication method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant