CN109766701A - For the processing method of abnormal process end operation, device and electronic device - Google Patents
For the processing method of abnormal process end operation, device and electronic device Download PDFInfo
- Publication number
- CN109766701A CN109766701A CN201811646131.1A CN201811646131A CN109766701A CN 109766701 A CN109766701 A CN 109766701A CN 201811646131 A CN201811646131 A CN 201811646131A CN 109766701 A CN109766701 A CN 109766701A
- Authority
- CN
- China
- Prior art keywords
- data
- stack
- task stack
- specified application
- task
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 93
- 230000008569 process Effects 0.000 title claims abstract description 72
- 230000002159 abnormal effect Effects 0.000 title claims abstract description 62
- 238000003672 processing method Methods 0.000 title claims abstract description 14
- 238000011084 recovery Methods 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 11
- 238000012544 monitoring process Methods 0.000 claims description 5
- 230000000694 effects Effects 0.000 description 9
- 230000009467 reduction Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000007373 indentation Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000011112 process operation Methods 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 230000026676 system process Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Abstract
The present invention provides a kind of for the processing method of abnormal process end operation, device and electronic device, wherein, this method comprises: the data of the task stack for specified application of backing up in realtime, obtain mirror stacks data, wherein, task stack is used to store movable component data with the structure of stack;Whether abnormal process end operation is called in snoop-operations system;If called, judge whether the process to the end of is specified application;If it is specified application, the movable component data that stack top is located in mirror stacks data are popped up, be restored stack data;According to stack data are restored, restore the task stack of specified application, and starts the movable component for being currently at the stack top of task stack of specified application.Through the invention, solve the problems, such as that processing method when application is abnormal in the prior art can not restore application state.
Description
Technical field
The present invention relates to protection field is applied, in particular to a kind of processing side for abnormal process end operation
Method, device and electronic device.
Background technique
There are certain collapse probabilities for the software application run in systems, in the prior art, apply and are being abnormal
When leading to collapse, common processing method is the compulsory end application process of system, or first pops up one for illustrating to occur
Then abnormal dialog box forces end process, can not restore normal application state, this processing mode can be brought to user
Hostile user's experience.
For the above problem present in the relevant technologies, at present it is not yet found that the solution of effect.
Summary of the invention
The embodiment of the invention provides a kind of for the processing method of abnormal process end operation, device and electronic device,
Processing method when at least solving the problems, such as that application is abnormal in the prior art can not restore application state.
According to one embodiment of present invention, a kind of processing method for abnormal process end operation is provided, comprising:
The data for the specified task stack applied of backing up in realtime, obtain mirror stacks data, wherein task stack is used to be stored with the structure of stack and be lived
Dynamic module data;Whether abnormal process end operation is called in snoop-operations system;If called, judge to the end of into
Whether journey is specified application;If it is specified application, the movable component data that stack top is located in mirror stacks data are popped up, are obtained
Restore stack data;According to stack data are restored, restore the task stack of specified application, and starts the task stack for being currently at specified application
Stack top movable component.
Further, the data for the specified task stack applied of backing up in realtime, obtain mirror stacks data, comprising: snoop-operations
Whether the object run in system for task stack is called, wherein object run includes the bullet to the stack top data of task stack
The operation of data is operated and is pressed into task stack out;Listen to object run it is called when, obtain what object run was directed to
Task stack data;Judge whether the movable component object that object run is directed to is the specified activity group applied according to task stack data
Part;If it is, updating the mirror stacks data for specified application according to the task stack data of object run.
Further, the data for the specified task stack applied of backing up in realtime, obtain mirror stacks data, comprising: with default week
In phase read operation system there is currently task stack data;Using the name character string of the movable component of specified application,
The matching of canonical formula is executed in the data of the task stack read;Determine that the corresponding task stack of matched data is appointing for specified application
Business stack, and mirror stacks data are updated according to the data of the task stack of specified application.
Further, according to stack data are restored, restore the task stack of specified application, comprising: allow to execute abnormal process knot
Beam operation, to delete the task stack of specified application;Utilize the task stack for restoring the specified application of stack data reconstruction.
Further, according to stack data are restored, restore the task stack of specified application, comprising: forbid executing abnormal process knot
Beam operation, to retain the task stack of specified application;The stack top movable component data of the task stack of the specified application of pop-up;Stack will be popped up
The task stack for serving as a fill-in the specified application after is compared with stack data are restored;If compared unanimously, execution is currently at finger
Surely the movable component of the stack top for the task stack applied;It is if comparison is inconsistent, the data in the task stack of specified application are clear
It removes, and is pressed into and restores stack data.
Further, abnormal process end operation is used to terminate to occur the process of specified loophole.
According to another embodiment of the invention, a kind of processing unit for abnormal process end operation is provided, it should
Device includes: backup module, and the data of the task stack for specified application of backing up in realtime obtain mirror stacks data, wherein task
Stack is used to store movable component data with the structure of stack;Module is monitored, for abnormal process end operation in snoop-operations system
Whether it is called;Judgment module, if judging whether the process to the end of is specified application for called;Execution module is used
In if it is specified application, the movable component data that stack top is located in mirror stacks data are popped up, be restored stack data;Restore
Module for restoring the task stack of specified application according to stack data are restored, and starts the task stack for being currently at specified application
The movable component of stack top.
Further, backup module includes: monitoring unit, for being directed to the object run of task stack in snoop-operations system
Whether it is called, wherein object run includes that data are pressed into the ejection operation of the stack top data of task stack and into task stack
Operation;Acquiring unit, for listen to object run it is called when, obtain the task stack data that object run is directed to;Sentence
Disconnected unit, for judging whether the movable component object that object run is directed to is the specified activity group applied according to task stack data
Part;First updating unit, for if it is, updating the mirror stacks for specified application according to the task stack data of object run
Data.
Further, backup module includes: reading unit, for in predetermined period read operation system there is currently
The data of task stack;Matching unit, for the name character string of the movable component using specified application, in the task stack read
Data in execute canonical formula matching;Second updating unit, for determining that the corresponding task stack of matched data is specified application
Task stack, and according to the data of the task stack of specified application update mirror stacks data.
Further, recovery module includes: the first logic unit, for allowing to execute abnormal process end operation, to delete
Except the task stack of specified application;Reconstruction unit, for utilizing the task stack for restoring the specified application of stack data reconstruction.
Further, recovery module includes: the second logic unit, abnormal process end operation is executed for forbidding, to protect
Stay the task stack of specified application;Unit is popped up, the stack top movable component data of the task stack of specified application are used for ejecting;It compares single
Member, for the task stack of the specified application after pop-up stack top data to be compared with stack data are restored;First execution unit is used
If consistent in comparing, the movable component for being currently at the stack top of task stack of specified application is executed;Second execution unit is used
If inconsistent in comparison, by the data dump in the task stack of specified application, and it is pressed into and restores stack data.
Further, abnormal process end operation is used to terminate to occur the process of specified loophole.
According to still another embodiment of the invention, a kind of storage medium is additionally provided, meter is stored in the storage medium
Calculation machine program, wherein the computer program is arranged to execute the step in any of the above-described embodiment of the method when operation.
According to still another embodiment of the invention, a kind of electronic device, including memory and processor are additionally provided, it is described
Computer program is stored in memory, the processor is arranged to run the computer program to execute any of the above-described
Step in embodiment of the method.
Through the invention, abnormal in listening to operating system by the data of the task stack for specified application of backing up in realtime
Process end operation is called and whether the process to the end of is specified in application, restoring specified application according to the data of backup
Task stack, and start the movable component for being currently at the stack top of task stack of specified application, reached reduction application state
Technical effect solves the problems, such as that processing method when application is abnormal in the prior art can not restore application state.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present invention, constitutes part of this application, this hair
Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart of the processing method according to an embodiment of the present invention for abnormal process end operation;
Fig. 2 is the schematic diagram of the processing unit according to an embodiment of the present invention for abnormal process end operation.
Specific embodiment
In order to make those skilled in the art more fully understand application scheme, below in conjunction in the embodiment of the present application
Attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is only
The embodiment of the application a part, instead of all the embodiments, in the absence of conflict, embodiment and reality in the application
The feature applied in example can be combined with each other.Based on the embodiment in the application, those of ordinary skill in the art are not making wound
Every other embodiment obtained under the premise of the property made labour, shall fall within the protection scope of the present application.
It should be noted that the description and claims of this application and term " first " in above-mentioned attached drawing, "
Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should be understood that using in this way
Data be interchangeable under appropriate circumstances, so as to embodiments herein described herein can in addition to illustrating herein or
Sequence other than those of description is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that cover
Cover it is non-exclusive include, for example, the process, method, system, product or equipment for containing a series of steps or units are not necessarily limited to
Step or unit those of is clearly listed, but may include be not clearly listed or for these process, methods, product
Or other step or units that equipment is intrinsic.
Embodiment 1
A kind of processing method for abnormal process end operation is present embodiments provided, can be applied to client-side,
Wherein, client can run among PC, mobile terminal, handheld terminal or other arithmetic facility.It operates in not
Same arithmetic facility is only difference of the scheme in executing subject, and those skilled in the art, which are contemplated that, runs energy in nonidentity operation equipment
Enough generate identical technical effect.
As shown in Figure 1, the processing method provided in this embodiment for abnormal process end operation includes the following steps:
Step 101, the data for the specified task stack applied of backing up in realtime, obtain mirror stacks data.
Task stack (activitystack) is used to store movable component (activity) data with the structure of stack.It is applying
When responding the change of user's operation generating state, pass through the operation that movable component data are popped up or be pressed into task stack, Lai Shixian
It retracts to the movable component data of previous state or reservation previous state.
Specified application is to need application to be protected, and application is terminated to grasp since collapse etc. is abnormal by abnormal process in order to prevent
Make, or determine application terminated by abnormal process end operation after by specified application recovery before normal state, need
The task stack data of the specified application of backup in real time, to occur to restore task stack data when collapse etc. is abnormal.
Mirror stacks data are the mirror image datas for backing up specified application task stack.Optionally, it can be protected using stack architecture
Mirror stacks data are deposited, that is, the task in mirror stacks data and task stack by mirror stacks come backup tasks stack, in mirror stacks
Stack data are synchronous;It is saved alternatively, can also have sequential data store organisation using other.
A kind of method of the data of the task stack for specified application of optionally backing up in realtime includes:
Step 11, whether the object run in snoop-operations system for task stack is called.That is, snoop-operations system
In whether there is object run, object run is the operation for any one task stack in operating system, and object run includes
Ejection operation to the stack top data of task stack and the operation that data are pressed into task stack.If object run is called,
The event that this calling can be listened to occurs.Specifically, can realize prison by way of the corresponding object run of Hook
It listens.
Step 12, listen to object run it is called when, obtain the task stack data that object run is directed to.Object run
When called, need to be instructed to the object that operation executes, for example, which task stack which movable component data be pressed into, alternatively,
Which task stack which movable component data popped up from.
Step 13, judge whether the movable component object that object run is directed to is the specified work applied according to task stack data
Dynamic component.After getting the task stack data that object run is directed to, the targeted movable component of object run can be determined
Whether object is the specified movable component applied.Since the different movable components of different application have different titles, it can
To be matched based on title, to judge whether the targeted object of object run is the specified movable component applied.
Step 14, if it is, updating the mirror stacks data for specified application according to the task stack data of object run.
That is, according to the mode of operation of object run (being pop-up or indentation) and targeted object (which movable component data) is more
Data in new mirror stacks.
The method of the data of the task stack of another specified application of optionally backing up in realtime includes:
Step 21, in predetermined period read operation system there is currently task stack data.It is peace in operating system
In the case where tall and erect system, which can be executed by an order of Linux, which being capable of read operation
In system there is currently all task stacks data.
Step 22, it using the name character string of the movable component of specified application, is held in the data of the task stack read
The matching of row canonical formula.Since the different movable components of different application have different titles, it can use specified application
The character string of movable component title carries out canonical formula matching in the data read.
Step 23, determine that the corresponding task stack of matched data is the task stack of specified application, and according to specified application
The data of task stack update mirror stacks data.
Step 102, whether abnormal process end operation is called in snoop-operations system.
Abnormal process end operation described in the embodiment of the present invention is to occur to terminate when collapse etc. is abnormal for process
The operation of process can be monitored for example, the operation can be Killprocess method by Hook this method
Whether Killprocess is called.Process when specified loophole (such as local refusal service) occurs, may by abnormal ending into
Journey operates end process, and in an application scenarios, the embodiment of the present invention can be applied to carry out the loophole of local refusal service
It is protected.
It should be noted that monitoring abnormal process end operation for step 101 backup image stack data and step 102
Step, execution sequence can in no particular order, execution independently.
Step 103, if it is called, judge whether the process to the end of is specified application.
If it is called to listen to abnormal process end operation, judge whether the process to the end of is specified application.For example,
The unique identifier (such as PID) that can be distributed in creation by operating system by each process, to identify the process to the end of
It whether is the specified process applied.
Step 104, if it is specified application, the movable component data that stack top is located in mirror stacks data is popped up, are obtained
Restore stack data.
It is usually that process is triggered when being abnormal by being abnormal process end operation, it is therefore intended that application
The movable component data of the stack top of task stack are the reason of being abnormal.Again since mirror stacks data are the specified task stacks applied
Backup, therefore, the stack top data in mirror stacks data is abnormal cause, the movable component data of stack top is popped up, so that mirror
As the stack top of stack data reverts to normal movable component data, be restored stack data.
Step 105, according to stack data are restored, restore the task stack of specified application, and start and be currently at specified application
The movable component of the stack top of task stack.
After the stack data that are restored, restore the specified task stack applied using stack data are restored.It can specifically use
Different reset modes.
A kind of optional reset mode includes the following steps:
Step 31, allow to execute abnormal process end operation, to delete the task stack of specified application;
Step 32, the task stack for restoring the specified application of stack data reconstruction is utilized.
That is, the task stack that will be deleted specified application needs in turn after abnormal process end operation allows execution
It rebuilds a task stack, when reconstruction, is rebuild using stack data are restored.For example, it can will restore stack data sequentially bullet
It out and is pressed into another intermediate stack, then intermediate stack data is sequentially popped up to and are pressed into the task stack of specified application, realize and rebuild
The purpose of the task stack of specified application.
Another optional reset mode includes the following steps:
Step 41, forbid executing abnormal process end operation, to retain the task stack of specified application.The mode forbidden can be with
It is so that it is executed other processes after Hook intercepts abnormal process end operation.
Step 42, the stack top movable component data of the task stack of the specified application of pop-up.Terminate due to being not carried out abnormal process
Operation is retained it is therefore intended that the task stack of application is not deleted, but since stack top data is to lead to abnormal original
Cause pops up the movable component data of stack top, so that stack top data reverts to normal movable component data.
Step 43, the task stack of the specified application after pop-up stack top data is compared with stack data are restored.
Step 44, if comparing the movable component for unanimously executing the stack top for the task stack for being currently at specified application.
Step 45, it if comparison is inconsistent, by the data dump in the task stack of specified application, and is pressed into and restores stack number
According to.
The embodiment of the present invention passes through the execution for dynamically capturing abnormal process end operation, to monitor the operation of specified application
State, and when being abnormal causes application process to be moved to end, cooperation activitystack realizes the reduction of application state,
Particularly, it is monitored if being directed to the abnormal process end operation that some particular vulnerabilities cause, can have leakage in application
Hole causes to restore application state when collapse, has achieved the effect that carry out protective treatment to loophole.
It should be noted that step shown in the flowchart of the accompanying drawings can be in such as a group of computer-executable instructions
It is executed in computer system, although also, logical order is shown in flow charts, and it in some cases, can be with not
The sequence being same as herein executes shown or described step.
Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation
The method of example can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but it is very much
In the case of the former be more preferably embodiment.Based on this understanding, technical solution of the present invention is substantially in other words to existing
The part that technology contributes can be embodied in the form of software products, which is stored in a storage
In medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be mobile phone, calculate
Machine, server or network equipment etc.) execute method described in each embodiment of the present invention.
Embodiment 2
Additionally provide a kind of processing unit for abnormal process end operation in the present embodiment, the device for realizing
Above-described embodiment 1 and its preferred embodiment, to the term or implementation not being described in detail in this present embodiment, reference can be made to embodiment
Related description in 1, the descriptions that have already been made will not be repeated.
Term " module " as used below, can be achieved on the combination of the software and/or hardware of predetermined function.Although
Device described in following embodiment is preferably realized with software, but the combined realization of hardware or software and hardware
And can be contemplated.
Fig. 2 is the schematic diagram of the processing unit according to an embodiment of the present invention for abnormal process end operation, such as Fig. 2 institute
Show, which includes: backup module 10, monitors module 20, judgment module 30, execution module 40 and recovery module 50.
Wherein, backup module, which is used to back up in realtime, specifies the data of the task stack of application, obtains mirror stacks data, wherein
Task stack is used to store movable component data with the structure of stack;Monitor module terminates to grasp for abnormal process in snoop-operations system
Whether it is called;If judgment module judges whether the process to the end of is specified application for being called;Execution module is used
In if it is specified application, the movable component data that stack top is located in mirror stacks data are popped up, be restored stack data;Restore
Module is used to restore according to stack data are restored the task stack of specified application, and starts the task stack for being currently at specified application
The movable component of stack top.
Optionally, backup module includes: monitoring unit, and the object run for being directed to task stack in snoop-operations system is
It is no called, wherein object run includes that data are pressed into the ejection operation of the stack top data of task stack and into task stack
Operation;Acquiring unit, for listen to object run it is called when, obtain the task stack data that object run is directed to;Judgement
Unit, for judging whether the movable component object that object run is directed to is the specified activity group applied according to task stack data
Part;First updating unit, for if it is, updating the mirror stacks for specified application according to the task stack data of object run
Data.
Optionally, backup module includes: reading unit, for in predetermined period read operation system there is currently appoint
The data of business stack;Matching unit, for the name character string of the movable component using specified application, in the task stack read
The matching of canonical formula is executed in data;Second updating unit, for determining that the corresponding task stack of matched data is specified application
Task stack, and mirror stacks data are updated according to the data of the task stack of specified application.
Optionally, recovery module includes: the first logic unit, for allowing to execute abnormal process end operation, to delete
The task stack of specified application;Reconstruction unit, for utilizing the task stack for restoring the specified application of stack data reconstruction.
Optionally, recovery module includes: the second logic unit, abnormal process end operation is executed for forbidding, to retain
The task stack of specified application;Unit is popped up, the stack top movable component data of the task stack of specified application are used for ejecting;It compares single
Member, for the task stack of the specified application after pop-up stack top data to be compared with stack data are restored;First execution unit is used
If consistent in comparing, the movable component for being currently at the stack top of task stack of specified application is executed;Second execution unit is used
If inconsistent in comparison, by the data dump in the task stack of specified application, and it is pressed into and restores stack data.
Optionally, abnormal process end operation is used to terminate to occur the process of specified loophole.
Data of the embodiment of the present invention by the task stack for specified application of backing up in realtime, the exception in listening to operating system
Process end operation is called and whether the process to the end of is specified in application, restoring specified application according to the data of backup
Task stack, and start the movable component for being currently at the stack top of task stack of specified application, reached reduction application state
Technical effect solves the problems, such as that processing method when application is abnormal in the prior art can not restore application state.
It should be noted that above-mentioned modules can be realized by software or hardware, for the latter, Ke Yitong
Following manner realization is crossed, but not limited to this: above-mentioned module is respectively positioned in same processor;Alternatively, above-mentioned modules are with any
Combined form is located in different processors.
Obviously, those skilled in the art should be understood that each module of the above invention or each step can be with general
Computing device realize that they can be concentrated on a single computing device, or be distributed in multiple computing devices and formed
Network on, optionally, they can be realized with the program code that computing device can perform, it is thus possible to which they are stored
It is performed by computing device in the storage device, and in some cases, it can be to be different from shown in sequence execution herein
Out or description the step of, perhaps they are fabricated to each integrated circuit modules or by them multiple modules or
Step is fabricated to single integrated circuit module to realize.In this way, the present invention is not limited to any specific hardware and softwares to combine.
Embodiment 3
The embodiments of the present invention also provide a kind of storage medium, computer program is stored in the storage medium, wherein
The computer program is arranged to execute the step in any of the above-described embodiment of the method when operation.
Optionally, in the present embodiment, above-mentioned storage medium can include but is not limited to: USB flash disk, read-only memory (Read-
Only Memory, referred to as ROM), it is random access memory (Random Access Memory, referred to as RAM), mobile hard
The various media that can store computer program such as disk, magnetic or disk.
Embodiment 4
The embodiments of the present invention also provide a kind of electronic devices, and optionally, electronic device can be PC, movement
Terminal, handheld terminal or other arithmetic facilities.
Include memory and processor in electronic device, is stored with computer program in the memory, which is set
Operation computer program is set to execute the step in any of the above-described embodiment of the method.
Optionally, above-mentioned electronic device can also include transmission device and input-output equipment, wherein the transmission device
It is connected with above-mentioned processor, which connects with above-mentioned processor.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field
For art personnel, the invention may be variously modified and varied.It is all within principle of the invention, it is made it is any modification, etc.
With replacement, improvement etc., should all be included in the protection scope of the present invention.
Claims (10)
1. a kind of processing method for abnormal process end operation, which is characterized in that the described method includes:
The data for the specified task stack applied of backing up in realtime, obtain mirror stacks data, wherein the task stack is used for the knot of stack
Structure stores movable component data;
Whether abnormal process end operation is called in snoop-operations system;
If called, judge whether the process to the end of is the specified application;
If it is the specified application, the movable component data that stack top is located in the mirror stacks data are popped up, are restored
Stack data;
According to the recovery stack data, restore the task stack of the specified application, and starts and be currently at the specified application
The movable component of the stack top of task stack.
2. the method according to claim 1, wherein the data of the task stack of the specified application of backing up in realtime,
Obtain mirror stacks data, comprising:
Monitor whether the object run in the operating system for task stack is called, wherein the object run includes pair
The ejection operation of the stack top data of the task stack and the operation that data are pressed into the task stack;
Listen to the object run it is called when, obtain the task stack data that the object run is directed to;
Judge whether the movable component object that the object run is directed to is the specified application according to the task stack data
Movable component;
If it is, updating the mirror stacks data for being directed to the specified application according to the task stack data of the object run.
3. the method according to claim 1, wherein the data of the task stack of the specified application of backing up in realtime,
Obtain mirror stacks data, comprising:
With predetermined period read in the operating system there is currently task stack data;
Using the name character string of the movable component of the specified application, canonical formula is executed in the data of the task stack read
Matching;
Determine that the corresponding task stack of matched data is the task stack of the specified application, and according to the task of the specified application
The data of stack update the mirror stacks data.
4. recovery is described specified the method according to claim 1, wherein described according to the recovery stack data
The task stack of application, comprising:
Allow to execute the abnormal process end operation, to delete the task stack of the specified application;
Utilize the task stack that application is specified described in the recovery stack data reconstruction.
5. a kind of processing unit for abnormal process end operation, which is characterized in that described device includes:
Backup module, the data of the task stack for specified application of backing up in realtime, obtains mirror stacks data, wherein the task
Stack is used to store movable component data with the structure of stack;
Module is monitored, whether is called for abnormal process end operation in snoop-operations system;
Judgment module, if judging whether the process to the end of is the specified application for called;
Execution module, for the movable component data of stack top will to be located in the mirror stacks data if it is the specified application
Pop-up, be restored stack data;
Recovery module for restoring the task stack of the specified application according to the recovery stack data, and starts and is currently at institute
State the movable component of the stack top of the task stack of specified application.
6. device according to claim 5, which is characterized in that the backup module includes:
Monitoring unit, for monitoring whether the object run in the operating system for task stack is called, wherein the mesh
It marks the ejection operation operated include to the stack top data of the task stack and is pressed into the operation of data into the task stack;
Acquiring unit, for listen to the object run it is called when, obtain the task stack number that the object run is directed to
According to;
Judging unit, for judging whether the movable component object that the object run is directed to is institute according to the task stack data
State the movable component of specified application;
First updating unit, for being answered if it is, being updated according to the task stack data of the object run for described specify
Mirror stacks data.
7. device according to claim 5, which is characterized in that the backup module includes:
Reading unit, for predetermined period read in the operating system there is currently task stack data;
Matching unit, for the name character string of the movable component using the specified application, in the number of the task stack read
It is matched according to middle execution canonical formula;
Second updating unit, for determining that the corresponding task stack of matched data is the task stack of the specified application, and according to
The data of the task stack of the specified application update the mirror stacks data.
8. device according to claim 5, which is characterized in that the recovery module includes:
First logic unit, for allowing to execute the abnormal process end operation, to delete the task stack of the specified application;
Reconstruction unit, for utilizing the task stack for specifying application described in the recovery stack data reconstruction.
9. a kind of storage medium, which is characterized in that be stored with computer program in the storage medium, wherein the computer
Program is arranged to perform claim when operation and requires method described in 1 to 4 any one.
10. a kind of electronic device, including memory and processor, which is characterized in that be stored with computer journey in the memory
Sequence, the processor are arranged to run the computer program in method described in perform claim 1 to 4 any one of requirement.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810668277X | 2018-06-26 | ||
| CN201810668277.XA CN108846287A (en) | 2018-06-26 | 2018-06-26 | A kind of method and device of detection loophole attack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109766701A true CN109766701A (en) | 2019-05-17 |
| CN109766701B CN109766701B (en) | 2021-04-27 |
Family
ID=64202031
Family Applications (10)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810668277.XA Pending CN108846287A (en) | 2018-05-04 | 2018-06-26 | A kind of method and device of detection loophole attack |
| CN201811645578.7A Pending CN109711172A (en) | 2018-06-26 | 2018-12-29 | Data prevention method and device |
| CN201811645681.1A Pending CN109766698A (en) | 2018-06-26 | 2018-12-29 | Data prevention method and device |
| CN201811640471.3A Active CN109753806B (en) | 2018-06-26 | 2018-12-29 | Server protection method and device |
| CN201811640481.7A Active CN109711168B (en) | 2018-06-26 | 2018-12-29 | Behavior-based service identification method, behavior-based service identification device, behavior-based service identification equipment and readable storage medium |
| CN201811646131.1A Active CN109766701B (en) | 2018-06-26 | 2018-12-29 | Processing method and device for abnormal process ending operation and electronic device |
| CN201811640753.3A Pending CN109829309A (en) | 2018-06-26 | 2018-12-29 | Terminal device system protection method and device |
| CN201811640526.0A Pending CN109726560A (en) | 2018-06-26 | 2018-12-29 | Terminal device system protection method and device |
| CN201811640643.7A Pending CN109829307A (en) | 2018-06-26 | 2018-12-29 | Process behavior recognition methods and device |
| CN201811640231.3A Active CN109871691B (en) | 2018-06-26 | 2018-12-29 | Authority-based process management method, system, device and readable storage medium |
Family Applications Before (5)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810668277.XA Pending CN108846287A (en) | 2018-05-04 | 2018-06-26 | A kind of method and device of detection loophole attack |
| CN201811645578.7A Pending CN109711172A (en) | 2018-06-26 | 2018-12-29 | Data prevention method and device |
| CN201811645681.1A Pending CN109766698A (en) | 2018-06-26 | 2018-12-29 | Data prevention method and device |
| CN201811640471.3A Active CN109753806B (en) | 2018-06-26 | 2018-12-29 | Server protection method and device |
| CN201811640481.7A Active CN109711168B (en) | 2018-06-26 | 2018-12-29 | Behavior-based service identification method, behavior-based service identification device, behavior-based service identification equipment and readable storage medium |
Family Applications After (4)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811640753.3A Pending CN109829309A (en) | 2018-06-26 | 2018-12-29 | Terminal device system protection method and device |
| CN201811640526.0A Pending CN109726560A (en) | 2018-06-26 | 2018-12-29 | Terminal device system protection method and device |
| CN201811640643.7A Pending CN109829307A (en) | 2018-06-26 | 2018-12-29 | Process behavior recognition methods and device |
| CN201811640231.3A Active CN109871691B (en) | 2018-06-26 | 2018-12-29 | Authority-based process management method, system, device and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (10) | CN108846287A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111209559A (en) * | 2019-12-23 | 2020-05-29 | 东软集团股份有限公司 | Permission processing method and device of application program, storage medium and electronic equipment |
| CN112910868A (en) * | 2021-01-21 | 2021-06-04 | 平安信托有限责任公司 | Enterprise network security management method and device, computer equipment and storage medium |
Families Citing this family (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109711166B (en) * | 2018-12-17 | 2020-12-11 | 北京知道创宇信息技术股份有限公司 | Vulnerability detection method and device |
| CN109558730B (en) * | 2018-12-29 | 2020-10-16 | 360企业安全技术(珠海)有限公司 | Safety protection method and device for browser |
| CN109800576B (en) * | 2018-12-29 | 2021-07-23 | 360企业安全技术(珠海)有限公司 | Monitoring method and device for unknown program exception request and electronic device |
| CN112395585B (en) * | 2019-08-15 | 2023-01-06 | 奇安信安全技术(珠海)有限公司 | Database service login method, device, equipment and readable storage medium |
| CN112395604B (en) * | 2019-08-15 | 2022-09-30 | 奇安信安全技术(珠海)有限公司 | System monitoring login protection method, client, server and storage medium |
| CN112398789A (en) * | 2019-08-15 | 2021-02-23 | 奇安信安全技术(珠海)有限公司 | Remote login control method, device, system, storage medium and electronic device |
| CN112398784B (en) * | 2019-08-15 | 2023-01-06 | 奇安信安全技术(珠海)有限公司 | Method and device for defending vulnerability attack, storage medium and computer equipment |
| CN112398787B (en) * | 2019-08-15 | 2022-09-30 | 奇安信安全技术(珠海)有限公司 | Mailbox login verification method and device, computer equipment and storage medium |
| CN112395617A (en) * | 2019-08-15 | 2021-02-23 | 奇安信安全技术(珠海)有限公司 | Method and device for protecting docker escape vulnerability, storage medium and computer equipment |
| CN110610086B (en) * | 2019-08-30 | 2021-06-18 | 北京卓识网安技术股份有限公司 | Illegal code identification method, system, device and storage medium |
| WO2021046811A1 (en) * | 2019-09-12 | 2021-03-18 | 奇安信安全技术(珠海)有限公司 | Attack behavior determination method and apparatus, and computer storage medium |
| CN110505247B (en) * | 2019-09-27 | 2022-05-17 | 百度在线网络技术(北京)有限公司 | Attack detection method and device, electronic equipment and storage medium |
| CN111046377B (en) * | 2019-12-25 | 2023-11-14 | 五八同城信息技术有限公司 | Method and device for loading dynamic link library, electronic equipment and storage medium |
| CN111382076B (en) * | 2020-03-10 | 2023-04-25 | 抖音视界有限公司 | Application program testing method and device, electronic equipment and computer storage medium |
| CN111884884B (en) * | 2020-07-31 | 2022-05-31 | 北京明朝万达科技股份有限公司 | Method, system and device for monitoring file transmission |
| CN111859405A (en) * | 2020-07-31 | 2020-10-30 | 深信服科技股份有限公司 | Threat immunization framework, method, equipment and readable storage medium |
| CN112069505B (en) * | 2020-09-15 | 2021-11-23 | 北京微步在线科技有限公司 | Audit information processing method and electronic equipment |
| US20220083644A1 (en) * | 2020-09-16 | 2022-03-17 | Cisco Technology, Inc. | Security policies for software call stacks |
| CN113392416B (en) * | 2021-06-28 | 2024-03-22 | 北京恒安嘉新安全技术有限公司 | Method, device, equipment and storage medium for acquiring application program encryption and decryption data |
| CN113742726A (en) * | 2021-08-27 | 2021-12-03 | 恒安嘉新(北京)科技股份公司 | Program recognition model training and program recognition method, device, equipment and medium |
| CN113779561B (en) * | 2021-09-09 | 2024-03-01 | 安天科技集团股份有限公司 | Kernel vulnerability processing method and device, storage medium and electronic equipment |
| CN115051905A (en) * | 2022-07-19 | 2022-09-13 | 广东泓胜科技股份有限公司 | Port security monitoring and analyzing method, device and related equipment |
| CN116707929A (en) * | 2023-06-16 | 2023-09-05 | 广州市玄武无线科技股份有限公司 | Mobile phone photographing and faking detection method and device based on call stack information acquisition |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100205478A1 (en) * | 2009-02-10 | 2010-08-12 | International Business Machines Corporation | Resource integrity during partial backout of application updates |
| CN104246693A (en) * | 2012-04-20 | 2014-12-24 | 飞思卡尔半导体公司 | Information processing device and method for protecting data in a call stack |
| US20150324254A1 (en) * | 2014-05-12 | 2015-11-12 | International Business Machines Corporation | Restoring an application from a system dump file |
| CN106201811A (en) * | 2016-07-06 | 2016-12-07 | 青岛海信宽带多媒体技术有限公司 | The fault recovery method of application program and terminal |
| CN106708734A (en) * | 2016-12-13 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Software abnormality detection method and apparatus |
| CN108052431A (en) * | 2017-12-08 | 2018-05-18 | 北京奇虎科技有限公司 | Terminal program exception closing information processing method, device, terminal |
Family Cites Families (41)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7093239B1 (en) * | 2000-07-14 | 2006-08-15 | Internet Security Systems, Inc. | Computer immune system and method for detecting unwanted code in a computer system |
| US7546587B2 (en) * | 2004-03-01 | 2009-06-09 | Microsoft Corporation | Run-time call stack verification |
| US7891000B1 (en) * | 2005-08-05 | 2011-02-15 | Cisco Technology, Inc. | Methods and apparatus for monitoring and reporting network activity of applications on a group of host computers |
| KR100843701B1 (en) * | 2006-11-07 | 2008-07-04 | 소프트캠프(주) | Confirmation method of API by the information at Call-stack |
| CN101059829A (en) * | 2007-05-16 | 2007-10-24 | 珠海金山软件股份有限公司 | Device and method for automatically analyzing course risk grade |
| US8117424B2 (en) * | 2007-09-21 | 2012-02-14 | Siemens Industry, Inc. | Systems, devices, and/or methods for managing programmable logic controller processing |
| CN101373501B (en) * | 2008-05-12 | 2010-06-02 | 公安部第三研究所 | Method for capturing dynamic behavior aiming at computer virus |
| CN101286995B (en) * | 2008-05-23 | 2010-12-08 | 北京锐安科技有限公司 | Long-range control method and system |
| CN101753377B (en) * | 2009-12-29 | 2011-11-09 | 吉林大学 | p2p_botnet real-time detection method and system |
| CN103136472B (en) * | 2011-11-29 | 2016-08-31 | 腾讯科技(深圳)有限公司 | A kind of anti-application program steals method and the mobile device of privacy |
| CN102546624A (en) * | 2011-12-26 | 2012-07-04 | 西北工业大学 | Method and system for detecting and defending multichannel network intrusion |
| CN103368904B (en) * | 2012-03-27 | 2016-12-28 | 百度在线网络技术(北京)有限公司 | The detection of mobile terminal, questionable conduct and decision-making system and method |
| CN102750475B (en) * | 2012-06-07 | 2017-08-15 | 中国电子科技集团公司第三十研究所 | Malicious code behavioral value method and system are compared based on view intersection inside and outside virtual machine |
| CN103778375B (en) * | 2012-10-24 | 2017-11-17 | 腾讯科技(深圳)有限公司 | The apparatus and method for preventing user equipment from loading illegal dynamic link library file |
| US8990944B1 (en) * | 2013-02-23 | 2015-03-24 | Fireeye, Inc. | Systems and methods for automatically detecting backdoors |
| US9558347B2 (en) * | 2013-08-27 | 2017-01-31 | Globalfoundries Inc. | Detecting anomalous user behavior using generative models of user actions |
| CN103631712B (en) * | 2013-10-23 | 2016-03-02 | 北京信息控制研究所 | A kind of medelling software critical behavior tracking based on memory management |
| US9519758B2 (en) * | 2014-02-04 | 2016-12-13 | Pegasus Media Security, Llc | System and process for monitoring malicious access of protected content |
| CN103761472B (en) * | 2014-02-21 | 2017-05-24 | 北京奇虎科技有限公司 | Application program accessing method and device based on intelligent terminal |
| CN105335654B (en) * | 2014-06-27 | 2018-12-14 | 北京金山安全软件有限公司 | Android malicious program detection and processing method, device and equipment |
| CN104268471B (en) * | 2014-09-10 | 2017-04-26 | 珠海市君天电子科技有限公司 | Method and device for detecting return-oriented programming attack |
| US9721112B2 (en) * | 2014-09-29 | 2017-08-01 | Airwatch Llc | Passive compliance violation notifications |
| JP6334069B2 (en) * | 2014-11-25 | 2018-05-30 | エンサイロ リミテッドenSilo Ltd. | System and method for accuracy assurance of detection of malicious code |
| CN104484599B (en) * | 2014-12-16 | 2017-12-12 | 北京奇虎科技有限公司 | A kind of behavior treating method and apparatus based on application program |
| US10614210B2 (en) * | 2015-07-31 | 2020-04-07 | Digital Guardian, Inc. | Systems and methods of protecting data from injected malware |
| CN105224862B (en) * | 2015-09-25 | 2018-03-27 | 北京北信源软件股份有限公司 | A kind of hold-up interception method and device of office shear plates |
| CN105279432B (en) * | 2015-10-12 | 2018-11-23 | 北京金山安全软件有限公司 | Software monitoring processing method and device |
| CN105678168A (en) * | 2015-12-29 | 2016-06-15 | 北京神州绿盟信息安全科技股份有限公司 | Method and apparatus for detecting Shellcode based on stack frame abnormity |
| WO2017166037A1 (en) * | 2016-03-29 | 2017-10-05 | 深圳投之家金融信息服务有限公司 | Data tampering detection device and method |
| CN107330320B (en) * | 2016-04-29 | 2020-06-05 | 腾讯科技(深圳)有限公司 | Method and device for monitoring application process |
| US9807104B1 (en) * | 2016-04-29 | 2017-10-31 | STEALTHbits Technologies, Inc. | Systems and methods for detecting and blocking malicious network activity |
| CN105956462B (en) * | 2016-06-29 | 2019-05-10 | 珠海豹趣科技有限公司 | A kind of method, apparatus and electronic equipment preventing malicious loading driving |
| CN106203092B (en) * | 2016-06-30 | 2019-12-10 | 珠海豹趣科技有限公司 | Method and device for intercepting shutdown of malicious program and electronic equipment |
| CN106411588B (en) * | 2016-09-29 | 2019-10-25 | 锐捷网络股份有限公司 | A kind of network device management method, main equipment and management server |
| CN107959595B (en) * | 2016-10-14 | 2020-10-27 | 腾讯科技(深圳)有限公司 | Method, device and system for anomaly detection |
| CN108171056A (en) * | 2016-12-08 | 2018-06-15 | 武汉安天信息技术有限责任公司 | It is a kind of to automate the malicious detection method of judgement sample and device |
| CN108280346B (en) * | 2017-01-05 | 2022-05-31 | 腾讯科技(深圳)有限公司 | Application protection monitoring method, device and system |
| CN106991324B (en) * | 2017-03-30 | 2020-02-14 | 兴华永恒(北京)科技有限责任公司 | Malicious code tracking and identifying method based on memory protection type monitoring |
| CN107358071A (en) * | 2017-06-07 | 2017-11-17 | 武汉斗鱼网络科技有限公司 | Prevent the method and device that function illegally calls in Flash application programs |
| CN107704356B (en) * | 2017-06-12 | 2019-06-28 | 平安科技(深圳)有限公司 | Exception stack information acquisition method, device and computer readable storage medium |
| CN107483274A (en) * | 2017-09-25 | 2017-12-15 | 北京全域医疗技术有限公司 | Service item running state monitoring method and device |
-
2018
- 2018-06-26 CN CN201810668277.XA patent/CN108846287A/en active Pending
- 2018-12-29 CN CN201811645578.7A patent/CN109711172A/en active Pending
- 2018-12-29 CN CN201811645681.1A patent/CN109766698A/en active Pending
- 2018-12-29 CN CN201811640471.3A patent/CN109753806B/en active Active
- 2018-12-29 CN CN201811640481.7A patent/CN109711168B/en active Active
- 2018-12-29 CN CN201811646131.1A patent/CN109766701B/en active Active
- 2018-12-29 CN CN201811640753.3A patent/CN109829309A/en active Pending
- 2018-12-29 CN CN201811640526.0A patent/CN109726560A/en active Pending
- 2018-12-29 CN CN201811640643.7A patent/CN109829307A/en active Pending
- 2018-12-29 CN CN201811640231.3A patent/CN109871691B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100205478A1 (en) * | 2009-02-10 | 2010-08-12 | International Business Machines Corporation | Resource integrity during partial backout of application updates |
| CN104246693A (en) * | 2012-04-20 | 2014-12-24 | 飞思卡尔半导体公司 | Information processing device and method for protecting data in a call stack |
| US20150324254A1 (en) * | 2014-05-12 | 2015-11-12 | International Business Machines Corporation | Restoring an application from a system dump file |
| CN106201811A (en) * | 2016-07-06 | 2016-12-07 | 青岛海信宽带多媒体技术有限公司 | The fault recovery method of application program and terminal |
| CN106708734A (en) * | 2016-12-13 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Software abnormality detection method and apparatus |
| CN108052431A (en) * | 2017-12-08 | 2018-05-18 | 北京奇虎科技有限公司 | Terminal program exception closing information processing method, device, terminal |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111209559A (en) * | 2019-12-23 | 2020-05-29 | 东软集团股份有限公司 | Permission processing method and device of application program, storage medium and electronic equipment |
| CN112910868A (en) * | 2021-01-21 | 2021-06-04 | 平安信托有限责任公司 | Enterprise network security management method and device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109711168A (en) | 2019-05-03 |
| CN109753806A (en) | 2019-05-14 |
| CN109871691B (en) | 2021-07-20 |
| CN108846287A (en) | 2018-11-20 |
| CN109829307A (en) | 2019-05-31 |
| CN109766701B (en) | 2021-04-27 |
| CN109753806B (en) | 2024-01-19 |
| CN109711168B (en) | 2021-01-15 |
| CN109829309A (en) | 2019-05-31 |
| CN109871691A (en) | 2019-06-11 |
| CN109726560A (en) | 2019-05-07 |
| CN109711172A (en) | 2019-05-03 |
| CN109766698A (en) | 2019-05-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109766701A (en) | For the processing method of abnormal process end operation, device and electronic device | |
| CN107710215A (en) | The method and apparatus of mobile computing device safety in test facilities | |
| CN105164644A (en) | Hook framework | |
| CN105871587A (en) | Log uploading method and device | |
| CN107818028A (en) | A kind of computer data backup and restoring method | |
| CA2982272C (en) | Automatic task tracking | |
| CN105573788B (en) | The method and apparatus of patch processing and the method and apparatus for generating patch | |
| CN109978290A (en) | A kind of operation flow backspacing processing method of extensive makeup, flow engine and operation system | |
| CN105893847B (en) | A kind of method, apparatus and electronic equipment for protecting security protection application file | |
| CN107526636B (en) | Resource identification method and device | |
| CN105512562B (en) | Vulnerability mining method and device and electronic equipment | |
| CN108509322B (en) | Method for avoiding excessive return visit, electronic device and computer readable storage medium | |
| CN113792341A (en) | Privacy compliance automation detection method, device, equipment and medium for application program | |
| CN109753796A (en) | A kind of big data computer network security protective device and application method | |
| CN109063011A (en) | Log processing method, electronic device and computer readable storage medium | |
| CN111130834B (en) | Method and device for processing network elasticity strategy | |
| CN108958980B (en) | Method for preventing Activity life cycle from being abnormal, electronic device and computer readable storage medium | |
| CN107612882B (en) | User behavior identification method and device based on intermediate log | |
| CN108874658A (en) | A kind of sandbox analysis method, device, electronic equipment and storage medium | |
| CN107958414B (en) | Method and system for eliminating long transactions of CICS (common integrated circuit chip) system | |
| CN107239377A (en) | The method and apparatus for obtaining Java Virtual Machine running status | |
| CN107656849A (en) | A kind of software system performance positioning problems method and device | |
| CN110221952B (en) | Service data processing method and device and service data processing system | |
| CN110837433A (en) | Performance optimization method and device and electronic equipment | |
| CN105630526A (en) | Load control method and device for script |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 519085 No. 501, 601, building 14, kechuangyuan, Gangwan No. 1, Jintang Road, Tangjiawan Town, high tech Zone, Zhuhai City, Guangdong Province Patentee after: Qianxin Safety Technology (Zhuhai) Co.,Ltd. Patentee after: Qianxin Technology Group Co., Ltd Address before: 519085 No. 501, 601, building 14, kechuangyuan, Gangwan No. 1, Jintang Road, Tangjiawan Town, high tech Zone, Zhuhai City, Guangdong Province Patentee before: 360 ENTERPRISE SECURITY TECHNOLOGY (ZHUHAI) Co.,Ltd. Patentee before: Beijing Qianxin Technology Co., Ltd |
|
| CP01 | Change in the name or title of a patent holder |