CN110032394B - Analysis method and device for passive code file and storage medium - Google Patents

Analysis method and device for passive code file and storage medium Download PDF

Info

Publication number
CN110032394B
CN110032394B CN201910293013.5A CN201910293013A CN110032394B CN 110032394 B CN110032394 B CN 110032394B CN 201910293013 A CN201910293013 A CN 201910293013A CN 110032394 B CN110032394 B CN 110032394B
Authority
CN
China
Prior art keywords
file
package
name
function
class
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910293013.5A
Other languages
Chinese (zh)
Other versions
CN110032394A (en
Inventor
陈强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Tencent Information Technology Co Ltd
Original Assignee
Shenzhen Tencent Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Tencent Information Technology Co Ltd filed Critical Shenzhen Tencent Information Technology Co Ltd
Priority to CN201910293013.5A priority Critical patent/CN110032394B/en
Publication of CN110032394A publication Critical patent/CN110032394A/en
Application granted granted Critical
Publication of CN110032394B publication Critical patent/CN110032394B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/30Creation or generation of source code
    • G06F8/31Programming languages or programming paradigms
    • G06F8/315Object-oriented languages
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/74Reverse engineering; Extracting design information from source code

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Stored Programmes (AREA)

Abstract

The embodiment of the invention discloses a method, a device and a storage medium for analyzing a passive code file; the method comprises the steps of firstly obtaining an initial passive code file, wherein the initial passive code file comprises a first file package and a second file package called by the first file package, then statically traversing the first file package to obtain a static calling relation matched with the second file package, then dynamically injecting an obtaining instruction into the second file package when the second file package traverses the calling relation matched with the static calling relation to obtain a passive code file, wherein the obtaining instruction is a code for obtaining a function calling relation, and then operating the passive code file to obtain the function calling relation of the first file package calling the second file package during operation; the scheme can effectively improve the accuracy of the analysis of the calling relationship in the passive code file.

Description

Analysis method and device for passive code file and storage medium
Technical Field
The invention relates to the technical field of communication, in particular to a method and a device for analyzing a passive code file and a storage medium.
Background
Each large program realizes the functional requirements of the whole program through organizing and calling functions. Therefore, it is very important to accurately know the calling relationship between functions in a program. At present, after the Java source code is compiled into a class file and packaged into a Java Archive (JAR) package, namely a JAR package, under the condition of a passive code, the Java source code can be obtained through decompiling to analyze the Java function call relation between JAR package classes, but the accurate function call relation during running cannot be obtained. Meanwhile, decompiling has the possibility of failure, and the generated Java source code cannot be analyzed, so that the call relation is influenced.
Disclosure of Invention
The embodiment of the invention provides a method and a device for analyzing a passive code file and a storage medium, which can effectively improve the accuracy of analysis of a call relation in the passive code file.
The embodiment of the invention provides a method for analyzing a passive code file, which comprises the following steps:
acquiring an initial passive code file, wherein the initial passive code file comprises a first file package and a second file package called by the first file package;
statically traversing the first file package to obtain a static calling relation matched with a second file package;
when the second file package traverses to a calling relation matched with the static calling relation, dynamically injecting an acquisition instruction into the second file package to obtain a passive code file, wherein the acquisition instruction is a code for acquiring a function calling relation;
and running the passive code file to obtain a function call relation of the first file package calling the second file package in running.
Correspondingly, an embodiment of the present invention further provides an apparatus for analyzing a passive code file, including:
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring a passive code file to be analyzed, and the passive code file is a passive code file and comprises a first file package and a second file package called by the first file package;
the static traversing unit is used for statically traversing the first file package to obtain a static calling relation matched with the second file package;
the dynamic injection unit is used for dynamically injecting an acquisition instruction into the second file package when the second file package traverses to the static calling relationship, wherein the acquisition instruction is a code for acquiring the function calling relationship;
and the operation unit is used for operating the passive code file injected with the acquisition instruction and obtaining a function call relation of the first file package calling the second file package by using the acquisition instruction.
Optionally, in some embodiments, the static traversal unit may include a first parsing subunit and a first traversal subunit, as follows:
the first parsing subunit is configured to parse the first file package to obtain a first syntax tree;
and the first traversal subunit is used for traversing the first syntax tree, matching the first syntax tree with the prefix of the called package name in the second file package, and obtaining a static calling relation matched with the second file package.
Optionally, in some embodiments, the static calling relationship includes a class full name, an interface full name, and/or a function name relationship, and the first traversal subunit is specifically configured to match a node of the first syntax tree with a prefix of a called class package name in the second file package; if the class statement is matched, acquiring a class full name; if the interface statement is matched, acquiring the full name of the interface; and if the function call is matched, acquiring the class full name and the function name, or acquiring the interface full name and the function name.
Optionally, in some embodiments, the dynamic injection unit may include a second parsing subunit and a second traversal subunit, as follows:
the second parsing subunit is configured to parse the second file packet to obtain a second syntax tree;
and the second traversal subunit is used for traversing the second syntax tree, and injecting an acquisition instruction into the second file package to obtain the passive code file when traversing to the calling relation matched with the static calling relation of the first file package.
Optionally, in some embodiments, the static calling relationship includes a class full name, an interface full name, and/or a function name relationship, and the second traversal subunit is specifically configured to obtain the class name and the interface name of the second file package; and traversing the class name and the function name in the interface name of the second file packet, and dynamically injecting an acquisition instruction into the second file packet to obtain the passive code file when traversing the function name matched with the function name of the first file packet.
Optionally, in some embodiments, the operation unit may include a monitoring subunit, an obtaining subunit, and a determining subunit, as follows:
the monitoring subunit is configured to monitor an operation process of the passive code file through the acquisition instruction;
the acquiring subunit is configured to acquire, when it is monitored that the first file package calls the second file package, a class name, an interface name, and/or a function name used when the first file package calls the second file package;
and the determining subunit is used for determining the function calling relationship of the first file package calling the second file package according to the class name, the interface name and/or the function name of the function calling.
Optionally, in some embodiments, the apparatus for analyzing a passive code file may further include:
and the generating unit is used for generating a log file according to the acquired function call relation.
In addition, an embodiment of the present invention further provides a storage medium, where the storage medium stores a plurality of instructions, and the instructions are suitable for being loaded by a processor to perform steps in any one of the methods for analyzing a passive code file provided in the embodiments of the present invention.
The method comprises the steps of firstly obtaining an initial passive code file, wherein the initial passive code file comprises a first file package and a second file package called by the first file package, then statically traversing the first file package to obtain a static calling relation matched with the second file package, then dynamically injecting an obtaining instruction into the second file package when the second file package traverses the calling relation matched with the static calling relation to obtain a passive code file, wherein the obtaining instruction is a code for obtaining a function calling relation, and then operating the passive code file to obtain the function calling relation of the first file package calling the second file package during operation; the scheme can effectively improve the accuracy of the analysis of the calling relationship in the passive code file.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1a is a schematic view of a scene of an analysis method for a passive code file according to an embodiment of the present invention;
FIG. 1b is a flowchart of a method for analyzing a passive code file according to an embodiment of the present invention;
FIG. 2a is another flowchart of a method for analyzing a passive code file according to an embodiment of the present invention;
FIG. 2b is a flow diagram of a static traversal provided by an embodiment of the invention;
FIG. 2c is a flow chart of dynamic injection provided by an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an apparatus for analyzing a passive code file according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a terminal according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive step based on the embodiments of the present invention, are within the scope of protection of the present invention.
In addition, although the terms "first", "second", etc. are used herein several times to describe various elements (or various thresholds or various applications or various instructions or various operations), etc., these elements (or thresholds or applications or instructions or operations) should not be limited by these terms. These terms are only used to distinguish one element (or threshold or application or instruction or operation) from another element (or threshold or application or instruction or operation). For example, a first operation may be referred to as a second operation, and a second operation may be referred to as a first operation, without departing from the scope of the invention, the first operation and the second operation being operations, except that they are not the same operation.
The embodiment of the invention provides a method and a device for analyzing a passive code file and a storage medium. The analysis device of the passive code file may be integrated in a terminal, wherein the terminal may include a tablet Computer, a notebook Computer, and a Personal Computer (PC).
For example, taking the analysis apparatus of the passive code file integrated in the terminal as an example, referring to fig. 1a, first, an initial passive code file is obtained, where the initial passive code file includes a first file package and a second file package called by the first file package, then, the first file package is statically traversed to obtain a static calling relationship matched with the second file package, then, when the second file package traverses to a calling relationship matched with the static calling relationship, an obtaining instruction is dynamically injected into the second file package to obtain a passive code file, where the obtaining instruction is a code for obtaining a function calling relationship, then, the passive code file is run to obtain a function calling relationship in which the first file package calls the second file package during running, and a log file is generated according to the obtained function calling relationship to be displayed on the terminal, and so on.
The following are detailed below. It should be noted that the following description of the embodiments is not intended to limit the preferred order of the embodiments.
The embodiment will be described in terms of an analysis apparatus for a passive code file, which may be specifically integrated in a terminal, where the terminal may include a tablet computer, a notebook computer, a personal computer, and other devices.
A method for analyzing a passive code file comprises the following steps: the method comprises the steps of firstly obtaining an initial passive code file, wherein the initial passive code file comprises a first file package and a second file package called by the first file package, then statically traversing the first file package to obtain a static calling relation matched with the second file package, then dynamically injecting an obtaining instruction into the second file package when the second file package traverses the calling relation matched with the static calling relation to obtain a passive code file, wherein the obtaining instruction is a code for obtaining a function calling relation, and then operating the passive code file to obtain the function calling relation of the first file package calling the second file package during operation.
As shown in fig. 1b, a specific process of the analysis method of the passive code file may be as follows:
101. and acquiring an initial passive code file, wherein the initial passive code file comprises a first file package and a second file package called by the first file package.
For example, a passive code file may be obtained through a network, where the passive code file refers to a file in which source codes cannot be seen after the source codes are compiled and packaged. The initial passive file may include a plurality of file packages, or files of various formats, etc., for example, a first file package and a second file package called by the first file package, etc. There are many ways to obtain the initial passive code file, for example, compiled passive code files may be obtained from a network, compiled passive code files may be obtained from various memories, and the like.
The passive code file refers to an executable file without source code, and the executable file refers to a file that can be loaded and executed by an operating system. In different operating system environments, executable programs are presented differently. Under the Microsoft Windows operating system (Microsoft Windows) operating system, the executable program may be a.exe,. sys, or.com, type file. In Java, the executable file may be an executable Jar package or the like. For example, if the initial passive code file is a plurality of Jar packages, the first Jar package may be a first Jar package, and the second Jar package may be a second Jar package called by the first Jar package.
Among them, Jar package is a platform-independent file format that allows many files to be combined into one compressed file, including class files after class programming, Extensible Markup Language (XML) files, and the like. Among them, class files are named as Java class files, which mainly make Java more suitable for networks in terms of platform independence and network mobility. Its tasks in terms of platform independence are: a Java program is provided with binary-form services that are independent of the underlying host platform.
There are many ways to obtain the initial passive code file, for example, a compiled passive code file may be obtained from a network, a compiled passive code file may be obtained from a memory, and the like.
102. And statically traversing the first file package to obtain a static calling relation matched with the second file package.
For example, the first file package may be specifically parsed to obtain a first syntax tree, the first syntax tree is traversed, and the node of the first syntax tree is matched with the prefix of the called package (package) name in the second file package to obtain a static calling relationship matched with the second file package. For example, the ASM may parse a class file of the passive code into a syntax tree, and traverse all types of call logic and function call logic of the syntax tree to obtain a static class, interface, and function call relationship. That is, in order to solve the problem that the decompiled code needs to be spliced and input (import) to obtain the class name, an ASM tool can be used to parse the class file of the passive code into an abstract syntax tree, and the class visit method can traverse all types and function calls of the class, wherein the types used are all class full names. Among them, import is mainly used in Java to import packets.
Among them, a syntax tree (syntax tree), also called an Abstract Syntax Tree (AST), is a tree structure for describing the world physics of a computer. In computer science, a syntax tree is a tree-like representation of the abstract syntax structure of source code, here specifically the source code of a programming language. Each node on the tree represents a structure in the source code. The syntax is said to be "abstract" in that the syntax does not represent every detail that appears in the true syntax.
The ASM is a Java bytecode manipulation framework. It can be used to dynamically generate classes or to enhance the functionality of existing classes. The ASM can either directly generate the binary class file or dynamically change the class behavior before the class is loaded into the Java virtual machine.
The static call relation refers to that all types of call logics and function call logics of the traversal syntax tree obtain a class, an interface and a function call relation under the condition that the passive code file is not operated.
For example, the static call relationship includes a class full name, an interface full name and/or a function name relationship, matching can be performed according to a prefix of a called class package (package) name by traversing nodes of the abstract syntax tree, and if the called class package (package) name is a class type or interface type declaration, the class full name or the interface full name is output. If the function call is carried out, the class full name or the interface full name and the function name are output. That is, "matching the node of the first syntax tree with the prefix of the called package name in the second package to obtain the static calling relationship matching with the second package" may include:
matching the nodes of the first syntax tree with the prefixes of the called package names in the second file package; if the class statement is matched, acquiring a class full name; if the interface statement is matched, acquiring the full name of the interface; and if the function call is matched, acquiring the class full name and the function name, or acquiring the interface full name and the function name.
The class full name refers to a package name, the class name, and the interface full name refers to a package name and an interface name.
103. And when the second file package traverses to the calling relation matched with the static calling relation, dynamically injecting an acquisition instruction into the second file package to obtain a passive code file, wherein the acquisition instruction is a code for acquiring the function calling relation.
For example, the second file package may be specifically analyzed to obtain a second syntax tree, the second syntax tree is traversed, and when a call relation matching the static call relation of the first file package is traversed, an acquisition instruction is injected into the second file package to obtain the passive code file. For example, the class name, the interface name, and the function name obtained through the static traversal in step 102, where the class part obtained through the static traversal is a base class or an interface, and when the base class or the interface calls a function, the actual function call relationship can be obtained only during running. Therefore, in order to reduce the injection amount, achieve accurate dynamic injection, and ensure the efficiency and stability of dynamic operation, the ASM may be used to analyze the syntax trees of all classes of the second package, match the class full name and the function full name on the inheritance link obtained from the static traversal in the syntax trees, and inject a code capable of outputting the function call relationship. That is, when dynamically injecting into the called jar or class, a code for obtaining a function call relationship is dynamically injected into a function entry implemented in a class that inherits the calling class obtained by static traversal or an interface obtained by static traversal, the class file after the dynamic injection is completed is stored, the second file package is repackaged, and a passive code file including the first file package and the repackaged second file package is obtained. Then, "traversing the second syntax tree, when traversing to a call relation matched with the static call relation of the first file package, dynamically injecting an obtaining instruction into the second file package to obtain a passive code file", may include:
acquiring a class name and an interface name of a second file package; and traversing the class name and the function name in the interface name of the second file packet, and injecting an acquisition instruction into the second file packet to obtain the passive code file when traversing the function name matched with the function name of the first file packet.
The calling relationship refers to a class, an interface and a functional relationship which are matched with the static calling relationship of the first file package in the traversal of the second file package, for example, a class which inherits the calling class obtained by the static traversal or implements the interface obtained by the static traversal, and the like. The function call relation refers to the actual call relation of the first file package calling the second file package at runtime. For example, the first package of files is a.jar, the second package of files is b.jar, and the b.jar comprises abstrata class B1, class B2 and class B3. B3 inherits B2, and B2 inherits B1, both with functions funcB. B1.funcb if the code in a. jar is B1 ═ new B3 (). Static analysis only obtains the call of the A.jar, namely B1.funcB, namely a static call relation, and the call of the actual runtime is B3.funcB (), namely an actual call relation, namely a function call relation.
The dynamic injection refers to a method for injecting code logic into a third-party JAVA program on the premise of not modifying source codes.
104. And running the passive code file to obtain the function call relation of the first file package calling the second file package in running.
For example, the operation process of the passive code file may be monitored by the obtaining instruction, and when it is monitored that the first file package calls the second file package, the class name, the interface name, and/or the function name used when the first file package calls the second file package are obtained; and determining the function calling relation of the first file package calling the second file package according to the class name, the interface name and/or the function name of the function calling. For example, when an executable program (i.e., a passive code file) including a first package and a second package is run until the first package calls a function of the second package, a function call relationship that the first package calls the second package is output. And outputting the obtained function call relation to a log file when the obtained function call relation is obtained. That is, it may further include: and generating a log file according to the acquired function call relation.
The log file is a record file or a file set for recording system operation events, and can be divided into an event log and a message log. The method has important roles in processing historical data, tracing diagnosis problems, understanding system activities and the like. In a computer, a log file is a file that records events that occur while an operating system or other software is running or messages between different users of the communication software.
When a large number of passive code files need to be processed, in order to improve the efficiency of static traversal and dynamic injection, reduce the analysis workload and solve the problems of high complexity and low usability of development of a decompilation mode batch processing script, batch static analysis and batch dynamic injection of the large number of passive code files can be completed by compiling the batch processing script.
As can be seen from the above, in the embodiment of the present invention, an initial passive code file is first obtained, where the initial passive code file includes a first file package and a second file package called by the first file package, then the first file package is statically traversed to obtain a static calling relationship matching the second file package, then, when the second file package traverses to a calling relationship matching the static calling relationship, an obtaining instruction is dynamically injected into the second file package to obtain a passive code file, where the obtaining instruction is a code for obtaining a function calling relationship, and then the passive code file is run to obtain a function calling relationship in which the first file package calls the second file package during running; according to the scheme, the static calling relationship can be obtained through static traversal, and the accurate dynamic injection of the static calling relationship is obtained through the static traversal, so that the function calling relationship in operation is obtained, the dynamic injection amount is reduced, the influence on the operation efficiency and stability of the original program is reduced, and the accuracy of the analysis of the calling relationship in the passive code file is effectively improved.
The method described in the previous embodiment is further detailed by way of example.
In this embodiment, a device for analyzing a passive code file is specifically integrated in a terminal, the passive code file is specifically a file without source code after Java source code is compiled into a class file and packaged into a jar packet, and the passive code file analysis is specifically realized by using an ASM bytecode operating framework as an example for explanation.
As shown in fig. 2a, a method for analyzing a passive code file may specifically include the following steps:
201. the terminal acquires an initial passive code file, wherein the initial passive code file comprises a first Jar package and a second Jar package called by the first Jar package.
For example, the initial passive code file may be obtained from the network. The initial passive code file may include a first Jar package, a second Jar package called by the first Jar package, and the like.
202. And the terminal statically traverses the first Jar packet by using the ASM to obtain a static calling relation matched with the second Jar packet.
For example, the terminal may parse the class file in the first Jar package into a syntax tree through the ASM, and traverse all types of call logic and function call logic of the syntax tree to obtain a static class, interface, and function call relationship. That is, in order to solve the problem that the decompiled code needs to splice import to obtain the class name, an ASM tool can be used to parse the class file of the passive code into an abstract syntax tree, and the class visit method can traverse all types of use and function call of the class, where the types of use are all class full names. And matching according to the prefix of the called class package name by traversing the nodes of the abstract syntax tree, and outputting the full class name or the full interface name if the called class package name is a class type or interface type statement. If the function call is carried out, the class full name or the interface full name and the function name are output. For example, the flowchart of the static traversal may be as shown in fig. 2b, where the class adapter "classmadapter" and the class function adapter "MethodAdapter" are inherited in the ASM tool, all methods of the base class are rewritten, then the rewritten methods are subjected to matching verification, whether the methods match the second Jar package, and if the methods match, the called class name, interface name, and/or function name is output. The terminal can store the class name, the interface name and the function name obtained by static traversal in the memory.
The class classmapper class implements a class access "classmator" interface, which delegates the method call to another class visitor "classmator" object. The methoddapter class implements a class function visitor 'methodvisator' interface in which the access order of each class to access 'visitxx' is strictly specified. Rewriting is the rewriting of the implementation process of the method allowing access of the child class to the parent class, and the return value and the argument cannot be changed. I.e. shell unchanged, core overwrite.
Part of the code of the ASM syntax tree of a class may be as follows:
Figure BDA0002025544870000101
Figure BDA0002025544870000111
part of the code for rewriting all methods of the class classmapper can be as follows:
Figure BDA0002025544870000112
part of the code for rewriting all methods in the methodconnector class can be as follows:
Figure BDA0002025544870000113
203. and the terminal analyzes the second Jar packet by using the ASM to obtain a second syntax tree.
For example, the terminal may parse all classes in the second Jar packet through the ASM to obtain the second syntax tree, and traverse the second syntax tree.
204. And when the terminal traverses the second syntax tree to the calling relation matched with the static calling relation of the first Jar package, injecting an acquisition instruction to the second Jar package to obtain the passive code file.
For example, in order to reduce the injection amount, achieve accurate dynamic injection, and ensure the efficiency and stability of dynamic runtime, the class full name and the function full name on the inheritance link acquired from the static traversal may be matched in the syntax tree, and a code capable of outputting the function call relationship is injected. That is, when dynamically injecting into a called Jar or class, a code for obtaining a function call relationship is dynamically injected into a function entry implemented in a class that inherits a call class obtained by static traversal or an interface obtained by static traversal, the class file after the dynamic injection is completed is stored, and the second Jar package is repackaged to obtain a passive code file including the first Jar package and the repackaged second Jar package. For example, when traversing the second Jar package class abstract syntax tree by the ASM, judging whether the traversed class inherits and the implemented class has the class name and the interface name obtained by static traversal, if the class inherits the class obtained by static traversal or the interface obtained by static traversal is implemented, and if the method name texts are matched consistently, dynamically injecting a code for acquiring the function call relation at a function entry (MethodEnter).
The inherited classes and the implemented interface codes are obtained as follows:
Figure BDA0002025544870000121
for example, as shown in fig. 2c, the flowchart of dynamic injection may inherit a class adapter "classmadapter", rewrite an access function "visitMethod" method ", and inherit a notification adapter" adviceadaptater ", rewrite an injection function entry" onMethodEnter "method" to obtain a call relation in an ASM tool, then read a class, an interface, and a function obtained by static traversal, obtain a parent class name and an implemented interface name of a second Jar package, traverse function names in the class and the interface of the second Jar package, dynamically inject a code for obtaining the call relation, that is, an obtaining instruction, to the second Jar package when traversing a function name matching the function name of the first Jar package, save an injected obtaining instruction class (class) file, repackage the second Jar package, and obtain a passive code file including the first Jar package and the repackaged second Jar package.
205. And the terminal operates the passive code file and acquires a function call relation of the first Jar package calling the second Jar package during operation.
For example, the operation process of the passive code file may be monitored by the obtaining instruction, and when it is monitored that the first Jar package calls the second Jar package, the class name, the interface name, and/or the function name used when the first Jar package calls the second Jar package are obtained; and determining the function calling relation of the first Jar package calling the second Jar package according to the class name, the interface name and/or the function name of the function call. For example, when an executable program (i.e., a passive code file) including a first Jar package and a second Jar package is run until the first Jar package calls a function of the second Jar package, a function call relationship that the first Jar package calls the second Jar package is output. For example, as shown in fig. 2c, a passive code file injected into the class file is run, and then a run call relationship is obtained.
206. And the terminal generates a log file according to the acquired function call relation.
For example, the terminal may specifically output the log file when acquiring the running function call relationship, so that the terminal may view the function call relationship in which the first Jar package calls the second Jar package.
Because static traversal and accurate dynamic injection are both performed by traversing the ASM through the class abstract syntax tree, the core function is completed. In order to improve the efficiency of static traversal and dynamic injection, reduce the analysis workload and solve the problems of high development complexity and low usability of a decompilation mode batch processing script, when a large number of jar packages and class files need to be processed, a batch processing script can be written through writing codes to complete batch static analysis and batch dynamic injection on the large number of jar packages and files.
As can be seen from the above, in the embodiment of the present invention, an initial passive code file is first obtained, where the initial passive code file includes a first file package and a second file package called by the first file package, then the first file package is statically traversed to obtain a static calling relationship matching the second file package, then, when the second file package traverses to a calling relationship matching the static calling relationship, an obtaining instruction is dynamically injected into the second file package to obtain a passive code file, where the obtaining instruction is a code for obtaining a function calling relationship, and then the passive code file is run to obtain a function calling relationship in which the first file package calls the second file package during running; because the scheme can firstly obtain the static calling relationship through static traversal, and the static calling relationship accurate dynamic injection is obtained by relying on the static traversal, and repackage and run, when the function is called to the dynamic injection function during running, the injection code will output the calling relation during running, compared with the scheme of analyzing the calling relation after the source code is obtained by decompiling, the scheme can obtain more accurate running class function calling relation, effectively improve the accuracy of analyzing the calling relation in the passive code file, and the class and function execution accurate injection based on static analysis can reduce the dynamic injection amount, ensure the efficiency and stability during dynamic operation, facilitate the writing of codes and the batch processing of a large number of jar packets by the static analysis and dynamic injection modes, improve the efficiency of static traversal and dynamic injection, reduce the analysis workload and solve the problems of high development complexity and low usability of a decompilation mode batch processing script.
In order to better implement the above method, an embodiment of the present invention further provides an analysis apparatus for a passive code file, as shown in fig. 3, the analysis apparatus for a passive code file may include an obtaining unit 301, a static traversing unit 302, a dynamic injection unit 303, and an execution unit 304, as follows:
(1) an acquisition unit 301;
an obtaining unit 301 is configured to obtain an initial passive code file, where the initial passive code file includes a first bundle of files and a second bundle of files called by the first bundle of files.
For example, the obtaining unit 301 may specifically obtain, through a network, a passive code file, where the source code cannot be seen after the source code is compiled and packaged. The initial passive file may include a plurality of packages, and may include, for example, a first package and a second package that is called by the first package. There are many ways to obtain the initial passive code file, for example, the compiled passive code file may be obtained from a network, or the compiled passive code file may be obtained from various memories, and so on.
(2) A static traversal unit 302;
and a static traversal unit 302, configured to statically traverse the first file package to obtain a static call relationship matching the second file package.
For example, the static traversal unit 302 may specifically parse a class file of the passive code into a syntax tree through ASM, traverse all types of call logic and function call logic of the syntax tree, and obtain a static class, interface, and function call relationship. That is, in order to solve the problem that the decompiled code needs to splice import to obtain the class name, an ASM tool can be used to parse the class file of the passive code into an abstract syntax tree, and the class visit method can traverse all types of use and function call of the class, where the types of use are all class full names. Among them, import is mainly used in Java to import packets.
Optionally, in some embodiments, the static traversal unit may include a first parsing subunit and a first traversal subunit, as follows:
the first parsing subunit is used for parsing the first file packet to obtain a first syntax tree;
and the first traversal subunit is used for traversing the first syntax tree, matching the first syntax tree with the prefix of the called package name in the second file package, and obtaining a static calling relation matched with the second file package.
Optionally, in some embodiments, the static calling relationship includes a class full name, an interface full name, and/or a function name relationship, and the first traversal subunit is specifically configured to match a node of the first syntax tree with a prefix of a called class package name in the second file package; if the class statement is matched, acquiring a class full name; if the interface statement is matched, acquiring the full name of the interface; and if the function call is matched, acquiring the class full name and the function name, or acquiring the interface full name and the function name.
For example, the first traversal subunit may specifically perform matching according to the prefix of the called class package name by traversing the node of the abstract syntax tree, and output the class full name or the interface full name if the class type or the interface type is declared. If the function call is carried out, the class full name or the interface full name and the function name are output.
(3) A dynamic injection unit 303;
a dynamic injection unit 303, configured to dynamically inject an obtaining instruction into the second file package when the second file package traverses the static call relationship, where the obtaining instruction is a code for obtaining a function call relationship.
For example, the dynamic injection unit 303 may specifically use ASM to parse syntax trees of all classes of the second package, match full names of classes and full names of functions on the inheritance link acquired from the static traversal in the syntax trees, and inject a code capable of outputting a function call relationship. That is, when dynamically injecting the called jar or class, dynamically injecting a code for obtaining a function call relation into a function entry implemented in a class that inherits the calling class obtained by static traversal or an interface for achieving static traversal, storing the class file after dynamic injection is completed, and repackaging the second file package to obtain a passive code file comprising the first file package and the repackaged second file package.
Optionally, in some embodiments, the dynamic injection unit may include a second parsing subunit and a second traversal subunit, as follows:
the second parsing subunit is used for parsing the second file packet to obtain a second syntax tree;
and the second traversal subunit is used for traversing the second syntax tree, and injecting an acquisition instruction into the second file package to obtain the passive code file when traversing the call relation matched with the static call relation of the first file package.
Optionally, in some embodiments, the static calling relationship includes a class full name, an interface full name, and/or a function name relationship, and the second traversal subunit is specifically configured to obtain the class name and the interface name of the second file package; and traversing the class name and the function name in the interface name of the second file packet, and dynamically injecting an acquisition instruction into the second file packet to obtain the passive code file when traversing the function name matched with the function name of the first file packet.
(4) An operation unit 304;
the running unit 304 is configured to run the passive code file into which the obtaining instruction has been injected, and obtain a function call relationship in which the first file package calls the second file package by using the obtaining instruction.
Optionally, in some embodiments, the operation unit may include a monitoring subunit, an obtaining subunit, and a determining subunit, as follows:
the monitoring subunit is used for monitoring the operation process of the passive code file through the acquisition instruction;
the acquiring subunit is used for acquiring a class name, an interface name and/or a function name used when the first file package calls the second file package is monitored;
and the determining subunit is used for determining the function calling relationship of the first file package calling the second file package according to the class name, the interface name and/or the function name of the function call.
Optionally, in some embodiments, the apparatus for analyzing a passive code file may further include a generating unit, as follows:
and the generating unit is used for generating a log file according to the acquired function call relation.
In order to improve the efficiency of static traversal and dynamic injection, reduce the workload of analysis and solve the problems of high development complexity and low usability of a decompilation mode batch processing script, when a large number of passive code files need to be processed, batch static analysis and batch dynamic injection of the large number of passive code files can be completed by compiling the batch processing script.
In a specific implementation, the above units may be implemented as independent entities, or may be combined arbitrarily to be implemented as the same or several entities, and the specific implementation of the above units may refer to the foregoing method embodiments, which are not described herein again.
As can be seen from the above, in the embodiment of the present invention, an obtaining unit 301 obtains an initial passive code file, where the initial passive code file includes a first file package and a second file package called by the first file package, then a static traversing unit 302 statically traverses the first file package to obtain a static calling relationship matched with the second file package, then a dynamic injection unit 303 dynamically injects an obtaining instruction into the second file package when the second file package traverses the calling relationship matched with the static calling relationship to obtain a passive code file, where the obtaining instruction is a code for obtaining a function calling relationship, and then an operation unit 304 operates the passive code file to obtain a function calling relationship in which the first file package calls the second file package during operation; according to the scheme, the static calling relationship can be obtained through static traversal, and the accurate dynamic injection of the static calling relationship is obtained through the static traversal, so that the function calling relationship in operation is obtained, the dynamic injection amount is reduced, the influence on the operation efficiency and stability of the original program is reduced, and the accuracy of the analysis of the calling relationship in the passive code file is effectively improved.
Accordingly, an embodiment of the present invention further provides a terminal, as shown in fig. 4, the terminal may include Radio Frequency (RF) circuits 401, a memory 402 including one or more computer-readable storage media, an input unit 403, a display unit 404, a sensor 405, an audio circuit 406, a Wireless Fidelity (WiFi) module 407, a processor 408 including one or more processing cores, and a power supply 409. Those skilled in the art will appreciate that the terminal configuration shown in fig. 4 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components. Wherein:
the RF circuit 401 may be used for receiving and transmitting signals during a message transmission or communication process, and in particular, for receiving downlink information from a base station and then processing the received downlink information by the one or more processors 408; in addition, data relating to uplink is transmitted to the base station. In general, RF circuitry 401 includes, but is not limited to, an antenna, at least one Amplifier, a tuner, one or more oscillators, a Subscriber Identity Module (SIM) card, a transceiver, a coupler, a Low Noise Amplifier (LNA), a duplexer, and the like. In addition, RF circuitry 401 may also communicate with networks and other devices via wireless communications. The wireless communication may use any communication standard or protocol, including but not limited to Global System for Mobile communications (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), email, Short Message Service (SMS), and the like.
The memory 402 may be used to store software programs and modules, and the processor 408 executes various functional applications and data processing by operating the software programs and modules stored in the memory 402. The memory 402 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the terminal, etc. Further, the memory 402 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, the memory 402 may also include a memory controller to provide the processor 408 and the input unit 403 access to the memory 402.
The input unit 403 may be used to receive input numeric or character information and generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function control. In particular, in one particular embodiment, input unit 403 may include a touch-sensitive surface as well as other input devices. The touch-sensitive surface, also referred to as a touch display screen or a touch pad, may collect touch operations by a user (e.g., operations by a user on or near the touch-sensitive surface using a finger, a stylus, or any other suitable object or attachment) thereon or nearby, and drive the corresponding connection device according to a predetermined program. Alternatively, the touch sensitive surface may comprise two parts, a touch detection means and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts it to touch point coordinates, and sends the touch point coordinates to the processor 408, and can receive and execute commands from the processor 408. In addition, touch sensitive surfaces may be implemented using various types of resistive, capacitive, infrared, and surface acoustic waves. The input unit 403 may include other input devices in addition to the touch-sensitive surface. In particular, other input devices may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like.
The display unit 404 may be used to display information input by or provided to the user and various graphical user interfaces of the terminal, which may be made up of graphics, text, icons, video, and any combination thereof. The Display unit 404 may include a Display panel, and optionally, the Display panel may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like. Further, the touch-sensitive surface may overlay the display panel, and when a touch operation is detected on or near the touch-sensitive surface, the touch operation may be transmitted to the processor 408 to determine the type of touch event, and the processor 408 may then provide a corresponding visual output on the display panel based on the type of touch event. Although in FIG. 4 the touch-sensitive surface and the display panel are shown as two separate components to implement input and output functions, in some embodiments the touch-sensitive surface may be integrated with the display panel to implement input and output functions.
The terminal may also include at least one sensor 405, such as a light sensor, motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor that may adjust the brightness of the display panel according to the brightness of ambient light, and a proximity sensor that may turn off the display panel and/or the backlight when the terminal is moved to the ear. As one of the motion sensors, the gravity acceleration sensor can detect the magnitude of acceleration in each direction (generally three axes), can detect the magnitude and direction of gravity when stationary, and can be used for applications of identifying the gesture of a mobile phone (such as horizontal and vertical screen switching, related games, magnetometer gesture calibration), vibration identification related functions (such as pedometer and tapping), and the like; as for other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which can be configured in the terminal, detailed description is omitted here.
Audio circuitry 406, a speaker, and a microphone may provide an audio interface between the user and the terminal. The audio circuit 406 may transmit the electrical signal converted from the received audio data to a speaker, and convert the electrical signal into a sound signal for output; on the other hand, the microphone converts the collected sound signal into an electric signal, which is received by the audio circuit 406 and converted into audio data, which is then processed by the audio data output processor 408, and then transmitted to, for example, another terminal via the RF circuit 401, or the audio data is output to the memory 402 for further processing. The audio circuitry 406 may also include an earbud jack to provide peripheral headset communication with the terminal.
WiFi belongs to a short-distance wireless transmission technology, and the terminal can help a user to receive and send emails, browse webpages, access streaming media and the like through the WiFi module 407, and provides wireless broadband internet access for the user. Although fig. 4 shows the WiFi module 407, it is understood that it does not belong to the essential constitution of the terminal, and may be omitted entirely as needed within the scope not changing the essence of the invention.
The processor 408 is a control center of the terminal, connects various parts of the entire handset using various interfaces and lines, and performs various functions of the terminal and processes data by operating or executing software programs and/or modules stored in the memory 402 and calling data stored in the memory 402, thereby integrally monitoring the handset. Optionally, processor 408 may include one or more processing cores; preferably, the processor 408 may integrate an application processor, which handles primarily the operating system, user interface, applications, etc., and a modem processor, which handles primarily the wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 408.
The terminal also includes a power source 409 (e.g., a battery) for powering the various components, which may preferably be logically coupled to the processor 408 via a power management system that may be used to manage charging, discharging, and power consumption. The power supply 409 may also include any component of one or more dc or ac power sources, recharging systems, power failure detection circuitry, power converters or inverters, power status indicators, and the like.
Although not shown, the terminal may further include a camera, a bluetooth module, and the like, which will not be described herein. Specifically, in this embodiment, the processor 408 in the terminal loads the executable file corresponding to the process of one or more application programs into the memory 402 according to the following instructions, and the processor 408 runs the application programs stored in the memory 402, thereby implementing various functions:
the method comprises the steps of obtaining an initial passive code file, wherein the initial passive code file comprises a first file package and a second file package called by the first file package, then statically traversing the first file package to obtain a static calling relation matched with the second file package, then dynamically injecting an obtaining instruction into the second file package when the second file package traverses the calling relation matched with the static calling relation to obtain a passive code file, wherein the obtaining instruction is a code for obtaining a function calling relation, and then operating the passive code file to obtain the function calling relation of the first file package calling the second file package during operation.
The above operations can be implemented in the foregoing embodiments, and are not described in detail herein.
As can be seen from the above, in the embodiment of the present invention, an initial passive code file is obtained first, where the initial passive code file includes a first file package and a second file package called by the first file package, then the first file package is statically traversed to obtain a static calling relationship matched with the second file package, then, when the second file package is traversed to a calling relationship matched with the static calling relationship, an obtaining instruction is dynamically injected into the second file package to obtain a passive code file, where the obtaining instruction is a code for obtaining a function calling relationship, and then the passive code file is run to obtain a function calling relationship in which the first file package calls the second file package when running; according to the scheme, the static calling relationship can be obtained through static traversal, and the accurate dynamic injection of the static calling relationship is obtained through the static traversal, so that the function calling relationship in operation is obtained, the dynamic injection amount is reduced, the influence on the operation efficiency and stability of the original program is reduced, and the accuracy of the analysis of the calling relationship in the passive code file is effectively improved.
It will be understood by those skilled in the art that all or part of the steps of the methods of the above embodiments may be performed by instructions or by associated hardware controlled by the instructions, which may be stored in a computer readable storage medium and loaded and executed by a processor.
To this end, an embodiment of the present invention further provides a storage medium, in which a plurality of instructions are stored, where the instructions can be loaded by a processor to perform the steps in any one of the methods for analyzing a passive code file provided by the embodiments of the present invention. For example, the instructions may perform the steps of:
the method comprises the steps of obtaining an initial passive code file, wherein the initial passive code file comprises a first file package and a second file package called by the first file package, then statically traversing the first file package to obtain a static calling relation matched with the second file package, then dynamically injecting an obtaining instruction into the second file package when the second file package traverses the calling relation matched with the static calling relation to obtain a passive code file, wherein the obtaining instruction is a code for obtaining a function calling relation, and then operating the passive code file to obtain the function calling relation of the first file package calling the second file package during operation.
The above operations can be implemented in the foregoing embodiments, and are not described in detail herein.
Wherein the storage medium may include: read Only Memory (ROM), Random Access Memory (RAM), magnetic or optical disks, and the like.
Since the instructions stored in the storage medium may execute the steps in any of the methods for analyzing a passive code file provided in the embodiments of the present invention, the beneficial effects that can be achieved by any of the methods for analyzing a passive code file provided in the embodiments of the present invention can be achieved, which are detailed in the foregoing embodiments and will not be described herein again.
The foregoing describes in detail a method, an apparatus, and a storage medium for analyzing a passive code file according to an embodiment of the present invention, and a specific example is applied in the present disclosure to explain the principle and the implementation of the present invention, and the description of the foregoing embodiment is only used to help understanding the method and the core idea of the present invention; meanwhile, for those skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (10)

1. A method for analyzing a passive code file is characterized by comprising the following steps:
acquiring an initial passive code file, wherein the initial passive code file comprises a first file package and a second file package called by the first file package;
statically traversing the first file package to obtain a static calling relation matched with a second file package;
when the second file packet traverses to a calling relation matched with the static calling relation, dynamically injecting an acquisition instruction into the second file packet to obtain a passive code file, wherein the acquisition instruction is a code for acquiring a function calling relation, and the matching mode in the second file packet is a class full name and a function full name which are matched with an inheritance link acquired from the static traversal;
and running the passive code file to obtain a function call relation of the first file package calling the second file package in running.
2. The method of claim 1, wherein statically traversing the first bundle of files for a static calling relationship matching a second bundle of files comprises:
analyzing the first file packet to obtain a first syntax tree;
and traversing the first syntax tree, and matching the nodes of the first syntax tree with the prefixes of the called package names in the second file package to obtain a static calling relation matched with the second file package.
3. The method according to claim 2, wherein the static calling relationship comprises a class full name, an interface full name and/or a function name relationship, and the matching the node of the first syntax tree with the prefix of the called class package name in the second file package to obtain the static calling relationship matched with the second file package comprises:
matching the nodes of the first syntax tree with the prefixes of the called package names in the second file package;
if the class statement is matched, acquiring a class full name;
if the interface statement is matched, acquiring the full name of the interface;
and if the function call is matched, acquiring the class full name and the function name, or acquiring the interface full name and the function name.
4. The method of claim 1, wherein dynamically injecting a fetch instruction into the second bundle of files to obtain the passive code file when the second bundle of files traverses to the call relation matching the static call relation comprises:
analyzing the second file packet to obtain a second syntax tree;
and traversing the second syntax tree, and when traversing to a calling relation matched with the static calling relation of the first file package, injecting an acquisition instruction to the second file package to obtain the passive code file.
5. The method of claim 4, wherein the static call relations comprise class full name, interface full name and/or function name relations, and the traversing the second syntax tree dynamically injects a fetch instruction into the second package to obtain the passive code file when traversing the call relations matching the static call relations of the first package, including:
acquiring a class name and an interface name of a second file package;
and traversing the class name and the function name in the interface name of the second file packet, and dynamically injecting an acquisition instruction into the second file packet to obtain the passive code file when traversing the function name matched with the function name of the first file packet.
6. The method according to any one of claims 1 to 5, wherein the obtaining a function call relation in which the first portfolio calls the second portfolio at runtime comprises:
monitoring the operation process of the passive code file through the acquisition instruction;
when the first file package calls the second file package, acquiring a class name, an interface name and/or a function name used when the first file package calls the second file package;
and determining the function call relation of the first file package calling the second file package according to the class name, the interface name and/or the function name of the function call.
7. The method according to any one of claims 1 to 5, wherein after the running the passive code file and obtaining the function call relation that the first file package calls the second file package at the running, the method further comprises:
and generating a log file according to the acquired function call relation.
8. An apparatus for analyzing a passive code file, comprising:
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring a passive code file to be analyzed, and the passive code file is a passive code file and comprises a first file package and a second file package called by the first file package;
the static traversing unit is used for statically traversing the first file package to obtain a static calling relation matched with the second file package;
the dynamic injection unit is used for dynamically injecting an acquisition instruction into the second file package when the second file package traverses to the static calling relationship, wherein the acquisition instruction is a code for acquiring the function calling relationship, and the matching mode in the second file package is a class full name and a function full name which are matched with the inheritance link acquired from the static traversal;
and the operation unit is used for operating the passive code file injected with the acquisition instruction and obtaining a function call relation of the first file package calling the second file package by using the acquisition instruction.
9. The apparatus of claim 8, further comprising:
and the generating unit is used for generating a log file according to the acquired function call relation.
10. A storage medium storing a plurality of instructions adapted to be loaded by a processor to perform the steps of the method for parsing a passive code file according to any of claims 1 to 7.
CN201910293013.5A 2019-04-12 2019-04-12 Analysis method and device for passive code file and storage medium Active CN110032394B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910293013.5A CN110032394B (en) 2019-04-12 2019-04-12 Analysis method and device for passive code file and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910293013.5A CN110032394B (en) 2019-04-12 2019-04-12 Analysis method and device for passive code file and storage medium

Publications (2)

Publication Number Publication Date
CN110032394A CN110032394A (en) 2019-07-19
CN110032394B true CN110032394B (en) 2022-05-31

Family

ID=67238154

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910293013.5A Active CN110032394B (en) 2019-04-12 2019-04-12 Analysis method and device for passive code file and storage medium

Country Status (1)

Country Link
CN (1) CN110032394B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113110842A (en) * 2020-07-08 2021-07-13 马森 Software bytecode homology analysis method, device and equipment

Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101968766A (en) * 2010-10-21 2011-02-09 上海交通大学 System for detecting software bug triggered during practical running of computer program
CN102880493A (en) * 2012-09-25 2013-01-16 南京大学 Method for automatically analyzing dynamic dependency relationship between members
CN103365774A (en) * 2013-08-22 2013-10-23 北京航空航天大学 Transient error detection method based on function call relationship
CN104346148A (en) * 2013-07-30 2015-02-11 阿里巴巴集团控股有限公司 Method, device and system for acquiring program performance consumption information
CN104657258A (en) * 2013-11-21 2015-05-27 腾讯科技(深圳)有限公司 Method and device for injecting Java bit codes into target process
US9223554B1 (en) * 2012-04-12 2015-12-29 SourceDNA, Inc. Recovering source code structure from program binaries
CN105677311A (en) * 2014-11-21 2016-06-15 卓望数码技术(深圳)有限公司 Identification method and device for function call relationships
CN106547520A (en) * 2015-09-16 2017-03-29 腾讯科技(深圳)有限公司 A kind of code path analysis method and device
WO2017087801A1 (en) * 2015-11-20 2017-05-26 Google Inc. Dynamic update of an application in compilation and deployment
CN107092488A (en) * 2017-03-31 2017-08-25 武汉斗鱼网络科技有限公司 It is a kind of that application is carried out to bury realization method and system a little without intrusionization
CN107729015A (en) * 2017-09-12 2018-02-23 阿里巴巴集团控股有限公司 A kind of method and apparatus for determining the useless function in engineering code
CN108021411A (en) * 2017-12-06 2018-05-11 国网江苏省电力有限公司电力科学研究院 A kind of discovery system of calling service relation and discovery method
CN108153530A (en) * 2017-12-26 2018-06-12 网易(杭州)网络有限公司 Optimization method, device, storage medium, processor and the terminal of bytecode
CN108874470A (en) * 2017-05-11 2018-11-23 腾讯科技(深圳)有限公司 A kind of information processing method and server, computer storage medium
KR20180129623A (en) * 2017-05-26 2018-12-05 충남대학교산학협력단 Apparatus for statically analyzing assembly code including assoxiated multi files
CN109445880A (en) * 2018-10-23 2019-03-08 数贸科技(北京)有限公司 Transmission method, device and the electronic equipment of cross-thread calls chain context

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8745584B2 (en) * 2007-05-03 2014-06-03 International Business Machines Corporation Dependency injection by static code generation
US8612930B2 (en) * 2009-01-30 2013-12-17 Oracle America, Inc. Methods and apparatus for dynamic class reloading and versioning
EP2486482B1 (en) * 2009-10-08 2018-02-28 Irdeto B.V. A system and method for aggressive self-modification in dynamic function call systems
WO2012076557A1 (en) * 2010-12-06 2012-06-14 Flexycore Method for compiling an intermediate code of an application
US9087191B2 (en) * 2012-08-24 2015-07-21 Vmware, Inc. Method and system for facilitating isolated workspace for applications
US9798557B2 (en) * 2012-08-24 2017-10-24 Ca, Inc. Injection of updated classes for a java agent
US9170908B2 (en) * 2012-12-14 2015-10-27 Salesforce.Com, Inc. System and method for dynamic analysis bytecode injection for application dataflow
US9378034B2 (en) * 2013-05-16 2016-06-28 Sap Se Dynamic bytecode modification of classes and class hierarchies
US9934128B2 (en) * 2013-11-14 2018-04-03 Red Hat, Inc. Dynamic per-method probing during runtime
US9218169B2 (en) * 2013-11-19 2015-12-22 Google Inc. Callpath finder
KR101757407B1 (en) * 2015-06-11 2017-07-12 라인 가부시키가이샤 Apparatus, method and computer program for merging binary files
KR101987048B1 (en) * 2017-09-15 2019-06-10 주식회사 티맥스 소프트 Easy-to-use type of compile-time dependency injection method and device in the java platform

Patent Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101968766A (en) * 2010-10-21 2011-02-09 上海交通大学 System for detecting software bug triggered during practical running of computer program
US9223554B1 (en) * 2012-04-12 2015-12-29 SourceDNA, Inc. Recovering source code structure from program binaries
CN102880493A (en) * 2012-09-25 2013-01-16 南京大学 Method for automatically analyzing dynamic dependency relationship between members
CN104346148A (en) * 2013-07-30 2015-02-11 阿里巴巴集团控股有限公司 Method, device and system for acquiring program performance consumption information
CN103365774A (en) * 2013-08-22 2013-10-23 北京航空航天大学 Transient error detection method based on function call relationship
CN104657258A (en) * 2013-11-21 2015-05-27 腾讯科技(深圳)有限公司 Method and device for injecting Java bit codes into target process
CN105677311A (en) * 2014-11-21 2016-06-15 卓望数码技术(深圳)有限公司 Identification method and device for function call relationships
CN106547520A (en) * 2015-09-16 2017-03-29 腾讯科技(深圳)有限公司 A kind of code path analysis method and device
WO2017087801A1 (en) * 2015-11-20 2017-05-26 Google Inc. Dynamic update of an application in compilation and deployment
CN107092488A (en) * 2017-03-31 2017-08-25 武汉斗鱼网络科技有限公司 It is a kind of that application is carried out to bury realization method and system a little without intrusionization
CN108874470A (en) * 2017-05-11 2018-11-23 腾讯科技(深圳)有限公司 A kind of information processing method and server, computer storage medium
KR20180129623A (en) * 2017-05-26 2018-12-05 충남대학교산학협력단 Apparatus for statically analyzing assembly code including assoxiated multi files
CN107729015A (en) * 2017-09-12 2018-02-23 阿里巴巴集团控股有限公司 A kind of method and apparatus for determining the useless function in engineering code
CN108021411A (en) * 2017-12-06 2018-05-11 国网江苏省电力有限公司电力科学研究院 A kind of discovery system of calling service relation and discovery method
CN108153530A (en) * 2017-12-26 2018-06-12 网易(杭州)网络有限公司 Optimization method, device, storage medium, processor and the terminal of bytecode
CN109445880A (en) * 2018-10-23 2019-03-08 数贸科技(北京)有限公司 Transmission method, device and the electronic equipment of cross-thread calls chain context

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
基于QEMU的动态函数调用跟踪;向勇等;《计算机研究与发展》;20170715(第07期);全文 *
基于动态调用图的Java程序修改影响分析技术;刘震等;《湖南师范大学自然科学学报》;20111228(第06期);全文 *
基于开放编译的面向对象程序静态分析器;刘鹏飞等;《计算机应用研究》;20080915(第09期);全文 *
对AspectJ获取逆向工程所需基本信息的研究;马等;《计算机系统应用》;20110215(第02期);全文 *
隐式API调用行为的静态检测方法;付文等;《计算机工程》;20100720(第14期);全文 *

Also Published As

Publication number Publication date
CN110032394A (en) 2019-07-19

Similar Documents

Publication Publication Date Title
CN105404585B (en) Obtain the method and device of code coverage
CN106970790B (en) Application program creating method, related equipment and system
US9800609B2 (en) Method, device and system for detecting malware in a mobile terminal
US10186244B2 (en) Sound effect processing method and device, plug-in unit manager and sound effect plug-in unit
CN111176961B (en) Application program testing method and device and storage medium
CN106502703B (en) Function calling method and device
CN109857403B (en) Page updating method and device, page processing method and device
CN110716715A (en) Application program development method, device, equipment and medium
CN110058850B (en) Application development method and device and storage medium
CN104965722B (en) A kind of method and device of display information
CN111723002A (en) Code debugging method and device, electronic equipment and storage medium
CN109800030B (en) Application program running method and device and terminal
CN108595218A (en) A kind of method and apparatus of loading system dynamic base
CN112667223A (en) Method and device for generating component configuration table, electronic equipment and storage medium
CN106708555B (en) A kind of method and apparatus loading plug-in unit
CN112527386B (en) Application program issuing method and device
CN109145598B (en) Virus detection method and device for script file, terminal and storage medium
CN106919458B (en) Method and device for Hook target kernel function
CN108664389B (en) Test method, test device and terminal
CN111273955A (en) Thermal restoration plug-in optimization method and device, storage medium and electronic equipment
CN110032394B (en) Analysis method and device for passive code file and storage medium
CN106230919B (en) File uploading method and device
CN111562910A (en) Packaging method and related equipment
CN107918583B (en) Script dynamic debugging method, device and terminal
CN115600213A (en) Vulnerability management method, device, medium and equipment based on application program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant