CN110378107A - A kind of method and relevant apparatus of installation kit detection - Google Patents
A kind of method and relevant apparatus of installation kit detection Download PDFInfo
- Publication number
- CN110378107A CN110378107A CN201910679524.0A CN201910679524A CN110378107A CN 110378107 A CN110378107 A CN 110378107A CN 201910679524 A CN201910679524 A CN 201910679524A CN 110378107 A CN110378107 A CN 110378107A
- Authority
- CN
- China
- Prior art keywords
- function
- pseudocode
- source code
- installation
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000009434 installation Methods 0.000 title claims abstract description 236
- 238000001514 detection method Methods 0.000 title claims abstract description 69
- 238000000034 method Methods 0.000 title claims abstract description 46
- 230000006870 function Effects 0.000 claims abstract description 291
- 238000012360 testing method Methods 0.000 claims abstract description 26
- 238000004590 computer program Methods 0.000 claims description 3
- 230000008901 benefit Effects 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 12
- 238000012545 processing Methods 0.000 description 7
- 230000006854 communication Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 238000006243 chemical reaction Methods 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 2
- 238000012905 input function Methods 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 239000011800 void material Substances 0.000 description 2
- 230000001133 acceleration Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000005314 correlation function Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000005484 gravity Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 238000012805 post-processing Methods 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000010897 surface acoustic wave method Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
- 238000011179 visual inspection Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
Abstract
The embodiment of the present application provides the method and relevant apparatus of a kind of installation kit detection, can reduce the detection time used, improve detection efficiency.Wherein, this method comprises: obtaining the first installation file of installation kit, the first installation file includes multiple Advanced Reduced Instruction Set machine ARM instructions, the corresponding source code function of at least one ARM instruction;Dis-assembling is carried out to the first installation file, obtains the second installation file, the second installation file includes multiple pseudocode functions, and a pseudocode function corresponds at least one ARM instruction;Multiple pseudocode functions are detected, the target pseudocode function there are risk is obtained;Target source code function corresponding with target pseudocode function is determined in multiple source code functions;Installation kit testing result is exported, installation kit testing result includes the detection information of target source code function.
Description
Technical field
A kind of method and relevant apparatus detected this application involves field of computer technology more particularly to installation kit.
Background technique
Code quality is most important for a software, especially game item.Since source code belongs to secret letter
Breath, in the carry out code risk supervision to game item, usually can not directly detect source code.Therefore, game is transported
Battalion personnel determine that the source code for generating the installation kit is generally by carrying out code risk supervision to the file in installation kit
No there are risks, to judge the risk situation of game item.
The prior art can extract installation file in installation kit, which is usually binary file, and this article
Part includes multiple Advanced Reduced Instruction Set machines (advanced risc machines, ARM) instruction and each ARM instruction pair
The address answered, operation personnel is by detecting each ARM instruction, if having found the ARM instruction there are risk, passes through the part
The corresponding address of ARM instruction determines corresponding source code, and then there are risks for the determining part of original code, to complete to installation kit
Risk supervision.
However, in installation kit detection process, due to causing operation personnel right more than ARM instruction quantity and type is many and diverse
ARM instruction carries out overlong time spent when risk supervision, and detection efficiency is lower.
Summary of the invention
The embodiment of the present application provides the method and relevant apparatus of a kind of installation kit detection, when can reduce used in detection
Between, improve detection efficiency.
The embodiment of the present application first aspect provides a kind of method of installation kit detection, comprising:
The first installation file of installation kit is obtained, first installation file includes multiple Advanced Reduced Instruction Set machines
ARM instruction, the corresponding source code function of at least one ARM instruction;
Dis-assembling is carried out to first installation file, obtains the second installation file, second installation file includes more
A pseudocode function, a pseudocode function correspond at least one described ARM instruction;
The multiple pseudocode function is detected, the target pseudocode function there are risk is obtained;
Target source code function corresponding with the target pseudocode function is determined in multiple source code functions;
Installation kit testing result is exported, the installation kit testing result includes the detection letter of the target source code function
Breath.
The embodiment of the present application second aspect provides a kind of device of installation kit detection, comprising:
First obtains module, and for obtaining the first installation file of installation kit, first installation file includes multiple ARM
Instruction, the corresponding source code function of at least one ARM instruction;
Dis-assembling module obtains the second installation file for carrying out dis-assembling to first installation file, and described second
Installation file includes multiple pseudocode functions, and a pseudocode function corresponds at least one described ARM instruction;
Detection module obtains the target pseudocode letter there are risk for detecting to the multiple pseudocode function
Number;
Determining module, for determining target source generation corresponding with the target pseudocode function in multiple source code functions
Code function;
Output module, for exporting installation kit testing result, the installation kit testing result includes the target source code
The detection information of function.
Based on second aspect, in the embodiment of the present application in the first implementation of second aspect, the first installation text
Part further includes multiple assembly instruction addresses, the corresponding assembly instruction address of an ARM instruction, at least one described assembly instruction
Address also corresponds to one source code function.
Based on second aspect, in the embodiment of the present application in second of implementation of second aspect, the detection module is also
For:
Double linked list is constructed according to the multiple pseudocode function, each node of the double linked list is pseudocode function
One syntactic element;
The double linked list is detected, the target pseudocode function there are risk is obtained.
Second of implementation based on second aspect, the third implementation of second aspect in the embodiment of the present application
In, the detection module is also used to:
Double linked list is constructed according to the multiple pseudocode function, each node of the double linked list is pseudocode function
One syntactic element;
If the double linked list has feature of risk code will be with the feature of risk code pair in the double linked list
The pseudocode function answered is determined as the target pseudocode function there are risk.
The first implementation based on second aspect, the 4th kind of implementation of second aspect in the embodiment of the present application
In, described device further include:
Second obtains module, for obtaining the third installation file of the installation kit;
Third obtains module, for obtaining between assembly instruction address and source code function from the third installation file
Corresponding relationship;
The function name of the target pseudocode function includes target assembly instruction address, and the determining module is also used to:
Based on the corresponding relationship between the address and source code function, the determining and mesh in multiple source code functions
Mark the corresponding target source code function in address.
Based on any one of the first of second aspect or second aspect implementation to the 4th kind of implementation, originally
Apply in embodiment in the 5th kind of implementation of second aspect, described device further include:
4th obtains module, for obtaining the 4th installation file of the installation kit;
Decompilation module obtains first installation file for carrying out decompiling to the 4th installation file.
The embodiment of the present application third aspect provides a kind of terminal device, comprising: memory, transceiver, processor and total
Linear system system;
Wherein, the memory is for storing program;
The processor is used to execute the program in the memory, includes the following steps:
The first installation file of installation kit is obtained, first installation file includes multiple ARM instructions, at least one ARM
Instruct a corresponding source code function;
Dis-assembling is carried out to first installation file, obtains the second installation file, second installation file includes more
A pseudocode function, a pseudocode function correspond at least one described ARM instruction;
The multiple pseudocode function is detected, the target pseudocode function there are risk is obtained;
Target source code function corresponding with the target pseudocode function is determined in multiple source code functions;
Installation kit testing result is exported, the installation kit testing result includes the detection letter of the target source code function
Breath;
The bus system is for connecting the memory and the processor, so that the memory and the place
Reason device is communicated.
The embodiment of the present application fourth aspect provides a kind of computer readable storage medium, including instruction, when it is in computer
When upper operation, so that computer executes the side as described in the possible implementation of any one in second aspect or second aspect
Method.
The 5th a kind of computer program product comprising instruction of aspect of the embodiment of the present application, when it runs on computers
When, so that computer executes the method as described in the possible implementation of any one in second aspect or second aspect.
As can be seen from the above technical solutions, the embodiment of the present application has the advantage that
The embodiment of the present application provides a kind of method of installation kit detection, comprising: the first installation file of installation kit is obtained,
First installation file includes multiple Advanced Reduced Instruction Set machine ARM instructions, the corresponding source code letter of at least one ARM instruction
Then number carries out dis-assembling to the first installation file, obtains the second installation file, the second installation file includes multiple pseudocode letters
Number, a pseudocode function corresponds at least one ARM instruction, then detects to multiple pseudocode functions, obtains that there are risks
Target pseudocode function, and corresponding with target pseudocode function target source code letter is determined in multiple source code functions
Number finally exports installation kit testing result, and installation kit testing result includes the detection information of target source code function.The application is real
Example is applied by carrying out dis-assembling to obtain the second installation file, i.e., by the ARM in the first installation file to the first installation file
The pseudocode function being converted into the second installation file is instructed, because each pseudocode function is turned by least one ARM instruction
Generation is changed, the code structure in installation file is simplified and reduces code quantity, therefore in the risk supervision mistake of pseudocode function
Cheng Zhong can rapidly find out the target pseudocode there are risk since the code structure of pseudocode function is simplified and negligible amounts
Function, and then target source code function is determined to complete the detection of installation kit, the detection time used can be reduced, detection is improved
Efficiency.
Detailed description of the invention
Fig. 1 is a flow diagram of the method for installation kit detection in the embodiment of the present application;
Fig. 2 is the schematic diagram of the first installation file in the embodiment of the present application;
Fig. 3 is the schematic diagram of the second installation file in the embodiment of the present application;
Fig. 4 is the schematic diagram of the embodiment of the present application double center chain table;
Fig. 5 is a structural schematic diagram of the device of installation kit detection in the embodiment of the present application;
Fig. 6 is the structural block diagram of terminal device provided by the embodiments of the present application.
Specific embodiment
The embodiment of the present application provides the method and relevant apparatus of a kind of installation kit detection, when can reduce used in detection
Between, improve detection efficiency.
The description and claims of this application and term " first ", " second ", " third ", " in above-mentioned attached drawing
The (if present)s such as four " are to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should manage
The data that solution uses in this way are interchangeable under appropriate circumstances, so that embodiments herein described herein for example can be to remove
Sequence other than those of illustrating or describe herein is implemented.In addition, term " includes " and " corresponding to " and their times
What is deformed, it is intended that cover it is non-exclusive include, for example, contain the process, method of a series of steps or units, system,
Product or equipment those of are not necessarily limited to be clearly listed step or unit, but may include be not clearly listed or for
The intrinsic other step or units of these process, methods, product or equipment.
It should be understood that the application, which is applied to software project, detects scene, specifically, the software item visual inspection in the embodiment of the present application
Scene is surveyed to be often referred to carry out the code quality of software project the scene of risk supervision.In such as a game item, code quality
It will have a direct impact on operation, the interface display of game etc. function, therefore, game operation personnel needs to detect the code of game item
Risk situation.
However, the source code of game item typically belongs to confidential information, therefore operation personnel can not directly carry out source code
Detection.Operation personnel can be by carrying out code risk supervision to the file in game item installation kit, and then determines to generate and be somebody's turn to do
The source code of installation kit whether there is risk, to judge the risk situation of game item.
It should be noted that the installation kit in the embodiment of the present application can be applied to various systems, such as Android system, IOS
System etc. illustrates to be introduced using the installation kit on Android system as example below.Further, which can be with
For the installation kit handled by script post-processing technology game item code.
Referring to Fig. 1, Fig. 1 is a flow diagram of the method for installation kit detection in the embodiment of the present application, such as Fig. 1 institute
Show, the one embodiment for the method that installation kit detects in the embodiment of the present application, which includes:
101, the first installation file of installation kit is obtained, the first installation file includes multiple ARM instructions, at least one ARM
Instruct a corresponding source code function;
When needing to carry out code risk supervision to game item, the installation kit of the game item can be first obtained, is such as pacified
Tall and erect installation kit (androidpackage).Based on the installation kit, the first installation file of available installation kit, first installation
File includes multiple ARM instructions, the corresponding source code function of at least one ARM instruction.
It should be noted that the function that the source code function in the present embodiment is constituted for the source code of generation installation kit.
Source code needed for installation kit as generating a game item is more various, therefore the quantity of source code function is usually more
It is a.First installation file is binary file, and it includes multiple ARM instructions, each ARM instruction is that binary language is compiled
The instruction write, therefore ARM instruction quantity in the first installation file is more and type is complicated.
There is corresponding relationship, specifically, a source code between ARM instruction in first installation file and source code function
Function has corresponded at least one ARM instruction.
102, dis-assembling is carried out to the first installation file, obtains the second installation file, the second installation file includes multiple puppets
Code function, a pseudocode function correspond at least one ARM instruction;
After obtaining the first installation file, dis-assembling is carried out to the first installation file, obtains the installation of pseudocode file i.e. second
File.It is understood that by carrying out dis-assembling i.e. for the binary language in the first installation file to the first installation file
It is converted into high-level language, such as C language (the c programming language), therefore is contained in the second installation file more
A pseudocode function write by high-level language, wherein each pseudocode function corresponds at least one ARM instruction, i.e., one
A pseudocode function is converted by least one ARM instruction.
In the present embodiment, due between pseudocode function and ARM instruction there are corresponding relationship, and ARM instruction and source code
There are corresponding relationships between function, and therefore, there is also corresponding relationships between pseudocode function and source code function.
By the operation of dis-assembling, numerous ARM instructions of the first installation file are converted into the multiple of the second installation file
Pseudocode function, since a pseudocode function can correspond at least one ARM instruction, therefore the second installation file is presented
For code, simplifies the code structure in file and reduce code quantity.
103, multiple pseudocode functions are detected, obtains the target pseudocode function there are risk;
After obtaining the second installation file, then code risk is carried out respectively to multiple pseudocode functions in the second installation file
Detection, however, it is determined that there are the pseudocode functions of risk, then pseudocode function is determined as target pseudocode function by the part.
It should be understood that the quantity of the target pseudocode function in the present embodiment can be one, or it is multiple, herein not
It is limited.
104, target source code function corresponding with target pseudocode function is determined in multiple source code functions;
Based on the corresponding relationship between pseudocode function and source code function, determining that there are the target pseudocode letters of risk
After number, target source code function corresponding with target pseudocode function can be being determined in multiple source code functions.
105, installation kit testing result is exported, installation kit testing result includes the detection information of target source code function.
After determining target source code function, that is, determining the code to go wrong in source code, then complete at this time
The detection of installation kit, can export installation kit testing result, wherein installation kit testing result includes target source code function
Detection information, the function name and the risk in the presence of the function for such as including target source code.
The present embodiment is by carrying out dis-assembling to obtain the second installation file, i.e., by the first installation to the first installation file
ARM instruction in file is converted into the pseudocode function in the second installation file, because each pseudocode function is by least one
A ARM instruction conversion generates, and simplifies the code structure in installation file and reduces code quantity, therefore in pseudocode function
During risk supervision, since the code structure of pseudocode function is simplified and negligible amounts, it can rapidly find out that there are risks
Target pseudocode function, and then target source code function is determined to complete the detection of installation kit, when can reduce used in detection
Between, improve detection efficiency.
Optionally, based on embodiment corresponding to Fig. 1, in the embodiment of the present application one of the method for installation kit detection it is optional
In embodiment, before the first installation file for obtaining installation kit further include:
Obtain the 4th installation file of installation kit;
Decompiling is carried out to the 4th installation file, obtains the first installation file.
In the present embodiment, after obtaining installation kit, it will usually pass through interactive disassembler professional version (interactive
Disassembler professional, IDA) installation kit is decompressed to obtain the 4th installation file, the 4th installation file is
The original document of installation kit, it includes code be not generally available for risk supervision, therefore the 4th installation file can be carried out anti-
Compiling, obtains the first installation file in above-described embodiment.
For example, can decompress the installation kit after obtaining an Android installation kit and obtain libil2cpp.so file, and is right
Libil2cpp.so file carries out decompiling and obtains binary file.It is understood that including more in the binary file
Binary instruction row corresponding to a source code function, i.e., in multiple source code functions for generating installation kit, each source
Code function can map in a certain partial binary dos command line DOS in the binary file, and each binary instruction row
It may include an assembly instruction address and an ARM instruction.
Fig. 2 is the schematic diagram of the first installation file in the embodiment of the present application, referring to Fig. 2, with one of source code letter
It is illustrated for number A, source code function A maps to the entitled sub_45044c of the function in binary file, and in the function
Sub_45044c include multirow binary instruction row (the partial binary dos command line DOS of function sub_45044c is only shown in Fig. 2, by
Limit in length, omit another part binary instruction row), every a line includes that an assembly instruction address and an ARM refer to
It enables.
As shown in Figure 2, after each source code Function Mapping to the first installation file, multiple ARM can be corresponded to and referred to
It enables, and the corresponding assembly instruction address of each ARM instruction.
It should be understood that the function sub_45044c in Fig. 2 only plays exemplary illustration, not in the embodiment of the present application
The Composition of contents limitation that binary file (i.e. the first installation file) is included.
Optionally, based on each embodiment corresponding to Fig. 1, one of the method for installation kit detection in the embodiment of the present application
In alternative embodiment, this method further include:
Obtain the third installation file of installation kit;
From the corresponding relationship obtained in third installation file between assembly instruction address and source code function;
The function name of target pseudocode function includes target assembly instruction address, the determining and mesh in multiple source code functions
Marking the corresponding target source code function of pseudocode function includes:
Based on the corresponding relationship between address and source code function, the determining and destination address pair in multiple source code functions
The target source code function answered.
In the present embodiment, after obtaining installation kit, the installation kit can also be decompressed and obtain third installation file, need to illustrate
, third installation file generally comprised various corresponding relationships, as corresponding between assembly instruction address and source code function
Relationship, the corresponding relationship etc. between assembly instruction address and character string.
After obtaining third installation file, assembly instruction address and source code function can be extracted from third installation file
Between corresponding relationship, through the foregoing embodiment it is found that since a source code function corresponds at least one ARM instruction, and ARM
Instruction is corresponded with assembly instruction address, therefore a source code function also corresponds at least one assembly instruction address.
Specifically, the corresponding relationship between assembly instruction address and source code function is with source in third installation file
The function name of code function mode corresponding with assembly instruction address is presented.
For example, global-metadata.dat file, global-metadata.dat can be obtained from Android installation kit
File includes the corresponding relationship between the function name of source code function and assembly instruction address, character string and assembly instruction address it
Between corresponding relationship etc..
Still the example such as in Fig. 2, source code function A correspond to multiple ARM instructions, due to ARM instruction and assembly instruction
Location corresponds, therefore source code function A corresponds to multiple assembly instruction addresses, and in global-metadata.dat file, note
What is carried is assembly instruction address corresponding to the function name and the function name of source code function A, as shown in Fig. 2, the first row generation
Code be source code function A map in binary file function name sub_45044c (after mapping to binary file, source
The function name of code function is converted into sub_45044c by A) and function name sub_45044c corresponding to assembly instruction
Location 0045044c.Correspondingly, then describing A pairs of function name of source code function A in global-metadata.dat file
Answer assembly instruction address 0045044c.Similarly, this document also describes the function name and each function name of remaining source code function
Corresponding assembly instruction address.
Further, dis-assembling is carried out to the first installation file and obtains multiple pseudocode functions in the second installation file
Afterwards, it is converted and is generated by least one ARM instruction due to each pseudocode function, therefore each pseudocode function has equally also corresponded to extremely
A few assembly instruction address.It is worth noting that, including corresponding assembly instruction address in the function name of pseudocode function.
Fig. 3 is the schematic diagram of the second installation file in the embodiment of the present application, and pseudocode function a shown in Fig. 3 is by Fig. 2
All ARM instructions be converted to.The entitled sub_45044c of function of pseudocode function a, the 45044c in the function name are
For the corresponding assembly instruction address pseudocode function a.
Therefore, in global-metadata.dat file extraction source code function name and assembly instruction address relationship
Afterwards, if pseudocode function a is after tested, determine that there are risk (i.e. pseudocode function a are target pseudocode function), then
Assembly instruction address 45044c in the function name of available pseudocode function a finds source generation then in above-mentioned relation
The corresponding assembly instruction address 0045044c of function name A of code function A, due to the function of pseudocode function a and source code function A
Assembly instruction address corresponding to name is identical, then pseudocode function a corresponding source code function A, it can determines source code function A
There are risk (i.e. source code function A are target source code function).
Optionally, based on each embodiment corresponding to Fig. 1, one of the method for installation kit detection in the embodiment of the present application
In alternative embodiment, multiple pseudocode functions are detected, obtain include: there are the target pseudocode function of risk
Double linked list is constructed according to multiple pseudocode functions, each node of double linked list is a grammer of pseudocode function
Element;
If double linked list has feature of risk code will pseudocode letter corresponding with feature of risk code in double linked list
Number is determined as the target pseudocode function there are risk.
It,, can be right in order to improve the efficiency of detection after carrying out dis-assembling and obtaining multiple pseudocode functions in the present embodiment
Multiple pseudocode functions are pre-processed respectively, which can be with are as follows:
Pseudocode function is made of high-level language, in high-level language, generally includes a variety of syntactic elements.The language on basis
Element includes: function name, type, variable name, operator, constant etc., is carried out according to the classification of preceding syntax elements to function
It splits, available multiple nodes, and multiple nodes is set up into double linked list.In order to make it easy to understand, below in conjunction with Fig. 4 to double-strand
The structure of table is illustrated.Fig. 4 is the schematic diagram of the embodiment of the present application double center chain table, referring to Fig. 4, with pseudocode function sub_
For 45044c, certain line code of the function is taken to carry out the introduction of example surname.As shown in figure 4, the line code is " void sub_
45044c (int v1) ", according to the classification of syntactic element carry out split can successively obtain " void ", " sub_45044c ",
" (", " int ", " v1 ", ") " this 6 nodes, and this 6 nodes are connected in order, one in double linked list can be become
Part.
Therefore, in multiple pseudocode functions, first pseudocode function split, first line code of function
First node can be used as the initial point of double linked list, subsequent node is then sequentially connected, until being connected to the last one
The last one node of last line code in pseudocode function, using the last one node as destination node, then by initial point
It is connected with destination node, obtains complete double linked list.
It is understood that double linked list is that multiple pseudocode functions are carried out end to end data structure, be conducive to
Improve detection efficiency.After obtaining double linked list, then double linked list can be detected, it is special that multiple risks are also preset in the present embodiment
Code is levied, such as solution null reference, error functions name feature code can be true if detecting feature of risk code from double linked list
The pseudocode function where existing feature of risk code is made, the target pseudocode function there are risk is considered as.
After determining target pseudocode function, then corresponding target source code function can be determined, then export installation kit
Testing result, the usual testing result include the detection information of target source code function.Further, which can be with
(possessed risk is special in such as function for existing risk in function name, target source code function including target source code function
The information such as the position that sign code, feature of risk code occur).
Fig. 5 is a structural schematic diagram of the device of installation kit detection in the embodiment of the present application, referring to Fig. 5, the application
The one embodiment for the device that installation kit detects in embodiment, the embodiment include:
First obtains module 501, and for obtaining the first installation file of installation kit, the first installation file includes multiple ARM
Instruction, the corresponding source code function of at least one ARM instruction;
Dis-assembling module 502 obtains the second installation file, the second installation for carrying out dis-assembling to the first installation file
File includes multiple pseudocode functions, and a pseudocode function corresponds at least one ARM instruction;
Detection module 503 obtains the target pseudocode letter there are risk for detecting to multiple pseudocode functions
Number;
Determining module 504, for determining target source generation corresponding with target pseudocode function in multiple source code functions
Code function;
Output module 505, for exporting installation kit testing result, installation kit testing result includes target source code function
Detection information.
Optionally, based on embodiment corresponding to Fig. 5, in the embodiment of the present application one of the device of installation kit detection it is optional
In embodiment, the first installation file further includes multiple assembly instruction addresses, and an ARM instruction corresponds to an assembly instruction address,
At least one assembly instruction address also corresponds to a source code function.
Optionally, based on each embodiment corresponding to Fig. 5, one of the device of installation kit detection in the embodiment of the present application
In alternative embodiment, detection module is also used to:
Double linked list is constructed according to multiple pseudocode functions, each node of double linked list is a grammer of pseudocode function
Element;
Double linked list is detected, the target pseudocode function there are risk is obtained.
Optionally, based on each embodiment corresponding to Fig. 5, one of the device of installation kit detection in the embodiment of the present application
In alternative embodiment, detection module is also used to:
Double linked list is constructed according to multiple pseudocode functions, each node of double linked list is a grammer of pseudocode function
Element;
If double linked list has feature of risk code will pseudocode letter corresponding with feature of risk code in double linked list
Number is determined as the target pseudocode function there are risk.
Optionally, based on each embodiment corresponding to Fig. 5, one of the device of installation kit detection in the embodiment of the present application
In alternative embodiment, the device further include:
Second obtains module, for obtaining the third installation file of installation kit;
Third obtains module, for from pair obtained between assembly instruction address and source code function in third installation file
It should be related to;
The function name of target pseudocode function includes target assembly instruction address, and determining module is also used to:
Based on the corresponding relationship between address and source code function, the determining and destination address pair in multiple source code functions
The target source code function answered.
Optionally, based on each embodiment corresponding to Fig. 5, one of the device of installation kit detection in the embodiment of the present application
In alternative embodiment, the device further include:
4th obtains module, for obtaining the 4th installation file of installation kit;
Decompilation module obtains the first installation file for carrying out decompiling to the 4th installation file.
It should be noted that the contents such as information exchange, implementation procedure between each module of above-mentioned apparatus, due to the application
Embodiment of the method is based on same design, and bring technical effect is identical as the application embodiment of the method, and particular content can be found in
Narration in embodiment of the method shown in the application is aforementioned, details are not described herein again.
The embodiment of the present application also provides a kind of terminal devices, as shown in fig. 6, for ease of description, illustrating only and this
Apply for the relevant part of embodiment, it is disclosed by specific technical details, please refer to the embodiment of the present application method part.The terminal can
Think including mobile phone, tablet computer, personal digital assistant (personal digital assistant, PDA), point-of-sale terminal
Any terminal device such as (point of sales, POS), vehicle-mounted computer, taking the terminal as an example:
Fig. 6 is the structural block diagram of terminal device provided by the embodiments of the present application.With reference to Fig. 6, mobile phone includes: radio frequency (radio
Frequency, RF) circuit 610, memory 620, input unit 630, display unit 640, sensor 650, voicefrequency circuit 660,
The components such as Wireless Fidelity (wireless fidelity, WiFi) module 670, processor 680 and power supply 690.This field skill
Art personnel are appreciated that handset structure shown in Fig. 6 does not constitute the restriction to mobile phone, may include more or more than illustrating
Few component perhaps combines certain components or different component layouts.
It is specifically introduced below with reference to each component parts of the Fig. 6 to mobile phone:
RF circuit 610 can be used for receiving and sending messages or communication process in, signal sends and receivees, particularly, by base station
After downlink information receives, handled to processor 680;In addition, the data for designing uplink are sent to base station.In general, RF circuit 610
Including but not limited to antenna, at least one amplifier, transceiver, coupler, low-noise amplifier (low noise
Amplifier, LNA), duplexer etc..In addition, RF circuit 610 can also be communicated with network and other equipment by wireless communication.
Any communication standard or agreement, including but not limited to global system for mobile communications (global can be used in above-mentioned wireless communication
System of mobile communication, GSM), general packet radio service (general packet radio
Service, GPRS), CDMA (code division multiple access, CDMA), wideband code division multiple access
(wideband code division multiple access, WCDMA), long term evolution (long term evolution,
LTE), Email, short message service (short messaging service, SMS) etc..
Memory 620 can be used for storing software program and module, and processor 680 is stored in memory 620 by operation
Software program and module, thereby executing the various function application and data processing of mobile phone.Memory 620 can mainly include
Storing program area and storage data area, wherein storing program area can application journey needed for storage program area, at least one function
Sequence (such as sound-playing function, image player function etc.) etc.;Storage data area can be stored to be created according to using for mobile phone
Data (such as audio data, phone directory etc.) etc..It, can be in addition, memory 620 may include high-speed random access memory
Including nonvolatile memory, for example, at least a disk memory, flush memory device or other volatile solid-states
Part.
Input unit 630 can be used for receiving the number or character information of input, and generate with the user setting of mobile phone with
And the related key signals input of function control.Specifically, input unit 630 may include that touch panel 631 and other inputs are set
Standby 632.Touch panel 631, also referred to as touch screen, collect user on it or nearby touch operation (such as user use
The operation of any suitable object or attachment such as finger, stylus on touch panel 631 or near touch panel 631), and root
Corresponding attachment device is driven according to preset formula.Optionally, touch panel 631 may include touch detecting apparatus and touch
Two parts of controller.Wherein, the touch orientation of touch detecting apparatus detection user, and touch operation bring signal is detected,
Transmit a signal to touch controller;Touch controller receives touch information from touch detecting apparatus, and is converted into touching
Point coordinate, then gives processor 680, and can receive order that processor 680 is sent and be executed.Furthermore, it is possible to using electricity
The multiple types such as resistive, condenser type, infrared ray and surface acoustic wave realize touch panel 631.In addition to touch panel 631, input
Unit 630 can also include other input equipments 632.Specifically, other input equipments 632 can include but is not limited to secondary or physical bond
One of disk, function key (such as volume control button, switch key etc.), trace ball, mouse, operating stick etc. are a variety of.
Display unit 640 can be used for showing information input by user or be supplied to user information and mobile phone it is various
Menu.Display unit 640 may include display panel 641, optionally, can use liquid crystal display (liquid crystal
Display, LCD), the forms such as Organic Light Emitting Diode (organic light-emitting diode, OLED) it is aobvious to configure
Show panel 641.Further, touch panel 631 can cover display panel 641, when touch panel 631 detect it is on it or attached
After close touch operation, processor 680 is sent to determine the type of touch event, is followed by subsequent processing device 680 according to touch event
Type corresponding visual output is provided on display panel 641.Although in Fig. 6, touch panel 631 and display panel 641
It is that the input and input function of mobile phone are realized as two independent components, but in some embodiments it is possible to by touch-control
Panel 631 and display panel 641 are integrated and that realizes mobile phone output and input function.
Mobile phone may also include at least one sensor 650, such as optical sensor, motion sensor and other sensors.
Specifically, optical sensor may include ambient light sensor and proximity sensor, wherein ambient light sensor can be according to ambient light
Light and shade adjust the brightness of display panel 641, proximity sensor can close display panel 641 when mobile phone is moved in one's ear
And/or backlight.As a kind of motion sensor, accelerometer sensor can detect (generally three axis) acceleration in all directions
Size, can detect that size and the direction of gravity when static, can be used to identify the application of mobile phone posture, (for example horizontal/vertical screen is cut
Change, dependent game, magnetometer pose calibrating), Vibration identification correlation function (such as pedometer, tap) etc.;May be used also as mobile phone
The other sensors such as gyroscope, barometer, hygrometer, thermometer, the infrared sensor of configuration, details are not described herein.
Voicefrequency circuit 660, loudspeaker 661, microphone 662 can provide the audio interface between user and mobile phone.Audio-frequency electric
Electric signal after the audio data received conversion can be transferred to loudspeaker 661, be converted to sound by loudspeaker 661 by road 660
Signal output;On the other hand, the voice signal of collection is converted to electric signal by microphone 662, is turned after being received by voicefrequency circuit 660
It is changed to audio data, then by after the processing of audio data output processor 680, such as another mobile phone is sent to through RF circuit 610,
Or audio data is exported to memory 620 to be further processed.
WiFi belongs to short range wireless transmission technology, and mobile phone can help user's transceiver electronics postal by WiFi module 670
Part, browsing webpage and access streaming video etc., it provides wireless broadband internet access for user.Although Fig. 6 is shown
WiFi module 670, but it is understood that, and it is not belonging to must be configured into for mobile phone, it can according to need do not changing completely
Become in the range of the essence of invention and omits.
Processor 680 is the control centre of mobile phone, using the various pieces of various interfaces and connection whole mobile phone, is led to
It crosses operation or executes the software program and/or module being stored in memory 620, and call and be stored in memory 620
Data execute the various functions and processing data of mobile phone, to carry out integral monitoring to mobile phone.Optionally, processor 680 can wrap
Include one or more processing units;Optionally, processor 680 can integrate application processor and modem processor, wherein answer
With the main processing operation system of processor, user interface and application program etc., modem processor mainly handles wireless communication.
It is understood that above-mentioned modem processor can not also be integrated into processor 680.
Mobile phone further includes the power supply 690 (such as battery) powered to all parts, and optionally, power supply can pass through power supply pipe
Reason system and processor 680 are logically contiguous, to realize management charging, electric discharge and power managed by power-supply management system
Etc. functions.
Although being not shown, mobile phone can also include camera, bluetooth module etc., and details are not described herein.
In the embodiment of the present application, processor 680 included by the terminal is also with the following functions:
The first installation file of installation kit is obtained, the first installation file includes that multiple Advanced Reduced Instruction Set machine ARM refer to
It enables, the corresponding source code function of at least one ARM instruction;
Dis-assembling is carried out to the first installation file, obtains the second installation file, the second installation file includes multiple pseudocodes
Function, a pseudocode function correspond at least one ARM instruction;
Multiple pseudocode functions are detected, the target pseudocode function there are risk is obtained;
Target source code function corresponding with target pseudocode function is determined in multiple source code functions;
Installation kit testing result is exported, installation kit testing result includes the detection information of target source code function.
The present embodiment is by carrying out dis-assembling to obtain the second installation file, i.e., by the first installation to the first installation file
ARM instruction in file is converted into the pseudocode function in the second installation file, because each pseudocode function is by least one
A ARM instruction conversion generates, and simplifies the code structure in installation file and reduces code quantity, therefore in pseudocode function
During risk supervision, since the code structure of pseudocode function is simplified and negligible amounts, it can rapidly find out that there are risks
Target pseudocode function, and then target source code function is determined to complete the detection of installation kit, when can reduce used in detection
Between, improve detection efficiency.
The embodiment of the present application also provides a kind of computer readable storage mediums, including instruction, when it is transported on computers
When row, so that computer executes the method detected such as above-mentioned installation kit.
The embodiment of the present application further relates to a kind of computer program product comprising instruction, when run on a computer,
So that computer executes the method detected such as above-mentioned installation kit.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed system, device and method can be with
It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the unit
It divides, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components
It can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown or
The mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, the indirect coupling of device or unit
It closes or communicates to connect, can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product
When, it can store in a computer readable storage medium.Based on this understanding, the technical solution of the application is substantially
The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words
It embodies, which is stored in a storage medium, including some instructions are used so that a computer
Equipment (can be personal computer, server or the network equipment etc.) executes the complete of each embodiment the method for the application
Portion or part steps.And storage medium above-mentioned include: USB flash disk, mobile hard disk, read-only memory (read-only memory,
ROM), random access memory (random access memory, RAM), magnetic or disk etc. are various can store program
The medium of code.
The above, above embodiments are only to illustrate the technical solution of the application, rather than its limitations;Although referring to before
Embodiment is stated the application is described in detail, those skilled in the art should understand that: it still can be to preceding
Technical solution documented by each embodiment is stated to modify or equivalent replacement of some of the technical features;And these
It modifies or replaces, the spirit and scope of each embodiment technical solution of the application that it does not separate the essence of the corresponding technical solution.
Claims (10)
1. a kind of method of installation kit detection, which is characterized in that the described method includes:
The first installation file of installation kit is obtained, first installation file includes that multiple Advanced Reduced Instruction Set machine ARM refer to
It enables, the corresponding source code function of at least one ARM instruction;
Dis-assembling is carried out to first installation file, obtains the second installation file, second installation file includes multiple puppets
Code function, a pseudocode function correspond at least one described ARM instruction;
The multiple pseudocode function is detected, the target pseudocode function there are risk is obtained;
Target source code function corresponding with the target pseudocode function is determined in multiple source code functions;
Installation kit testing result is exported, the installation kit testing result includes the detection information of the target source code function.
2. the method for installation kit detection according to claim 1, which is characterized in that first installation file further includes more
A assembly instruction address, the corresponding assembly instruction address of an ARM instruction, at least one described assembly instruction address are also corresponding
One source code function.
3. the method for installation kit detection according to claim 1, which is characterized in that described to the multiple pseudocode function
Detected, obtain include: there are the target pseudocode function of risk
Double linked list is constructed according to the multiple pseudocode function, each node of the double linked list is one of pseudocode function
Syntactic element;
The double linked list is detected, the target pseudocode function there are risk is obtained.
4. the method for installation kit detection according to claim 3, which is characterized in that described to be examined to the double linked list
Survey, obtain include: there are the target pseudocode function of risk
If the double linked list has feature of risk code will be corresponding with the feature of risk code in the double linked list
The pseudocode function is determined as the target pseudocode function there are risk.
5. the method for installation kit detection according to claim 2, which is characterized in that the method also includes:
Obtain the third installation file of the installation kit;
From the corresponding relationship obtained in the third installation file between assembly instruction address and source code function;
The function name of the target pseudocode function includes target assembly instruction address, described to determine in multiple source code functions
Target source code function corresponding with the target pseudocode function includes:
Based on the corresponding relationship between the address and source code function, determined in multiple source code functions with the target
The corresponding target source code function in location.
6. according to claim 1 to the method that installation kit described in 5 any one detects, which is characterized in that the acquisition installation
Before first installation file of packet further include:
Obtain the 4th installation file of the installation kit;
Decompiling is carried out to the 4th installation file, obtains first installation file.
7. a kind of device of installation kit detection characterized by comprising
First obtains module, and for obtaining the first installation file of installation kit, first installation file includes that multiple ARM refer to
It enables, the corresponding source code function of at least one ARM instruction;
Dis-assembling module obtains the second installation file, second installation for carrying out dis-assembling to first installation file
File includes multiple pseudocode functions, and a pseudocode function corresponds at least one described ARM instruction;
Detection module obtains the target pseudocode function there are risk for detecting to the multiple pseudocode function;
Determining module, for determining target source code letter corresponding with the target pseudocode function in multiple source code functions
Number;
Output module, for exporting installation kit testing result, the installation kit testing result includes the target source code function
Detection information.
8. a kind of terminal device characterized by comprising memory, transceiver, processor and bus system;
Wherein, the memory is for storing program;
The processor is used to execute the program in the memory, includes the following steps:
The first installation file of installation kit is obtained, first installation file includes multiple ARM instructions, at least one ARM instruction
A corresponding source code function;
Dis-assembling is carried out to first installation file, obtains the second installation file, second installation file includes multiple puppets
Code function, a pseudocode function correspond at least one described ARM instruction;
The multiple pseudocode function is detected, the target pseudocode function there are risk is obtained;
Target source code function corresponding with the target pseudocode function is determined in multiple source code functions;
Installation kit testing result is exported, the installation kit testing result includes the detection information of the target source code function;
The bus system is for connecting the memory and the processor, so that the memory and the processor
It is communicated.
9. a kind of computer readable storage medium, including instruction, when run on a computer, so that computer is executed as weighed
Benefit require any one of 1 to 6 described in method.
10. a kind of computer program product comprising instruction, when run on a computer, so that computer executes such as right
It is required that method described in any one of 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910679524.0A CN110378107A (en) | 2019-07-25 | 2019-07-25 | A kind of method and relevant apparatus of installation kit detection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910679524.0A CN110378107A (en) | 2019-07-25 | 2019-07-25 | A kind of method and relevant apparatus of installation kit detection |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110378107A true CN110378107A (en) | 2019-10-25 |
Family
ID=68256201
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910679524.0A Pending CN110378107A (en) | 2019-07-25 | 2019-07-25 | A kind of method and relevant apparatus of installation kit detection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110378107A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110825386A (en) * | 2019-11-01 | 2020-02-21 | 腾讯科技(深圳)有限公司 | Code compiling method and device and storage medium |
| CN112035158A (en) * | 2020-08-25 | 2020-12-04 | 深圳市钱海网络技术有限公司 | Method and device for carrying out risk detection on patch package |
| CN114138282A (en) * | 2021-11-30 | 2022-03-04 | 四川效率源信息安全技术股份有限公司 | Method and device for restoring pseudo code of iOS type code |
| CN115361543A (en) * | 2022-10-21 | 2022-11-18 | 武汉光谷信息技术股份有限公司 | Heterogeneous data fusion and plug flow method and system based on ARM architecture |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105303112A (en) * | 2014-06-24 | 2016-02-03 | 腾讯科技(深圳)有限公司 | Component calling bug detection method and apparatus |
| CN106295348A (en) * | 2015-05-29 | 2017-01-04 | 阿里巴巴集团控股有限公司 | The leak detection method of application program and device |
| CN106650452A (en) * | 2016-12-30 | 2017-05-10 | 北京工业大学 | Mining method for built-in application vulnerability of Android system |
-
2019
- 2019-07-25 CN CN201910679524.0A patent/CN110378107A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105303112A (en) * | 2014-06-24 | 2016-02-03 | 腾讯科技(深圳)有限公司 | Component calling bug detection method and apparatus |
| CN106295348A (en) * | 2015-05-29 | 2017-01-04 | 阿里巴巴集团控股有限公司 | The leak detection method of application program and device |
| CN106650452A (en) * | 2016-12-30 | 2017-05-10 | 北京工业大学 | Mining method for built-in application vulnerability of Android system |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110825386A (en) * | 2019-11-01 | 2020-02-21 | 腾讯科技(深圳)有限公司 | Code compiling method and device and storage medium |
| CN110825386B (en) * | 2019-11-01 | 2023-07-14 | 腾讯科技(深圳)有限公司 | Code compiling method and device and storage medium |
| CN112035158A (en) * | 2020-08-25 | 2020-12-04 | 深圳市钱海网络技术有限公司 | Method and device for carrying out risk detection on patch package |
| CN114138282A (en) * | 2021-11-30 | 2022-03-04 | 四川效率源信息安全技术股份有限公司 | Method and device for restoring pseudo code of iOS type code |
| CN114138282B (en) * | 2021-11-30 | 2023-03-31 | 四川效率源信息安全技术股份有限公司 | Method and device for restoring pseudo code of iOS type code |
| CN115361543A (en) * | 2022-10-21 | 2022-11-18 | 武汉光谷信息技术股份有限公司 | Heterogeneous data fusion and plug flow method and system based on ARM architecture |
| CN115361543B (en) * | 2022-10-21 | 2023-03-24 | 武汉光谷信息技术股份有限公司 | Heterogeneous data fusion and plug flow method and system based on ARM architecture |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105404585B (en) | Obtain the method and device of code coverage | |
| CN110378107A (en) | A kind of method and relevant apparatus of installation kit detection | |
| CN106354458B (en) | Double-screen display method and device | |
| CN107943683B (en) | Test script generation method and device, electronic equipment and storage medium | |
| CN103702297B (en) | Short message enhancement, apparatus and system | |
| CN108897562A (en) | Installation kit update method, device, medium and equipment | |
| CN106227588A (en) | The creation method of a kind of multi-instance object, device and mobile terminal | |
| CN107622200A (en) | The safety detecting method and device of application program | |
| CN106658354B (en) | A kind of data transmission method and equipment | |
| CN110058850A (en) | A kind of development approach of application, device and storage medium | |
| CN107276602B (en) | Radio frequency interference processing method, device, storage medium and terminal | |
| CN104298686B (en) | The method and apparatus for modifying server profile | |
| CN109189258A (en) | Record the method and device of notes | |
| CN107219951A (en) | Touch screen control method, device, storage medium and terminal device | |
| CN108073495A (en) | The localization method and device of application crash reason | |
| CN110210605A (en) | Hardware operator matching process and Related product | |
| CN108834132A (en) | A kind of data transmission method and equipment and related media production | |
| CN107908407A (en) | Compilation Method, device and terminal device | |
| CN106201547A (en) | Method, device and the mobile terminal that a kind of message based on mobile terminal shows | |
| CN109656510A (en) | The method and terminal of voice input in a kind of webpage | |
| CN106959859A (en) | The call method and device of system call function | |
| CN106202422B (en) | The treating method and apparatus of Web page icon | |
| CN108628900A (en) | A kind of method and relevant apparatus of data format acquisition | |
| CN110413639A (en) | Data check method and device, electronic equipment and computer readable storage medium | |
| CN106598583A (en) | Mobile terminal, and folder naming method and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |