CN110837465A - Android-based handle leakage detection method and system - Google Patents
Android-based handle leakage detection method and system Download PDFInfo
- Publication number
- CN110837465A CN110837465A CN201910975953.2A CN201910975953A CN110837465A CN 110837465 A CN110837465 A CN 110837465A CN 201910975953 A CN201910975953 A CN 201910975953A CN 110837465 A CN110837465 A CN 110837465A
- Authority
- CN
- China
- Prior art keywords
- index table
- handle
- android
- preset information
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/362—Software debugging
- G06F11/366—Software debugging using diagnostics
Abstract
The invention relates to a handle leakage detection method based on Android, which comprises S1, initializing a system and loading preset information; s2, calling a detection task in the preset information, and creating an index table based on the detection task; s3, calling a target function library in the preset information, and corresponding to a target function in Hook in the system; s4, executing the detection task and recording the detection task in the index table; and S5, exporting the index table and uploading the index table to the server. A handle leakage detection system based on Android comprises an initialization module, an index table creation module, a Hook module, a detection module and an uploading module. The invention can effectively detect the handle in the kernel state to open up the leakage condition of the memory, thereby avoiding the memory leakage caused by the handle leakage, further causing serious system blockage and even downtime, and remarkably improving the use experience of users.
Description
Technical Field
The invention relates to a handle leakage detection method and system based on Android, and belongs to the field of mobile game detection.
Background
In the existing Android mobile phone game application, leakage of a handle usually causes leakage of an operating memory; if the memory occupied by the game is too large, the system is blocked or even down, and the game experience of the user is seriously influenced; the memory opened by the handle is mainly in a kernel state, so that a general memory leak detection tool cannot effectively find the leak condition and cannot further early warn or solve the generated memory leak problem; how to effectively detect handle leakage is a technical problem which needs to be solved at present.
Disclosure of Invention
In order to solve at least one of the technical problems in the prior art, the invention aims to provide a handle leakage detection method and system based on Android.
The first aspect of the technical scheme adopted by the invention to solve the problems is as follows: a handle leakage detection method based on Android comprises the following steps: s1, initializing the system and loading preset information; s2, calling a detection task in the preset information, and creating an index table based on the detection task; s3, calling a target function library in the preset information, and corresponding to a target function in Hook in the system; s4, executing the detection task and recording the detection task in the index table; and S5, exporting the index table and uploading the index table to the server.
Has the advantages that: the handle in the kernel state can be effectively detected to open up the leakage condition of the memory, the memory leakage caused by the handle leakage is avoided, and then serious system blockage or even downtime is caused, and the use experience of a user is remarkably improved.
According to the first aspect of the present invention, the preset information includes at least one of the following: and detecting a task and an objective function library.
According to the first aspect of the present invention, each detection task corresponds to a unique index table.
According to the first aspect of the invention, the objective function comprises at least one of: the network handle creates a function Socket and destroys a function Close.
According to the first aspect of the present invention, step S4 further includes recording the created network handle ID and the current call stack in the index table when the network handle creating function Socket is called.
Step S4 also includes deleting the destroyed network handle ID from the index table when the destroy function Close is called, according to the first aspect of the present invention.
According to the first aspect of the present invention, the information recorded in the index table includes at least one of the following: the network handle ID that is not destroyed and the code call path that created the network handle.
The second aspect of the technical scheme adopted by the invention to solve the problems is as follows: a handle leakage detection system based on Android comprises the following modules: the initialization module is used for initializing the system and loading preset information; the index table creating module is used for calling the detection task in the preset information and creating the index table based on the detection task; the Hook module is used for calling a target function library in the preset information and corresponding a target function to Hook in the system; the detection module is used for executing a detection task and recording the detection task in the index table; and the uploading module is used for exporting the index table and uploading the index table to the server.
Has the advantages that: the handle in the kernel state can be effectively detected to open up the leakage condition of the memory, the memory leakage caused by the handle leakage is avoided, and then serious system blockage or even downtime is caused, and the use experience of a user is remarkably improved.
Drawings
FIG. 1 is a general flow diagram according to the present invention;
FIG. 2 is a block diagram according to the present invention;
fig. 3 shows an embodiment a according to the present invention.
Detailed Description
It should be recognized that embodiments of the present invention can be realized and implemented by computer hardware, a combination of hardware and software, or by computer instructions stored in a non-transitory computer readable memory. The methods may be implemented in a computer program using standard programming techniques, including a non-transitory computer-readable storage medium configured with the computer program, where the storage medium so configured causes a computer to operate in a specific and predefined manner, according to the methods and figures described in the detailed description. Each program may be implemented in a high level procedural or object oriented programming language to communicate with a computer system. However, the program(s) can be implemented in assembly or machine language, if desired. In any case, the language may be a compiled or interpreted language. Furthermore, the program can be run on a programmed application specific integrated beam for this purpose.
Further, the operations of processes described herein can be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The processes described herein (or variations and/or combinations thereof) may be performed under the control of one or more computer systems configured with executable instructions, and may be implemented as code (e.g., executable instructions, one or more computer programs, or one or more applications) collectively executed on one or more processors, by hardware, or combinations thereof. The computer program includes a plurality of instructions executable by one or more processors.
Further, the method may be implemented in any type of computing platform operatively connected to a suitable interface, including but not limited to a personal computer, mini computer, mainframe, workstation, networked or distributed computing environment, separate or integrated computer platform, or in communication with a charged particle tool or other imaging device, and the like. Aspects of the invention may be embodied in machine-readable code stored on a non-transitory storage medium or device, whether removable or integrated into a computing platform, such as a hard disk, optically read and/or write storage medium, RAM, ROM, or the like, such that it may be read by a programmable computer, which when read by the storage medium or device, is operative to configure and operate the computer to perform the procedures described herein. Further, the machine-readable code, or portions thereof, may be transmitted over a wired or wireless network. The invention described herein includes these and other different types of non-transitory computer-readable storage media when such media include instructions or programs that implement the steps described above in conjunction with a microprocessor or other data processor. The invention also includes the computer itself when programmed according to the methods and techniques described herein.
A computer program can be applied to input data to perform the functions described herein to transform the input data to generate output data that is stored to non-volatile memory. The output information may also be applied to one or more output devices, such as a display. In a preferred embodiment of the invention, the transformed data represents physical and tangible objects, including particular visual depictions of physical and tangible objects produced on a display.
It is noted that, as used in this disclosure, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. Furthermore, unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art. The terminology used in the description herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the term "and/or" includes any combination of one or more of the listed items.
It should be understood that the use of any and all examples, or exemplary language ("e.g.," such as, "etc.), provided herein is intended merely to better illuminate embodiments of the invention and does not pose a limitation on the scope of the invention unless otherwise claimed.
For the understanding of the present invention, the following terms are to be interpreted accordingly:
presetting information: the method refers to functions or input information which are required to be preset when the system performs subsequent work in a system initialization stage through a touch screen, a keyboard or other interaction modes.
Handle: is a special intelligent pointer; when an application references a block or object of memory managed by another system, such as a database, operating system, handle is used.
Hook: chinese is translated into a hook, which is actually a program segment for processing messages, and is hung into a system through system call; when a specific message is sent out, before a destination window is not reached, the hook program captures the message, namely, the hook function obtains control right firstly; at this time, the hook function may process the message, may continue to transfer the message without processing, or may forcibly end the transfer of the message.
An index table: is a table indicating the correspondence between logical records and physical records; each entry in the index table is called an index entry; the index entries are arranged in a key (or logical record number) order.
The following further describes embodiments of the present invention with reference to the drawings;
referring to fig. 1, there is shown a general flow diagram according to the present invention, comprising the steps of:
s1, initializing the system and loading preset information; the preset information mentioned herein includes at least one of the following: detecting a task and an objective function library; in the actual application process, the preset information category can be correspondingly increased, decreased or modified according to the change of the application scene or the influence of other factors;
s2, calling a detection task in the preset information, and creating an index table based on the detection task; it should be noted that each detection task corresponds to a unique index table;
s3, calling a target function library in the preset information, and corresponding to a target function in Hook in the system; the objective function mentioned herein includes at least one of the following: the network handle creates a function Socket and destroys a function Close; generally, two types of functions both need Hook, and certainly, the target function can be increased, decreased or modified according to the adjustment of the actual application scene;
s4, executing the detection task and recording the detection task in the index table; specifically, when a network handle creating function Socket is called, recording a created network handle ID and a current call stack into an index table; when the destroy function Close is called, deleting the destroyed network handle ID from the index table;
s5, exporting the index table and uploading the index table to the server; the information recorded in the index table mentioned herein includes at least one of the following: a network handle ID which is not destroyed and a code calling path for creating the network handle; generally, both contents need to be recorded, and the recorded items can be increased, decreased or modified according to the adjustment of the actual application scene.
Referring to fig. 2, a module connection diagram according to the present invention is shown, including the following modules:
the initialization module is used for initializing the system and loading preset information;
the index table creating module is connected with the initialization module to realize interaction and is used for calling a detection task in the preset information and creating an index table based on the detection task;
the Hook module is connected with the initialization module to realize interaction and is used for calling a target function library in the preset information and sending the target function library to the Hook module corresponding to the target function in the system;
the detection module is connected with the index table creation module and the Hook module to realize interaction, is used for executing a detection task and is recorded in the index table; and
and the uploading module is connected with the detection module to realize interaction and is used for exporting the index table and uploading the index table to the server.
Referring to FIG. 3, an embodiment A according to the present invention is described in detail as follows:
firstly, implanting a LibHandleak.so device into an installation package of a target mobile game swordsman world by using an injection tool; the method comprises the steps of sending an installation package implanted with LibHandleak to a terminal device, and starting a game to start detection; creating a function Socket and destroying a function Close by the Hook network handle; judging the type of a current calling function in the running process of the game; if the Socket function is called, the LibHandleLeak.so records a current thread call stack and a handle ID Value into an index table G _ HandleTable, the handle ID is used as Key, and the thread call stack is Value; if the called function is a Close function, deleting the corresponding handle ID in the index table by the LibHandleLeak.so; when the detection case is completed, LibHandleak.so uses index table content Dump to/Sdcard/Handleleak.txt file; txt file is analyzed, and code call paths, namely potential leaked code execution paths, of the created handles which are not destroyed can be obtained from the file.
The above description is only a preferred embodiment of the present invention, and the present invention is not limited to the above embodiment, and the present invention shall fall within the protection scope of the present invention as long as the technical effects of the present invention are achieved by the same means. The invention is capable of other modifications and variations in its technical solution and/or its implementation, within the scope of protection of the invention.
Claims (8)
1. A handle leakage detection method based on Android is characterized by comprising the following steps:
s1, initializing the system and loading preset information;
s2, calling a detection task in the preset information, and creating an index table based on the detection task;
s3, calling a target function library in the preset information, and corresponding to a target function in Hook in the system;
s4, executing the detection task and recording the detection task in the index table;
and S5, exporting the index table and uploading the index table to the server.
2. The Android-based handle leakage detection method of claim 1, wherein the preset information comprises at least one of: and detecting a task and an objective function library.
3. The Android-based handle leakage detection method of claim 1, wherein each detection task corresponds to a unique index table.
4. The Android-based handle leak detection method according to claim 1, wherein the objective function comprises at least one of: the network handle creates a function Socket and destroys a function Close.
5. The Android-based handle leakage detection method of claim 1, wherein step S4 further includes recording the created network handle ID and the current call stack in an index table when a network handle creation function Socket is called.
6. The Android-based handle leakage detection method of claim 1, wherein the step S4 further comprises deleting the destroyed network handle ID from the index table when the destroy function Close is called.
7. The Android-based handle leakage detection method of claim 1, wherein the information recorded in the index table comprises at least one of: the network handle ID that is not destroyed and the code call path that created the network handle.
8. The handle leakage detection system based on the Android is characterized by comprising the following modules:
the initialization module is used for initializing the system and loading preset information;
the index table creating module is used for calling the detection task in the preset information and creating the index table based on the detection task;
the Hook module is used for calling a target function library in the preset information and corresponding a target function to Hook in the system;
the detection module is used for executing a detection task and recording the detection task in the index table; and
and the uploading module is used for exporting the index table and uploading the index table to the server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910975953.2A CN110837465A (en) | 2019-10-15 | 2019-10-15 | Android-based handle leakage detection method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910975953.2A CN110837465A (en) | 2019-10-15 | 2019-10-15 | Android-based handle leakage detection method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110837465A true CN110837465A (en) | 2020-02-25 |
Family
ID=69575396
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910975953.2A Pending CN110837465A (en) | 2019-10-15 | 2019-10-15 | Android-based handle leakage detection method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110837465A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112732640A (en) * | 2020-12-28 | 2021-04-30 | 杭州迪普科技股份有限公司 | Method and device for detecting file descriptor leakage |
| CN114546703A (en) * | 2022-02-28 | 2022-05-27 | 北京基调网络股份有限公司 | File handle monitoring and leakage analysis method and device and electronic equipment |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102855435A (en) * | 2011-06-27 | 2013-01-02 | 奇智软件(北京)有限公司 | File unlocking and shredding method and device |
| CN105446871A (en) * | 2014-08-26 | 2016-03-30 | 华为技术有限公司 | Resource leakage detection method, apparatus and system |
| US20160232084A1 (en) * | 2015-02-09 | 2016-08-11 | Mentor Graphics Corporation | Class object handle tracking |
| CN106776342A (en) * | 2017-01-03 | 2017-05-31 | 百度在线网络技术(北京)有限公司 | The method and apparatus that a kind of memory object to Mobile solution is analyzed |
| CN107423213A (en) * | 2017-04-11 | 2017-12-01 | 腾讯科技(深圳)有限公司 | A kind of filec descriptor distribution detection method and device |
| CN108628740A (en) * | 2018-04-10 | 2018-10-09 | 杭州迪普科技股份有限公司 | A kind of filec descriptor leakage detection method and device |
| CN109213576A (en) * | 2017-07-01 | 2019-01-15 | 武汉斗鱼网络科技有限公司 | Program deadlock detection method, storage medium, equipment and system |
| CN109840208A (en) * | 2019-01-07 | 2019-06-04 | 烽火通信科技股份有限公司 | A kind of method and system detecting file abnormal operation |
| CN109933517A (en) * | 2017-12-19 | 2019-06-25 | 成都鼎桥通信技术有限公司 | Test method, device and equipment based on android system |
-
2019
- 2019-10-15 CN CN201910975953.2A patent/CN110837465A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102855435A (en) * | 2011-06-27 | 2013-01-02 | 奇智软件(北京)有限公司 | File unlocking and shredding method and device |
| CN105446871A (en) * | 2014-08-26 | 2016-03-30 | 华为技术有限公司 | Resource leakage detection method, apparatus and system |
| US20160232084A1 (en) * | 2015-02-09 | 2016-08-11 | Mentor Graphics Corporation | Class object handle tracking |
| CN106776342A (en) * | 2017-01-03 | 2017-05-31 | 百度在线网络技术(北京)有限公司 | The method and apparatus that a kind of memory object to Mobile solution is analyzed |
| CN107423213A (en) * | 2017-04-11 | 2017-12-01 | 腾讯科技(深圳)有限公司 | A kind of filec descriptor distribution detection method and device |
| CN109213576A (en) * | 2017-07-01 | 2019-01-15 | 武汉斗鱼网络科技有限公司 | Program deadlock detection method, storage medium, equipment and system |
| CN109933517A (en) * | 2017-12-19 | 2019-06-25 | 成都鼎桥通信技术有限公司 | Test method, device and equipment based on android system |
| CN108628740A (en) * | 2018-04-10 | 2018-10-09 | 杭州迪普科技股份有限公司 | A kind of filec descriptor leakage detection method and device |
| CN109840208A (en) * | 2019-01-07 | 2019-06-04 | 烽火通信科技股份有限公司 | A kind of method and system detecting file abnormal operation |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112732640A (en) * | 2020-12-28 | 2021-04-30 | 杭州迪普科技股份有限公司 | Method and device for detecting file descriptor leakage |
| CN114546703A (en) * | 2022-02-28 | 2022-05-27 | 北京基调网络股份有限公司 | File handle monitoring and leakage analysis method and device and electronic equipment |
| CN114546703B (en) * | 2022-02-28 | 2023-02-03 | 北京基调网络股份有限公司 | File handle monitoring and leakage analysis method and device and electronic equipment |
| CN116126577A (en) * | 2022-02-28 | 2023-05-16 | 北京基调网络股份有限公司 | File handle monitoring and leakage analysis method and device and electronic equipment |
| CN116126577B (en) * | 2022-02-28 | 2024-03-12 | 北京基调网络股份有限公司 | File handle monitoring and leakage analysis method and device and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107480527B (en) | Lesso software prevention method and system | |
| CN103886252A (en) | Software Code Malicious Selection Evaluation Executed In Trusted Process Address Space | |
| CN103927198A (en) | Software clearing method and software clearing device | |
| CN103679031A (en) | File virus immunizing method and device | |
| JP2005534092A (en) | Method and apparatus for automatic determination of potentially worm-like behavior of a program | |
| CN107608609B (en) | Event object sending method and device | |
| WO2008056944A1 (en) | Confirmation method of api by the information at call-stack | |
| JP2021504826A (en) | How to launch application programs, launchers and computer-readable storage media | |
| CN110837465A (en) | Android-based handle leakage detection method and system | |
| CN106844182B (en) | Method, system and mobile terminal for recording user behavior | |
| CN104252594A (en) | Virus detection method and device | |
| US10318731B2 (en) | Detection system and detection method | |
| CN113176926B (en) | API dynamic monitoring method and system based on virtual machine introspection technology | |
| US9870400B2 (en) | Managed runtime cache analysis | |
| KR101308866B1 (en) | Open type system for analyzing and managing malicious code | |
| CN105550582A (en) | Method and system for accessing to virtual disk | |
| CN110955894B (en) | Malicious content detection method and device, electronic equipment and readable storage medium | |
| CN115688102A (en) | Window processing method and device, processor and electronic equipment | |
| KR102066580B1 (en) | Program for injecting watermark into captured data and screen leak realisation service providing method | |
| CN104915138A (en) | Information processing method and electronic equipment | |
| KR20190059581A (en) | Program for disablling watermark process during screen capture operation | |
| CN109802955A (en) | Authority control method and device, storage medium, computer equipment | |
| CN111382416B (en) | Application program operation identification method and device, terminal equipment and storage medium | |
| WO2019024507A1 (en) | Touch control method and device, and terminal | |
| CN113505365A (en) | Authority management method, device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |