CN111090889A - Method for detecting ELF file and electronic equipment - Google Patents
Method for detecting ELF file and electronic equipment Download PDFInfo
- Publication number
- CN111090889A CN111090889A CN201911232517.2A CN201911232517A CN111090889A CN 111090889 A CN111090889 A CN 111090889A CN 201911232517 A CN201911232517 A CN 201911232517A CN 111090889 A CN111090889 A CN 111090889A
- Authority
- CN
- China
- Prior art keywords
- elf file
- file
- elf
- storage space
- target storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention relates to the technical field of internet, in particular to a method for detecting an ELF file and electronic equipment. The method comprises the following steps: acquiring a first ELF file containing a target storage space, wherein first verification information is stored in the target storage space; replacing the first verification information stored in the target storage space with a default value to generate a second ELF file; generating second check-up information of the second ELF file; and checking the integrity of the first ELF file according to the first checking information and the second checking information. The embodiment of the invention hides sensitive information such as digital signatures and the like, improves the security of the ELF file, and reduces unnecessary downloading.
Description
[ technical field ] A method for producing a semiconductor device
The invention relates to the technical field of internet, in particular to a method for detecting an ELF file and electronic equipment.
[ background of the invention ]
The rapid rise of the internet of things, and the internet of things equipment carrying the system is more and more widely applied. An ELF (Executable and Linking Format) file is one of file formats such as a standard Executable file, a dynamic link library, an object code and the like on a Unix-like (Linux/Unix) system, and the importance of the ELF file is questionable. The details of the ELF file are generally fully disclosed, so that the ELF file on the system is very vulnerable to being tampered by hackers or caregivers and embedded with corresponding malicious code.
At present, in order to protect an executable ELF file from being tampered, a common processing method is that an ELF file provider generates a unique digital signature for the ELF file by using a digest algorithm, and provides a digital signature a of the ELF file when the ELF file is provided, where the digital signature a ensures the uniqueness of the ELF file. And after receiving the ELF file, the user generates a corresponding digital signature B for the ELF file through a corresponding abstract algorithm, and if the digital signature A is the same as the digital signature B, the ELF file is proved to be an original file provided by a supplier. If the digital signature A is not the same as the digital signature B, the ELF file is tampered.
However, since the ELF file and the digital signature are provided at the same time and are both exposed. If the paths provided by the ELF file and the digital signature are known by the hacker and have corresponding read-write rights, the hacker can modify the ELF file, generate a digital signature C for the tampered ELF file by using a digest algorithm, and replace the original digital signature a, at which time the above method for verifying the ELF file is ineffective. Therefore, a more secure method for protecting the ELF file from being tampered is urgently needed.
[ summary of the invention ]
The invention aims to provide a method for detecting an ELF file and electronic equipment, and solves the technical problem of low security of the ELF file.
In an aspect of an embodiment of the present invention, a method for detecting an ELF file is provided, where the method includes: acquiring a first ELF file containing a target storage space, wherein first verification information is stored in the target storage space; replacing the first verification information stored in the target storage space with a default value to generate a second ELF file; generating second check-up information of the second ELF file; and checking the integrity of the first ELF file according to the first checking information and the second checking information.
Optionally, the replacing the first verification information in the target storage space with a default value to generate a second ELF file includes:
analyzing the file structure of the first ELF file to obtain the offset of a section head table of the first ELF file, the number of entries in the section head table and a section head character string table, wherein the section head table comprises the section head character string table;
traversing sections in the section head table of the first ELF file according to the offset of the section head table of the first ELF file to determine the target storage space in the section head character string table of the first ELF file;
and modifying the first check information in the target storage space storage into the default value to generate the second ELF file.
Optionally, the method further comprises:
when the first ELF file is complete, the default value in the target storage space is modified into the first verification information, so that the second ELF file is restored to the first ELF file;
and when the first ELF file is not complete, deleting the second ELF file and exiting the program.
Optionally, the method further comprises:
after the first ELF file is operated, self-checking is carried out through the first ELF file so as to recheck the integrity of the first ELF file.
Optionally, the performing self-checking through the first ELF file includes:
copying the first ELF file to generate a third ELF file;
analyzing the third ELF file through the running first ELF file to obtain the offset of a section head table, the number of items in the section head table and a section head character string table of the third ELF file;
according to the offset of the section head table of the third ELF file, traversing the sections in the section head table of the third ELF file through the running first ELF file to acquire a target storage space of the third ELF file and third verification information stored in the target storage space of the third ELF file;
modifying the third verification information into a default value of the third ELF file to generate a fourth ELF file;
generating fourth verification information of the fourth ELF file through the running first ELF file;
comparing the third verification information with the fourth verification information through the running first ELF file, if the third verification information is the same as the fourth verification information, determining that the first ELF file is complete, otherwise, determining that the first ELF file is incomplete.
Optionally, after determining that the first ELF file is complete, the method further includes:
and deleting the third ELF file.
In another aspect of the embodiments of the present invention, a method for generating an ELF file is provided, where the method includes:
generating a second ELF file containing a target storage space, wherein the target storage space stores a default value;
generating first verification information of the second ELF file;
and writing the first check information into the target storage space and replacing the default value to generate a first ELF file.
Optionally, the writing the first check information into the target storage space and replacing the default value to generate a first ELF file includes:
analyzing the file structure of the second ELF file to obtain the offset of a section head table of the second ELF file, the number of entries in the section head table and a section head character string table, wherein the section head table comprises the section head character string table;
traversing the sections in the section head table of the second ELF file according to the offset of the section head table of the second ELF file to find the target storage space in the section head character string table of the second ELF file;
and writing the first check information into the target storage space and replacing the default value in the target storage space to generate the first ELF file.
In another aspect of the embodiments of the present invention, an electronic device is provided, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method as described above.
In yet another aspect of embodiments of the present invention, there is provided a non-transitory computer-readable storage medium having stored thereon computer-executable instructions that, when executed by an electronic device, cause the electronic device to perform the method described above.
In the embodiment of the invention, a first ELF file containing first check information is obtained, a second ELF file is generated according to the first ELF file, second check information of the second ELF file is obtained, and finally the integrity of the first ELF file is detected according to the first check information and the second check information. Compared with the prior art, the embodiment of the invention hides sensitive information such as digital signatures and the like, improves the security of the ELF file, and reduces unnecessary downloading.
[ description of the drawings ]
One or more embodiments are illustrated by way of example in the accompanying drawings, which correspond to the figures in which like reference numerals refer to similar elements and which are not to scale unless otherwise specified.
FIG. 1 is a schematic diagram of a real-time environment provided by an embodiment of the present invention;
FIG. 2A is a diagram of an ELF file according to an embodiment of the present invention;
FIG. 2B is a diagram of another ELF file provided by an embodiment of the present invention;
FIG. 2C is a diagram of another ELF file provided by an embodiment of the present invention;
FIG. 3 is a flowchart of a method for detecting an ELF file according to an embodiment of the present invention;
fig. 4 is a flowchart of a method for generating a first ELF file containing the first verification information according to an embodiment of the present invention;
fig. 5 is a flowchart of a method for writing first verification information into a target storage space according to a preset first independent program and replacing the default value to generate a first ELF file according to an embodiment of the present invention;
FIG. 6 is a flowchart of a method for generating a second ELF file from the first ELF file according to an embodiment of the present invention;
fig. 7 is a flowchart of a method for performing self-test according to the first ELF file according to an embodiment of the present invention;
FIG. 8 is a schematic structural diagram of an apparatus for detecting an ELF file according to an embodiment of the present invention;
FIG. 9 is a schematic structural diagram of an apparatus for detecting ELF files according to another embodiment of the present invention;
fig. 10 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
[ detailed description ] embodiments
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
It should be noted that, if not conflicted, the various features of the embodiments of the invention may be combined with each other within the scope of protection of the invention. Additionally, while functional block divisions are performed in the device diagrams, with logical sequences shown in the flowcharts, in some cases, the steps shown or described may be performed in a different order than the block divisions in the device diagrams, or the flowcharts.
Referring to fig. 1, fig. 1 is a schematic diagram of a real-time environment related to a method for detecting an ELF file according to an embodiment of the present invention. The implementation environment includes a server 100 and a terminal 200.
The server 100 is an application server, and is configured to receive an application program issued by an application developer, and store and issue the application program. In this embodiment, the server 100 may generate an ELF file including security information such as a digital signature, which is mainly to embed the security information such as the digital signature of the original ELF file in the header table of the ELF file.
The terminal 200 may be a smart phone, a tablet computer, a personal computer, etc., and the present embodiment does not specifically limit the product form of the terminal 200, and various application programs, such as a video playing application, a social contact application, a shopping application, a navigation application, etc., are installed in the terminal 200. In this embodiment, after acquiring the ELF file including the security information such as the digital signature from the server 100, the terminal 200 verifies the ELF file, and the process mainly verifies the ELF file according to the ELF file including the security information such as the digital signature.
In this embodiment, the server 100 and the terminal 200 may also perform self-check on the ELF file, and the self-check is performed mainly according to the ELF file including security information such as a digital signature.
The server 100 and the terminal 200 may communicate with each other through a wired network or a wireless network.
For a better understanding of the embodiments of the present invention, the ELF file will be described below.
The ELF file mainly includes three types of object files: (1) relocatable file (relocatable file) which primarily stores code and related data used in conjunction with other target files to create an executable file or a shared target file, e.g., files suffixed with a and o in Linux systems; (2) an executable file (executable file) which mainly stores a program capable of being executed; (3) the shared object file, which may also be referred to as a shared library, primarily holds code and related data for the link.
The format of the executable ELF file may be as follows, and mainly includes a header format of an ELF file of a 32-bit system and a header format of an ELF file of a 64-bit system.
Header of 32-bit system:
header of 64-bit system:
referring to fig. 2A and 2B, the ELF file mainly includes the following four parts: (1) an ELF header 10 for indicating organization information of the ELF file, such as version information, a type of the target file, an entry address of a program header table, an entry address of a section header table, a machine architecture, a processor architecture (which may also be referred to as an instruction set), a number of sections, and the like; (2) a program header table 11 for indicating how to create the process image; (3) a section 12 or a segment 13, configured to provide various items of information of a target file, such as instructions, data, a symbol table, a character string table, a hash table, relocation information, and the like, where a segment is one or more sections, and a section may also be referred to as a section area; (4) a section header table 14 for indicating information of each section in the ELF file, such as an entry of the section, a name of the section, a type of the section, a size of the section, a number of the sections, and the like.
Specifically, for example, referring to fig. 2C, a schematic diagram of an ELF file is provided, where the ELF file includes an ELF file header, an ELF section header table, and a section header table string table, and shows an offset of the ELF file header and an offset of the ELF section header table, where the section header table includes the section header string table. The ELF file format is specifically an ELF file format of a 64-bit system, and the file structure is as follows:
next, a method for detecting an ELF file according to an embodiment of the present invention will be described.
Referring to fig. 3, fig. 3 is an interaction diagram of a method for detecting an ELF file according to an embodiment of the present invention, where the method is applied to the server 100 and the terminal 200.
Specifically, as shown in fig. 3, the method includes:
s11, the server generates a first ELF file containing a target storage space, and the target storage space stores first verification information.
The first verification information may be a digital signature, and the first verification information may also be information such as a website, a unique identification code, and the like, other than the digital signature.
The first ELF file refers to an original ELF file containing the first verification information, and the first ELF file is obtained by adding the first verification information into the original ELF file. Specifically, as shown in fig. 4, the generating, by the server, the first ELF file including the target storage space specifically includes:
and S111, generating a second ELF file containing a target storage space, wherein the target storage space stores default values.
In this embodiment, the process of generating the second ELF file including the target storage space includes: adding a preset code into a source code corresponding to an original ELF file, compiling the source code containing the preset code by a compiler to obtain the second ELF file, where the second ELF file has a special section, and the section corresponds to a default value, and the default value may be represented by placeholders with different lengths, for example, when an MD5 digest algorithm is adopted, the default value may be set as: 000000000000000000000000, the length of the placeholder may be different when other algorithms are used. The special section and a default value corresponding to the special section form the target storage space, and the target storage space is used for storing the default value or the first check information.
The preset code may be, for example, the following code:
for example: voltaile const static __ attribute __ ((unused, section (". SO _ SIGN"))) char SO _ SIGN [ ] [ "00000000000000000000000000000000"; // default value, placeholder
And S112, generating first verification information of the second ELF file.
Wherein the first verification information of the second ELF file may be generated according to the preset algorithm (such as MD5, SHA1, HMAC, etc.). The first verification information may specifically be a digital signature, that is, a digital signature is generated for the second ELF file including the target storage space according to a digest algorithm. Assuming that the digest algorithm is MD5, generating a digital signature for the second ELF file using MD5 includes generating a digest for the second ELF file information using MD5 algorithm and encrypting the digest using a private key to generate the digital signature. The detailed process can refer to the prior art and is not described herein.
S113, writing the first verification information into the target storage space and replacing the default value to generate a first ELF file.
In this embodiment, the second ELF file including the target storage space may be modified by a preset first independent program, and the first verification information is mainly replaced with the default value of the special section, so as to obtain a new ELF file, that is, the first ELF file. The first independent program is a proprietary program preset by a developer, the first independent program is used for analyzing and retrieving the second ELF file, and acquiring the position and the corresponding value of the special section, and the first independent program further has a function of operating the ELF file, for example, changing a default value corresponding to the special section in the second ELF file.
As shown in fig. 5, the writing the first check information into the target storage space and replacing the default value to generate a first ELF file includes:
s1131, analyzing a file structure of the second ELF file to obtain an offset of a section head table of the second ELF file, the number of entries in the section head table and a section head character string table, wherein the section head table comprises the section head character string table;
s1132, traversing the sections in the section head table of the second ELF file according to the offset of the section head table of the second ELF file to find the target storage space in the section head character string table of the second ELF file;
s1133, writing the first verification information into the target storage space and replacing the default value in the target storage space to generate the first ELF file.
In this embodiment, first, the position of the header table in the second ELF file is determined according to the offset of the header table of the second ELF file; then, after the position of the section head table in the second ELF file is determined, traversing the section head character string table in the determined section head table to find a character string with the same name corresponding to the target storage space in the section head character string table, wherein the target storage space can be named through a character string; and determining a section corresponding to the character string, and further determining the position of the value of the section, wherein the position is the target storage space. And after the target storage space is found, replacing the default value with the first verification information so as to obtain the first ELF file.
For example, assume that the first check information is SIGN, the target storage space is named as SO _ SIGN, the corresponding section is section, and the default value is value. As shown in fig. 2C, when generating the first ELF file, first obtaining an offset e _ shoff of the node head table, and determining a position of the node head table according to the offset e _ shoff of the node head table; wherein the section head table comprises a section head character string table, the section head character string table comprises a plurality of character strings, and the section head character string table comprises the names of all sections. And traversing the section head character string table to find a character string named as SO _ SIGN in the section head character string table, further finding a section corresponding to the character string, and acquiring the position of the section, namely the target storage space. And finally, replacing the value with the sign to obtain the first ELF file.
S12, the server sends the first ELF file to the terminal.
The server can send the first ELF file to the terminal in a wireless or wired communication mode.
S13, the terminal replaces the first verification information stored in the target storage space with a default value to generate a second ELF file.
As shown in fig. 6, the replacing the first verification information in the target storage space with a default value to generate a second ELF file includes:
s131, analyzing the file structure of the first ELF file to obtain the offset of a section head table of the first ELF file, the number of entries in the section head table and a section head character string table, wherein the section head table comprises the section head character string table;
s132, traversing the sections in the section head table of the first ELF file according to the offset of the section head table of the first ELF file to determine the target storage space in the section head character string table of the first ELF file;
s133, modifying the first verification information in the target storage space storage to the default value to generate the second ELF file.
The essence of the process of generating the second ELF file according to the first ELF file is to replace the first verification information in the first ELF file with the default value, so as to obtain the ELF file containing the default value, that is, the second ELF file. Wherein the file structure of the first ELF file can be parsed by a second independent program. The second independent program is also a proprietary program preset by developers, and is used for analyzing and retrieving the first ELF file to obtain the position and the corresponding value of the special section, and the second independent program also has the functions of generating signature information and comparing the signature information.
The specific process of S131 to S133 may refer to the process of replacing the default value with the first verification information.
The first independent program and the second independent program may be two functions of one independent program, or two functions corresponding to the two independent programs.
S14, the terminal generates second check information of the second ELF file, and checks the integrity of the first ELF file according to the first check information and the second check information.
Wherein generating second check-up information of the second ELF file comprises: and acquiring ciphertext information of the second ELF file by adopting a digest algorithm (such as MD5, SHA1, HMAC and the like) on the second ELF file through the second independent program, wherein the ciphertext information is the second check-up information.
For example, the MD5 algorithm is used to generate the first check information of the second ELF file, if the first check information is a digital signature, the server sends the second ELF file information itself and the digest corresponding to the first check information to the terminal, the terminal also generates a new digest, which is the second check information, for the received second ELF file information itself by using the MD5 algorithm, and then the terminal can determine whether the ELF file is tampered by comparing the first check information and the second check information.
Wherein the detecting the integrity of the first ELF file according to the first check information and the second check information includes:
and judging whether the first check information and the second check information are the same, namely comparing whether the first check information and the second check information are completely consistent.
And if the first check information is the same as the second check information, the first ELF file is complete. If the first check information and the second check information are not the same, it is indicated that the ELF file is incomplete, that is, it indicates that the ELF file may be tampered.
Referring to fig. 3 as well, when detecting that the first ELF file is complete, the terminal is further configured to execute the following step S15; when detecting that the first ELF file is incomplete, the terminal is further configured to perform step S16 described below.
S15, the terminal modifies the default value in the target storage space into the first verification information so as to restore the second ELF file to the first ELF file.
And S16, deleting the second ELF file and exiting the program.
When the first ELF file is not complete, the method further comprises sending prompt information to the server, so that the tampered ELF file is prevented from affecting the safety of a user.
The above process is a process of verifying the first ELF file after the terminal receives the first ELF file, and the process solves the problem of how to judge that the code segment in the ELF file is modified after the ELF file is downloaded or upgraded. By the method, the security of the ELF file is improved, and unnecessary downloading is reduced.
Since the ELF file carries a digital signature, the ELF file has a self-checking function. The ELF file self-checking process may be implemented on the server or the terminal.
Therefore, in some embodiments, referring also to fig. 3, when detecting that the first ELF file is complete, the terminal is further configured to perform step S17 described below.
And S17, after the first ELF file is operated, performing self-check through the first ELF file to recheck the integrity of the first ELF file.
As shown in fig. 7, the self-checking by the first ELF file includes:
s171, copying the first ELF file to generate a third ELF file;
s172, analyzing the third ELF file through the running first ELF file to obtain the offset of a section head table of the third ELF file, the number of items in the section head table and a section head character string table;
s173, traversing the sections in the section head table of the third ELF file through the running first ELF file according to the offset of the section head table of the third ELF file to obtain a target storage space of the third ELF file and third verification information stored in the target storage space of the third ELF file;
the detailed process of obtaining the target storage space of the third ELF file and the third verification information may refer to the above method embodiment.
S174, modifying the third verification information into a default value of the third ELF file to generate a fourth ELF file;
the default value of the third ELF file is also the default value of the first ELF file, and the default value may be the same as the default value in the above embodiment. For example, when the MD5 digest algorithm is used, the default values may be set as: 000000000000000000000000, the length of the placeholder may be different when other algorithms are used.
S175, generating fourth verification information of the fourth ELF file through the running first ELF file;
for example, a digest algorithm (such as MD5, SHA1, HMAC, etc.) may be applied to the fourth ELF file by the running first ELF file to obtain ciphertext information of the fourth ELF file, where the ciphertext information is the fourth check information.
S176, comparing the third verification information with the fourth verification information through the running first ELF file, if the third verification information is the same as the fourth verification information, determining that the first ELF file is complete, and if not, determining that the first ELF file is incomplete.
And S177, deleting the third ELF file after the first ELF file is determined to be complete.
In this embodiment, the first ELF file includes the verification logic of the second independent program, and therefore, the self-verification process of the first ELF file can be implemented by running the first ELF file.
In the embodiment of the invention, the ELF file has a verification function, so that the ELF file can be prevented from being maliciously modified after being downloaded and verified successfully, and the safety of the ELF file is further improved.
It should be noted that, the above-mentioned process of performing self-check on the first ELF file may also be performed at the server side, and specifically, please refer to fig. 3 as well, the method further includes:
and S18, the terminal sends a confirmation instruction that the first ELF file is a complete ELF file to the server.
The terminal can send a confirmation instruction that the first ELF file is a complete ELF file to the server in a wired or wireless mode.
S19, the server receives the confirmation instruction, runs the first ELF file, and performs self-checking through the running first ELF file to recheck the integrity of the first ELF file.
For a detailed process of the server performing self-checking through the running first ELF file, reference may be made to the above S171 to S177, which is not described herein again.
Referring to fig. 8, fig. 8 is a schematic structural diagram of an apparatus for detecting an ELF file according to an embodiment of the present invention, and as shown in fig. 8, the apparatus 40 may be applied to the terminal. The device 40 comprises: a first obtaining module 41, a first generating module 42, a second obtaining module 43, and a detecting module 44.
The first obtaining module 41 is configured to obtain a first ELF file including a target storage space, where first verification information is stored in the target storage space; the first generating module 42 is configured to replace the first verification information stored in the target storage space with a default value to generate a second ELF file; the second obtaining module 43 is configured to generate second check-up information of the second ELF file; the detecting module 44 is configured to check integrity of the first ELF file according to the first check information and the second check information.
The first generating module 42 includes an analyzing unit 421, an obtaining unit 422, and a processing unit 423. The parsing unit 421 is configured to parse the file structure of the first ELF file to obtain an offset of a section header table of the first ELF file, an item number in the section header table, and a section header character string table, where the section header table includes the section header character string table; the obtaining unit 422 is configured to traverse the sections in the section header table of the first ELF file according to the offset of the section header table of the first ELF file, so as to determine the target storage space in the section header character string table of the first ELF file; the processing unit 423 is configured to modify the first check information in the target storage space storage to the default value, so as to generate the second ELF file.
Wherein the detection module 44 is specifically configured to: judging whether the first check information and the second check information are the same; if so, the first ELF file is complete; and if not, the first ELF file is incomplete.
Optionally, the detection module 44 is further configured to: when the first ELF file is complete, the default value in the target storage space is modified into the first verification information, so that the second ELF file is restored to the first ELF file; and when the first ELF file is not complete, deleting the second ELF file and quitting the program, or sending prompt information.
In some embodiments, referring to fig. 8 as well, the apparatus 40 further includes a self-test module 45, where the self-test module 45 is configured to perform a self-test on the first ELF file after the first ELF file is run when the first ELF file is determined to be complete, so as to re-verify the integrity of the first ELF file. The self-checking module 45 is specifically configured to: when a program is started, self-checking is carried out according to the first ELF file so as to detect the integrity of the ELF file; or periodically carrying out self-checking according to the first ELF file so as to detect the integrity of the ELF file.
The self-checking module 45 is further specifically configured to:
copying the first ELF file to generate a third ELF file;
analyzing the third ELF file through the running first ELF file to obtain the offset of a section head table, the number of items in the section head table and a section head character string table of the third ELF file;
according to the offset of the section head table of the third ELF file, traversing the sections in the section head table of the third ELF file through the running first ELF file to acquire a target storage space of the third ELF file and third verification information stored in the target storage space of the third ELF file;
modifying the third verification information into a default value of the third ELF file to generate a fourth ELF file;
generating fourth verification information of the fourth ELF file through the running first ELF file;
comparing the third verification information with the fourth verification information through the running first ELF file, if the third verification information is the same as the fourth verification information, determining that the first ELF file is complete, otherwise, determining that the first ELF file is incomplete;
and deleting the third ELF file after the first ELF file is determined to be complete.
It should be noted that the apparatus for detecting an ELF file provided in this embodiment can execute the method for detecting an ELF file provided in the foregoing embodiment, and has corresponding functional modules and beneficial effects of the execution method. Technical details that are not described in detail in the embodiment of the apparatus for detecting an ELF file may be referred to a method for detecting an ELF file provided in the embodiment of the present invention.
Referring to fig. 9, fig. 9 is a schematic structural diagram of an apparatus for detecting an ELF file according to an embodiment of the present invention, and as shown in fig. 9, the apparatus 50 may be applied to the server. The apparatus 50 comprises: a first generation module 51, a verification information generation module 52 and a second generation module 52.
The first generating module 51 is configured to generate a second ELF file including a target storage space, where the target storage space stores a default value; the verification information generating module 52 is configured to generate first verification information of the second ELF file; the second generating module 52 is configured to write the first verification information into the target storage space and replace the default value, so as to generate a first ELF file.
The second generating module 52 is specifically configured to:
analyzing the file structure of the second ELF file to obtain the offset of a section head table of the second ELF file, the number of entries in the section head table and a section head character string table, wherein the section head table comprises the section head character string table;
traversing the sections in the section head table of the second ELF file according to the offset of the section head table of the second ELF file to find the target storage space in the section head character string table of the second ELF file;
and writing the first check information into the target storage space and replacing the default value in the target storage space to generate the first ELF file.
It should be noted that the apparatus for detecting an ELF file provided in this embodiment can execute the method for detecting an ELF file provided in the foregoing embodiment, and has corresponding functional modules and beneficial effects of the execution method. Technical details that are not described in detail in the embodiment of the apparatus for detecting an ELF file may be referred to a method for detecting an ELF file provided in the embodiment of the present invention.
Referring to fig. 10, fig. 10 is a schematic structural diagram of an electronic device 60 according to an embodiment of the present invention, where the electronic device 60 may be used to execute the method for detecting an ELF file as described above, and as shown in fig. 10, the electronic device 60 includes:
one or more processors 61 and a memory 62, with one processor 61 being an example in fig. 10.
The processor 61 and the memory 62 may be connected by a bus or other means, and fig. 10 illustrates the connection by a bus as an example.
The memory 62, which is a non-volatile computer-readable storage medium, may be used for storing non-volatile software programs, non-volatile computer-executable programs, and modules, such as program instructions/modules (e.g., the respective modules shown in fig. 8 and 9) corresponding to the method for detecting ELF files in the embodiment of the present invention. The processor 61 executes various functional applications and data processing of the apparatus for detecting ELF files, that is, implements the method for detecting ELF files of the above-described method embodiments, by executing the nonvolatile software programs, instructions, and modules stored in the memory 62.
The memory 62 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of a device that detects an ELF file, and the like. Further, the memory 62 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, the memory 62 optionally includes a memory remotely located from the processor 61, and these remote memories may be connected to the means for detecting ELF files via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The one or more modules are stored in the memory 62, and when executed by the one or more processors 61, perform the method for detecting ELF files in any of the above-described method embodiments, for example, perform the above-described method steps S11 to S19 in fig. 3, method steps S111 to S113 in fig. 4, method steps S1131 to S1133 in fig. 5, method steps S131 to S133 in fig. 6, implement method steps S171 to S177 in fig. 7, implement the functions of the modules 41 to 45, the unit 421 and 423 in fig. 8, and the modules 51 to 52 in fig. 9.
The product can execute the method provided by the embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method. For technical details that are not described in detail in this embodiment, reference may be made to the method provided by the embodiment of the present invention.
The electronic device of the embodiment of the invention exists in various forms, including but not limited to mobile terminals, servers and other electronic devices with data interaction functions.
Embodiments of the present invention provide a non-volatile computer-readable storage medium storing computer-executable instructions for an electronic device to perform the method for detecting ELF files in any of the above-mentioned method embodiments, for example, the method steps S11 to S19 in fig. 3, the method steps S111 to S113 in fig. 4, the method steps S1131 to S1133 in fig. 5, and the method steps S131 to S133 in fig. 6 described above are performed, the method steps S171 to S177 in fig. 7 are implemented, and the functions of the modules 41 to 45, the unit 421 and 423 in fig. 8, and the modules 51 to 52 in fig. 9 are implemented.
Embodiments of the present invention provide a computer program product comprising a computer program stored on a non-volatile computer-readable storage medium, the computer program comprising program instructions that, when executed by a computer, cause the computer to perform the method for detecting an ELF file in any of the above-described method embodiments, for example, perform the above-described method steps S11 to S19 in fig. 3, method steps S111 to S113 in fig. 4, method steps S1131 to S1133 in fig. 5, method steps S131 to S133 in fig. 6, implement method steps S171 to S177 in fig. 7, implement the functions of modules 41 to 45, unit 421 and 423 in fig. 8, and modules 51 to 52 in fig. 9.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a general hardware platform, and certainly can also be implemented by hardware. It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware related to instructions of a computer program, which can be stored in a computer readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; within the idea of the invention, also technical features in the above embodiments or in different embodiments may be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the invention as described above, which are not provided in detail for the sake of brevity; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (10)
1. A method of detecting ELF files, the method comprising:
acquiring a first ELF file containing a target storage space, wherein first verification information is stored in the target storage space;
replacing the first verification information stored in the target storage space with a default value to generate a second ELF file;
generating second check-up information of the second ELF file;
and checking the integrity of the first ELF file according to the first checking information and the second checking information.
2. The method of claim 1, wherein replacing the first parity information in the target storage space with a default value to generate a second ELF file comprises:
analyzing the file structure of the first ELF file to obtain the offset of a section head table of the first ELF file, the number of entries in the section head table and a section head character string table, wherein the section head table comprises the section head character string table;
traversing sections in the section head table of the first ELF file according to the offset of the section head table of the first ELF file to determine the target storage space in the section head character string table of the first ELF file;
and modifying the first check information in the target storage space storage into the default value to generate the second ELF file.
3. The method according to claim 1 or 2, characterized in that the method further comprises:
when the first ELF file is complete, the default value in the target storage space is modified into the first verification information, so that the second ELF file is restored to the first ELF file;
and when the first ELF file is not complete, deleting the second ELF file and exiting the program.
4. The method according to claim 1 or 2, characterized in that the method further comprises:
after the first ELF file is operated, self-checking is carried out through the first ELF file so as to recheck the integrity of the first ELF file.
5. The method of claim 4, wherein the self-checking by the first ELF file comprises:
copying the first ELF file to generate a third ELF file;
analyzing the third ELF file through the running first ELF file to obtain the offset of a section head table, the number of items in the section head table and a section head character string table of the third ELF file;
according to the offset of the section head table of the third ELF file, traversing the sections in the section head table of the third ELF file through the running first ELF file to acquire a target storage space of the third ELF file and third verification information stored in the target storage space of the third ELF file;
modifying the third verification information into a default value of the third ELF file to generate a fourth ELF file;
generating fourth verification information of the fourth ELF file through the running first ELF file;
comparing the third verification information with the fourth verification information through the running first ELF file, if the third verification information is the same as the fourth verification information, determining that the first ELF file is complete, otherwise, determining that the first ELF file is incomplete.
6. The method of claim 5, further comprising, after said determining that the first ELF file is complete:
and deleting the third ELF file.
7. A method of generating an ELF file, the method comprising:
generating a second ELF file containing a target storage space, wherein the target storage space stores a default value;
generating first verification information of the second ELF file;
and writing the first check information into the target storage space and replacing the default value to generate a first ELF file.
8. The method of claim 7, wherein writing the first parity information into the target storage space and replacing the default value to generate a first ELF file comprises:
analyzing the file structure of the second ELF file to obtain the offset of a section head table of the second ELF file, the number of entries in the section head table and a section head character string table, wherein the section head table comprises the section head character string table;
traversing the sections in the section head table of the second ELF file according to the offset of the section head table of the second ELF file to find the target storage space in the section head character string table of the second ELF file;
and writing the first check information into the target storage space and replacing the default value in the target storage space to generate the first ELF file.
9. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor;
wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1 to 8.
10. A non-transitory computer-readable storage medium storing computer-executable instructions that, when executed by an electronic device, cause the electronic device to perform the method of any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911232517.2A CN111090889A (en) | 2019-12-05 | 2019-12-05 | Method for detecting ELF file and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911232517.2A CN111090889A (en) | 2019-12-05 | 2019-12-05 | Method for detecting ELF file and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111090889A true CN111090889A (en) | 2020-05-01 |
Family
ID=70394614
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911232517.2A Pending CN111090889A (en) | 2019-12-05 | 2019-12-05 | Method for detecting ELF file and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111090889A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102222196A (en) * | 2010-04-16 | 2011-10-19 | 汤姆森特许公司 | Method, device and computer program support for verification of checksums for self-modified computer code |
| CN102662789A (en) * | 2012-03-27 | 2012-09-12 | 株洲南车时代电气股份有限公司 | Method for adding CRC (cyclic redundancy check) to ELF (executable linkable format) file |
| CN106126367A (en) * | 2016-06-28 | 2016-11-16 | 湖北锐世数字医学影像科技有限公司 | A kind of self checking method and system of file |
| CN107003916A (en) * | 2014-11-28 | 2017-08-01 | 汤姆逊许可公司 | Method and apparatus for providing checking application integrity |
-
2019
- 2019-12-05 CN CN201911232517.2A patent/CN111090889A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102222196A (en) * | 2010-04-16 | 2011-10-19 | 汤姆森特许公司 | Method, device and computer program support for verification of checksums for self-modified computer code |
| CN102662789A (en) * | 2012-03-27 | 2012-09-12 | 株洲南车时代电气股份有限公司 | Method for adding CRC (cyclic redundancy check) to ELF (executable linkable format) file |
| CN107003916A (en) * | 2014-11-28 | 2017-08-01 | 汤姆逊许可公司 | Method and apparatus for providing checking application integrity |
| CN106126367A (en) * | 2016-06-28 | 2016-11-16 | 湖北锐世数字医学影像科技有限公司 | A kind of self checking method and system of file |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP4980064B2 (en) | Method for differentially updating data stored in portable terminal from first data version to updated data version, portable terminal and computer program | |
| CN108334753B (en) | Pirate application verification method and distributed server node | |
| ES2804771T3 (en) | Method and system for providing terminal identifiers | |
| KR101214893B1 (en) | Apparatus and method for detecting similarity amongf applications | |
| US20160275019A1 (en) | Method and apparatus for protecting dynamic libraries | |
| CN108683502B (en) | Digital signature verification method, medium and equipment | |
| CN111143869B (en) | Application package processing method and device, electronic equipment and storage medium | |
| US7962952B2 (en) | Information processing apparatus that executes program and program control method for executing program | |
| US20160162686A1 (en) | Method for verifying integrity of dynamic code using hash background of the invention | |
| US8225189B2 (en) | Data error detection | |
| CN104517054A (en) | Method, device, client and server for detecting malicious APK | |
| CN109271789B (en) | Malicious process detection method and device, electronic equipment and storage medium | |
| CN109255232B (en) | Software loading method and software loading device | |
| CN112001376B (en) | Fingerprint identification method, device, equipment and storage medium based on open source component | |
| CN108595950A (en) | A kind of safe Enhancement Methods of SGX of combination remote authentication | |
| CN115248919A (en) | Method and device for calling function interface, electronic equipment and storage medium | |
| CN106709281B (en) | Patch granting and acquisition methods, device | |
| CN110008758B (en) | ID obtaining method and device, electronic equipment and storage medium | |
| KR101482700B1 (en) | Method For Verifying Integrity of Program Using Hash | |
| CN110941825B (en) | Application monitoring method and device | |
| WO2020233044A1 (en) | Plug-in verification method and device, and server and computer-readable storage medium | |
| CN111090889A (en) | Method for detecting ELF file and electronic equipment | |
| CN109165512A (en) | A kind of the intention agreement URL leak detection method and device of application program | |
| US20190102573A1 (en) | Theater ears android app sensitive data management | |
| CN112115477B (en) | Kernel repairing method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20210222 Address after: B1601, Shenzhen national engineering laboratory building, No.20, Gaoxin South 7th Road, high tech Zone community, Yuehai street, Nanshan District, Shenzhen, Guangdong 518000 Applicant after: Shenzhen shuliantianxia Intelligent Technology Co.,Ltd. Address before: 1003, 10th floor, block D, Shenzhen Institute of aerospace technology innovation building, no.6, South Science and technology 10 road, high tech South District, Nanshan District, Shenzhen, Guangdong 518000 Applicant before: SHENZHEN H & T HOME ONLINE NETWORK TECHNOLOGY Co.,Ltd. |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200501 |