CN113065072A - Data processing method and system for community marketing management - Google Patents

Data processing method and system for community marketing management Download PDF

Info

Publication number
CN113065072A
CN113065072A CN202110226137.9A CN202110226137A CN113065072A CN 113065072 A CN113065072 A CN 113065072A CN 202110226137 A CN202110226137 A CN 202110226137A CN 113065072 A CN113065072 A CN 113065072A
Authority
CN
China
Prior art keywords
function
hook
software client
address
dll
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110226137.9A
Other languages
Chinese (zh)
Inventor
李建新
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suning Financial Technology Nanjing Co Ltd
Original Assignee
Suning Financial Technology Nanjing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suning Financial Technology Nanjing Co Ltd filed Critical Suning Financial Technology Nanjing Co Ltd
Priority to CN202110226137.9A priority Critical patent/CN113065072A/en
Publication of CN113065072A publication Critical patent/CN113065072A/en
Priority to CA3150578A priority patent/CA3150578A1/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/953Querying, e.g. by the use of web search engines
    • G06F16/9536Search customisation based on social or collaborative filtering
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/953Querying, e.g. by the use of web search engines
    • G06F16/9535Search customisation based on user profiles and personalisation

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)
  • Stored Programmes (AREA)

Abstract

The invention belongs to the technical field of intelligent marketing, and discloses a data processing method and a data processing system for community marketing management, wherein the method comprises the following steps: injecting the data into a PC version software client process through a hook. Dll hooks the specified function of the software client to manage the related instructions received or sent via the software client. The invention adopts the PC hook technology to hook the memory of the software operating system and the required function so as to automatically control the software client, thereby intelligently managing the software client and completing the daily operation and improving the marketing efficiency.

Description

Data processing method and system for community marketing management
Technical Field
The invention belongs to the technical field of intelligent marketing, and particularly relates to a data processing method and system for community marketing management.
Background
Marketing is an important link of modern enterprises, along with the increasingly fierce competition among the enterprises, the cost for acquiring flow is higher and higher, the community marketing gradually becomes a novel effective marketing means, and the method has the advantages of low cost, high income, accurate marketing users, efficient communication, precipitation of vermicelli and the like. Taking WeChat as an example, WeChat is one of the most effective tools for community marketing as the most widely used social tool in China. But presents a significant challenge to hundreds or thousands of wechat groups, buddies, pull, promotion, messaging, etc.
With the increasing of personal friends and groups, the marketing of community becomes more difficult by manual operation of individuals, and the technical difficulty is how to access WeChat. The following technical scheme is available in the market at present: firstly, a Web page end scheme simulates a login page version based on a page version protocol of certain social software, but in recent years, a large number of social software accounts (such as WeChat) are prohibited from logging in the page version WeChat, so that the technology cannot be applied to all micro signals; the simulator scheme has high delay, low real-time arrival rate of messages, slow artificial operation efficiency of simulation, few functions and low practicability; and the IPAD/MAC protocol scheme is realized by simulating an IPAD/MAC protocol of certain social software, but is extremely easy to detect and easily causes the security problem of the seal number through the research and development of grpc and mmtls.
Therefore, how to intelligently manage social software becomes a problem which needs to be solved at present, so that the social software can be automatically marketed and operated.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide a data processing method and a data processing system for community marketing management.
In a first aspect of the present invention, a data processing method for community marketing management is provided, including:
injecting the data into a PC version software client process through a hook.
Dll hooks the specified function of the software client to manage the related instructions received or sent via the software client.
Dll technology is used to inject the software client process into a PC version, including:
allocating a memory space in an address space of a target process;
writing a hook.DLL path into the memory space;
creating a remote thread, and enabling the target process to call a LoadLibraryW function;
and releasing the memory space opened up by the software client process.
The specific functions of the PC version software client are hooked by a hook.
Calculating a base address of a core dynamic link library of the client software and an offset address for realizing each function in the core dynamic link library;
adding the base address and the offset address to obtain a function address needing hook;
modifying the protection attribute of the function address of the hook, and allowing a write instruction;
adding a jump instruction function at the head of the function address of hook, and jumping to a self-defined function address;
and after the self-defined function address is executed, jumping to the hook function to continue executing.
And further, after receiving the new message, the PC software client jumps to a specified function of the hook DLL through a message receiving function of the software client, and transmits the new message to the background management terminal through the interface process.
Further, when the background management end actively replies a message according to a preset strategy, the message is transmitted to a designated function of the hook.DLL through the interface process, and the hook.DLL calls a message sending function of the software client to send the message out.
Further, a piece of memory is allocated in the address space of the software client process by using the virtualalloceex function for storing path data of the injected hook.
Furthermore, the core dynamic link library stores functions of the software client for realizing functions of receiving and sending messages, receiving and sending files, transferring accounts and receiving accounts and inquiring.
In another aspect of the present invention, a data processing system for community marketing management is provided, which includes a software control end interacting with a background management end, the software control end including a PC-version software client, a function injection module and a function hooking module, wherein,
the function injection module is injected into a process of a PC version software client through hook.
Further, the software control end and the background management end exchange messages through interface process communication.
Compared with the prior art, the data processing method and the data processing system for the community marketing management adopt the pc hook technology, the DLL invades the process of the software client side of the pc edition through the software hook, and the function in the DLL hooks the function of the WeChat client side, so that the aim of intercepting the software operation is fulfilled. When the software client receives a new message, the software client receives the message function and jumps to the DLL specified function, the received message is transmitted to the background management end in real time through the software interface process, and the background management end automatically replies the message according to a preset strategy. When the message needs to be actively sent, the background management end actively triggers the message sending action, the message is transmitted to the hook DLL through the software interface process, the hook DLL calls a message sending function of the software interface process, and the message is sent out through the pc-version software client.
Drawings
Fig. 1 is a flowchart of a data processing method for community marketing management in an embodiment of the present invention.
FIG. 2 is a flow diagram of dll injection in an embodiment of the present invention.
Fig. 3 is a flow chart of the DLL hook assignment function in the embodiment of the present invention.
FIG. 4 is an architecture diagram of a data processing system for community marketing management in an embodiment of the present invention.
Fig. 5 is a schematic flow chart of the WeChat hook in the embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings. Wherein the embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the present invention and are not to be construed as limiting the present invention.
Fig. 1 is a flowchart of a data processing method for community marketing management according to an embodiment of the present invention.
Before describing the steps of an embodiment of the present invention, the following hook technique is introduced. Programming under a windows system usually contacts with the use of an api function, the number of commonly used api functions is about 2000, and with the advent of efficient programming technologies such as controls, stl and the like, the use probability of the api becomes smaller and smaller on common user programs. When some functions cannot be realized by the existing means such as controls, the functions of some api functions are not satisfactory, so that how to modify the apis to better serve the programs makes the api hook appear naturally. The original function of a system api can be changed through the api hook. The basic approach is to change its address to point to the new custom function by "touching" the hook to the entry point of the api function that needs to be modified. The essence of the api hook is that the basic hook is required to improve the authority of the basic hook, and the aim of modifying the address of the api function is achieved by crossing access limitations among different processes.
Referring to fig. 1, a data processing method for community marketing management includes the steps of:
step S1, injecting the data into a software client process of a PC version through a hook.
Referring to fig. 2, the step S1 specifically includes:
s11, allocating a memory space in the address space of the target process;
because the original memory space can not be written, a memory buffer area which is large enough for storing the path of the injected WeChat hook DLL is distributed in the address space of the WeChat process by using a VirtualAllocEx function, and the size of the buffer area is specified as the character string length of the DLL file path.
S12, writing a hook.
And writing the path of the DLL file to be loaded into a target process, and writing the character string path into the allocated buffer area through a WriteProcessMemory function.
S13, creating a remote thread, and enabling the target process to call a LoadLibraryW function;
the GetProcAddress function is used to obtain the start address of the LoadLibraryW function, and the createremotetrathreadw function is used to let the wechat process execute the LoadLibraryW to load the injected dll. Since the function address in the target process is the same as the function address in the injection program, the function address inherited by the target can be replaced by acquiring the address of the current function, and then the process created by the function can be executed in the target process. In windows systems, the load address of kernel32.dll is the same in every process, and is mapped to the same address each time during run-time. In the windows system, the first time a dll enters a memory is called "loading", and later, other processes do not need to be loaded again when the same dll needs to be used, and the loading can be realized only by mapping a loaded dll code and a resource.
And S14, releasing the memory space opened by the software client process.
After release, writing and thread creation of other functions is facilitated.
To summarize, the principle of the injection process of step S1 is: a new area is firstly opened up in the memory space of a target process, a path of DLL is written into the new area, then a remote thread is created to find a LoadLibrary () function, the DLL path is read in the newly opened area, and then the DLL written by the user is loaded, so that the injected DLL has the access right of the memory of the target process, and the user can carry out appointed operation.
It should be noted that the dll injection implementation method of the present invention is implemented by creating a remote thread (createremotetrathreadend () API), which has the advantages of small memory usage and difficulty in trace search, but those skilled in the art should understand that the dll injection implementation method can also be implemented by using a registry (AppInit _ DLLs value).
Specifically, the software client in the above embodiments includes, but is not limited to, social software such as WeChat, QQ, Aliwang, and the like. Based on reliability and safety, the hook dll invades into the PC end, namely the PC hook technology is adopted, the hook is directly hooked into the related application software installed on the computer, and the reliability is high.
And step S2, hooking the specified function of the software client through the hook. The specific function here refers to a function with a specific function in the software client, such as a message receiving function and a message sending function.
Referring to fig. 3 in a matching manner, the step S2 specifically includes:
s21, calculating the base address of the core dynamic link library of the client software and the offset address for realizing each function in the core dynamic link library;
the basic functions realized by the software client side, such as text message receiving and sending, picture receiving and sending, file sending, account transferring, automatic money collection, friend inquiry, group inquiry, friend agreement and the like, are stored in the base address of the core dynamic link library. Since the functional address of each book is different, the offset address is also changed, and addressing is needed. And finding a function for sending the message by adopting reverse analysis, analyzing the parameters of the function, calculating the offset address of the function, and performing embedded assembly to generate the DLL.
S22, adding the base address and the offset address to obtain a function address needing hook;
the function address hookAddr requiring hook is the base address plus offset address of the software, taking WeChat as an example, the address requiring hook is: HookAddr ═ wechatWinAddr + HookOffset
S23, modifying the protection attribute of the function address of hook, and allowing the instruction to be written; and modifying the protection authority to allow other functions to be written.
S24, adding a jump instruction function at the head of the function address of hook, and jumping to the self-defined function address; and covering the original function code with a jump instruction at the initial position of the function code, and jumping to the self-defined hook function. The user-defined function is a function written by a user, and is used for automatically processing various messages of the client.
And S25, after the self-defined function address is executed, jumping to the hook function to continue executing.
And the software interface process and the background management end are mutually called through an http interface (or tcpsocket). Through the process, the software can be automatically intercepted, the messages from the software can be managed and controlled, and the purpose of automatic processing, such as message reply, file sending and the like, is achieved.
Referring to fig. 4, another embodiment of the present invention provides a data processing system for community marketing management, including a software control end interacting with a background management end, the software control end including a PC-version software client, a function injection module and a function hooking module, wherein,
the function injection module is injected into a process of a software client of a PC version through a hook.
And the software control end and the background management end exchange messages through interface process communication.
When the software client receives a new message, the software client receives the message function and jumps to the DLL specified function, the received message is transmitted to the background management end in real time through the software interface process, and the background management end automatically replies the message according to a preset strategy. When the message needs to be actively sent, the background management end actively triggers the action of sending the message, the message is transmitted to hook.
In order to more accurately understand the embodiment of the present invention, referring to fig. 5, a schematic diagram of an embodiment of the present invention is shown, and how the scheme in the embodiment of the present invention hooks a WeChat.
Firstly, adopting a pc hook technology, invading a pc version wechat client through a wechat hook DLL, and inserting a specific DLL file into a wechat process, wherein the specific injection process comprises the following steps:
1. the handle of the target PROCESS (PROCESS _ ALL _ ACCESS right) is acquired and the corresponding PROCESS can then be controlled using the handle hpprocess.
2. A VirtualAllocEx function is used to allocate a memory buffer area which is large enough to store the path of the injected WeChat hook DLL in the address space of the WeChat process, and the size of the buffer area is specified as the length of the character string of the DLL file path.
3. And copying the data in the memory for storing the dll path in the WeChat process to the memory of the target process obtained in the step 2 by using a WriteProcessMemory function.
4. The start address of the LoadLibraryW function is obtained using the GetProcAddress function.
5. The createremotetrathreaded function is used to let the wechat process execute the LoadLibraryW to load the injected dll.
6. Using VirtualFreeEx to release the memory opened in step (1).
dll injection is to instruct other processes to call the lowibrary () api by themselves, load (loading) a dll file specified by a user, and the injected dll has the right to access the memory of the target process. DLLs are loaded into a process and then automatically run DLLMain () functions, a user can put codes which the user wants to execute into the DLLMain () functions, and when the DLL is not loaded, the added codes can be executed naturally. With this feature, the program bug can be repaired or a new function can be added to the program. And the injected dll is injected into the inside of the WeChat, so that the data of the WeChat is intercepted, and the function of calling the WeChat is realized.
And secondly, hooking a WeChat client function by using a function in the DLL to achieve the purpose of intercepting WeChat operation. The method specifically comprises the following steps:
1. the weChatWinAddr with the base address of a Wechatwin. dll core dynamic link library is calculated, and functions of receiving and sending messages, transferring accounts, sending pictures and the like are all in the core dynamic link library.
2. And calculating offset addresses hookOffset of functions of sending the text message, receiving the text message, inquiring friends, inquiring WeChat groups and the like, and preparing for next hook.
3. The function address hookAddr that requires hook is the WeChat base address plus the offset address, hookAddr + hookOffset.
4. And modifying the protection attribute of the address hookAddr of the function to be hook, and allowing the instruction to be written.
5. Dll corresponds to a self-defined function address of funAddr, and a jump instruction is added to the head of the hookAddr only to jump to the self-defined function.
6. And after the custom function is executed, jumping to be executed continuously by the Hook function.
The specific principle of the management WeChat is as follows: and a pc hook technology is adopted, a WeChat hook DLL is used for invading a pc edition WeChat client, and a function in the DLL hooks a WeChat client function, so that the aim of intercepting WeChat operation is fulfilled. When the WeChat client receives a new message, the client receives the message function and jumps to the DLL specified function, the WeChat message is transmitted to the background management end in real time through the WeChat interface process, and the background management end automatically replies the message according to a preset strategy. When the message needs to be actively sent, the background management end actively triggers the message sending action, the message is transmitted to hook. And the WeChat hook.dll and the WeChat interface process exchange messages by using interprocess communication, and the WeChat interface process and a background management end (server) are mutually called through an http interface. The management operation of various friends, WeChat groups, friend circles and the like can be realized, for example, the friend related classes are as follows: adding friends, deleting friends, sending and receiving business cards, sending and receiving text messages, sending and receiving picture information and sending and receiving file information; group-related classes: modifying the group name card, checking the group members, adding the group members, publishing the group announcement, publishing the group message and receiving the group message. Through the process, the effect of automatically managing the WeChat can be achieved, the automatic community management of community marketing operators can be helped, the marketing efficiency is greatly improved, and the manpower is saved. Meanwhile, the technology can be used for digitally managing the WeChat and accurately managing community marketing.
The foregoing description shows and describes several preferred embodiments of the invention, but as aforementioned, it is to be understood that the invention is not limited to the forms disclosed herein, but is not to be construed as excluding other embodiments and is capable of use in various other combinations, modifications, and environments and is capable of changes within the scope of the inventive concept as expressed herein, commensurate with the above teachings, or the skill or knowledge of the relevant art. And that modifications and variations may be effected by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (10)

1. A data processing method for community marketing management, the method comprising:
injecting the data into a PC version software client process through hook.DLL;
dll hooks the specified function of the software client to manage the related instructions received or sent via the software client.
2. The data processing method of claim 1, wherein injecting into the software client process using hook.
Allocating a memory space in an address space of a target process;
writing a hook.DLL path into the memory space;
creating a remote thread, and enabling the target process to call a LoadLibraryW function;
and releasing the memory space opened up by the software client process.
3. The data processing method of claim 1, wherein hooking the specified function of the software client through a hook.
Calculating a base address of a core dynamic link library of the client software and an offset address for realizing each function in the core dynamic link library;
adding the base address and the offset address to obtain a function address needing hook;
modifying the protection attribute of the function address of the hook, and allowing a write instruction;
adding a jump instruction function at the head of the function address of hook, and jumping to a self-defined function address;
and after the self-defined function address is executed, jumping to the hook function to continue executing.
4. The data processing method as claimed in any one of claims 1 to 3, wherein after receiving the new message, the PC software client jumps to a specified function of the hook.DLL through a message receiving function of the software client, and transmits the new message to the background management terminal through the interface process.
5. The data processing method of claim 4, wherein when the background management terminal actively replies to the message according to a preset policy, the message is transmitted to a designated function of the hook.
6. The data processing method of claim 2, wherein a virtualalloceex function is used to allocate a block of memory in an address space of the software client process for storing path data of hook.dll of the injected software client, a WriteProcessMemory function is used to write the path data of hook.dll into the allocated memory space, a GetProcAddress function is used to obtain a start address of a loadlibrary w function, and then a createremotetrathreadread function is used to allow the software client process to execute the loadlibrary w to load the injected hook.dll.
7. The data processing method of claim 3, wherein the kernel dynamic link library stores functions of the software client for receiving and sending messages, receiving and sending files, transferring accounts and receiving and related functions.
8. The data processing method of claim 1, wherein the software client comprises WeChat, QQ.
9. A data processing system for community marketing management comprises a software control end interacting with a background management end, and is characterized in that the software control end comprises a PC software client, a function injection module and a function hooking module, wherein,
the function injection module is injected into a process of a PC version software client through hook.
10. The data processing system of claim 9, wherein messages are exchanged between the software control side and the background management side via an interface process communication.
CN202110226137.9A 2021-03-01 2021-03-01 Data processing method and system for community marketing management Pending CN113065072A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202110226137.9A CN113065072A (en) 2021-03-01 2021-03-01 Data processing method and system for community marketing management
CA3150578A CA3150578A1 (en) 2021-03-01 2022-03-01 Data processing method for social media marketing management and system thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110226137.9A CN113065072A (en) 2021-03-01 2021-03-01 Data processing method and system for community marketing management

Publications (1)

Publication Number Publication Date
CN113065072A true CN113065072A (en) 2021-07-02

Family

ID=76559387

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110226137.9A Pending CN113065072A (en) 2021-03-01 2021-03-01 Data processing method and system for community marketing management

Country Status (2)

Country Link
CN (1) CN113065072A (en)
CA (1) CA3150578A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117596223B (en) * 2024-01-18 2024-06-25 北京亿赛通科技发展有限责任公司 Method, device and system for managing and controlling outgoing messages of instant messaging software client

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
LTYANDY: "PE基础6_远程线程注入-HOOK(消息-InLine-IAT)", 《HTTPS://WWW.CNBLOGS.COM/LTYANDY/P/11107480.HTML》 *
ZHX0AN: "微信PC Hook - 接收文本消息", 《HTTPS://WWW.IT610.COM/ARTICLE/1280270544398204928.HTM》 *

Also Published As

Publication number Publication date
CA3150578A1 (en) 2022-09-01

Similar Documents

Publication Publication Date Title
CN104268055B (en) The monitoring method and device of a kind of program exception
CN109213611B (en) Cross-process communication method, device, terminal and storage medium
CN102779255B (en) Method and device for judging malicious program
CN107045475B (en) Test method and device
CN108399331A (en) Application process trial method and system
CN110781061B (en) Method and device for recording user behavior link
US20220138074A1 (en) Method, electronic device and computer program product for processing data
CN107526623B (en) Data processing method and device
CN109842621A (en) A kind of method and terminal reducing token storage quantity
CN109359092A (en) File management method, desktop display method, device, terminal and medium
CN108446224A (en) The method for analyzing performance, storage medium of application program on mobile terminal
CN113065072A (en) Data processing method and system for community marketing management
CN109921916B (en) Message processing method and device in multi-user group, storage medium and terminal equipment
CN110727523A (en) Service request processing method, processing device and readable storage medium
CN107102937B (en) User interface testing method and device
CN107391274A (en) The processing method and processing device of deferred information
CN114356521A (en) Task scheduling method and device, electronic equipment and storage medium
CN114610446B (en) Method, device and system for automatically injecting probe
CN108984238A (en) Gesture processing method, device and the electronic equipment of application program
CN115328496A (en) File generation method and device
CN105320523B (en) Data processing method and device
CN109547563B (en) Message push processing method and device, storage medium and server
WO2017107762A1 (en) Application tracing method and device
CN114416386A (en) Resource processing method and device
CN109634636B (en) Application processing method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210702