CN113806789A - Game memory based privacy protection system - Google Patents
Game memory based privacy protection system Download PDFInfo
- Publication number
- CN113806789A CN113806789A CN202010532553.7A CN202010532553A CN113806789A CN 113806789 A CN113806789 A CN 113806789A CN 202010532553 A CN202010532553 A CN 202010532553A CN 113806789 A CN113806789 A CN 113806789A
- Authority
- CN
- China
- Prior art keywords
- memory
- object monitor
- monitor
- game
- private
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012544 monitoring process Methods 0.000 claims abstract description 31
- 230000006870 function Effects 0.000 claims abstract description 7
- 230000006399 behavior Effects 0.000 claims description 18
- 238000000034 method Methods 0.000 claims description 12
- 230000002159 abnormal effect Effects 0.000 claims description 4
- 238000012545 processing Methods 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 description 4
- 241000700605 Viruses Species 0.000 description 2
- 125000004122 cyclic group Chemical group 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000007717 exclusion Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- A—HUMAN NECESSITIES
- A63—SPORTS; GAMES; AMUSEMENTS
- A63F—CARD, BOARD, OR ROULETTE GAMES; INDOOR GAMES USING SMALL MOVING PLAYING BODIES; VIDEO GAMES; GAMES NOT OTHERWISE PROVIDED FOR
- A63F13/00—Video games, i.e. games using an electronically generated display having two or more dimensions
- A63F13/70—Game security or game management aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2109—Game systems
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Multimedia (AREA)
- Business, Economics & Management (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- General Business, Economics & Management (AREA)
- Storage Device Security (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention provides a privacy protection system based on a game memory, which comprises an execution module, a system object monitor and a private memory object monitor; the execution module is responsible for protecting and monitoring data, can establish a callback monitoring function, and can initialize a system object monitor and a private memory object monitor when a game program runs; after the game program is initialized, the system object monitor and the private memory object monitor start to work; the system object monitor stores a memory module which is preset by a game program and needs to be monitored, and the private memory object monitor also stores the memory module which needs to be protected; when a set memory module is accessed externally, if the set memory module belongs to the scope of a system object monitor, executing a corresponding monitoring mechanism; if the private memory object belongs to the scope of the private memory object monitor, executing a corresponding protection mechanism; the privacy security of the user can be protected, and the experience degree of the user is improved.
Description
Technical Field
The invention relates to the technical field of game data security, in particular to a game memory based privacy protection system.
Background
Private and sensitive files exist in game software; the biggest problem brought to game software is game cheating and viruses, and the game cheating and the viruses bring safety and privacy. In the prior art, the privacy protection of the inner side of a game is carried out through a HOOK technology and CRC memory check.
HOOK is a special message handling mechanism that monitors various event messages in a system or process, intercepts messages destined for a target window, and handles them. Therefore, the hook can be customized in the system to monitor the occurrence of specific events in the system, and perform specific functions, such as screen word fetching, log monitoring, keyboard and mouse input interception, and the like.
The hook is of various types, each hook can intercept corresponding messages, for example, a keyboard hook can intercept keyboard messages, a shell hook can intercept, start and close messages of an application program, and the like. Hooks can be divided into thread hooks, which can monitor event messages for a given thread, and system hooks, which monitor event messages for all threads in the system. Because system hooks affect all applications in the system, the hook functions must be placed in separate Dynamic Link Libraries (DLLs).
CRC, Cyclic Redundancy Check (Cyclic Redundancy Check): the error checking code is one of the most common error checking codes in data communication field and features that the lengths of the information field and the check field may be selected arbitrarily.
The prior art has the following defects: 1. the logic is complex: the method needs to be applied to a HIPS (Host Intrusion prevention System) technology, the HOOK technology is used for intercepting user operation in the process, and the callback is installed for monitoring user behavior. 2. Poor compatibility: software on the market is various, and whether the software installed by a user adopts the same technology or not and whether mutual exclusion behaviors can be generated or not cannot be guaranteed. Adaptation to various types of systems, conventional/non-conventional software, is required.
Disclosure of Invention
In order to overcome the problems, the invention aims to provide a game memory based privacy protection system which protects the privacy security of users, has strong compatibility and improves the security of a game running environment.
The invention is realized by adopting the following scheme: a privacy protection system based on game memory comprises an execution module, a system object monitor and a private memory object monitor; the execution module is responsible for protecting and monitoring data, and can establish a callback monitoring function which is realized by the system object monitor and the private memory object monitor;
when a game program runs, firstly, initializing a system object monitor and a private memory object monitor;
after the game program is initialized, the system object monitor and the private memory object monitor start to work; the system object monitor stores a memory module which is preset by a game program and needs to be monitored, and the private memory object monitor also stores the memory module which needs to be protected;
when a set memory module is accessed externally, if the set memory module belongs to the scope of a system object monitor, executing a corresponding monitoring mechanism; and if the private memory object monitor belongs to the scope of the private memory object monitor, executing a corresponding protection mechanism.
Further, the monitoring mechanism and the protection mechanism are responsible for monitoring by a system handle capture callback; the system handle captures callback monitoring to assist the memory monitoring to find a target object operation behavior, the operation behavior is completed through a debugging object monitor and a memory object monitor, and the debugging object monitor monitors the debugging behavior existing in the system and performs debugging analysis on a monitored object; the memory object monitor coordinates the system handle to capture the callback to monitor and acquire the memory operation state of the object.
Furthermore, the system handle capture callback monitor is further used for traversing objects in the process and searching for the holders of the objects, and if the holders of the objects are found, the memory module information of the holders is acquired, so that the memory module can be accurately monitored by the memory object monitor.
Further, when a game memory set is marked as private, accesses except the game memory set are marked and processed, and the processing process comprises task behavior termination and abnormal operation prompting.
The invention has the beneficial effects that: 1. the privacy and the safety of the user are protected, and various software can be compatible; 2. other functional requirements can be inserted through the execution module, and a data source is buried for the IP of the later user. 3. The safety sense and the comfort level of the user are improved, and the cultural quality of the enterprise is improved.
Drawings
FIG. 1 is a schematic block diagram of the system of the present invention.
Fig. 2 is a schematic flow chart of the working principle of the system of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
Referring to fig. 1 and fig. 2, a privacy protection system based on game memory according to the present invention includes an execution module, a system object monitor, and a private memory object monitor; the execution module is responsible for protecting and monitoring sensitive data, and when the execution module creates a monitoring mark with a memory private property and attaches a corresponding memory monitoring object. The execution module can establish a callback monitoring function, and the callback monitoring function is realized by the system object monitor and the private memory object monitor;
when a game program runs, firstly, initializing a system object monitor and a private memory object monitor; the purpose of initialization is to fill the memory module that needs to be monitored. Namely, the system object monitor and the private memory object monitor start to execute when the program runs until the program runs.
After the game program is initialized, the system object monitor and the private memory object monitor start to work; the system object monitor stores a memory module which is preset by a game program and needs to be monitored, and the private memory object monitor also stores the memory module which needs to be protected; the private memory object monitor is private and its task is to monitor the tagged memory module and further feed back status if the tagged memory module is accessed.
When a set memory module is accessed externally, if the set memory module belongs to the scope of a system object monitor, executing a corresponding monitoring mechanism; and if the private memory object monitor belongs to the scope of the private memory object monitor, executing a corresponding protection mechanism. The system object monitor is responsible for monitoring the access process of other programs to the program by a system handle capture callback.
Wherein the monitoring mechanism and protection mechanism are responsible for system handle capture callback monitoring; the system handle captures callback monitoring in order to assist the memory monitoring to find a target object operation behavior, the operation behavior is completed through a debugging object monitor and a memory object monitor, the debugging object monitor monitors the debugging behavior existing in the system and is used for debugging and analyzing a monitored object (wherein, the analysis adopts a chemical engine or olydbg analysis tool); the memory object monitor coordinates the system handle to capture the callback to monitor and acquire the memory operation state of the object.
The system handle capture callback monitor is further used for traversing objects in the process and searching for the holders of the objects, and if the holders of the objects are found, the memory module information of the holders is obtained, so that the memory module can be accurately monitored by the memory object monitor. When a game memory set (namely a set formed by game memory modules marked to be private) is marked to be private, accesses except the game memory set are marked to be processed, and the processing process comprises task termination behavior and abnormal operation prompting.
Case one:
and after the product is on line, the member password is required to be not intercepted, otherwise, sensitive data of the user can be leaked. When a user opens the software in the internet bar to log in, the user prepares to input the password, and at the moment, the user prompts that a certain program in the system environment reads the password and asks for excluding the process. The program is the object captured by the system handle capture callback monitor, the behavior of the program is sensitive, and the program violates the protected memory. And when the user eliminates the process, preparing for login operation, popping up unknown risks by the program, and terminating the task. The behavior is sent by a private memory object monitor, which is set as memory protection at the interface, and the purpose is that except for itself, no other one can access the behavior or the behavior is terminated directly.
Case two:
after the game is on line, abnormal fire is exploded, and after-sale groups are busy, the players feed back their accounts to be forbidden, so that the complaints of fire are very annoying and continuous. Rancour the customer service will pick up evidence and let three players use the plug-in tool of ce and od to access the key memory of the game, and try to modify the memory. The evidence is collected by monitoring through the system object monitor.
The above description is only a preferred embodiment of the present invention, and all equivalent changes and modifications made in accordance with the claims of the present invention should be covered by the present invention.
Claims (4)
1. A privacy protection system based on game memory is characterized in that: the system comprises an execution module, a system object monitor and a private memory object monitor; the execution module is responsible for protecting and monitoring data, and can establish a callback monitoring function which is realized by the system object monitor and the private memory object monitor;
when a game program runs, firstly, initializing a system object monitor and a private memory object monitor;
after the game program is initialized, the system object monitor and the private memory object monitor start to work; the system object monitor stores a memory module which is preset by a game program and needs to be monitored, and the private memory object monitor also stores the memory module which needs to be protected;
when a set memory module is accessed externally, if the set memory module belongs to the scope of a system object monitor, executing a corresponding monitoring mechanism; and if the private memory object monitor belongs to the scope of the private memory object monitor, executing a corresponding protection mechanism.
2. The game memory based privacy protection system of claim 1, wherein: the monitoring mechanism and the protection mechanism are responsible for system handle capture callback monitoring; the system handle captures callback monitoring to assist the memory monitoring to find a target object operation behavior, the operation behavior is completed through a debugging object monitor and a memory object monitor, and the debugging object monitor monitors the debugging behavior existing in the system and performs debugging analysis on a monitored object; the memory object monitor coordinates the system handle to capture the callback to monitor and acquire the memory operation state of the object.
3. The game memory based privacy protection system of claim 1, wherein: the system handle capture callback monitor is further used for traversing objects in the process and searching for the holders of the objects, and if the holders of the objects are found, the memory module information of the holders is obtained, so that the memory module can be accurately monitored by the memory object monitor.
4. The game memory based privacy protection system of claim 1, wherein: when a game memory set is marked as private, accesses except the game memory set are marked and processed, and the processing process comprises task behavior termination and abnormal operation prompting.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010532553.7A CN113806789B (en) | 2020-06-12 | 2020-06-12 | Game memory privacy protection system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010532553.7A CN113806789B (en) | 2020-06-12 | 2020-06-12 | Game memory privacy protection system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113806789A true CN113806789A (en) | 2021-12-17 |
| CN113806789B CN113806789B (en) | 2023-11-03 |
Family
ID=78943803
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010532553.7A Active CN113806789B (en) | 2020-06-12 | 2020-06-12 | Game memory privacy protection system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113806789B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115859384A (en) * | 2022-10-12 | 2023-03-28 | 北京连山科技股份有限公司 | Security protection method for sensitive data residual information in memory of network security equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6594774B1 (en) * | 1999-09-07 | 2003-07-15 | Microsoft Corporation | Method and apparatus for monitoring computer system objects to improve system reliability |
| CN106294166A (en) * | 2016-08-16 | 2017-01-04 | 腾讯科技(深圳)有限公司 | A kind of game data monitoring method and apparatus |
| CN106384049A (en) * | 2016-09-06 | 2017-02-08 | 亚信科技(成都)有限公司 | Safety protection method and system |
| CN107194244A (en) * | 2017-04-13 | 2017-09-22 | 福建省天奕网络科技有限公司 | The guard method of VR game memory data and its system |
| CN109663362A (en) * | 2018-11-29 | 2019-04-23 | 福建天晴在线互动科技有限公司 | The plug-in detection method of game, storage medium |
-
2020
- 2020-06-12 CN CN202010532553.7A patent/CN113806789B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6594774B1 (en) * | 1999-09-07 | 2003-07-15 | Microsoft Corporation | Method and apparatus for monitoring computer system objects to improve system reliability |
| CN106294166A (en) * | 2016-08-16 | 2017-01-04 | 腾讯科技(深圳)有限公司 | A kind of game data monitoring method and apparatus |
| CN106384049A (en) * | 2016-09-06 | 2017-02-08 | 亚信科技(成都)有限公司 | Safety protection method and system |
| CN107194244A (en) * | 2017-04-13 | 2017-09-22 | 福建省天奕网络科技有限公司 | The guard method of VR game memory data and its system |
| CN109663362A (en) * | 2018-11-29 | 2019-04-23 | 福建天晴在线互动科技有限公司 | The plug-in detection method of game, storage medium |
Non-Patent Citations (3)
| Title |
|---|
| 余艳玮;周学海;许华杰;: "网游自动反外挂系统的设计与实现", 通信技术 * |
| 徐小玲;赵振熹;: "代码注入攻击及防御技术研究", 浙江教育学院学报 * |
| 黄文彬: "游戏反外挂系统设计与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115859384A (en) * | 2022-10-12 | 2023-03-28 | 北京连山科技股份有限公司 | Security protection method for sensitive data residual information in memory of network security equipment |
| CN115859384B (en) * | 2022-10-12 | 2023-11-10 | 北京连山科技股份有限公司 | Safety protection method for memory sensitive data residual information of network safety equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113806789B (en) | 2023-11-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108780485B (en) | Pattern matching based data set extraction | |
| US11716348B2 (en) | Malicious script detection | |
| EP3295359B1 (en) | Detection of sql injection attacks | |
| JP5087661B2 (en) | Malignant code detection device, system and method impersonated into normal process | |
| Spreitzenbarth et al. | Mobile-sandbox: having a deeper look into android applications | |
| JP4629332B2 (en) | Status reference monitor | |
| US7555777B2 (en) | Preventing attacks in a data processing system | |
| US7673137B2 (en) | System and method for the managed security control of processes on a computer system | |
| US7665139B1 (en) | Method and apparatus to detect and prevent malicious changes to tokens | |
| CN108664793B (en) | Method and device for detecting vulnerability | |
| US20130311653A1 (en) | Service compliance enforcement using user activity monitoring and work request verification | |
| CN107851155A (en) | For the system and method across multiple software entitys tracking malicious act | |
| CN105631312B (en) | The processing method and system of rogue program | |
| US20170286644A1 (en) | Protection Method and Device for Application Data | |
| CN101483658B (en) | System and method for input content protection of browser | |
| CN109787964B (en) | Process behavior tracing device and method | |
| CN108959860B (en) | Method for detecting whether Android system is cracked or not and obtaining cracking record | |
| CN113806789A (en) | Game memory based privacy protection system | |
| Vigna et al. | Host-based intrusion detection | |
| CN113486335B (en) | JNI malicious attack detection method and device based on RASP zero rule | |
| WO2021243574A1 (en) | Detection method for user information acquisition in violation of regulations and related device | |
| Zhang et al. | Contextual approach for identifying malicious Inter-Component privacy leaks in Android apps | |
| CN115174192A (en) | Application security protection method and device, electronic equipment and storage medium | |
| CN114707144A (en) | Virtual machine escape behavior detection method and device | |
| CN108289073A (en) | APP safety detecting systems based on Android |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |