CN114282178A - Software self-protection method and device, electronic equipment and storage medium - Google Patents

Software self-protection method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN114282178A
CN114282178A CN202111520389.9A CN202111520389A CN114282178A CN 114282178 A CN114282178 A CN 114282178A CN 202111520389 A CN202111520389 A CN 202111520389A CN 114282178 A CN114282178 A CN 114282178A
Authority
CN
China
Prior art keywords
software
return value
functional
function
functional process
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111520389.9A
Other languages
Chinese (zh)
Inventor
陈永余
白淳升
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Antiy Technology Group Co Ltd
Original Assignee
Antiy Technology Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Antiy Technology Group Co Ltd filed Critical Antiy Technology Group Co Ltd
Priority to CN202111520389.9A priority Critical patent/CN114282178A/en
Publication of CN114282178A publication Critical patent/CN114282178A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses a software self-protection method, a software self-protection device, electronic equipment and a storage medium, relates to the technical field of computer network security, and can solve the problems that the existing software self-protection method cannot automatically sense the occurrence of attacks, so that the protection is not timely, and the security of software and a system cannot be ensured due to the lack of file vulnerability detection. The software self-protection method comprises the steps of creating a main process, creating a plurality of function processes in the main process, wherein each function process achieves corresponding partial software functions by accessing a preset external component, the main process is used for scheduling each function process to achieve all software functions, obtaining a return value of each function process accessing the preset external component, comparing the return value corresponding to each function process with a return value prestored in the main process, and blocking the function process corresponding to the abnormal return value if the comparison result is abnormal.

Description

Software self-protection method and device, electronic equipment and storage medium
Technical Field
The invention relates to the technical field of computer network security, in particular to a software self-protection method and device, electronic equipment and a storage medium.
Background
At present, unknown vulnerability detection of software is still a hot topic in the field of computer security, and the existing software self-protection technology mainly stays in protection technologies such as process daemon, code obfuscation and signature verification. The process daemon technology can partially prevent debugging behaviors from happening, the code obfuscation technology can delay software analysis, the signature verification technology can prevent software from being tampered, but the technologies do not actively protect software in time when the software is attacked and utilized due to bugs, and researches find that most of attacks initiated by unknown bugs of the software are in the stages of information stealing, network connection and the like after the bugs are utilized, so that the protection is not timely. Moreover, the existing software protection mechanism focuses on protection of vulnerabilities of network application program interfaces, lacks vulnerability detection on software program files, and has no protection capability when software is attacked by potential vulnerabilities, once vulnerabilities exist, the operation of software programs can be delayed only by means of vulnerability mitigation measures of an operating system, or the influence of viruses utilizing the software vulnerabilities on the system is reduced by adopting a role limiting mode, but the implementation of software functions is limited by adopting the role limiting mode, for example, high-level authority personnel are required to execute during installation and uninstallation of the software, and once the software is operated under high-level authority, the software and the system cannot be guaranteed to be damaged negligibly by utilizing the viruses.
Disclosure of Invention
In view of this, embodiments of the present invention provide a software self-protection method, an apparatus, an electronic device, and a storage medium, so as to solve the problems that the existing software self-protection method cannot sense the occurrence of an attack by itself, so that the protection is not timely, and the security of software and a system cannot be guaranteed due to lack of file vulnerability detection.
In a first aspect, an embodiment of the present invention provides a software self-protection method, applied to an electronic device, including:
creating a main process, creating a plurality of functional processes in the main process, wherein each functional process realizes corresponding partial software functions by accessing a preset external component, and the main process is used for scheduling each functional process to realize all software functions;
acquiring a return value of each functional process accessing a preset external component, and comparing the return value corresponding to each functional process with a return value prestored in a main process;
and if the comparison result is abnormal, blocking the functional process corresponding to the abnormal return value.
According to a specific implementation manner of the embodiment of the present invention, the main process is further configured to:
and carrying out integrity check on the software code corresponding to the self process.
According to a specific implementation manner of the embodiment of the present invention, after creating a plurality of functional processes, the method further includes:
and creating a communication pipeline between the main process and each functional process so that the main process and each functional process perform data interaction through the communication pipeline.
According to a specific implementation manner of the embodiment of the present invention, the obtaining a return value of each functional process accessing a preset external component includes:
acquiring a stack formed by accessing a preset external component by a function corresponding to a functional process, wherein the stack comprises one or more of a functional process name, a function name to be accessed, an offset and a memory address;
and calculating the hash value corresponding to the stack, and taking the hash value corresponding to the stack as a return value of the function process accessing a preset external component.
According to a specific implementation manner of the embodiment of the present invention, the method further includes:
and snapshooting the functional process corresponding to the abnormal return value and storing a snapshot result.
According to a specific implementation manner of the embodiment of the present invention, after blocking the functional process corresponding to the abnormal return value, the method further includes:
and creating a new functional process with the same function as the functional process corresponding to the abnormal return value so as to realize part of software functions corresponding to the functional process corresponding to the abnormal return value.
According to a specific implementation manner of the embodiment of the present invention, the creating a plurality of functional processes in the main process includes:
the software is divided into a plurality of functions according to different component operations of the running platform, and a function process corresponding to each function is established.
In a second aspect, an embodiment of the present invention provides a software self-protection device, including:
the system comprises a first creation module, a second creation module and a third creation module, wherein the first creation module is used for creating a main process, a plurality of function processes are created in the main process, each function process realizes a corresponding part of software functions by accessing a preset external component, and the main process is used for scheduling each function process to realize the software functions;
the comparison module is used for acquiring a return value of each functional process accessing a preset external component and comparing the return value corresponding to each functional process with a return value prestored in the main process;
and the blocking module is used for blocking the functional process corresponding to the abnormal return value when the comparison result is abnormal.
According to a specific implementation manner of the embodiment of the present invention, the method further includes:
and the checking module is used for carrying out integrity checking on the software code corresponding to the main process.
According to a specific implementation manner of the embodiment of the present invention, the method further includes:
and the second establishing module is used for establishing a communication pipeline between the main process and each functional process so as to enable the main process and each functional process to perform data interaction through the communication pipeline.
According to a specific implementation manner of the embodiment of the present invention, the method further includes:
the computing module is used for acquiring a stack formed by accessing a preset external component by a function corresponding to a functional process, wherein the stack comprises one or more of a functional process name, a function name to be accessed, an offset and a memory address, computing a hash value corresponding to the stack, and taking the hash value corresponding to the stack as a return value of accessing the preset external component by the functional process.
According to a specific implementation manner of the embodiment of the present invention, the method further includes:
and the snapshot module is used for carrying out snapshot on the functional process corresponding to the abnormal return value and storing a snapshot result.
According to a specific implementation manner of the embodiment of the present invention, the method further includes:
and the third creating module is used for creating a new functional process with the same function as the functional process corresponding to the abnormal return value so as to realize part of software functions corresponding to the functional process corresponding to the abnormal return value.
In a third aspect, an embodiment of the present invention provides an electronic device, where the electronic device includes: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, and is used for executing the software self-protection method in any one of the foregoing implementation modes.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium storing one or more programs, which are executable by one or more processors to implement the software self-protection method according to any one of the foregoing implementations.
The embodiment of the invention provides a software self-protection method, a device, electronic equipment and a storage medium, wherein a plurality of function processes are created in a main process by creating the main process, each function process realizes corresponding partial software functions by accessing a preset external component, the main process is used for scheduling each function process to realize all software functions, obtaining a return value of each function process accessing the preset external component, comparing the return value corresponding to each function process with a return value prestored in the main process, and blocking the function process corresponding to the abnormal return value if the comparison result is abnormal, so that the problems that the existing software self-protection method cannot automatically sense the occurrence of attacks to cause untimely protection, and the software and system safety cannot be ensured due to lack of file vulnerability detection can be effectively solved, and the relieving and sensing capability is provided when software vulnerabilities are utilized by viruses, to improve software and system security.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow chart of a software self-protection method according to an embodiment of the present invention;
FIG. 2 is a flowchart of a software self-protection method according to a second embodiment of the present invention;
FIG. 3 is a schematic diagram illustrating blocking of network functions in a software self-protection method according to a second embodiment of the present invention;
FIG. 4 is a functional block diagram of a software self-protection device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be understood that the described embodiments are only some embodiments of the invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment provides a software self-protection method, which is used for solving the problems that the existing software self-protection method cannot automatically sense the occurrence of attacks, so that the protection is not timely, and the security of software and a system cannot be ensured due to the lack of file vulnerability detection.
Fig. 1 is a schematic flow chart of a software self-protection method according to a first embodiment of the present invention, and as shown in fig. 1, the software self-protection method according to the present embodiment is applied to an electronic device.
The software self-protection method of the embodiment may include:
step 101, creating a main process, wherein a plurality of functional processes are created in the main process, each functional process realizes corresponding partial software functions by accessing a preset external component, and the main process is used for scheduling each functional process to realize all software functions;
in the traditional software self-protection method, because the operation platform cannot carry out fine-grained limitation on software functions and behaviors, once a potential execution vulnerability of software is utilized, an attacker can complete the acquisition of software operation permission, and further modify and acquire information of a system.
In the embodiment, the software is divided into a plurality of functions according to different component operations of the running platform, and the function process corresponding to each function is created, so that fine-grained limitation on the functions and behaviors of the software is realized, the access object of each function process can be predetermined, when the access object of the function process is deviated or abnormal, the process is timely found and blocked, an attacker is effectively prevented from modifying and acquiring information of the system when a vulnerability is utilized, and the safety of the software and the system is improved.
102, acquiring a return value of each functional process accessing a preset external component, and comparing the return value corresponding to each functional process with a return value prestored in a main process;
and 103, if the comparison result is abnormal, blocking the functional process corresponding to the abnormal return value.
Most attacks launched by utilizing unknown vulnerabilities are found in the existing protection mechanism at the stages of information stealing, network connection and the like after the vulnerabilities are utilized, the existing software protection mechanism is difficult to find and block immediately when the attacks occur, attacked software cannot sense the attacks automatically, and the self-protection capability is weak.
In the embodiment, a main process is created, a plurality of function processes are created in the main process, each function process achieves corresponding partial software functions by accessing a preset external component, the main process is used for scheduling each function process to achieve all software functions, a return value of each function process accessing the preset external component is obtained, the return value corresponding to each function process is compared with a return value prestored in the main process, if the comparison result is abnormal, the function process corresponding to the abnormal return value is blocked, the problems that the existing software self-protection method cannot automatically sense the occurrence of attacks to cause untimely protection, software and system safety cannot be guaranteed due to the lack of file vulnerability detection capability can be effectively solved, and relieving and sensing capabilities are provided when software vulnerabilities are utilized by viruses to improve software and system safety.
Fig. 2 is a flowchart of a software self-protection method according to a second embodiment of the present invention, and as shown in fig. 2, the software self-protection method according to the present embodiment may include:
step 201, when software is executed, a system allocates a main process and a plurality of functional processes, each functional process realizes corresponding partial software functions by accessing a preset external component, and the main process is used for scheduling each functional process to realize all software functions;
step 202, the main process carries out integrity check on the software code corresponding to the self process;
the software main process reduces the operation on the system components as much as possible, and all the operation on the system components is completed by the functional process. The main process is communicated with the corresponding function and function process by establishing a communication pipeline, and the main process makes constraints on own behaviors through code integrity verification so as to detect whether own codes of the main process are tampered, and further improve software and system safety.
Step 203, creating a communication pipeline between the main process and each function process so as to enable the main process and each function process to perform data interaction through the communication pipeline;
in this embodiment, the function process is monitored by the software host process, the operating parameters of the function process are sent to the function process by the host process through the communication pipe, and the operating result is returned to the host process through the communication pipe. Meanwhile, when the specific function is completed, other components of the system may be affected, so in this embodiment, the process information is synchronously returned to the host process when the specific function is completed, and the host process verifies whether the behavior is a normal behavior.
Step 204, acquiring a stack formed by a function corresponding to the functional process accessing a preset external component, wherein the stack comprises one or more of a functional process name, a function name to be accessed, an offset and a memory address;
step 205, calculating a hash value corresponding to the stack, and taking the hash value corresponding to the stack as a return value of the functional process accessing a preset external component;
in order to be compatible with the hooking action of antivirus software to the process, the internal action of a system function is not considered when the hash value of the stack is generated.
Step 206, comparing the return value corresponding to each functional process with the return value prestored in the main process;
and step 207, if the comparison result is abnormal, blocking the functional process corresponding to the abnormal return value.
For example, some software has a bug that is a code execution bug due to antivirus software failing to resolve correctly when resolving the aspack shell. Parsing the file requires reading the file without operating on other components of the system. When the vulnerability is triggered, malicious behaviors damage the process execution flow and must operate other system components, such as persistence, network connection and the like. At this time, the main process detects that the stack hash value returned by the functional process is abnormal, which indicates that abnormal access exists to other components of the system, and immediately blocks the functional process.
In the embodiment, by limiting the behavior, the access range and the access authority of each functional process, when unknown vulnerabilities such as integer overflow, memory overflow and the like exist, the position of the vulnerability and whether the vulnerability is utilized can be rapidly judged by using the hash value of the stack, so that a response is made in time, and the attack behavior can be intercepted at the first time when the potential vulnerability attack occurs.
And step 208, snapshotting the functional process corresponding to the abnormal return value and storing a snapshotting result.
The attack site can be reserved by snapshooting and storing the snapshot result, and the analyst can conveniently investigate and evidence-obtain the vulnerability utilization condition in the process of post analysis.
And step 209, creating a new functional process with the same function as the functional process corresponding to the abnormal return value so as to realize part of the software function corresponding to the functional process corresponding to the abnormal return value.
As shown in fig. 3, when the software runs, the main process is started, the main process first performs self code integrity check, starts the functional process after the check is successful, creates a communication pipe to interact with the functional process, for example, when the software needs to perform data exchange with a server, the main process sends an instruction to the network functional process. And the network function process receives the instruction and receives and transmits data according to the instruction. When the network function process is attacked by unknown bugs, for example, the processing function overflows due to the fact that malformed traffic is received, the shellcode runs at the moment, and an attacker needs to access a file or a registry if the attacker wants to influence the system or steal data through the network function process. When the network function accesses the registry, the stack hash value generated by the network function is sent to the host process, as shown by the dotted arrow in fig. 3; and the host process compares the stack hash value with a hash value corresponding to a pre-stored network function process function, finds that the stack hash value cannot correspond to the hash value corresponding to the pre-stored network function process function, and at the moment, the host process carries out snapshot on the network function process and restarts the function process. The main process saves the site of the current functional process and finishes the functional process to send an alarm, and the vulnerability utilization is interrupted at the moment.
In the embodiment, the execution content of each functional process is self-defined in the software, and the operation of an additional system component can be timely sensed when a potential vulnerability is utilized. The software senses that the attack can cut off the functional process, and the software and the system are protected, compared with methods of detecting the attack by network loop or detecting the intrusion by using a known component, the detection time is greatly reduced, the attack site is saved, and the safety of the software is protected.
Through the technical scheme of the method embodiment shown in fig. 1 to fig. 3, the method and the device for protecting software not only can be suitable for software self-protection, but also can find and block software bugs in time when the software bugs are utilized, so that the safety of the software and the system is improved.
Fig. 4 is a schematic structural diagram of a first software self-protection device according to an embodiment of the present invention, and as shown in fig. 4, the device of this embodiment may include:
a first creating module 41, configured to create a main process, and create a plurality of function processes in the main process, where each function process implements a corresponding part of software functions by accessing a preset external component, and the main process is configured to schedule each function process to implement a software function;
a comparing module 42, configured to obtain a return value of each functional process accessing a preset external component, and compare the return value corresponding to each functional process with a return value pre-stored in the main process;
and the blocking module 43 is configured to block the functional process corresponding to the abnormal return value when the comparison result is abnormal.
In some embodiments, further comprising:
and the checking module 44 is used for performing integrity checking on the software code corresponding to the main process.
And a second creating module 45, configured to create a communication pipeline between the host process and each functional process, so that the host process and each functional process perform data interaction through the communication pipeline.
The calculating module 46 is configured to obtain a stack formed by accessing the preset external component by the function corresponding to the functional process, where the stack includes one or more of a name of the functional process, a name of a function to be accessed, an offset, and a memory address, calculate a hash value corresponding to the stack, and use the hash value corresponding to the stack as a return value of accessing the preset external component by the functional process.
And the snapshot module 47 is configured to snapshot the functional process corresponding to the abnormal return value and store a snapshot result.
And a third creating module 48, configured to create a new functional process with the same function as the functional process corresponding to the abnormal return value, so as to implement a part of the software function corresponding to the functional process corresponding to the abnormal return value.
The apparatus of this embodiment may be used to implement the technical solutions of the method embodiments shown in fig. 1 to fig. 3, and the implementation principles and technical effects are similar, which are not described herein again.
Fig. 5 is a schematic structural diagram of an embodiment of an electronic device of the present invention, which can implement the process of the embodiment shown in fig. 1-3 of the present invention, and as shown in fig. 5, the electronic device may include: the device comprises a shell 51, a processor 52, a memory 53, a circuit board 54 and a power circuit 55, wherein the circuit board 54 is arranged inside a space enclosed by the shell 51, and the processor 52 and the memory 53 are arranged on the circuit board 54; a power supply circuit 55 for supplying power to each circuit or device of the electronic apparatus; the memory 53 is used to store executable program code; the processor 52 reads the executable program code stored in the memory 53 to run a program corresponding to the executable program code, so as to execute the software self-protection detection method according to any one of the foregoing embodiments.
The specific implementation procedure of the above steps by the processor 52 and the steps further implemented by the processor 52 by running the executable program code may refer to the description of the embodiment shown in fig. 1-3 of the present invention, and will not be described herein again.
The electronic device exists in a variety of forms, including but not limited to:
(1) a mobile communication device: such devices are characterized by mobile communications capabilities and are primarily targeted at providing voice, data communications. Such terminals include: smart phones (e.g., iphones), multimedia phones, functional phones, and low-end phones, among others.
(2) Mobile personal computer device: the equipment belongs to the category of personal computers, has calculation and processing functions and generally has the characteristic of mobile internet access. Such terminals include: PDA, MID, and UMPC devices, etc., such as ipads.
(3) A portable entertainment device: such devices can display and play multimedia content. This type of device comprises: audio, video players (e.g., ipods), handheld game consoles, electronic books, and smart toys and portable car navigation devices.
(4) A server: the device for providing the computing service comprises a processor, a hard disk, a memory, a system bus and the like, and the server is similar to a general computer architecture, but has higher requirements on processing capacity, stability, reliability, safety, expandability, manageability and the like because of the need of providing high-reliability service.
(5) And other electronic equipment with data interaction function.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium storing one or more programs, which are executable by one or more processors to implement the software self-protection method described in any of the foregoing embodiments.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments.
In particular, as for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
For convenience of description, the above devices are described separately in terms of functional division into various units/modules. Of course, the functionality of the units/modules may be implemented in one or more software and/or hardware implementations of the invention.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (15)

1. A software self-protection method is characterized by being applied to electronic equipment; the method comprises the following steps:
creating a main process, creating a plurality of functional processes in the main process, wherein each functional process realizes corresponding partial software functions by accessing a preset external component, and the main process is used for scheduling each functional process to realize all software functions;
acquiring a return value of each functional process accessing a preset external component, and comparing the return value corresponding to each functional process with a return value prestored in a main process;
and if the comparison result is abnormal, blocking the functional process corresponding to the abnormal return value.
2. The software self-protection method according to claim 1, wherein the host process is further configured to:
and carrying out integrity check on the software code corresponding to the self process.
3. The software self-protection method of claim 1, after creating the plurality of functional processes, further comprising:
and creating a communication pipeline between the main process and each functional process so that the main process and each functional process perform data interaction through the communication pipeline.
4. The software self-protection method according to claim 1, wherein the obtaining of the return value of each functional process accessing the preset external component comprises:
acquiring a stack formed by accessing a preset external component by a function corresponding to a functional process, wherein the stack comprises one or more of a functional process name, a function name to be accessed, an offset and a memory address;
and calculating the hash value corresponding to the stack, and taking the hash value corresponding to the stack as a return value of the function process accessing a preset external component.
5. The software self-protection method according to claim 1, further comprising:
and snapshooting the functional process corresponding to the abnormal return value and storing a snapshot result.
6. The software self-protection method according to any one of claims 1 to 5, further comprising, after blocking the functional process corresponding to the abnormal return value:
and creating a new functional process with the same function as the functional process corresponding to the abnormal return value so as to realize part of software functions corresponding to the functional process corresponding to the abnormal return value.
7. The software self-protection method according to claim 1, wherein the creating a plurality of functional processes in the main process comprises:
the software is divided into a plurality of functions according to different component operations of the running platform, and a function process corresponding to each function is established.
8. A software self-defense apparatus, comprising:
the system comprises a first creation module, a second creation module and a third creation module, wherein the first creation module is used for creating a main process, a plurality of function processes are created in the main process, each function process realizes a corresponding part of software functions by accessing a preset external component, and the main process is used for scheduling each function process to realize the software functions;
the comparison module is used for acquiring a return value of each functional process accessing a preset external component and comparing the return value corresponding to each functional process with a return value prestored in the main process;
and the blocking module is used for blocking the functional process corresponding to the abnormal return value when the comparison result is abnormal.
9. The software self-safeguarding device of claim 8, further comprising:
and the checking module is used for carrying out integrity checking on the software code corresponding to the main process.
10. The software self-safeguarding device of claim 8, further comprising:
and the second establishing module is used for establishing a communication pipeline between the main process and each functional process so as to enable the main process and each functional process to perform data interaction through the communication pipeline.
11. The software self-safeguarding device of claim 8, further comprising:
the computing module is used for acquiring a stack formed by accessing a preset external component by a function corresponding to a functional process, wherein the stack comprises one or more of a functional process name, a function name to be accessed, an offset and a memory address, computing a hash value corresponding to the stack, and taking the hash value corresponding to the stack as a return value of accessing the preset external component by the functional process.
12. The software self-safeguarding device of claim 8, further comprising:
and the snapshot module is used for carrying out snapshot on the functional process corresponding to the abnormal return value and storing a snapshot result.
13. The software self-safeguarding device of claim 8, further comprising:
and the third creating module is used for creating a new functional process with the same function as the functional process corresponding to the abnormal return value so as to realize part of software functions corresponding to the functional process corresponding to the abnormal return value.
14. An electronic device, characterized in that the electronic device comprises: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, and is used for executing the software self-protection method of any one of the preceding claims 1-7.
15. A computer readable storage medium storing one or more programs, the one or more programs being executable by one or more processors to implement the software self-protection method of any one of the preceding claims 1-7.
CN202111520389.9A 2021-12-13 2021-12-13 Software self-protection method and device, electronic equipment and storage medium Pending CN114282178A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111520389.9A CN114282178A (en) 2021-12-13 2021-12-13 Software self-protection method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111520389.9A CN114282178A (en) 2021-12-13 2021-12-13 Software self-protection method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN114282178A true CN114282178A (en) 2022-04-05

Family

ID=80871797

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111520389.9A Pending CN114282178A (en) 2021-12-13 2021-12-13 Software self-protection method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114282178A (en)

Similar Documents

Publication Publication Date Title
RU2698776C2 (en) Method of maintaining database and corresponding server
US8701187B2 (en) Runtime integrity chain verification
US20090288161A1 (en) Method for establishing a trusted running environment in the computer
US9516056B2 (en) Detecting a malware process
CN105608386A (en) Trusted computing terminal integrity measuring and proving method and device
Hsu et al. Browserguard: A behavior-based solution to drive-by-download attacks
US20120222116A1 (en) System and method for detecting web browser attacks
US8938805B1 (en) Detection of tampering with software installed on a processing device
CN110334515B (en) Method and device for generating measurement report based on trusted computing platform
CN109784051B (en) Information security protection method, device and equipment
CN110941825B (en) Application monitoring method and device
WO2022077388A1 (en) Processor security measurement device and method
CN110287047B (en) Trusted state detection method
WO2020007249A1 (en) Operating system security active defense method and operating system
CN114282178A (en) Software self-protection method and device, electronic equipment and storage medium
WO2017131679A1 (en) System management mode test operations
Xu et al. Security enhancement of secure USB debugging in Android system
KR20100026195A (en) Guarding apparatus and method for system
CN113646763B (en) shellcode detection method and device
US20200244461A1 (en) Data Processing Method and Apparatus
CN106778286A (en) A kind of system and method whether attacked for detection service device hardware
CN111177726A (en) System vulnerability detection method, device, equipment and medium
CN112395609A (en) Detection method and device for application layer shellcode
KR102153048B1 (en) Method and apparatus for detection alteration of smram
CN116011010A (en) File protection method and device, electronic equipment and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination