CN115827099A - Hook function installation method and device of Linux platform - Google Patents
Hook function installation method and device of Linux platform Download PDFInfo
- Publication number
- CN115827099A CN115827099A CN202211583193.9A CN202211583193A CN115827099A CN 115827099 A CN115827099 A CN 115827099A CN 202211583193 A CN202211583193 A CN 202211583193A CN 115827099 A CN115827099 A CN 115827099A
- Authority
- CN
- China
- Prior art keywords
- address
- pointer
- function
- variable
- hook function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Telephonic Communication Services (AREA)
- Stored Programmes (AREA)
Abstract
The embodiment of the invention relates to a hook function installation method and a device of a Linux platform, wherein the method comprises the following steps: acquiring the address of a first function in a Linux kernel and storing the address into a first function pointer; calling the first function pointer to obtain the address of a global variable and storing the address of the global variable into the global variable pointer; acquiring the address of the LSM hook function chain table head to be installed in the Linux kernel according to the global variable pointer and storing the address into a first variable; taking the first variable as a chain table head, if the chain table has an existing node, storing the address of the node into a second pointer variable; and replacing the existing LSM hook function pointer by adopting the address of the LSM hook function in the loadable kernel module atomically and storing the LSM hook function pointer into a third pointer variable for calling the LSM hook function provided by the loadable kernel module. The technical scheme of the embodiment of the invention avoids the stability risk in the prior art.
Description
Technical Field
The embodiment of the invention relates to the technical field of Linux operating systems, in particular to a hook function method and a hook function device for a Linux platform.
Background
LSM (Linux Security Modules) is a general-purpose framework for access control provided by the Linux kernel, which installs hook functions on the critical execution path of many Linux system calls. In the prior art, a method for installing a hook function on some linux kernel versions is to find a linked list of a hook function installation point and insert a node which stores the type of a hook function pointer provided by a security module as a specific type so as to achieve the purpose of installing the hook function, but the method has stability risk. Therefore, it is desirable to provide a hook function installation method for a Linux platform with high stability.
Disclosure of Invention
Based on the above situation in the prior art, an object of the embodiments of the present invention is to provide a method and an apparatus for installing a hook function of a Linux platform, and in particular, to provide a method and an apparatus for installing an LSM hook function in some high-version Linux systems, where a hook function pointer in an existing node on each hook function linked list is replaced atomically to install a hook function, so as to avoid a stability risk in the method for installing a hook function in the prior art.
To achieve the above object, according to a first aspect of the present invention, there is provided a hook function installation method for a Linux platform, comprising the steps of:
acquiring the address of a first function in a Linux kernel;
storing the address of the acquired first function in the Linux kernel into a first function pointer;
calling the first function pointer to obtain an address of a global variable, and storing the address of the global variable into the global variable pointer;
acquiring an address of an LSM hook function chain table head to be installed in a Linux kernel according to the global variable pointer, and storing the address into a first variable;
taking the first variable as a chain table head, if the chain table has an existing node, storing the address of the node into a second pointer variable;
and the address of the LSM hook function in the loadable kernel module is adopted to atomically replace the existing LSM hook function pointer stored in the second pointer variable, and the existing LSM hook function pointer is stored in the third pointer variable to be called by the LSM hook function provided by the loadable kernel module.
Further, acquiring the address of the first function in the Linux kernel includes the steps of:
and registering the kprobe in an initialization function of the loadable kernel module to acquire the address of the first function in the Linux kernel.
Further, the method further comprises: and after the address of the first function in the Linux kernel is obtained, the kprobe is registered reversely.
Further, acquiring an address of the LSM hook function chain table header to be installed in the Linux kernel according to the global variable pointer, including the steps of:
and adding the value of the global variable pointer and the offset of the LSM hook function chain table head to be installed in the first type structure body to obtain the address of the LSM hook function chain table head to be installed in the Linux kernel.
Further, the method also comprises unloading the loadable kernel module, comprising the steps of:
and the address in the third pointer variable is adopted to replace the existing LSM hook function pointer stored in the second pointer variable atomically.
Further, the type of the global variable is a first type structure; the type of the second pointer variable is a second type structure.
According to a second aspect of the present invention, there is provided a hook function installation apparatus for a Linux platform, comprising:
the first function address acquisition module is used for acquiring the address of the first function in the Linux kernel and storing the acquired address of the first function in the Linux kernel into a first function pointer;
the global variable address acquisition module is used for calling the first function pointer to acquire an address of a global variable and storing the address of the global variable into the global variable pointer;
the hook function address acquisition module is used for acquiring the address of an LSM hook function chain table head to be installed in a Linux kernel according to the global variable pointer, storing the address into a first variable, taking the first variable as the chain table head, and storing the address of a node into a second pointer variable if the chain table has the node;
and the hook function installation module is used for atomically replacing the existing LSM hook function pointer stored in the second pointer variable by adopting the address of the LSM hook function in the loadable kernel module, and storing the existing LSM hook function pointer into a third pointer variable to be called by the LSM hook function provided by the loadable kernel module.
Further, the hook function address obtaining module obtains, according to the global variable pointer, an address of an LSM hook function chain table header to be installed in the Linux kernel, and includes:
and adding the value of the global variable pointer and the offset of the LSM hook function chain table head to be installed in the first type structure body to obtain the address of the LSM hook function chain table head to be installed in the Linux kernel.
According to a third aspect of the present invention, there is provided an electronic device comprising a memory, a processor and executable instructions stored on the memory and executable on the processor, the processor implementing the method according to the first aspect of the present invention when executing the program.
According to a fourth aspect of the present invention there is provided a computer readable storage medium having stored thereon computer executable instructions which, when executed by a processor, implement the method according to the first aspect of the present invention.
In summary, the embodiment of the present invention provides a method and an apparatus for installing a hook function of a Linux platform, where the method includes: acquiring the address of a first function in a Linux kernel; storing the address of the acquired first function in the Linux kernel into a first function pointer; calling the first function pointer to obtain the address of the global variable, and storing the address of the global variable into the global variable pointer; acquiring an address of an LSM hook function chain table head to be installed in a Linux kernel according to the global variable pointer, and storing the address into a first variable; taking the first variable as a chain table head, if the chain table has an existing node, storing the address of the node into a second pointer variable; and replacing the existing LSM hook function pointer stored in the second pointer variable by adopting the address of the LSM hook function in the loadable kernel module atomically, and storing the existing LSM hook function pointer into the third pointer variable for calling the LSM hook function provided by the loadable kernel module. According to the technical scheme of the embodiment of the invention, the hook function is installed by atomically replacing the hook function pointers in the existing nodes on each hook function chain table, so that the potential stability risk brought by the LSM hook function installation method in the prior art in the Linux kernel with certain version number is avoided.
Drawings
FIG. 1 is a flowchart of a hook function installation method for a Linux platform according to an embodiment of the present invention;
fig. 2 is a block diagram illustrating a hook function installation apparatus of a Linux platform according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings in conjunction with the following detailed description. It is to be understood that these descriptions are only illustrative and are not intended to limit the scope of the present invention. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present invention.
LSM (Linux Security Modules) is a general framework for access control provided by the Linux kernel, which installs hook functions on the critical execution path of many Linux system calls. These hooking functions may be executed each time a Linux system call executes. The user can write a Loadable Kernel Module (LKM) to install the hook functions to realize security detection, thereby providing security protection. The LSM derives a global variable security _ ops pointer with the type of struct security _ operations from the version number of 4.1.52 and the previous Linux kernel or derives a security _ ops pointer with the type of struct security _ operations from kernel symbols, all LSM hook function pointers provided by the Linux kernel are included in a memory pointed by the security _ ops pointer, and a method for installing hook functions on versions of the Linux kernels is to directly and atomically replace corresponding function pointers included in the memory pointed by the security _ ops pointer, so that the hook scheme can not cause stability risk problem. However, the LSM does not derive the global variable security _ ops pointer with the type of structure security _ operations any more in the Linux kernel with the version number of 4.2.0 and later, and does not have the security _ ops pointer with the type of structure security _ operations in the symbol, but provides the global variable security _ hook _ heads with the type of structure security _ hook _ heads in the symbol, and does not provide the pointer of each stored LSM hook function in the security _ hook _ heads variable any more, but rather provides the linked list of LSM hook functions (possibly a doubly linked list, and possibly a hashed linked list), so the method for installing the hook functions on the kernel versions is to find the node of the Linux hook function installation point, into which the hook function pointer provided by the security module is inserted, so as to achieve the purpose of installing the hook function. However, this solution has a stability risk because the Linux kernel does not derive the security _ add _ hooks function for installing the LSM hook function, nor does the security _ add _ hooks function exist in the symbol, the security _ add _ hooks function internally adds a node by calling the list _ add _ rcu function or hlist _ add _ tail _ rcu function, these two functions do not add lock protection when accessing the node on the linked list, and also do not provide an interface function for removing the LSM hook function, if the user directly adds or removes a node to each hook function chain table in the global variable security _ hook _ headers, there is a low probability that the user may cause a stability problem of machine downtime, and the security software may also cause a stability problem of machine downtime when removing the previously installed LSM hook function.
In view of the above problems, embodiments of the present invention provide a hooking method for a Linux platform, which effectively solves the stability problem of installing and uninstalling an LSM hooking function when writing an LKM in the Linux platform. The technical solutions of the embodiments of the present invention are described in detail below with reference to the accompanying drawings. Fig. 1 shows a flowchart of a hooking method of the Linux platform, which includes the following steps:
s202, registering kprobe (a lightweight kernel debugging technique specially designed by kernel developers for tracking the execution state of a kernel function) in an initialization function of a Loadable Kernel Module (LKM) to obtain an address of the first function in the Linux kernel. When writing the LKM, registering kprobe in its initialization function init _ module to obtain the address of the first function, for example, the kallsyms _ lookup _ name function, in the Linux kernel.
S204, storing the address of the acquired first function in the Linux kernel into a first function pointer, and reversely registering the kprobe. If the kprobe is failed to be registered in the step S202, or if the address of the kallsyms _ lookup _ name function in the Linux kernel is failed to be acquired although the kprobe is successfully registered, jumping out the function and not executing the function; otherwise, that is, after registering kprobe in the initialization function is successful, in this step, the address of the obtained kallsyms _ lookup _ name function in the Linux kernel is saved into a first function pointer, for example, the function pointer pfn _ kallsyms _ lookup _ name, and the kprobe is registered reversely to release the resource applied when registering kprobe.
S206, calling the first function pointer to obtain the address of the global variable, and storing the address of the global variable into the global variable pointer; and the type of the global variable is a first type structure. In this step, a global variable security _ hook _ headers is obtained by calling the first function pointer pfn _ kallsyms _ lookup _ name to store a chain table header of the LSM hook function, where the type of the global variable is structure security _ hook _ headers. If the acquisition fails, returning; if the acquisition is successful, the address of the global variable is saved into a global variable pointer security _ hook _ headers _ ptr.
And S208, adding the value of the global variable pointer and the offset of the LSM hook function chain table head to be installed in the first type structure body to obtain the address of the LSM hook function chain table head to be installed in the Linux kernel, and storing the address into the first variable. In the step, the value of the global variable pointer security _ hook _ heads _ ptr is added with the offset of the head of the LSM hook function chain to be installed in the first type structure security _ hook _ heads, namely the address of the head of the LSM hook function chain to be installed in the Linux kernel, and the address is stored in the first variable head.
And S210, taking the first variable as a head of the chain table, if the chain table has an existing node, storing the address of the node into a second pointer variable, wherein the type of the second pointer variable is a second type structure. And using the first variable head as a chain table head to check whether the chain table has an existing node. If not, returning; if yes, the address of the node is stored in a second pointer variable security _ hook _ list, and the type of the second pointer variable security _ hook _ list is a second type structure security _ hook _ list. The memory access in this step is secure with no stability risk. Because the memory to which the node on the linked list belongs is the memory allocated by the Linux kernel security component, and the Linux kernel security component allocates the memory for the node when the system is initialized and releases the memory when the system is shut down, the memory can be safely accessed through the steps of the invention.
S212, the existing LSM hook function pointer stored in the second pointer variable is replaced atomically by the address of the LSM hook function in the loadable kernel module, and the existing LSM hook function pointer is stored in the third pointer variable to be called by the LSM hook function provided by the loadable kernel module. In this step, the existing LSM hook function pointer stored in the second pointer variable security _ hook _ list is atomically replaced with the address of the LSM hook function (e.g., LKM _ LSM _ function) in the LKM, and the existing LSM hook function pointer is stored into the third pointer variable ori _ LSM _ function _ ptr for call by the LSM hook function LKM _ LSM _ function provided by the LKM. Installing the LSM hook function is done so far, and since the atomic write memory operation itself has no risk, there is no stability risk in this step either.
According to some optional embodiments, the method further comprises the step of unloading the LKM, including:
and replacing the existing LSM hook function pointer stored in the second pointer variable by using the address in the third pointer variable atomically. In this unloading step, the address stored in the third pointer variable ori _ LSM _ func _ ptr (i.e., the originally existing LSM hook function pointer is stored) in step S212 is used to atomically replace the existing LSM hook function pointer stored in the second pointer variable security _ hook _ list. By this point, the unloading of the LSM hook function is complete, with no stability risk.
In an embodiment of the present invention, a hook function installation apparatus for a Linux platform is further provided, and fig. 2 shows a block diagram of a structure of the hook function installation apparatus, and as shown in fig. 2, the apparatus includes:
the first function address obtaining module 201 is configured to obtain an address of the first function in the Linux kernel, and store the obtained address of the first function in the Linux kernel to the first function pointer.
And the global variable address obtaining module 202 is configured to call the first function pointer to obtain an address of a global variable, and store the address of the global variable into the global variable pointer.
The hook function address obtaining module 203 is configured to obtain, according to the global variable pointer, an address of an LSM hook function chain table header to be installed in the Linux kernel, and specifically includes: and adding the value of the global variable pointer and the offset of the LSM hook function chain table head to be installed in the first type structure body to obtain the address of the LSM hook function chain table head to be installed in the Linux kernel, storing the address into a first variable, taking the first variable as the chain table head, and storing the address of the node into a second pointer variable if the chain table has an existing node.
The hook function installing module 204 is configured to atomically replace the existing LSM hook function pointer stored in the second pointer variable with the address of the LSM hook function in the loadable kernel module, and store the existing LSM hook function pointer into the third pointer variable for the LSM hook function provided by the loadable kernel module to call.
In the hook function installation apparatus for a Linux platform according to an embodiment of the present invention, specific steps of each module for implementing its function are the same as those of the hook function installation method for a Linux platform according to the foregoing embodiment of the present invention, and repeated description thereof will be omitted herein.
In an embodiment of the present invention, an electronic device is further provided, which includes a memory, a processor, and executable instructions stored in the memory and executable on the processor, and when the processor executes the program, the method according to the above embodiment of the present invention is implemented. Fig. 3 is a schematic structural diagram of the electronic device according to the embodiment of the present invention. As shown in fig. 3, the electronic apparatus includes: one or more processors 301 and memory 302; and computer-executable instructions stored in the memory 302, which, when executed by the processor 301, cause the processor 301 to perform the hook function installation method of the Linux platform as in the above-described embodiments. The processor 301 may be a Central Processing Unit (CPU) or other form of processing unit having data processing capabilities and/or instruction execution capabilities, and may control other components in the electronic device to perform desired functions. Memory 302 may include one or more computer program products that may include various forms of computer-readable storage media, such as volatile memory and/or non-volatile memory. Volatile memory can include, for example, random Access Memory (RAM), cache memory (or the like). The non-volatile memory may include, for example, read Only Memory (ROM), hard disk, flash memory, etc. One or more computer program instructions may be stored on the computer-readable storage medium and executed by the processor 301 to implement the steps of the above hook function installation method of the Linux platform according to an embodiment of the present invention and/or other desired functions. In some embodiments, the electronic device may further include: an input device 303 and an output device 304, which are interconnected by a bus system and/or other form of connection mechanism (not shown in fig. 3). For example, when the electronic device is a stand-alone device, the input means 303 may be a communication network connector for receiving the acquired input signal from an external removable device. The input device 303 may also include, for example, a keyboard, a mouse, a microphone, and the like. The output device 304 may output various information to the outside, and may include, for example, a display, speakers, a printer, and a communication network and its connected remote output devices.
In an embodiment of the present invention, there is also provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps in the method as described in the above-mentioned embodiment of the present invention. A computer-readable storage medium may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may include, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a random access memory ((RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
It should be understood that the Processor in the embodiments of the present invention may be a Central Processing Unit (CPU), and the Processor may also be other general purpose processors, digital Signal Processors (DSPs), application Specific Integrated Circuits (ASICs), field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
In summary, the embodiment of the present invention relates to a method and an apparatus for installing a hook function of a Linux platform, where the method includes: acquiring the address of a first function in a Linux kernel; storing the address of the acquired first function in the Linux kernel into a first function pointer; calling the first function pointer to obtain an address of a global variable, and storing the address of the global variable into the global variable pointer; acquiring an address of an LSM hook function chain table head to be installed in a Linux kernel according to the global variable pointer, and storing the address into a first variable; taking the first variable as a chain table head, if the chain table has an existing node, storing the address of the node into a second pointer variable; and replacing the existing LSM hook function pointer stored in the second pointer variable by adopting the address of the LSM hook function in the loadable kernel module atomically, and storing the existing LSM hook function pointer into the third pointer variable for calling the LSM hook function provided by the loadable kernel module. According to the technical scheme of the embodiment of the invention, the hook function is installed by atomically replacing the hook function pointers in the existing nodes on each hook function chain table, so that the potential stability risk brought by the LSM hook function installation method in the prior art in the Linux kernel with certain version number is avoided.
It should be understood that the discussion of any embodiment above is merely exemplary, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to those examples; features from the above embodiments or from different embodiments may also be combined within the inventive idea, steps may be implemented in any order, and there are many other variations of different aspects of one or more embodiments of the invention as described above, which are not provided in detail for the sake of brevity. The foregoing detailed description of the invention is merely exemplary in nature and is not intended to limit the invention. Therefore, any modification, equivalent replacement, improvement and the like made without departing from the spirit and scope of the present invention should be included in the protection scope of the present invention. Further, it is intended that the appended claims cover all such variations and modifications as fall within the scope and boundaries of the appended claims or the equivalents of such scope and boundaries.
Claims (10)
1. A hook function installation method of a Linux platform is characterized by comprising the following steps:
acquiring the address of a first function in a Linux kernel;
storing the address of the acquired first function in the Linux kernel into a first function pointer;
calling the first function pointer to obtain the address of the global variable, and storing the address of the global variable into the global variable pointer;
acquiring an address of an LSM hook function chain table head to be installed in a Linux kernel according to the global variable pointer, and storing the address into a first variable;
taking the first variable as a chain table head, if the chain table has an existing node, storing the address of the node into a second pointer variable;
and replacing the existing LSM hook function pointer stored in the second pointer variable by adopting the address of the LSM hook function in the loadable kernel module atomically, and storing the existing LSM hook function pointer into the third pointer variable for calling the LSM hook function provided by the loadable kernel module.
2. The method according to claim 1, wherein obtaining the address of the first function in the Linux kernel comprises the steps of:
and registering the kprobe in the initialization function of the loadable kernel module to acquire the address of the first function in the Linux kernel.
3. The method of claim 2, further comprising: and after the address of the first function in the Linux kernel is obtained, the kprobe is registered reversely.
4. The method according to claim 1, wherein obtaining an address of an LSM hook function chain header to be installed in a Linux kernel according to the global variable pointer comprises:
and adding the value of the global variable pointer and the offset of the LSM hook function chain table head to be installed in the first type structure body to obtain the address of the LSM hook function chain table head to be installed in the Linux kernel.
5. The method according to any of claims 1-4, wherein the method further comprises unloading loadable kernel modules, comprising the steps of:
and replacing the existing LSM hook function pointer stored in the second pointer variable by using the address in the third pointer variable atomically.
6. The method of claim 1, wherein the type of the global variable is a first type structure; the type of the second pointer variable is a second type structure.
7. A hook function installation device of a Linux platform is characterized by comprising:
the first function address acquisition module is used for acquiring the address of the first function in the Linux kernel and storing the acquired address of the first function in the Linux kernel into a first function pointer;
the global variable address acquisition module is used for calling the first function pointer to acquire an address of a global variable and storing the address of the global variable into the global variable pointer;
the hook function address acquisition module is used for acquiring the address of an LSM hook function chain table head to be installed in a Linux kernel according to the global variable pointer, storing the address into a first variable, taking the first variable as the chain table head, and storing the address of a node into a second pointer variable if the chain table has the node;
and the hook function installation module is used for atomically replacing the existing LSM hook function pointer stored in the second pointer variable by adopting the address of the LSM hook function in the loadable kernel module, and storing the existing LSM hook function pointer into a third pointer variable to be called by the LSM hook function provided by the loadable kernel module.
8. The apparatus according to claim 7, wherein the hooking function address obtaining module obtains, according to the global variable pointer, an address of a LSM hooking function chain header to be installed in a Linux kernel, and includes:
and adding the value of the global variable pointer and the offset of the LSM hook function chain table head to be installed in the first type structure body to obtain the address of the LSM hook function chain table head to be installed in the Linux kernel.
9. An electronic device comprising a memory, a processor, and executable instructions stored on the memory and executable on the processor, wherein the processor implements the method of any of claims 1-6 when executing the program.
10. A computer-readable storage medium having computer-executable instructions stored thereon which, when executed by a processor, implement the method of any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211583193.9A CN115827099B (en) | 2022-12-09 | 2022-12-09 | Method and device for installing hook function of Linux platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211583193.9A CN115827099B (en) | 2022-12-09 | 2022-12-09 | Method and device for installing hook function of Linux platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115827099A true CN115827099A (en) | 2023-03-21 |
| CN115827099B CN115827099B (en) | 2023-05-12 |
Family
ID=85546211
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211583193.9A Active CN115827099B (en) | 2022-12-09 | 2022-12-09 | Method and device for installing hook function of Linux platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115827099B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080184335A1 (en) * | 2007-01-26 | 2008-07-31 | Xinwen Zhang | Method and system for extending selinux policy models and their enforcement |
| CN104885092A (en) * | 2012-11-13 | 2015-09-02 | 奥克兰服务有限公司 | Security system and method for operating systems |
| US20160004859A1 (en) * | 2013-03-26 | 2016-01-07 | Irdeto Canada Corporation | Method and system for platform and user application security on a device |
| US20190102566A1 (en) * | 2017-09-29 | 2019-04-04 | Foundation Of Soongsil University-Industry Cooperation | Linux based android container platform, device equipped with the same and method for apply security system in linux based android container environment |
| CN111258850A (en) * | 2020-01-13 | 2020-06-09 | 奇安信科技集团股份有限公司 | Method and device for updating software information based on Linux system |
| CN112148388A (en) * | 2020-10-22 | 2020-12-29 | 北京嘀嘀无限科技发展有限公司 | Computer program hooking method and system |
-
2022
- 2022-12-09 CN CN202211583193.9A patent/CN115827099B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080184335A1 (en) * | 2007-01-26 | 2008-07-31 | Xinwen Zhang | Method and system for extending selinux policy models and their enforcement |
| CN104885092A (en) * | 2012-11-13 | 2015-09-02 | 奥克兰服务有限公司 | Security system and method for operating systems |
| US20160004859A1 (en) * | 2013-03-26 | 2016-01-07 | Irdeto Canada Corporation | Method and system for platform and user application security on a device |
| US20190102566A1 (en) * | 2017-09-29 | 2019-04-04 | Foundation Of Soongsil University-Industry Cooperation | Linux based android container platform, device equipped with the same and method for apply security system in linux based android container environment |
| CN111258850A (en) * | 2020-01-13 | 2020-06-09 | 奇安信科技集团股份有限公司 | Method and device for updating software information based on Linux system |
| CN112148388A (en) * | 2020-10-22 | 2020-12-29 | 北京嘀嘀无限科技发展有限公司 | Computer program hooking method and system |
Non-Patent Citations (1)
| Title |
|---|
| 张超: "Linux系统堆溢出漏洞分析与自动检测技术研究", 中国优秀硕士学位论文全文数据库 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115827099B (en) | 2023-05-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11875147B2 (en) | Firmware component with self-descriptive dependency information | |
| US20140208083A1 (en) | Multi-threaded logging | |
| CN107408016B (en) | Memory access protection using processor transactional memory support | |
| US10546144B2 (en) | Dynamically excluding sensitive information from system snapshot | |
| US9189206B2 (en) | System and method for managing immutable objects | |
| CN111061643A (en) | SDK cluster compatibility detection method and device, electronic equipment and storage medium | |
| US9304762B2 (en) | Automatically customizing a computer-executable application at runtime | |
| US10740166B2 (en) | Thread based dynamic data collection | |
| US9965402B2 (en) | Memory initialization detection system | |
| CN109408265B (en) | IOS abnormal operation protection method and device, terminal equipment and storage medium | |
| US9442790B2 (en) | Computer and dumping control method | |
| CN110688320B (en) | Global variable detection method and device and terminal equipment | |
| CN115827099B (en) | Method and device for installing hook function of Linux platform | |
| US10310914B2 (en) | Methods and systems for recursively acquiring and releasing a spinlock | |
| US11809881B2 (en) | Target process injection prior to execution of marker libraries | |
| CN111209137B (en) | Data access control method and device, data access equipment and system | |
| CN110275710B (en) | Java local interface consistency checking method and system, storage medium and terminal | |
| CN109656805B (en) | Method and device for generating code link for business analysis and business server | |
| CN115705294A (en) | Method, device, electronic equipment and medium for acquiring function call information | |
| US9098356B2 (en) | Hook re-entry prevention device and recording medium, in which program for executing method thereof in computer is recorded thereon | |
| US9619306B2 (en) | Information processing device, control method thereof, and recording medium | |
| CN110929102B (en) | Data processing method and device and electronic equipment | |
| US8892533B2 (en) | Accelerated cached object retrieval | |
| CN114253825B (en) | Memory leak detection method, device, computer equipment and storage medium | |
| CN113157513B (en) | Heap memory damage detection method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |