CN116089912A - Software identification information acquisition method and device, electronic equipment and storage medium - Google Patents

Software identification information acquisition method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN116089912A
CN116089912A CN202211733415.0A CN202211733415A CN116089912A CN 116089912 A CN116089912 A CN 116089912A CN 202211733415 A CN202211733415 A CN 202211733415A CN 116089912 A CN116089912 A CN 116089912A
Authority
CN
China
Prior art keywords
software
identification information
header
target
software identification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211733415.0A
Other languages
Chinese (zh)
Inventor
廖恒
潘明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Luyi Technology Co ltd
Original Assignee
Chengdu Luyi Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Luyi Technology Co ltd filed Critical Chengdu Luyi Technology Co ltd
Priority to CN202211733415.0A priority Critical patent/CN116089912A/en
Publication of CN116089912A publication Critical patent/CN116089912A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Stored Programmes (AREA)

Abstract

The application provides a method and a device for acquiring software identification information, electronic equipment and a storage medium, wherein the method comprises the following steps: acquiring the dos header of the pe file of the target software; acquiring a pe header of the pe file based on the last byte of the dos header; determining a specified code segment in the main program according to the pe header; extracting a predetermined number of bytes from the specified code segment; and determining the hash value of the target software based on the bytes and a preset hash value calculation mode, and taking the hash value as the software identification information of the target software. According to the technical scheme, the software identification information can be kept unchanged during software updating, so that resources consumed by regenerating the software identification information are reduced, the cost of maintaining the software identification information is reduced, and the convenience and safety of software identification are improved.

Description

Software identification information acquisition method and device, electronic equipment and storage medium
[ field of technology ]
The present disclosure relates to the field of computer technologies, and in particular, to a method and apparatus for acquiring software identification information, an electronic device, and a storage medium.
[ background Art ]
In order to prevent the illegal software from running in time, software identification information is set for the software in the related technology, and the software can be identified through the software identification information, so that whether the software is the software identified as the illegal software or not is further judged. However, the generation of existing software identification information depends on the software program itself, and once the software is updated, the software program changes, and new software identification information needs to be calculated again for the software, and the background maintenance resources consumed by this calculation are large.
Therefore, how to reduce the consumption caused by recalculating the software identification information due to the software update is a technical problem to be solved.
[ invention ]
The embodiment of the application provides a method and a device for acquiring software identification information, electronic equipment and a storage medium, and aims to solve the technical problem that background maintenance resources are large due to software updating and software identification information recalculation in the related art.
In a first aspect, an embodiment of the present application provides a method for acquiring software identification information, including: acquiring the dos header of the pe file of the target software; acquiring a pe header of the pe file based on the last byte of the dos header; determining a specified code segment in the main program according to the pe header; extracting a predetermined number of bytes from the specified code segment; and determining the hash value of the target software based on the bytes and a preset hash value calculation mode, and taking the hash value as the software identification information of the target software.
In one possible design, before the obtaining the dos header of the pe file of the target software, the method further includes: installing the target software, and updating a registry and system configuration information based on an installation operation; and acquiring a main program of the target software based on the registry or the system configuration information.
In one possible design, the determining a specified code segment in the main program according to the pe header includes: determining a target operation platform of the target software based on the first byte of the pe header; determining the length of the pe head according to a mode for determining the length of the pe head corresponding to the target operation platform; shifting based on the head byte of the pe header and the length of the pe header to obtain a plurality of section tables of the pe file; and determining a target section table in which the text section is located in the section tables, and acquiring the text section in the target section table as the specified code section.
In one possible design, the extracting a predetermined number of bytes from the specified code section includes: a predetermined number of bytes are extracted from the specified code segment according to a specified extraction rule.
In one possible design, the determining the hash value of the target software based on the byte and a predetermined hash value calculation method includes: and processing the bytes through an md5 algorithm, a sha1 algorithm or a sm3 algorithm to obtain the hash value of the target software.
In a second aspect, an embodiment of the present application provides a software identification method, including: responding to an operation request of target software, and acquiring software identification information of the target software; and if the software identification information is matched with the appointed identification information in the software blacklist, stopping the operation of the target software, wherein the software identification information is generated by executing any one of the methods in the first aspect before the software identification information of the target software is acquired.
In a third aspect, an embodiment of the present application provides a software identification information acquiring apparatus, including: the first acquisition unit is used for acquiring the dos header of the pe file of the target software; the second acquisition unit is used for acquiring the pe header of the pe file based on the last byte of the dos header; a code segment determining unit, configured to determine a specified code segment in the main program according to the pe header; a byte extraction unit for extracting a predetermined number of bytes from the specified code section; and the hash calculation unit is used for determining the hash value of the target software based on the bytes and a preset hash value calculation mode and taking the hash value as the software identification information of the target software.
In one possible design, the software identification information acquiring device further includes: a software installation unit, configured to install the target software before the dos header of the pe file of the target software is obtained, and update a registry and system configuration information based on an installation operation; and the main program acquisition unit is used for acquiring the main program of the target software based on the registry or the system configuration information.
In one possible design, the code segment determining unit is configured to: determining a target operation platform of the target software based on the first byte of the pe header; determining the length of the pe head according to a mode for determining the length of the pe head corresponding to the target operation platform; shifting based on the head byte of the pe header and the length of the pe header to obtain a plurality of section tables of the pe file; and determining a target section table in which the text section is located in the section tables, and acquiring the text section in the target section table as the specified code section.
In one possible design, the byte extraction unit is configured to extract a predetermined number of bytes from the specified code segment according to a specified extraction rule.
In one possible design, the hash calculation unit is configured to: and processing the bytes through an md5 algorithm, a sha1 algorithm or a sm3 algorithm to obtain the hash value of the target software.
In a fourth aspect, an embodiment of the present application provides a software identification apparatus, including: a software identification information generating unit configured to generate software identification information based on the software identification information acquiring apparatus described in the third aspect; an identification information acquisition unit configured to acquire the software identification information of a target software in response to an operation request of the target software; and the software identification unit is used for preventing the target software from running if the software identification information is matched with the appointed identification information in the software blacklist.
In a fifth aspect, embodiments of the present application provide an electronic device, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor, the instructions being arranged to perform the method of the first aspect described above.
In a sixth aspect, embodiments of the present application provide a storage medium storing computer-executable instructions for performing the method of the first aspect.
According to the technical scheme, the software identification information can be generated based on the preset number of bytes in the appointed code segment, and the appointed code segment is unchanged when the target software is updated, so that the software identification information generated based on the preset number of bytes in the appointed code segment is unchanged when the target software is updated. In other words, compared with the technical scheme of recalculating the software identification information due to the software update in the related art, the technical scheme of the application can keep the software identification information unchanged during the software update, so that resources consumed by regenerating the software identification information are reduced, the cost of maintaining the software identification information is reduced, and the convenience and safety of the software identification are improved.
[ description of the drawings ]
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 illustrates a flow chart of a software identification information acquisition method according to one embodiment of the present application;
FIG. 2 illustrates a flowchart of a software identification information acquisition method according to another embodiment of the present application;
FIG. 3 illustrates a flow chart of a software identification method according to one embodiment of the present application;
FIG. 4 is a schematic diagram illustrating a cloud-to-local interaction process according to one embodiment of the present application;
FIG. 5 shows a block diagram of a software identification information acquisition device according to one embodiment of the present application;
fig. 6 shows a block diagram of an electronic device according to an embodiment of the present application.
[ detailed description ] of the invention
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Fig. 1 shows a flowchart of a software identification information acquisition method according to one embodiment of the present application.
As shown in fig. 1, a software identification information acquisition method according to an embodiment of the present application includes:
step 102, obtaining the dos header of the pe file of the target software.
Step 104, obtaining the pe header of the pe file based on the last byte of the dos header.
The pe file is an executable file in the windows system, and common file suffixes include, but are not limited to exe, dll, sys, com, ocx, etc. The format of the pe file running on the 32-bit windows system is pe32, the format of the pe file running on the 64-bit windows system is pe32+, and one of the differences between the different formats of the pe file is that the pe header is different.
The dos header of the pe file is a piece of binary data, and the last byte of the data is used for reflecting the position of the pe header in the pe file, so that the pe header of the pe file can be obtained.
And step 106, determining a specified code segment in the main program according to the pe header.
The pe header corresponds to position reference information of the specified code segment, in other words, the position of the pe header can be used as a condition for determining the position of the specified code segment. The specified code segment is often provided with a characteristic segment which cannot be changed due to software updating, the software identification information of the software is determined based on the characteristic segment which cannot be changed due to the software updating, and the software identification information of the software can be ensured to be unchanged when the software is updated, so that the software identification information reset caused by the software updating is avoided, and the computing resource is saved.
Specifically, a target operation platform of the target software can be determined based on the first byte of the pe header; determining the length of the pe head according to a mode for determining the length of the pe head corresponding to the target operation platform; shifting based on the head byte of the pe header and the length of the pe header to obtain a plurality of section tables of the pe file; and determining a target section table in which the text section is located in the section tables, and acquiring the text section in the target section table as the specified code section.
The first byte of the pe header reflects why the target running platform of the target software includes, but is not limited to, a 32-bit platform and a 64-bit platform, but can be any other platform capable of running the target software. In different operation platforms, the calculation modes of the pe head length are different, so that the length of the pe head can be determined according to the corresponding determination mode of the pe head length of the target operation platform.
Specifically, the size of the OPTIONAL pe HEADER is different in different operation platforms, and in a 64-bit platform, the pe HEADER is the structure of image_operation_header 64, and the length of the pe HEADER is obtained through sizeof (image_operation_header 64).
In the 32-bit platform, the pe HEADER is image_operation_header, and the length of the pe HEADER is obtained by sizeof (image_operation_header).
After determining the length of the pe header, since a plurality of section tables are distributed behind the pe header, the section tables can be obtained by offsetting the first byte of the pe header and the length of the pe header. Each section table is used to describe different functions involved in the software, such as storing initial data, storing calling functions, etc. Meanwhile, each section table comprises a plurality of list items or a plurality of code segments. Further, each section table can be traversed, the section table where the text section is located is determined, and the text section is extracted to be used as the designated code section.
Step 108, extracting a predetermined number of bytes from the specified code segment.
In one possible design, the extracting a predetermined number of bytes from the specified code section includes: a predetermined number of bytes are extracted from the specified code segment according to a specified extraction rule.
Wherein, the specified extraction rule may be: and extracting a plurality of bytes respectively positioned at a plurality of designated positions in the designated code segment, wherein the number of the plurality of designated positions is a preset number.
The specified extraction rules may also be: bytes in the specified code segment at a plurality of specified locations, respectively, are extracted, wherein the number of bytes extracted at each specified location is a specified plurality.
Through the technical scheme, the acquired predetermined number of bytes can be more complicated, so that the complexity of the software identification information obtained by the predetermined number of bytes is improved, the uniqueness of the software identification information to the target software is improved, and the software safety is improved.
Alternatively, the predetermined number is 60. Of course, the predetermined number may be any number that meets the security requirements for the software identification information, and is not limited to 60 as this example.
And 110, determining the hash value of the target software based on the bytes and a preset hash value calculation mode, and taking the hash value as the software identification information of the target software.
Finally, the software identification information is generated based on a predetermined number of bytes in the specified code segment, and since the predetermined number of bytes is a characteristic segment of the specified code segment that does not change due to the software update, the software identification information generated based on the predetermined number of bytes in the specified code segment is unchanged when the update of the target software occurs. In other words, compared with the technical scheme of recalculating the software identification information due to the software update in the related art, the technical scheme of the application can keep the software identification information unchanged during the software update, so that resources consumed by regenerating the software identification information are reduced, the cost of maintaining the software identification information is reduced, and the convenience and safety of the software identification are improved.
In one possible design, the determining the hash value of the target software based on the byte and a predetermined hash value calculation method includes: and processing the bytes through an md5 algorithm, a sha1 algorithm or a sm3 algorithm to obtain the hash value of the target software.
Among them, MD5 algorithm, MD5 information digest algorithm, is a widely used cryptographic hash function that can convert a predetermined number of bytes extracted from the specified code segment into a 128-bit (16-byte) hash value as software identification information of the target software. The sha1 algorithm is a kind of Hash algorithm, and can process a predetermined number of bytes extracted from the specified code segment in units of 512-bit packets, and output a 160-bit message digest as software identification information of the target software. The sm3 algorithm is a cryptographic hash function standard that takes a predetermined number of bytes extracted from the specified code segment as input to a hash function, and outputs a message digest via the hash function as software identification information of the target software.
It should be appreciated that the predetermined hash value calculation method in this application includes, but is not limited to, md5 algorithm, sha1 algorithm, or sm3 algorithm, and may be any calculation method capable of converting a predetermined number of bytes extracted from the specified code segment into a shorter ciphertext.
Fig. 2 shows a flowchart of a software identification information acquisition method according to another embodiment of the present application.
As shown in fig. 2, a software identification information acquisition method according to another embodiment of the present application includes:
step 202, installing target software, and updating registry and system configuration information based on the installation operation.
Step 204, acquiring a main program of the target software based on the registry or the system configuration information.
To acquire the software identification information of the target software, it is necessary to acquire the pe file from the main program thereof, and only if the target software is installed, the main program thereof can be acquired. Thus, the target software can be installed and its main program retrieved through the registry updated after installation or the system configuration information.
Step 206, obtaining the dos header of the pe file of the target software.
Step 208, obtaining the pe header of the pe file based on the last byte of the dos header.
The pe file is an executable file in the windows system, and common file suffixes include, but are not limited to exe, dll, sys, com, ocx, etc. The format of the pe file running on the 32-bit windows system is pe32, the format of the pe file running on the 64-bit windows system is pe32+, and one of the differences between the different formats of the pe file is that the pe header is different.
The dos header of the pe file is a piece of binary data, and the last byte of the data is used for reflecting the position of the pe header in the pe file, so that the pe header of the pe file can be obtained.
Step 210, determining a target operation platform of the target software based on the first byte of the pe header.
The first byte of the pe header reflects why the target running platform of the target software includes, but is not limited to, a 32-bit platform and a 64-bit platform, but can be any other platform capable of running the target software. In different operation platforms, the determination modes of the pe head length are different, so that the target operation platform on which the target software is installed can be determined first, and the corresponding determination mode of the pe head length can be selected for the target operation platform in the subsequent step.
And 212, determining the length of the pe head according to the length determination mode of the pe head corresponding to the target operation platform.
The size of the OPTIONAL pe HEADER is different in different operation platforms, and in a 64-bit platform, the pe HEADER is the structure of image_operation_header 64, and the length of the pe HEADER is obtained through sizeof (image_operation_header 64).
In the 32-bit platform, the pe HEADER is image_operation_header, and the length of the pe HEADER is obtained by sizeof (image_operation_header).
And step 214, performing offset based on the first byte of the pe header and the length of the pe header to obtain a plurality of section tables of the pe file.
And step 216, determining a target section table in which the text section is located in the section tables, and acquiring the text section in the target section table as the specified code section.
After determining the length of the pe header, since a plurality of section tables are distributed behind the pe header, the section tables can be obtained by offsetting the first byte of the pe header and the length of the pe header. Each section table is used to describe different functions involved in the software, such as storing initial data, storing calling functions, etc. Meanwhile, each section table comprises a plurality of list items or a plurality of code segments. Further, each section table can be traversed, the section table where the text section is located is determined, and the text section is extracted to be used as the designated code section.
Step 218, extracting a predetermined number of bytes from the specified code segment.
Alternatively, the predetermined number is 60. Of course, the predetermined number may be any number that meets the security requirements for the software identification information, and is not limited to 60 as this example.
And 220, determining the hash value of the target software based on the bytes and a preset hash value calculation mode, and taking the hash value as the software identification information of the target software.
Finally, the software identification information is generated based on the predetermined number of bytes in the specified code segment, and since the specified code segment remains unchanged when the target software is updated, the software identification information generated based on the predetermined number of bytes in the specified code segment remains unchanged when the target software is updated.
According to the technical scheme, the software identification information can be kept unchanged during software updating, so that resources consumed by regenerating the software identification information are reduced, the cost for maintaining the software identification information is reduced, and the convenience and safety of software identification are improved.
FIG. 3 illustrates a flow chart of a software identification method according to one embodiment of the present application.
As shown in fig. 3, a software identification method according to an embodiment of the present application includes:
step 302, in response to an operation request of the target software, acquiring software identification information of the target software.
And step 304, if the software identification information is matched with the appointed identification information in the software blacklist, stopping the target software from running.
The software identification information can be used for identifying the identity of the target software, and by matching the software identification information of the target software with the specified identification information in the software blacklist, whether the target software is a member of the software blacklist can be judged, so that the target software is prevented from running under the condition that the target software is a member of the software blacklist, and the system safety and the network safety are protected.
Wherein, before step 302, further comprises: the software identification information is generated by performing the technical solution of any one of the above embodiments. Therefore, the technical scheme has all the technical effects and is not repeated here.
So far, it can be known that the generation process of the software identification information can be performed at the cloud end or at the local end.
Fig. 4 shows a schematic diagram of a cloud-to-local interaction process according to an embodiment of the present application. As shown in fig. 4, an automatic download installation module, an analysis main program module, a hash extraction module and a feature hash database are arranged at the cloud end, and an external calling module is arranged at the local end.
Specifically, at the cloud, the automatic download and installation module installs the target software, and updates a registry and system configuration information based on an installation operation, so as to obtain a main program of the target software based on the registry or the system configuration information.
Analyzing a main program module to obtain a dos header of a pe file of target software, obtaining the pe header of the pe file according to a last byte of the dos header, determining a target operation platform of the target software based on the first byte of the pe header, determining the length of the pe header according to a pe header length determination mode corresponding to the target operation platform, and then offsetting based on the first byte of the pe header and the length of the pe header to obtain a plurality of section tables of the pe file.
Next, a hash extraction module extracts a predetermined number of bytes from the specified code section, and determines a hash value of the target software as software identification information of the target software based on the bytes and a predetermined hash value calculation manner.
The feature hash database can store the software identification information of the target software generated by the hash extraction module.
At the local end, responding to an operation request of the target software, accessing a characteristic hash database of the cloud through an external calling module, and calling software identification information of the target software. And if the software identification information is matched with the appointed identification information in the software blacklist, the local terminal prevents the target software from running, otherwise, the local terminal allows the target software to run.
In the technical scheme, the software identification information can be used for identifying the identity of the target software, and by matching the software identification information of the target software with the appointed identification information in the software blacklist, whether the target software is a member of the software blacklist can be judged, so that the target software is prevented from running under the condition that the target software is a member of the software blacklist, and the system safety and the network safety are protected.
Fig. 5 shows a block diagram of a software identification information acquisition device according to one embodiment of the present application.
As shown in fig. 5, a software identification information acquisition apparatus 500 according to an embodiment of the present application includes: a first obtaining unit 502, configured to obtain a dos header of a pe file of the target software; a second obtaining unit 504, configured to obtain a pe header of the pe file based on a last byte of the dos header; a code segment determining unit 506, configured to determine a specified code segment in the main program according to the pe header; a byte extraction unit 508 for extracting a predetermined number of bytes from the specified code segment; and a hash calculation unit 510, configured to determine, based on the byte and a predetermined hash value calculation manner, a hash value of the target software, as software identification information of the target software.
In one possible design, the software identification information obtaining apparatus 500 further includes: a software installation unit, configured to install the target software before the dos header of the pe file of the target software is obtained, and update a registry and system configuration information based on an installation operation; and the main program acquisition unit is used for acquiring the main program of the target software based on the registry or the system configuration information.
In one possible design, the code segment determining unit 506 is configured to: determining a target operation platform of the target software based on the first byte of the pe header; determining the length of the pe head according to a mode for determining the length of the pe head corresponding to the target operation platform; shifting based on the head byte of the pe header and the length of the pe header to obtain a plurality of section tables of the pe file; and determining a target section table in which the text section is located in the section tables, and acquiring the text section in the target section table as the specified code section.
In one possible design, the byte extraction unit 508 is configured to extract a predetermined number of bytes from the specified code segment according to specified extraction rules.
In one possible design, the hash calculation unit 510 is configured to: and processing the bytes through an md5 algorithm, a sha1 algorithm or a sm3 algorithm to obtain the hash value of the target software.
The software identification information obtaining apparatus 500 uses the solution according to any of the above embodiments, and therefore, has all the technical effects described above, and will not be described herein.
In addition, the embodiment of the application also provides a software identification device, which comprises: a software identification information generating unit for generating software identification information based on the software identification information acquiring device 500; an identification information acquisition unit configured to acquire the software identification information of a target software in response to an operation request of the target software; and the software identification unit is used for preventing the target software from running if the software identification information is matched with the appointed identification information in the software blacklist.
All technical effects of the software identification information obtaining device 500 are used by the software identification device, and are not described herein.
Fig. 6 shows a block diagram of an electronic device according to an embodiment of the present application.
As shown in fig. 6, an electronic device 600 of an embodiment of the present application includes at least one memory 602; and a processor 604 communicatively coupled to the at least one memory 602; wherein the memory stores instructions executable by the at least one processor 604, the instructions configured to perform the aspects described in any of the embodiments above. Therefore, the electronic device 600 has the same technical effects as those of any of the above embodiments, and will not be described herein.
The electronic device of the embodiments of the present application exist in a variety of forms including, but not limited to:
(1) Mobile communication devices, which are characterized by mobile communication functionality and are aimed at providing voice, data communication. Such terminals include smart phones, multimedia phones, functional phones, low-end phones, and the like.
(2) Ultra mobile personal computer equipment, which belongs to the category of personal computers, has the functions of calculation and processing and generally has the characteristic of mobile internet surfing. Such terminals include PDA, MID, and UMPC devices, etc.
(3) Portable entertainment devices such devices can display and play multimedia content. The device comprises an audio player, a video player, a palm game machine, an electronic book, an intelligent toy and a portable vehicle navigation device.
(4) The server is similar to a general computer architecture in that the server is provided with high-reliability services, and therefore, the server has high requirements on processing capacity, stability, reliability, safety, expandability, manageability and the like.
(5) Other electronic devices with data interaction function.
It is to be appreciated that the present application is based on feature extraction of pe files under windows systems and is therefore applicable to a variety of Surface devices.
In addition, embodiments of the present application provide a storage medium storing computer-executable instructions for performing the steps of: acquiring the dos header of the pe file of the target software; acquiring a pe header of the pe file based on the last byte of the dos header; determining a specified code segment in the main program according to the pe header; extracting a predetermined number of bytes from the specified code segment; and determining the hash value of the target software based on the bytes and a preset hash value calculation mode, and taking the hash value as the software identification information of the target software.
It should be noted that, the functions or steps that can be implemented by the storage medium or the electronic device may be referred to correspondingly with the descriptions in the foregoing method embodiments, and will not be described herein again for avoiding repetition.
The technical scheme of the application is described in detail by combining the drawings, and the software identification information can be kept unchanged during software updating through the technical scheme of the application, so that resources consumed by regenerating the software identification information are reduced, the cost of maintaining the software identification information is reduced, and the convenience and safety of software identification are improved.
Depending on the context, the word "if" as used herein may be interpreted as "at … …" or "at … …" or "in response to a determination" or "in response to detection". Similarly, the phrase "if determined" or "if detected (stated condition or event)" may be interpreted as "when determined" or "in response to determination" or "when detected (stated condition or event)" or "in response to detection (stated condition or event), depending on the context.
The terminology used in the embodiments of the application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
In the several embodiments provided in this application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the elements is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple elements or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in hardware plus software functional units.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the various embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
The above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention, and are intended to be included in the scope of the present invention.

Claims (10)

1. A software identification information acquisition method, characterized by comprising:
acquiring the dos header of the pe file of the target software;
acquiring a pe header of the pe file based on the last byte of the dos header;
determining a specified code segment in the main program according to the pe header;
extracting a predetermined number of bytes from the specified code segment;
and determining the hash value of the target software based on the bytes and a preset hash value calculation mode, and taking the hash value as the software identification information of the target software.
2. The software identification information acquisition method according to claim 1, further comprising, before the acquiring the dos header of the pe file of the target software:
installing the target software, and updating a registry and system configuration information based on an installation operation;
and acquiring a main program of the target software based on the registry or the system configuration information.
3. The software identification information acquisition method according to claim 1, wherein the determining a specified code section in the main program according to the pe header includes:
determining a target operation platform of the target software based on the first byte of the pe header;
determining the length of the pe head according to a mode for determining the length of the pe head corresponding to the target operation platform;
shifting based on the head byte of the pe header and the length of the pe header to obtain a plurality of section tables of the pe file;
and determining a target section table in which the text section is located in the section tables, and acquiring the text section in the target section table as the specified code section.
4. A software identification information acquisition method according to any one of claims 1 to 3, wherein the extracting a predetermined number of bytes from the specified code section includes:
a predetermined number of bytes are extracted from the specified code segment according to a specified extraction rule.
5. A software identification information acquisition method according to any one of claims 1 to 3, wherein the determining the hash value of the target software based on the bytes and a predetermined hash value calculation means includes:
and processing the bytes through an md5 algorithm, a sha1 algorithm or a sm3 algorithm to obtain the hash value of the target software.
6. A method of software identification, comprising:
responding to an operation request of target software, and acquiring software identification information of the target software;
and if the software identification information is matched with the appointed identification information in the software blacklist, preventing the target software from running, wherein the software identification information is generated by executing the method of any one of claims 1 to 5 before the software identification information of the target software is acquired.
7. A software identification information acquisition apparatus, comprising:
the first acquisition unit is used for acquiring the dos header of the pe file of the target software;
the second acquisition unit is used for acquiring the pe header of the pe file based on the last byte of the dos header;
a code segment determining unit, configured to determine a specified code segment in the main program according to the pe header;
a byte extraction unit for extracting a predetermined number of bytes from the specified code section;
and the hash calculation unit is used for determining the hash value of the target software based on the bytes and a preset hash value calculation mode and taking the hash value as the software identification information of the target software.
8. A software identification device, comprising:
a software identification information generating unit configured to generate software identification information based on the software identification information acquiring apparatus according to claim 7;
an identification information acquisition unit configured to acquire the software identification information of a target software in response to an operation request of the target software;
and the software identification unit is used for preventing the target software from running if the software identification information is matched with the appointed identification information in the software blacklist.
9. An electronic device, comprising: at least one processor; and a memory communicatively coupled to the at least one processor;
wherein the memory stores instructions executable by the at least one processor, the instructions being arranged to perform the method of any of the preceding claims 1 to 6.
10. A storage medium storing computer executable instructions for performing the method of any one of claims 1 to 6.
CN202211733415.0A 2022-12-30 2022-12-30 Software identification information acquisition method and device, electronic equipment and storage medium Pending CN116089912A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211733415.0A CN116089912A (en) 2022-12-30 2022-12-30 Software identification information acquisition method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211733415.0A CN116089912A (en) 2022-12-30 2022-12-30 Software identification information acquisition method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN116089912A true CN116089912A (en) 2023-05-09

Family

ID=86198597

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211733415.0A Pending CN116089912A (en) 2022-12-30 2022-12-30 Software identification information acquisition method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116089912A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116305172A (en) * 2023-05-23 2023-06-23 北京安天网络安全技术有限公司 OneNote document detection method, oneNote document detection device, oneNote document detection medium and OneNote document detection equipment

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116305172A (en) * 2023-05-23 2023-06-23 北京安天网络安全技术有限公司 OneNote document detection method, oneNote document detection device, oneNote document detection medium and OneNote document detection equipment

Similar Documents

Publication Publication Date Title
CN108256353B (en) Data integrity checking method and device and client
US10073916B2 (en) Method and system for facilitating terminal identifiers
CN111163182B (en) Block chain-based device registration method and apparatus, electronic device, and storage medium
US6928548B1 (en) System and method for verifying the integrity of stored information within an electronic device
CN111752770A (en) Service request processing method, system, computer device and storage medium
CN116089912A (en) Software identification information acquisition method and device, electronic equipment and storage medium
CN111338688B (en) Data long-acting caching method and device, computer system and readable storage medium
CN115248919A (en) Method and device for calling function interface, electronic equipment and storage medium
CN114238874A (en) Digital signature verification method and device, computer equipment and storage medium
US9842018B2 (en) Method of verifying integrity of program using hash
CN108650249A (en) POC attack detection methods, device, computer equipment and storage medium
CN115130114A (en) Gateway safety starting method and device, electronic equipment and storage medium
CN115391801A (en) Method and device for updating encryption module in block chain system and related products
CN111698227B (en) Information synchronization management method, device, computer system and readable storage medium
CN113849802A (en) Equipment authentication method and device, electronic equipment and storage medium
CN110888686B (en) Application program starting method, device and storage medium
CN108200060B (en) Single sign-on verification method based on web subsystem, server and storage medium
CN107071548B (en) Video processing method and system
CN111813474A (en) Multi-language display method and device and electronic equipment
CN110597557B (en) System information acquisition method, terminal and medium
CN114567509B (en) Web application access system and method
CN112312155B (en) Video stream processing method and device and server
CN112799738B (en) Configuration file importing method, device and equipment
CN117009982B (en) Image file security verification method and device, electronic equipment and storage medium
CN112040248B (en) Video compression method, system, terminal device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination