CN1624617A - Method for blocking illegal access to game process and operating game process - Google Patents

Method for blocking illegal access to game process and operating game process Download PDF

Info

Publication number
CN1624617A
CN1624617A CNA2004100960426A CN200410096042A CN1624617A CN 1624617 A CN1624617 A CN 1624617A CN A2004100960426 A CNA2004100960426 A CN A2004100960426A CN 200410096042 A CN200410096042 A CN 200410096042A CN 1624617 A CN1624617 A CN 1624617A
Authority
CN
China
Prior art keywords
api
program
hook
target
game
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2004100960426A
Other languages
Chinese (zh)
Inventor
金赞浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
INCAR NETWORK CO Ltd
Original Assignee
INCAR NETWORK CO Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=34737858&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=CN1624617(A) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by INCAR NETWORK CO Ltd filed Critical INCAR NETWORK CO Ltd
Publication of CN1624617A publication Critical patent/CN1624617A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • AHUMAN NECESSITIES
    • A63SPORTS; GAMES; AMUSEMENTS
    • A63FCARD, BOARD, OR ROULETTE GAMES; INDOOR GAMES USING SMALL MOVING PLAYING BODIES; VIDEO GAMES; GAMES NOT OTHERWISE PROVIDED FOR
    • A63F13/00Video games, i.e. games using an electronically generated display having two or more dimensions
    • A63F13/70Game security or game management aspects
    • A63F13/71Game security or game management aspects using secure communication between game devices and game servers, e.g. by encrypting game data or authenticating players

Abstract

The invention relates to a method to cut off an illegal process access and manipulation for the security of online game client by real-time. The method comprises a step providing an API hook routine permitting and intercepting execution of an API processing routine in the computer system, a step hook processing the API used by the process under execution on the computer system, a step performing an API hook routine to the hook processed API to determine whether execution of the permitted API processing routine and a step performing the API processing routine in permitting execution of the API processing routine.

Description

Blocking-up is to the method for game process unauthorized access and operate game process
Technical field
A kind of method of guaranteeing game on line safety of relate generally to of the present invention, and relate in particular to a kind of the blocking-up in real time the unauthorized access of game process and operation to guarantee the method for game on line safety, described method can use application programming interfaces hook (hooking) technology to stop hack tool unauthorized access game on line.
Background technology
Along with popularizing of very high speed internet, the game on line number of users increases and has developed a large amount of games on line rapidly, but but not enough far away to the understanding and the estimation of game security.Assault to recreation abbreviates " recreation hacker " as.Typical assault refers to illegally obtain administration authority on certain computer, perhaps after the access computer to the data illegal operation in this computing machine.On the contrary, the recreation hacker refers to the program that the file or the memory block of particular game client are operated.
The recreation hacker changes particular data by the memory block of operate game process, for example ability grade and muscle power.In the suit recreation, use the recreation hacker can't influence other recreation user, but in game on line, use the recreation hacker then can cause problem, for example destroy the balance between the recreation user and on game server, force excessive loads.In other words, make a profit by improper method when user plays games if some is played, the balance of then playing between the user is destroyed.In severe case, the balance multilated of whole game on line, and game server is forced excessive loads.
Therefore, must improve level of security and in game on line, use the recreation hacker with the user that prevents to play.Yet, to thirst for cracking this fact according to the recreation user, the game on line security is different from other security, is difficult to the protection game on line assault of not played.That is to say,, must play the user and guarantee the security of game on line at these because the recreation user thirsts for removing game on line protection and the recreation hacker has been installed.Same situation also appear at owing to want transmitted virus close antivirus applet or the unloading antivirus applet the user guarantee security.
In the case, it is desirable to development of games company and in the game client of self, comprise security code.Yet, by development of games company self take care sexual needs a large amount of time and cost, and owing to tackling a large amount of assaults that the new hacker that occurs at any time causes so that be difficult to the upgrading game client with.And, since some cracker can executable operations after using reverse-engineering (reverse engineering) technical Analysis game client to skip the security code that comprises in the game client, the security code that is included in the game client may lose efficacy.
Therefore, produced the demand that is not subjected to the security solution of various powerful recreation assaults for protection recreation.
Traditional game on line security solution comprises the MyFirewall that is used for game services (MFGS) by the FindHack of the applicant's exploitation and the exploitation of AhnLab company.These two kinds of products all take to use the scheme of antivirus engine simple register hack tool pattern, periodic detection procedure, and when the process pattern is consistent with the hack tool pattern of being registered, stop corresponding process by force.
Yet, this game security strategy is problematic, because continuous a large amount of new hack tool patterns of registration, and if existing hack tool is compiled or the executable file of existing hack tool is compressed and changed program schema, and existing hack tool may no longer can be detected.
And, because the user wants to end online game security function and uses hack tool, the user is by stopping online game security program by force, end security function or security procedure self was lost efficacy temporarily to the memory block assault, thereby the game security program can not be moved satisfactorily.
Summary of the invention
Therefore, the present invention is devoted to the problem that produces in the above-mentioned prior art, and a target of the present invention provide a kind of blocking-up to the unauthorized access of game process and operation to guarantee the method for game on line safety, this method can use the API hook program to stop hack tool unauthorized access game process and illegal operation security procedure.
In order to finish above-mentioned target, the invention provides a kind of unauthorized access and method of operating of in computer system, blocking game process, comprise step: set up applications interface (API) hook program is optionally to allow and to block the execution of the API process program in the computer system, by the process of moving in the computer system is that employed API hangs up hook, carried out the API hook program on the API that hooks and determined whether to allow the execution of this API process program, and if the execution of described API process program be allowed to then move this API process program.
Preferably, described method may further include the API hook program is inserted into step in the memory block of the process of moving in the computer system.
Preferably, the step of inserting the API hook program can comprise step: start the target process that the API hook program will embed, use full powers and limit and use the process ID (PID) of described target process, and the handle of storage target process, to use the handle of described target process to distribute readable/can write/executable memory block gives this target process, record API hook program in the storer that is distributed, and the thread that generates the start address of API hook program.
Preferably, the step of operation API hook program can comprise step: detect the current process of using the API that is hooked, detect API rights of using, the target process of API and the type of API task of current process, and determine according to the API rights of using of current process, the target process of API and the type of API task whether this API process program is allowed to.
Description of drawings
Above-mentioned and other target, characteristic and advantage of the present invention can be expressly understood more by following detailed description with the accompanying drawing, wherein:
Fig. 1 is the structural drawing of the example that shows that API hook engine is used in the Windows operating system environment according to an embodiment of the invention;
Fig. 2 shows the process flow diagram of blocking according to an embodiment of the invention the process of the unauthorized access of process and operation;
Fig. 3 is the detail flowchart that API hook engine inserts subroutine in the displayed map 2;
Fig. 4 is the view that is presented at the process memory block of wherein inserting API hook engine;
Fig. 5 is the detail flowchart of API hook program execution subroutine in the displayed map 2; And
Fig. 6 is the view of show process database and handle table.
Embodiment
Describe blocking-up in detail to the unauthorized access of game process with to the process of the illegal operation of game process below with reference to accompanying drawing.
Before the embodiment of the invention is described, the term that uses in this instructions and claims is described briefly.
Hacker: the file of operation particular game client or the program of memory block.
Patch: the operation of the content of reprogramming specific part.The term hacker refers to change the operation of the specific memory section of game client sometimes.In this case, the hacker can be by the code of operate game client or the execution of data such as its required change game client.
Reverse-engineering: by the operation of operation executable file (for example .exe file or .dll file) reprogramming stream.By using reverse-engineering, the machine language code of executable file can be changed into assembly code analysis, revise, and forms amended executable file then.
Automatic mouse (Automouse): mouse action is sent to recreation automatically, carries out automatically thereby recreation can break away from the user.
Grand: the improved form of automatic mouse.As programming, grandly allow to set up the input of required keyboard or mouse, and this input is automatically sent to and plays and repeat.
Recreation hacker (GameHack): typical gaming hacker changes particular data by the memory block of operate game process, for example ability grade or muscle power.The recreation hacker mainly is the memory block of operate game process, automatically mouse mainly be generate mouse or KeyEvent and send described mouse or KeyEvent to game process.
The memory access API relevant with described recreation hacker comprises ReadProcessMemory, WriteProcessMemory and OpenProcess.The incident relevant with described automatic mouse generates API and comprises SendInput, SendMessage, PostMessage, Keybd event and mouse_event.That is to say, hack tool uses for example API Access game process such as OpenProcess, ReadProcessMemory, WriteProcessMemory, SendInput, SendMessage, PostMessage, Keybd_event and mouse_event, and carries out recreation hacker and automatic mouse function.
The present invention is hooked the API of use at described hack tool for carrying out when recreation hacker or automatic mouse are visited game process, and whether the target of definite API is whether recreation and described visit be illegal, thus the corresponding api routine of operation or block the execution of described api routine.In this case, the order carried out of the API hook intercepting program midway that refers to and detection or operate the technology of described order or parameter.
In order to realize this target, the inventor has developed the API hook engine about each operating system, and whether described API hook engine is used the API that determines correspondence with variable by analyzing the API that is hung up hook or parameter is unauthorized access to game process.
Fig. 1 is the structural drawing of the example that shows that API hook engine is used in the Windows operating system environment according to an embodiment of the invention.
When the user moved Windows and executive utility, the process of moving described application program started in Windows system 100.
In the present invention, the process of moving is divided into permission process 110 and general process 120.Permission process 110 is meant if wherein API is blocked then Windows system 100 may stop or unsettled process.Permission process 110 comprises system process, game process and security procedure.General process 120 comprises all processes except permission process 110, and refers to the process of wherein having inserted API hook engine 130 and having been checked by API hook engine 130.Each API hook engine 130 comprises the API hook program that is mapped to the api command that will be hooked respectively.Behind recreation hacker process initiation, because described recreation hacker process is divided into general process, API hook engine 130 is inserted into described recreation hacker process, and described recreation hacker process is checked by API hook engine 130.
When permission process 110 was carried out api commands, the system dynamics chained library (DLL) 140 that comprises corresponding to the API process program of described api command called in Windows system 100, and sent end value that described API process program carries out to permission process 110.Simultaneously, when general process 110 was carried out api command, API hook program 130 started.API hook program 130 is determined the target process and the access rights of described api command, and optionally allows and block the execution of described api command.The system DLL140 corresponding to the described api command that is allowed by API hook program 130 calls in Windows system 100, and sends execution result value from the DLL of system 140 inputs to general process 120.
Fig. 2 shows the process flow diagram of blocking according to an embodiment of the invention the process of the unauthorized access of game process and operation.
The Windows system receives API hook engine at step S210, and at step S220 described API hook engine is inserted into the general process except the permission process that is moving.When general process uses API, on the API that step S230 place Windows system is using, carry out the API hook and carry out corresponding API hook program.Allow the corresponding API process of operation at step S240 place if the result that described API hook program is carried out makes, then described API process program is in the execution of step S250 place, and the result who states the API process in step S260 place is sent to general process.Do not allow to move corresponding API process at step S240 place if the result that described API hook program is carried out makes, the result who then states the API process in step S260 place is sent to general process and does not carry out described API process program.
In the case, as mentioned above, the API that is hooked by the API engine comprises ReadProcessMemory and the WriteProcessMemory that uses among the recreation hacker, and the keybd_event and the mouse_event that use in the automatic mouse.
Be described in more detail below the step among Fig. 2.
The API hook engine that receives at step S210 place has the API hook program corresponding to the API that carries out the API hook thereon.For example, suppose that the API hook engine that is mapped to OpenProcess API is HookedOpenProcess, when process was used OpenProcess API, HookedOpenProcess was called earlier before the OpenProcess of correspondence API is called so.HookedOpenProcess situational variables and parameter information, and determine whether to move or block corresponding API process program.The step of carrying out the API hook program will be described at step S230.
At step S220, API hook engine is inserted in the target process that wherein must insert this API hook engine.Fig. 3 shows that API hook engine inserts the detail flowchart of subroutine.In Windows operating system and since each process only can be in distributing to the storage area of this process run time version, need carry out API is linked up with the work that engine inserts target process.In the case, target process comprises the general process that does not have API hook engine and move.
In Windows 95/98/me serial system, because all processes can be visited the memory block of being shared by all these processes, if insert API hook engine to the memory block, described API hook engine only is inserted in the storage area of single target process.In Windows NT/2000/XP serial system, because API hook engine must be inserted in all target process, the PID and the API hook engine that need obtain all target process of current operation are inserted in all these target process.
Inserting API hook engine is described in conjunction with Fig. 3 to the step in the target process.Target process starts at step S221 place.In the case, carried out the OpenProcess order, described target process uses the full powers limit by the PID that uses this target process and starts, and the process handle (hProcess) that obtain this moment is stored.
At step S222, use the process handle (hProcess) obtain at step S221 place to the target process distribution readable/can write/executable memory block.The address of the memory block of being distributed is stored.
At step S223, API is linked up with engine record on the memory block of in step S222, distributing.In the case, used the WriteProcessMemory order.API hook engine uses the process handle (hProcess) that obtains and records on the allocate storage of target process in step S221, and the address of address, memory block that obtains among the step S222 and API hook engine and big or small as parameter.
The thread of carrying out the API hook is generated and carries out at step S224.In the case, used the CreateRemoteThread order.The thread that is recorded in the start address of the API hook engine in the process handle (hProcess) is generated and carries out, and the thread handle (hThread) and the Thread Id that are generated are stored.The code of carrying out described API hook is present in the foremost part of the storage area that distributes among the step S222, thereby described API hook is by the thread execution that is generated.After this, the API that hooks of the quilt in the target process is by the API hook program.
Fig. 4 is the view of the storage area structure of display-object process.In Fig. 4, (a) be the storage area that distributes among the step S222, (b) and (c) be API hook engine, wherein (b) is API hook run time version and (c) is the API hook program.That is to say that API hook engine is inserted in the storage area that distributes among the step S222.Described API hook engine is made up of API hook run time version and API hook program.In the case, the start address of API hook thread is an API hook run time version, thereby the API hook is by described hook thread execution.
At step S230, on process, carry out API hook and operation hook program.Although there is the method for multiple execution API hook, cover the indication of API hook program jumps to the API hook program after the stem of storage API process program method thereby used among the present invention with skip command.That is to say that as shown in Figure 4, the skip command that indication jumps to the API hook program is inserted in the API process program of the DLL of system (d), thereby the API hook program when using the API operation, the API process program is activated at first.
By described method, even API hook engine is inserted in the specific program of carrying out, when corresponding routine call API, the API hook program is at first operation before the operation of API process program, thereby described method is superior, and being embodied in the API hook is to carry out on the specific program of operation.Therefore, the superiority of described method is embodied in by carry out the API hook on the hack tool that is moving and carries out security function.
At step 230 place, when the API hook program moves, determine whether to move the API process program by analyzing the API that is hooked, but described determining step is described after a while.
At step S250, if making, the result that the API hook program is carried out among the step S230 allows to use API, then move former API process program.Especially, in step S230, use the stem of the API process program of storage that former API process program is called.The stem of the API process program of being stored is collected is the length of machine language code with sense command, and the order of institute's storage area is carried out according to described order length.Only storing under the situation of ordering some part, the remainder of order calls and carries out from the API process program.After this, step jumps to former API process program.
Describe below and determine in the API hook program whether API allows the step of using.Fig. 5 is the detail flowchart that shows API hook program execution subroutine.
The API that API hook engine according to the present invention will be linked up with is connected on the corresponding API hook program.That is to say, when the API hook program is called, can discern invoked API.Therefore, as the relevant API of storer (for example OpenProcess, ReadProcessMemory or WriteProcessMemory) when being called, just may be hack tool at the manipulation storer, thereby the API hook program in the service chart 5.As the relevant API of message (SendInput for example, SendMessage, PostMessage, mouse_event or keybsd_event) when being called, just may be automatic mouse or the macroprogram that is used to send message, thus the API hook program in the service chart 5.
With reference to figure 5, obtain the information of the current process (just calling the current process of API hook program) of using API at step S231.In the Windows system, API is called in process context (context).Therefore, unique PID that can use each process in GetCurrentProcessID () order and the Windows environment to be assigned with obtains the PID of current context,, thus if detect PID then can detect current process.
Be defined as in step 232 in current process under the situation of permission process (just game process or security procedure), corresponding API process is allowed to and calls actual API process program at step S237 place.Yet under the situation of some hack tool, the DLL of hack tool may enter game process and use the relevant API of storer.In order to prevent this type of situation, if game process for this game process self has used the relevant API of described storer, does not allow corresponding API process operation.
Yet,, detect target process and task type by analyzing the API parameter in step 233 if determine that in step 232 current process is not the permission process.If determine that in step 234 target process is not game process or security procedure, then allow the operation of API process and call actual API process program at step S237.If determine that at step S234 target process is game process or security procedure, then detects task type.If in the step S235 type that sets the tasks is that storage operation or message send, then at the corresponding API process program of step S236 blocking-up.Yet,, allow corresponding API process and call actual API process program at step S237 if be not that storage operation or message send in the step S235 type that sets the tasks.That is to say that general process (hack tool) carries out message operation A PI on game process or security procedure or message sends API, then detecting this general process is that illegal storage operation or message send, and corresponding API process program is blocked.
As example, describe below and a kind ofly determine by analyzing API such as OpenProcess, WriteProcessMemory and SendMessage whether visit is the method for unauthorized access.
OpenProcess API comprises the authority information that process opens and the pid information of target process.If the PID of target process is the PID of game process or security procedure, then determine whether attempting starting game process or security procedure, thus the corresponding API process program of blocking-up.Yet for example antivirus applet and window explorer supervisor also can be attempted to use this order to obtain progress information, therefore will determine which kind of authority is used to start target process.That is to say,, only attempt obtaining under the situation of process title and routing information that corresponding API process program is allowed to operation at target process even target process is game process or security procedure.Otherwise corresponding API process program is blocked.
WriteProcessMemoryAPI comprises the handle information of the target process that will record in the storer.Because the handle information of target process is different with PID, is not the unique value that can identify this process, the handle information of target process must be converted to PID.
A kind of method of handle information of switch target process is described with reference to figure 6.Fig. 6 shows the view that makes up process data storehouse and handle table.The handle table 62 of detection of stored in belonging to the process data storehouse (PDB) 61 of each process, and obtain PDB 63 by the target process of target process handle indication.When to the predetermined value actuating logic nonequivalence operation of the PDB 63 of target process and each version of window, operation result is the PID of target process.When having obtained the PID of target process, the PID of target process and the PID of game process or security procedure are compared.If the PID of target process is identical with the PID of game process or security procedure, then Dui Ying process program is blocked.By described method, the hack tool of attempting to carry out illegal operation can be blocked basically.
SendMessage API comprises the information about Windows handle that sends message and type of message to be sent.Window handle information is unique value.Therefore, the Windows handle with Windows handle information and recreation compares.If the Windows handle of Windows handle information and recreation is identical and type of message is mouse or keyboard message, then block SendMessage API.By described method, protected recreation to make it not to be subjected to automatic mouse or macroprogram to influence basically.
In this manual, although described the embodiments of the invention that are applied to Windows operating system, the present invention is not limited thereto.That is to say that the present invention can be applied to other operating system.The step of inserting the API hook program can be omitted according to operating system.
According to the present invention,, the invention has the advantages that and to protect recreation user and the game on line server that uses game on line owing to can block hack tool or the automatic mouse program of using specific API basically.And, the invention enables the recreation and the competition of the recreation user justice of using game on line, so finally set up healthy game on line culture.
Although disclose the preferred embodiments of the present invention for the example purpose, it all is possible it will be appreciated by those skilled in the art that various modifications, interpolation and substituting, and does not deviate from disclosed scope and spirit of the present invention in the appended claims.

Claims (15)

  1. One kind in computer system blocking-up the unauthorized access and the method for operating of game process comprised step:
    The API hook program is installed optionally to allow and to block the execution of API process program in the computer system;
    Hang up hook on the employed API of the process of in computer system, moving;
    Moved the API hook program on the API that links up with and determining whether to allow described API process program to carry out; And
    , described API process program moves this API process program if being allowed to.
  2. 2. method according to claim 1 wherein further comprises described API hook program is inserted into step in the memory block that operates in the process in the computer system.
  3. 3. method according to claim 2, the step of wherein said insertion API hook program comprises the following steps:
    Start target process, will insert described API hook program in the described target process, use the PID of full powers limit and use target process, and the handle of storage target process;
    That the handle that uses described target process is that described target process distributes is readable/can write/executable memory block;
    The described API hook program of record in the memory block of being distributed; And
    Generate the thread of the start address of described API hook program.
  4. 4. method according to claim 3, the step of wherein said insertion API hook program is undertaken by covering skip command, and described skip command is used in reference to the stem that the stem that is shown in storage API process program jumps to the API process program afterwards.
  5. 5. method according to claim 4, the step of wherein said execution API hook program comprises the following steps:
    Use the machine language code of the stem of the API process program of being stored to come calculation command length;
    Carry out the order of the stem of the API process program of being stored according to the order length of being calculated;
    Jump to described API process program; And
    Carry out the residue order of described API process program.
  6. 6. method according to claim 1, the step of wherein said execution API hook program comprises the following steps:
    Detect the current process of using the API that is linked up with;
    Detect API rights of using, the target process of API and the type of API task of current process; And
    Determine whether to allow described API process program operation according to the API rights of using of described current process, the target process of API and the type of API task.
  7. 7. method according to claim 6, the step of the API rights of using of wherein said detection current process are to detect current process by the PID that extracts current context to carry out.
  8. 8. method according to claim 6, the step of the type of the target process of wherein said detection API and API task are to be undertaken by the target process that the parameter of analyzing described API detects described API.
  9. 9. method according to claim 8, wherein the step of the target process of described detection API comprises the following steps: when described API only comprises the handle information of target process
    The handle table that is stored in by inspection in the process data storehouse of current process obtains by the indicated process data storehouse of the handle of target process; And
    By the PID that target process is obtained in the logical exclusive-OR computing is carried out in the process data storehouse that obtained and the predetermined value in the Windows system.
  10. 10. method according to claim 6, the wherein said step that allows to move the API process program that determines whether is carried out in such a way, if promptly current process is the process that the API rights of using are allowed to, then described API process program is allowed to operation.
  11. 11. method according to claim 10, the wherein said step that allows to move the API process program that determines whether is carried out in such a way, if promptly current process is that process and described API target process that the API rights of using are allowed to are current process, then described API process program is blocked.
  12. 12. method according to claim 6, the wherein said method that allows to move the API process program that determines whether is carried out in such a way, if promptly current process is that process and described API target process that the API rights of using are not allowed to are not game process or security procedure, then described API process program is allowed to operation.
  13. 13. method according to claim 6, the wherein said method that allows to move the API process program that determines whether is carried out in such a way, if promptly current process is that the type that the process that is not allowed to of API rights of using and described API target process are game process or security procedure and described API task is not that storage operation or message send, then described API process program is allowed to operation.
  14. 14. method according to claim 6, the wherein said method that allows to move the API process program that determines whether is carried out in such a way, if promptly current process is that the type that the process that is not allowed to of API rights of using and described API target process are game process or security procedure and described API task is that storage operation or message send, then described API process program is blocked.
  15. 15. a computer-readable recording medium comprises step:
    Generate and optionally allow and block the API hook program that the API process program is carried out;
    On the employed API of the process of current operation, hang up hook;
    On the described API that is linked up with, move described API hook program, and determine whether to allow the execution of described API process program; And
    If described API process program is allowed to operation then moves described API process program.
CNA2004100960426A 2003-12-03 2004-11-26 Method for blocking illegal access to game process and operating game process Pending CN1624617A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020030087149A KR100483700B1 (en) 2003-12-03 2003-12-03 Method to cut off an illegal process access and manipulation for the security of online game client by real-time
KR10-2003-0087149 2003-12-03

Publications (1)

Publication Number Publication Date
CN1624617A true CN1624617A (en) 2005-06-08

Family

ID=34737858

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA2004100960426A Pending CN1624617A (en) 2003-12-03 2004-11-26 Method for blocking illegal access to game process and operating game process

Country Status (3)

Country Link
JP (1) JP4145290B2 (en)
KR (1) KR100483700B1 (en)
CN (1) CN1624617A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101414341A (en) * 2007-10-15 2009-04-22 北京瑞星国际软件有限公司 Software self-protection method
CN102089767A (en) * 2008-05-30 2011-06-08 爱迪德加拿大公司 Authenticated database connectivity for unattended applications
CN102483783A (en) * 2009-09-03 2012-05-30 Inca网络有限公司 Method for blocking the execution of a hacking process
CN103034806A (en) * 2011-09-30 2013-04-10 腾讯科技(深圳)有限公司 Method and terminal for processing operation
CN103632087A (en) * 2012-08-21 2014-03-12 腾讯科技(深圳)有限公司 Method and device for protecting process
CN104077523A (en) * 2014-06-25 2014-10-01 珠海市君天电子科技有限公司 Method and device for processing software
CN105590060A (en) * 2015-12-21 2016-05-18 北京金山安全软件有限公司 Target application program protection method and device
CN109711153A (en) * 2018-12-26 2019-05-03 北京北信源信息安全技术有限公司 A kind of windows process protection method and system

Families Citing this family (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4844102B2 (en) 2005-11-30 2011-12-28 富士ゼロックス株式会社 Subprogram and information processing apparatus for executing the subprogram
EP1901190A1 (en) * 2006-09-15 2008-03-19 Sony DADC Austria AG Method and system for managing access to add-on data files
KR100843701B1 (en) * 2006-11-07 2008-07-04 소프트캠프(주) Confirmation method of API by the information at Call-stack
US8523666B2 (en) * 2007-05-25 2013-09-03 Microsoft Corporation Programming framework for closed systems
KR100968268B1 (en) 2007-11-20 2010-07-06 주식회사 안철수연구소 Method for detecting automatically generated input
KR100953355B1 (en) * 2008-04-22 2010-04-20 주식회사 안철수연구소 Method for protecting on-line electronic transaction program
KR101074624B1 (en) 2008-11-03 2011-10-17 엔에이치엔비즈니스플랫폼 주식회사 Method and system for protecting abusinng based browser
JP5305864B2 (en) * 2008-11-28 2013-10-02 ソフトバンクモバイル株式会社 Information processing apparatus, information processing method, and information processing program
KR101005593B1 (en) * 2009-04-17 2011-01-05 엔에이치엔비즈니스플랫폼 주식회사 Method and Apparatus for Providing Security Service Using Hook
KR101071119B1 (en) * 2009-09-24 2011-10-07 주식회사 잉카인터넷 game security method using trace of excuting game hack tool
JP5377748B2 (en) 2010-02-18 2013-12-25 株式会社東芝 program
JP5511506B2 (en) * 2010-05-25 2014-06-04 インターナショナル・ビジネス・マシーンズ・コーポレーション Apparatus having resistance against forced termination attack of monitoring program for monitoring predetermined resource, method for imparting resistance against forced termination attack of monitoring program for monitoring predetermined resource, and computer program capable of executing the method by the apparatus
US9003415B2 (en) 2010-05-25 2015-04-07 International Business Machines Corporation Method and apparatus having resistance to forced termination attack on monitoring program for monitoring a predetermined resource
KR101210258B1 (en) * 2010-05-25 2012-12-10 주식회사 잉카인터넷 method for displaying information about hack tool usage in online game
KR101249764B1 (en) * 2010-08-10 2013-04-03 주식회사 잉카인터넷 method for detecting and blocking game-hack process
KR101201495B1 (en) 2010-08-10 2012-11-14 주식회사 잉카인터넷 method for blocking auto-input in computer system
KR101267725B1 (en) 2010-08-30 2013-05-24 주식회사 엔씨소프트 Pattern collecting method of bot program for online game
CN102073818A (en) * 2011-01-17 2011-05-25 北京神州绿盟信息安全科技股份有限公司 Vulnerability detection equipment and method
KR101308112B1 (en) 2012-01-02 2013-09-12 (주)네오위즈게임즈 Preventing Method of Memory Fabrication and Client Apparatus
JP5825595B2 (en) * 2012-01-16 2015-12-02 Kddi株式会社 API execution control device and program
CN112274916A (en) * 2020-11-20 2021-01-29 杭州雾联科技有限公司 Keyboard and mouse input method, device, equipment and medium

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101414341A (en) * 2007-10-15 2009-04-22 北京瑞星国际软件有限公司 Software self-protection method
CN102089767B (en) * 2008-05-30 2015-01-21 爱迪德加拿大公司 Authenticated database connectivity for unattended applications
CN102089767A (en) * 2008-05-30 2011-06-08 爱迪德加拿大公司 Authenticated database connectivity for unattended applications
CN102483783A (en) * 2009-09-03 2012-05-30 Inca网络有限公司 Method for blocking the execution of a hacking process
CN103034806A (en) * 2011-09-30 2013-04-10 腾讯科技(深圳)有限公司 Method and terminal for processing operation
CN103034806B (en) * 2011-09-30 2016-08-10 腾讯科技(深圳)有限公司 Process method and the terminal of operation
CN103632087A (en) * 2012-08-21 2014-03-12 腾讯科技(深圳)有限公司 Method and device for protecting process
CN103632087B (en) * 2012-08-21 2017-10-13 腾讯科技(深圳)有限公司 The method and apparatus of protection process
CN104077523A (en) * 2014-06-25 2014-10-01 珠海市君天电子科技有限公司 Method and device for processing software
CN104077523B (en) * 2014-06-25 2018-10-16 珠海市君天电子科技有限公司 The method and apparatus that software is handled
CN105590060A (en) * 2015-12-21 2016-05-18 北京金山安全软件有限公司 Target application program protection method and device
CN109711153A (en) * 2018-12-26 2019-05-03 北京北信源信息安全技术有限公司 A kind of windows process protection method and system
CN109711153B (en) * 2018-12-26 2021-03-19 北京北信源信息安全技术有限公司 Windows process protection method and system

Also Published As

Publication number Publication date
JP4145290B2 (en) 2008-09-03
JP2005166051A (en) 2005-06-23
KR100483700B1 (en) 2005-04-19

Similar Documents

Publication Publication Date Title
CN1624617A (en) Method for blocking illegal access to game process and operating game process
EP0547759B1 (en) Non supervisor-mode cross-address space dynamic linking
JP4436036B2 (en) Information processing apparatus, trace processing method, program, and recording medium
US7725922B2 (en) System and method for using sandboxes in a managed shell
KR100645983B1 (en) Module for detecting an illegal process and method thereof
US7243340B2 (en) Method and system for obfuscation of computer program execution flow to increase computer program security
CN1659518A (en) Control register access virtualization performance improvement in the virtual-machine architecture
CN1299478A (en) Method and agent for the protection agaist the unauthorised use of computer
JP2005129066A5 (en)
US20050262490A1 (en) Method of introducing digital signature into software
IL258568A (en) Method of remediating a program and system thereof by undoing operations
CN102043915A (en) Method and device for detecting malicious code contained in non-executable file
CN102722672A (en) Method and device for detecting authenticity of operating environment
US20100016074A1 (en) Apparatus and methods for game conversion
US7210134B1 (en) Deterring reverse-engineering of software systems by randomizing the siting of stack-based data
CN1096025C (en) Information processing device, multi-task controlling method and programme recording medium
US10417015B2 (en) Modified JVM with multi-tenant application domains and class differentiation
US9760623B2 (en) System for lightweight objects
CN115510430A (en) Function pointer and data dependency identification and protection method and device thereof
US20140189715A1 (en) Conversion of lightweight object to a heavyweight object
KR100927974B1 (en) Source code generation system of executable image and its method
CN107729747A (en) A kind of heap overflow detection method towards binary program
US7428552B2 (en) Flexible access to metamodels, metadata, and other program resources
KR100955725B1 (en) Method and System for Preventing Memory Hacking
JP5615444B2 (en) How to standardize the execution behavior of a computer system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication