WO2012025026A1 - Method and system for scanning plug-in - Google Patents
Method and system for scanning plug-in Download PDFInfo
- Publication number
- WO2012025026A1 WO2012025026A1 PCT/CN2011/078522 CN2011078522W WO2012025026A1 WO 2012025026 A1 WO2012025026 A1 WO 2012025026A1 CN 2011078522 W CN2011078522 W CN 2011078522W WO 2012025026 A1 WO2012025026 A1 WO 2012025026A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- plug
- detection
- module
- information
- detecting
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/74—Reverse engineering; Extracting design information from source code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/75—Structural analysis for program understanding
Definitions
- the present invention relates to the field of computer technologies, and in particular, to a plug-in scanning method and system. Background of the invention
- plug-ins are also maliciously used by some software developers, such as installing the plug-in in the background without the user's knowledge and collecting the user's privacy, or popping up an advertisement page, modifying the browser's home page, and the like, which is detrimental to the user's interests. Therefore, the detection and cleaning of plug-ins has become an indispensable function in system security software. Through plug-in detection, the user can know the installation status of the current computer plug-ins, which are installed by the user himself, and which are installed without the user's knowledge. Therefore, how to accurately detect the plug-ins on the user's computer is particularly important.
- the function of plug-in detection is generally implemented. After the user clicks the operation button of the scanning plug-in, the plug-in scanning module of the software traverses the registry entries that may be related to the plug-in, and finds the global existence of the plug-in. The unique identifier (CLSID), and then obtain the plugin's file path through the CLSID to complete the plugin detection process.
- CLSID unique identifier
- the plug-in technology Since the plug-in technology is now more and more perfect, it can be used by the earliest registration as a windows plug-in. It can also be developed without registering as a windows plug-in, and the latter may not write the registry at all.
- the prior art is incapable of detecting the plug-in that does not write the registry.
- the plug-in detected by the prior art scheme may be inaccurate, and may even be missed or misdetected. Therefore, the disadvantage of the prior art solution is that the accuracy of the detection is not high, and the recognition rate is low. Very low, has not adapted to the current development of plug-in detection technology. Summary of the invention
- a plug-in scanning method comprising:
- a plug-in scanning system comprising:
- a storage module configured to save known plug-in information
- An analysis module connected to the storage module, configured to read known plug-in information from the storage module, and determine a detection location and a detection attribute of the plug-in according to the known plug-in information, and the detection location and the detection attribute Send to the detection module.
- the detecting module is connected to the analyzing module, and receives the detecting position and the detecting attribute sent by the analyzing module, and detects whether the detecting attribute exists in the detecting position; and sends the detection result to the interaction module.
- the interaction module is connected to the detection module, and receives and outputs the detection result sent by the detection module.
- the plug-in scanning method and system can scan the known plug-in information by pre-storing the known plug-in information, so that the known plug-in can be retrieved in a targeted manner, and the scanning speed and accuracy can be improved.
- FIG. 1 is a flowchart of a method for scanning a plug-in according to an embodiment of the present invention
- FIG. 2 is a schematic structural diagram of a plug-in scanning system according to an embodiment of the present invention.
- FIG. 3 is a schematic structural diagram of a detection module according to an embodiment of the present invention.
- FIG. 4 is a schematic structural diagram of a plug-in scanning system according to an embodiment of the present invention.
- FIG. 5 is a schematic structural diagram of a plug-in scanning system according to an embodiment of the present invention.
- FIG. 6 is a schematic structural diagram of a plug-in scanning system according to an embodiment of the present invention. Mode for carrying out the invention
- the invention mainly proposes a method for combining detection detection plug-ins based on known plug-in information, and adopts multiple detection methods such as file detection, process detection, registry detection and service detection to perform combined detection. Thereby greatly improving the accuracy and recognition rate of the plug-in detection.
- the method for scanning a plug-in includes the following steps: Step 101: Read pre-stored known plug-in information, and determine a detection location and a detection attribute of the plug-in according to the known plug-in information. .
- the plug-in information is known as plug-in related information obtained by analyzing the plug-in that has been found in advance. After the plugin is installed, it will leave traces in the computer system. The location of these traces is the location of the plugin, which can be a file path, a registry path, a process, a service, a memory, etc.; the specific feature file left by the plugin in the corresponding location Information such as feature registry entries, feature processes, feature services, and feature codes in memory are plug-in properties.
- the specific location that needs to be detected during subsequent plug-in detection that is, the detection location, and the content to be detected, that is, the detection attribute, can be determined. Step 102: Detect whether the detection attribute exists in the detection position.
- the information about a known plug-in stored in the known plug-in information is ScanFile (%system% ⁇ test.exe).
- ScanFile %system% ⁇ test.exe
- the detection attribute is Is a file named test.exe.
- the detection function can be determined according to the ScanFile keyword (for different detection positions, there are different detection functions, which can be defined in advance, for example, in the known plug-in information, the ScanFile keyword corresponds to the file scanning function, In the detection file; if the plugin also performs registry writing, you can also define the ScanReg keyword, corresponding to the registry scan function, used to detect the registry, etc.), after determining the detection function, put %system% ⁇ test.exe As the search path parameter is passed to the determined detection function, the detection function returns the detection result, and the plug-in attribute of the corresponding detection position can be detected.
- the ScanFile keyword for different detection positions, there are different detection functions, which can be defined in advance, for example, in the known plug-in information, the ScanFile keyword corresponds to the file scanning function, In the detection file; if the plugin also performs registry writing, you can also define the ScanReg keyword, corresponding to the registry scan function, used to detect the registry, etc.
- Step 103 Output the detection result.
- the plug-in detection result of step 102 is outputted by a screen display, an audible prompt, or the like. For example, if a plug-in is detected, the detected plug-in is displayed; if it is not detected, it is not displayed or the plug-in is not detected.
- the evaluation of the detected plug-in can be further output.
- the evaluation information is the user's opinion on the plug-in, and may be a comprehensive evaluation, a bad evaluation, a middle evaluation, or the like, or a voting result of all the users participating in the evaluation, or a combination of the above two methods.
- the evaluation may be pre-stored, for example, the previously stored known plug-in information, or may be obtained in real time through the network, preferably obtained in real time through the network, to obtain a true and timely evaluation. By displaying the rating, it can be used as a reference for users who do not understand the plugin.
- the information of the plug-in information is included in the plug-in information, and at this time, To read the information of multiple or all plug-ins at the same time to initiate detection, you can also read the known plug-in information one by one, detect a plug-in, get the test results and then read the next known plug-in information, until all plug-ins are detected. . When the detection result is output, it is also possible to output one by one or to output multiple or all at the same time.
- the plurality of plug-in attribute information such as a feature file name, a feature file size, a file content, and the like, may be saved in the known plug-in information, so that more detection attributes can be determined in the step 110, and multiple detection attributes are adopted.
- the detection for example, by the detection attribute of the file size, can avoid the detection of false positives with the same file name but not the plug-in file.
- a plurality of plug-in location information such as a file path, a registry path, a process, a service, a memory, and the like, are saved, that is, the detected location and the detected attribute determined in step 101 may be one or may be Multiple, so in step 102, the plug-in can be accurately detected through multiple detection paths and multiple detection methods to avoid missed detection and false detection.
- an option to delete the detected plug-in may be provided, and the plug-in is deleted when receiving the instruction to delete the plug-in.
- a button of "delete” is provided immediately after the detected plug-in, and if the user clicks the button, an instruction to delete the plug-in is issued, and after receiving the instruction, The plugin is removed; thus, it is convenient for the user to operate, so that the user can determine which plugins are unnecessary plugins.
- the scan status may also be stored, where the scan status records the plug-in that has not been deleted by the user at the end of the scan, and the next time the detection position and the detection attribute are determined according to the known plug-in information, Ignore the plug-ins that are not deleted by the user, which can improve the detection speed and save system resources.
- the step of upgrading and updating the known plug-in information may be further included in the above-mentioned embodiment, so that a new plug-in is generated on the network.
- Plugin Also, read the pre-stored known Plug-in information, in addition to reading from local storage, can also be read directly from the network server, so you do not need to update the local known plug-in information.
- the traditional plug-in scanning method may also be combined, that is, in addition to the above steps, the global unique identifier (CLSID) of the existing plug-in may be found by traversing the registry key that may be related to the plug-in. ), then get the plugin's file path through CLSID, and help detect plugins that are not defined in the known plugin information.
- CLSID global unique identifier
- the present invention also provides an embodiment of a plug-in scanning system. As shown in FIG. 2, the present invention includes a storage module 201, an analysis module 202, a detection module 203, and an interaction module 204.
- a storage module 201 configured to save known plug-in information
- the analysis module 202 is connected to the storage module 201, and is configured to read the known plug-in information from the storage module 201, and determine the detection position and the detection attribute of the plug-in according to the known plug-in information, and the detection location is And the detection attribute is sent to the detection module 203.
- the detecting module 203 is connected to the analyzing module 202, and receives the detecting position and the detecting attribute sent by the analyzing module 202, and detects whether the detecting attribute exists in the detecting position; and sends the detection result to the interaction module 204.
- the interaction module 204 is connected to the detection module 203, and receives and outputs the detection result sent by the detection module 203.
- the detection module 203 is as shown in FIG. 3 and includes:
- the file detecting unit 301 according to the detection location and the detection attribute, detecting whether a feature file exists in the file path to be detected; sending the detection result to the interaction module 204;
- the registry detecting unit 302 detects, according to the detected location and the detection attribute, whether a feature registry entry exists in the registry path that needs to be detected; and sends the detection result to the interaction module 204;
- the process detecting unit 303 is configured to detect according to the detected location and the detection attribute. Detecting whether there is a feature process in the process; sending the detection result to the interaction module 204; the service detection unit 304, according to the detection location and the detection attribute, detecting whether a feature service exists in the service to be detected; sending the detection result to The interaction module 204: the memory detecting unit 305 detects, according to the detection location and the detection attribute, whether a feature code exists in the memory that needs to be detected; and sends the detection result to the interaction module 204.
- the information about a known plug-in stored in the known plug-in information stored by the storage module 201 is ScanFile (%system% ⁇ test.exe).
- the analysis module 202 reads the information, the detection of the known plug-in can be determined.
- the location is the system directory, and the detection attribute is a file named test.exe.
- the analysis module 202 sends the detection location and the detection attribute to the detection module 203.
- the detection module 203 can determine the detection function according to the ScanFile keyword (for different detection positions, there are different detection functions, which can be defined in advance, for example, known plug-in information.
- the file scan function is used to detect the file; if the plugin also performs the registry write, the ScanReg keyword can also be defined, corresponding to the registry scan function, used to detect the registry, etc., different detections
- the file detection unit 301 is determined in this example, and thus the file detection unit 301 is %system% ⁇ test.
- the exe is detected as a search path parameter, and the detection result is returned to the interaction module 204.
- the analysis module 202 may read the information of the plurality of plug-ins and send the information to the detecting module 203 for detection, or may read the information of the known plug-ins one by one.
- the detecting module 203 detects the plug-in by the detecting module 203, and after receiving the detection result and sending the result to the interaction module 204, the analyzing module 202 reads the next known plug-in information until all the plug-ins are detected.
- the interaction module 204 outputs the detection result sent by the detection module 203 by means of screen display, voice prompt, and the like. For example, if a plugin is detected, the detected plugin is displayed; if it is not detected, it is not displayed or the plugin is not detected. You can also lose one by one when outputting test results. Output multiple or all test results at the same time.
- the plug-in scanning system of the present invention may further include a search module 205, connected to the detecting module 203 and the interaction module 204, for detecting results according to the detecting module 203 (such as detecting The plug-in is obtained, and the evaluation of the plug-in is obtained from the web server, and sent to the interaction module 204 for output display.
- a search module 205 connected to the detecting module 203 and the interaction module 204, for detecting results according to the detecting module 203 (such as detecting The plug-in is obtained, and the evaluation of the plug-in is obtained from the web server, and sent to the interaction module 204 for output display.
- the plug-in scanning system of the present invention may further include a processing module 206, and is connected to the interaction module 204. After receiving the delete plug-in command sent by the interaction module 204, the corresponding plug-in is deleted.
- the interaction module 204 further provides an option to delete the detected plug-in on the output detection result interface. For example, after detecting the plug-in, in the interface for outputting the detection result, providing a "delete" after the detected plug-in is followed. Button, if the user clicks the button, the delete plugin command is issued.
- processing module 206 is further configured to store a scan status, where the scan status records a plug-in that is not deleted by the user at the end of the scan, and the processing module 205 is further connected to the storage module 201, and saves the scan status record to the Storage module 201;
- the analysis module 202 performs the determination of the detection position and the detection attribute according to the known plug-in information, the analysis may be performed according to the scan status, thereby ignoring the plug-in that is not deleted by the user, thereby improving the detection speed and saving the system. Resources.
- the plug-in scanning system of the present invention may further include an upgrade module 207, connected to the storage module 201, for reading the latest known plug-in information from the network server, for the storage.
- the known plug-in information saved by module 201 is upgraded.
- the plug-in scanning method and system can scan the known plug-in information by pre-storing the known plug-in information, so that the known plug-in can be retrieved in a targeted manner, and the scanning speed and accuracy can be improved.
- the detailed description is not to be construed as limiting the scope of the invention. It should be noted that a number of variations and modifications may be made by those skilled in the art without departing from the spirit and scope of the invention. Therefore, the scope of the invention should be determined by the appended claims.
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
- Radar Systems Or Details Thereof (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
BR112012026735-3A BR112012026735B1 (en) | 2010-08-24 | 2011-08-17 | METHOD AND SYSTEM FOR SCANNING A PLUG-IN |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201010261782.6A CN102375735B (en) | 2010-08-24 | 2010-08-24 | Plugin scanning method and system |
CN201010261782.6 | 2010-08-24 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2012025026A1 true WO2012025026A1 (en) | 2012-03-01 |
Family
ID=45722892
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2011/078522 WO2012025026A1 (en) | 2010-08-24 | 2011-08-17 | Method and system for scanning plug-in |
Country Status (3)
Country | Link |
---|---|
CN (1) | CN102375735B (en) |
BR (1) | BR112012026735B1 (en) |
WO (1) | WO2012025026A1 (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102831021A (en) * | 2012-07-27 | 2012-12-19 | 腾讯科技(深圳)有限公司 | Method and device for interrupting or cleaning plugin |
CN103838589A (en) * | 2012-11-20 | 2014-06-04 | 腾讯科技(深圳)有限公司 | Plug-in unit deleting and recovering method and client side |
CN102929768B (en) * | 2012-11-29 | 2016-06-01 | 北京奇虎科技有限公司 | Prompting fills method and the client terminal of software by mistake |
CN111949280B (en) * | 2020-08-12 | 2023-11-14 | 深圳市友华软件科技有限公司 | Method and device for ensuring correct installation of preassembled plug-in components in factory |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1968154A (en) * | 2006-09-15 | 2007-05-23 | 华为技术有限公司 | System and method for service expansion using plug |
CN101387956A (en) * | 2007-09-14 | 2009-03-18 | 国际商业机器公司 | Method and apparatus for expandably implementing non functional logic |
CN101571809A (en) * | 2009-05-14 | 2009-11-04 | 阿里巴巴集团控股有限公司 | Implementation method of plug-in registration and device thereof |
-
2010
- 2010-08-24 CN CN201010261782.6A patent/CN102375735B/en active Active
-
2011
- 2011-08-17 WO PCT/CN2011/078522 patent/WO2012025026A1/en active Application Filing
- 2011-08-17 BR BR112012026735-3A patent/BR112012026735B1/en active IP Right Grant
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1968154A (en) * | 2006-09-15 | 2007-05-23 | 华为技术有限公司 | System and method for service expansion using plug |
CN101387956A (en) * | 2007-09-14 | 2009-03-18 | 国际商业机器公司 | Method and apparatus for expandably implementing non functional logic |
CN101571809A (en) * | 2009-05-14 | 2009-11-04 | 阿里巴巴集团控股有限公司 | Implementation method of plug-in registration and device thereof |
Also Published As
Publication number | Publication date |
---|---|
CN102375735B (en) | 2014-07-16 |
BR112012026735A2 (en) | 2016-07-12 |
BR112012026735B1 (en) | 2020-11-24 |
CN102375735A (en) | 2012-03-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9098370B2 (en) | Apparatus and methods for improving uninstall process | |
WO2015139538A1 (en) | Video information push method and device | |
JP5836889B2 (en) | COMMUNICATION START METHOD, COMPUTER PROGRAM, AND COMPUTER DEVICE | |
US20170132669A1 (en) | Resource Downloading Method and Device | |
US20150127660A1 (en) | Method and apparatus for calculating ranks and trust levels for data sources | |
CN102946343B (en) | The method and system of access audio frequency and video community virtual room | |
CN110955416A (en) | Interface document generation method, device, equipment and computer storage medium | |
US11868710B2 (en) | Method and apparatus for displaying a text string copied from a first application in a second application | |
CN103384290A (en) | Mobile terminal with positioning and navigation functions and fast positioning and navigation method of mobile terminal | |
US9224385B1 (en) | Unified recognition of speech and music | |
WO2020019490A1 (en) | Interface testing method, electronic device and storage medium | |
JP5989781B2 (en) | Method and apparatus for progressive pattern matching in a mobile environment | |
CN111078986B (en) | Data retrieval method, device and computer readable storage medium | |
WO2012094965A1 (en) | Method, terminal and server for presenting prompt message | |
WO2018086476A1 (en) | Webpage processing method and apparatus, and storage medium | |
WO2012025026A1 (en) | Method and system for scanning plug-in | |
WO2013016927A1 (en) | Method for downloading video in mac platform browser and browser | |
WO2013135019A1 (en) | Mobile device interface layout method and device | |
JP5289535B2 (en) | Search result providing method and system | |
WO2018145637A1 (en) | Method and device for recording web browsing behavior, and user terminal | |
JPWO2009066762A1 (en) | User interface recognition apparatus and user interface recognition method | |
US20150222645A1 (en) | Method and apparatus for repairing a file | |
WO2020073493A1 (en) | Sql injection vulnerability detection method, apparatus and device, and readable storage medium | |
WO2015139540A1 (en) | Method and device for parsing video webpage | |
CN109032752B (en) | Cloud platform based operation revocation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 11819401 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 7950/CHENP/2012 Country of ref document: IN |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
REG | Reference to national code |
Ref country code: BR Ref legal event code: B01A Ref document number: 112012026735 Country of ref document: BR |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 25/07/2013) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 11819401 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 112012026735 Country of ref document: BR Kind code of ref document: A2 Effective date: 20121018 |