WO2012025026A1 - Method and system for scanning plug-in - Google Patents

Method and system for scanning plug-in Download PDF

Info

Publication number
WO2012025026A1
WO2012025026A1 PCT/CN2011/078522 CN2011078522W WO2012025026A1 WO 2012025026 A1 WO2012025026 A1 WO 2012025026A1 CN 2011078522 W CN2011078522 W CN 2011078522W WO 2012025026 A1 WO2012025026 A1 WO 2012025026A1
Authority
WO
WIPO (PCT)
Prior art keywords
plug
detection
module
information
detecting
Prior art date
Application number
PCT/CN2011/078522
Other languages
French (fr)
Chinese (zh)
Inventor
谭晓光
陈卓
董琼康
陈旭东
Original Assignee
腾讯科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 腾讯科技(深圳)有限公司 filed Critical 腾讯科技(深圳)有限公司
Priority to BR112012026735-3A priority Critical patent/BR112012026735B1/en
Publication of WO2012025026A1 publication Critical patent/WO2012025026A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/74Reverse engineering; Extracting design information from source code
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/75Structural analysis for program understanding

Definitions

  • the present invention relates to the field of computer technologies, and in particular, to a plug-in scanning method and system. Background of the invention
  • plug-ins are also maliciously used by some software developers, such as installing the plug-in in the background without the user's knowledge and collecting the user's privacy, or popping up an advertisement page, modifying the browser's home page, and the like, which is detrimental to the user's interests. Therefore, the detection and cleaning of plug-ins has become an indispensable function in system security software. Through plug-in detection, the user can know the installation status of the current computer plug-ins, which are installed by the user himself, and which are installed without the user's knowledge. Therefore, how to accurately detect the plug-ins on the user's computer is particularly important.
  • the function of plug-in detection is generally implemented. After the user clicks the operation button of the scanning plug-in, the plug-in scanning module of the software traverses the registry entries that may be related to the plug-in, and finds the global existence of the plug-in. The unique identifier (CLSID), and then obtain the plugin's file path through the CLSID to complete the plugin detection process.
  • CLSID unique identifier
  • the plug-in technology Since the plug-in technology is now more and more perfect, it can be used by the earliest registration as a windows plug-in. It can also be developed without registering as a windows plug-in, and the latter may not write the registry at all.
  • the prior art is incapable of detecting the plug-in that does not write the registry.
  • the plug-in detected by the prior art scheme may be inaccurate, and may even be missed or misdetected. Therefore, the disadvantage of the prior art solution is that the accuracy of the detection is not high, and the recognition rate is low. Very low, has not adapted to the current development of plug-in detection technology. Summary of the invention
  • a plug-in scanning method comprising:
  • a plug-in scanning system comprising:
  • a storage module configured to save known plug-in information
  • An analysis module connected to the storage module, configured to read known plug-in information from the storage module, and determine a detection location and a detection attribute of the plug-in according to the known plug-in information, and the detection location and the detection attribute Send to the detection module.
  • the detecting module is connected to the analyzing module, and receives the detecting position and the detecting attribute sent by the analyzing module, and detects whether the detecting attribute exists in the detecting position; and sends the detection result to the interaction module.
  • the interaction module is connected to the detection module, and receives and outputs the detection result sent by the detection module.
  • the plug-in scanning method and system can scan the known plug-in information by pre-storing the known plug-in information, so that the known plug-in can be retrieved in a targeted manner, and the scanning speed and accuracy can be improved.
  • FIG. 1 is a flowchart of a method for scanning a plug-in according to an embodiment of the present invention
  • FIG. 2 is a schematic structural diagram of a plug-in scanning system according to an embodiment of the present invention.
  • FIG. 3 is a schematic structural diagram of a detection module according to an embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a plug-in scanning system according to an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of a plug-in scanning system according to an embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of a plug-in scanning system according to an embodiment of the present invention. Mode for carrying out the invention
  • the invention mainly proposes a method for combining detection detection plug-ins based on known plug-in information, and adopts multiple detection methods such as file detection, process detection, registry detection and service detection to perform combined detection. Thereby greatly improving the accuracy and recognition rate of the plug-in detection.
  • the method for scanning a plug-in includes the following steps: Step 101: Read pre-stored known plug-in information, and determine a detection location and a detection attribute of the plug-in according to the known plug-in information. .
  • the plug-in information is known as plug-in related information obtained by analyzing the plug-in that has been found in advance. After the plugin is installed, it will leave traces in the computer system. The location of these traces is the location of the plugin, which can be a file path, a registry path, a process, a service, a memory, etc.; the specific feature file left by the plugin in the corresponding location Information such as feature registry entries, feature processes, feature services, and feature codes in memory are plug-in properties.
  • the specific location that needs to be detected during subsequent plug-in detection that is, the detection location, and the content to be detected, that is, the detection attribute, can be determined. Step 102: Detect whether the detection attribute exists in the detection position.
  • the information about a known plug-in stored in the known plug-in information is ScanFile (%system% ⁇ test.exe).
  • ScanFile %system% ⁇ test.exe
  • the detection attribute is Is a file named test.exe.
  • the detection function can be determined according to the ScanFile keyword (for different detection positions, there are different detection functions, which can be defined in advance, for example, in the known plug-in information, the ScanFile keyword corresponds to the file scanning function, In the detection file; if the plugin also performs registry writing, you can also define the ScanReg keyword, corresponding to the registry scan function, used to detect the registry, etc.), after determining the detection function, put %system% ⁇ test.exe As the search path parameter is passed to the determined detection function, the detection function returns the detection result, and the plug-in attribute of the corresponding detection position can be detected.
  • the ScanFile keyword for different detection positions, there are different detection functions, which can be defined in advance, for example, in the known plug-in information, the ScanFile keyword corresponds to the file scanning function, In the detection file; if the plugin also performs registry writing, you can also define the ScanReg keyword, corresponding to the registry scan function, used to detect the registry, etc.
  • Step 103 Output the detection result.
  • the plug-in detection result of step 102 is outputted by a screen display, an audible prompt, or the like. For example, if a plug-in is detected, the detected plug-in is displayed; if it is not detected, it is not displayed or the plug-in is not detected.
  • the evaluation of the detected plug-in can be further output.
  • the evaluation information is the user's opinion on the plug-in, and may be a comprehensive evaluation, a bad evaluation, a middle evaluation, or the like, or a voting result of all the users participating in the evaluation, or a combination of the above two methods.
  • the evaluation may be pre-stored, for example, the previously stored known plug-in information, or may be obtained in real time through the network, preferably obtained in real time through the network, to obtain a true and timely evaluation. By displaying the rating, it can be used as a reference for users who do not understand the plugin.
  • the information of the plug-in information is included in the plug-in information, and at this time, To read the information of multiple or all plug-ins at the same time to initiate detection, you can also read the known plug-in information one by one, detect a plug-in, get the test results and then read the next known plug-in information, until all plug-ins are detected. . When the detection result is output, it is also possible to output one by one or to output multiple or all at the same time.
  • the plurality of plug-in attribute information such as a feature file name, a feature file size, a file content, and the like, may be saved in the known plug-in information, so that more detection attributes can be determined in the step 110, and multiple detection attributes are adopted.
  • the detection for example, by the detection attribute of the file size, can avoid the detection of false positives with the same file name but not the plug-in file.
  • a plurality of plug-in location information such as a file path, a registry path, a process, a service, a memory, and the like, are saved, that is, the detected location and the detected attribute determined in step 101 may be one or may be Multiple, so in step 102, the plug-in can be accurately detected through multiple detection paths and multiple detection methods to avoid missed detection and false detection.
  • an option to delete the detected plug-in may be provided, and the plug-in is deleted when receiving the instruction to delete the plug-in.
  • a button of "delete” is provided immediately after the detected plug-in, and if the user clicks the button, an instruction to delete the plug-in is issued, and after receiving the instruction, The plugin is removed; thus, it is convenient for the user to operate, so that the user can determine which plugins are unnecessary plugins.
  • the scan status may also be stored, where the scan status records the plug-in that has not been deleted by the user at the end of the scan, and the next time the detection position and the detection attribute are determined according to the known plug-in information, Ignore the plug-ins that are not deleted by the user, which can improve the detection speed and save system resources.
  • the step of upgrading and updating the known plug-in information may be further included in the above-mentioned embodiment, so that a new plug-in is generated on the network.
  • Plugin Also, read the pre-stored known Plug-in information, in addition to reading from local storage, can also be read directly from the network server, so you do not need to update the local known plug-in information.
  • the traditional plug-in scanning method may also be combined, that is, in addition to the above steps, the global unique identifier (CLSID) of the existing plug-in may be found by traversing the registry key that may be related to the plug-in. ), then get the plugin's file path through CLSID, and help detect plugins that are not defined in the known plugin information.
  • CLSID global unique identifier
  • the present invention also provides an embodiment of a plug-in scanning system. As shown in FIG. 2, the present invention includes a storage module 201, an analysis module 202, a detection module 203, and an interaction module 204.
  • a storage module 201 configured to save known plug-in information
  • the analysis module 202 is connected to the storage module 201, and is configured to read the known plug-in information from the storage module 201, and determine the detection position and the detection attribute of the plug-in according to the known plug-in information, and the detection location is And the detection attribute is sent to the detection module 203.
  • the detecting module 203 is connected to the analyzing module 202, and receives the detecting position and the detecting attribute sent by the analyzing module 202, and detects whether the detecting attribute exists in the detecting position; and sends the detection result to the interaction module 204.
  • the interaction module 204 is connected to the detection module 203, and receives and outputs the detection result sent by the detection module 203.
  • the detection module 203 is as shown in FIG. 3 and includes:
  • the file detecting unit 301 according to the detection location and the detection attribute, detecting whether a feature file exists in the file path to be detected; sending the detection result to the interaction module 204;
  • the registry detecting unit 302 detects, according to the detected location and the detection attribute, whether a feature registry entry exists in the registry path that needs to be detected; and sends the detection result to the interaction module 204;
  • the process detecting unit 303 is configured to detect according to the detected location and the detection attribute. Detecting whether there is a feature process in the process; sending the detection result to the interaction module 204; the service detection unit 304, according to the detection location and the detection attribute, detecting whether a feature service exists in the service to be detected; sending the detection result to The interaction module 204: the memory detecting unit 305 detects, according to the detection location and the detection attribute, whether a feature code exists in the memory that needs to be detected; and sends the detection result to the interaction module 204.
  • the information about a known plug-in stored in the known plug-in information stored by the storage module 201 is ScanFile (%system% ⁇ test.exe).
  • the analysis module 202 reads the information, the detection of the known plug-in can be determined.
  • the location is the system directory, and the detection attribute is a file named test.exe.
  • the analysis module 202 sends the detection location and the detection attribute to the detection module 203.
  • the detection module 203 can determine the detection function according to the ScanFile keyword (for different detection positions, there are different detection functions, which can be defined in advance, for example, known plug-in information.
  • the file scan function is used to detect the file; if the plugin also performs the registry write, the ScanReg keyword can also be defined, corresponding to the registry scan function, used to detect the registry, etc., different detections
  • the file detection unit 301 is determined in this example, and thus the file detection unit 301 is %system% ⁇ test.
  • the exe is detected as a search path parameter, and the detection result is returned to the interaction module 204.
  • the analysis module 202 may read the information of the plurality of plug-ins and send the information to the detecting module 203 for detection, or may read the information of the known plug-ins one by one.
  • the detecting module 203 detects the plug-in by the detecting module 203, and after receiving the detection result and sending the result to the interaction module 204, the analyzing module 202 reads the next known plug-in information until all the plug-ins are detected.
  • the interaction module 204 outputs the detection result sent by the detection module 203 by means of screen display, voice prompt, and the like. For example, if a plugin is detected, the detected plugin is displayed; if it is not detected, it is not displayed or the plugin is not detected. You can also lose one by one when outputting test results. Output multiple or all test results at the same time.
  • the plug-in scanning system of the present invention may further include a search module 205, connected to the detecting module 203 and the interaction module 204, for detecting results according to the detecting module 203 (such as detecting The plug-in is obtained, and the evaluation of the plug-in is obtained from the web server, and sent to the interaction module 204 for output display.
  • a search module 205 connected to the detecting module 203 and the interaction module 204, for detecting results according to the detecting module 203 (such as detecting The plug-in is obtained, and the evaluation of the plug-in is obtained from the web server, and sent to the interaction module 204 for output display.
  • the plug-in scanning system of the present invention may further include a processing module 206, and is connected to the interaction module 204. After receiving the delete plug-in command sent by the interaction module 204, the corresponding plug-in is deleted.
  • the interaction module 204 further provides an option to delete the detected plug-in on the output detection result interface. For example, after detecting the plug-in, in the interface for outputting the detection result, providing a "delete" after the detected plug-in is followed. Button, if the user clicks the button, the delete plugin command is issued.
  • processing module 206 is further configured to store a scan status, where the scan status records a plug-in that is not deleted by the user at the end of the scan, and the processing module 205 is further connected to the storage module 201, and saves the scan status record to the Storage module 201;
  • the analysis module 202 performs the determination of the detection position and the detection attribute according to the known plug-in information, the analysis may be performed according to the scan status, thereby ignoring the plug-in that is not deleted by the user, thereby improving the detection speed and saving the system. Resources.
  • the plug-in scanning system of the present invention may further include an upgrade module 207, connected to the storage module 201, for reading the latest known plug-in information from the network server, for the storage.
  • the known plug-in information saved by module 201 is upgraded.
  • the plug-in scanning method and system can scan the known plug-in information by pre-storing the known plug-in information, so that the known plug-in can be retrieved in a targeted manner, and the scanning speed and accuracy can be improved.
  • the detailed description is not to be construed as limiting the scope of the invention. It should be noted that a number of variations and modifications may be made by those skilled in the art without departing from the spirit and scope of the invention. Therefore, the scope of the invention should be determined by the appended claims.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)
  • Radar Systems Or Details Thereof (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

Disclosed is a method for scanning a plug-in, comprising: reading pre-stored information about a known plug-in, and determining, on the basis of the information of the known plug-in, the detection position and detection property of the plug-in; detecting at the detection position whether the detection property exists; and outputting the detection result thereof. Also disclosed is a corresponding system for scanning a plug-in. By way of pre-stored information about a known plug-in, the method and system are able to find a known plug-in in a targeted way by carrying out a scan according to the information of the known plug-in, thus improving the scan speed and accuracy.

Description

插件扫描方法和系统  Plug-in scanning method and system
技术领域 Technical field
本发明涉及计算机技术领域,特别是涉及一种插件扫描方法和系统。 发明背景  The present invention relates to the field of computer technologies, and in particular, to a plug-in scanning method and system. Background of the invention
如今, 随着计算机网络的普及, 极大的提高了人们工作生活的便利 性。 在安装一些程序、 通过浏览器访问网络等过程中, 为了实现一些特 定的功能, 往往需要安装插件。 插件的开发发展, 增加或改善了程序原 有的功能, 因而被越来越广泛的使用。  Nowadays, with the popularity of computer networks, the convenience of people's work and life has been greatly improved. In the process of installing some programs, accessing the network through a browser, etc., in order to implement some specific functions, it is often necessary to install plug-ins. The development of plug-ins has increased or improved the original functionality of the program and has been used more and more widely.
然而, 插件也被一些软件开发者恶意使用, 例如在用户不知情的情 况下后台安装该插件并搜集用户的隐私、 或是弹出广告页面、 修改浏览 器首页等有损用户利益的行为。 因此, 插件的检测与清理已经成为系统 安全软件中必不可少的功能。 通过插件检测, 能使用户知道当前计算机 的插件安装情况, 哪些是用户自己安装, 哪些是用户不知情的情况下安 装的。 因此, 如何精确的检测出用户电脑上的插件, 就显得格外重要。  However, plug-ins are also maliciously used by some software developers, such as installing the plug-in in the background without the user's knowledge and collecting the user's privacy, or popping up an advertisement page, modifying the browser's home page, and the like, which is detrimental to the user's interests. Therefore, the detection and cleaning of plug-ins has become an indispensable function in system security software. Through plug-in detection, the user can know the installation status of the current computer plug-ins, which are installed by the user himself, and which are installed without the user's knowledge. Therefore, how to accurately detect the plug-ins on the user's computer is particularly important.
在当前市面上的系统安全软件中, 一般都实现了插件检测的功能, 即用户点击扫描插件的操作按钮后, 软件的插件扫描模块会遍历插件可 能相关的注册表项, 找到存在的插件的全球唯一标识符(CLSID ), 然后 通过 CLSID获取插件的文件路径, 完成插件的检测过程。  In the current system security software on the market, the function of plug-in detection is generally implemented. After the user clicks the operation button of the scanning plug-in, the plug-in scanning module of the software traverses the registry entries that may be related to the plug-in, and finds the global existence of the plug-in. The unique identifier (CLSID), and then obtain the plugin's file path through the CLSID to complete the plugin detection process.
由于现在插件技术发展越来越完善, 由最早注册为 windows插件才 能起作用, 发展到不用注册为 windows插件也可以起作用, 而后者有可 能是完全不写注册表的。 现有技术对于这部分不写注册表的插件是无法 检测的, 运用现有技术方案检测到的插件会有不准确, 甚至有漏检、 误 检等可能。 因此, 现有技术方案的缺点在于检测的精确度不高、 识别率 非常低, 已经不适应当前插件检测技术发展。 发明内容 Since the plug-in technology is now more and more perfect, it can be used by the earliest registration as a windows plug-in. It can also be developed without registering as a windows plug-in, and the latter may not write the registry at all. The prior art is incapable of detecting the plug-in that does not write the registry. The plug-in detected by the prior art scheme may be inaccurate, and may even be missed or misdetected. Therefore, the disadvantage of the prior art solution is that the accuracy of the detection is not high, and the recognition rate is low. Very low, has not adapted to the current development of plug-in detection technology. Summary of the invention
本发明实施例提供一种插件扫描方法和系统  Embodiments of the present invention provide a plug-in scanning method and system
本发明实施例的技术方案是这样实现的:  The technical solution of the embodiment of the present invention is implemented as follows:
一种插件扫描方法, 该方法包括:  A plug-in scanning method, the method comprising:
读取预先保存的已知插件信息, 并根据所述已知插件信息确定插件 的检测位置及检测属性;  Reading the pre-stored known plug-in information, and determining the detection location and detection attribute of the plug-in according to the known plug-in information;
在所述检测位置检测是否存在所述检测属性;  Detecting whether the detection attribute exists in the detection position;
输出检测结果。  Output test results.
一种插件扫描系统, 该系统包括:  A plug-in scanning system, the system comprising:
存储模块, 用于保存已知插件信息;  a storage module, configured to save known plug-in information;
分析模块, 与所述存储模块相连, 用于从所述存储模块中读取已知 插件信息, 并根据所述已知插件信息确定插件的检测位置及检测属性, 将所述检测位置及检测属性发送给检测模块。  An analysis module, connected to the storage module, configured to read known plug-in information from the storage module, and determine a detection location and a detection attribute of the plug-in according to the known plug-in information, and the detection location and the detection attribute Send to the detection module.
检测模块, 与所述分析模块相连, 接收所述分析模块发送的检测位 置及检测属性, 在所述检测位置检测是否存在所述检测属性; 将检测结 果发送给交互模块。  The detecting module is connected to the analyzing module, and receives the detecting position and the detecting attribute sent by the analyzing module, and detects whether the detecting attribute exists in the detecting position; and sends the detection result to the interaction module.
交互模块, 与所述检测模块相连, 接收并输出所述检测模块发送的 检测结果。  The interaction module is connected to the detection module, and receives and outputs the detection result sent by the detection module.
上述插件扫描方法和系统, 通过预先存储已知插件信息, 根据该已 知插件信息进行扫描, 从而能有针对性的检索到已知插件, 提高扫描速 度和准确度。 附图简要说明 The plug-in scanning method and system can scan the known plug-in information by pre-storing the known plug-in information, so that the known plug-in can be retrieved in a targeted manner, and the scanning speed and accuracy can be improved. BRIEF DESCRIPTION OF THE DRAWINGS
图 1为本发明一实施例的插件扫描方法流程图;  1 is a flowchart of a method for scanning a plug-in according to an embodiment of the present invention;
图 2为本发明一实施例的插件扫描系统结构示意图;  2 is a schematic structural diagram of a plug-in scanning system according to an embodiment of the present invention;
图 3为本发明一实施例的检测模块结构示意图;  3 is a schematic structural diagram of a detection module according to an embodiment of the present invention;
图 4为本发明一实施例的插件扫描系统结构示意图;  4 is a schematic structural diagram of a plug-in scanning system according to an embodiment of the present invention;
图 5为本发明一实施例的插件扫描系统结构示意图;  FIG. 5 is a schematic structural diagram of a plug-in scanning system according to an embodiment of the present invention; FIG.
图 6为本发明一实施例的插件扫描系统结构示意图。 实施本发明的方式  FIG. 6 is a schematic structural diagram of a plug-in scanning system according to an embodiment of the present invention. Mode for carrying out the invention
为使本发明的目的、技术方案和优点更加清楚明白,以下举实施例, 并参照附图, 对本发明进一步详细说明。  The present invention will be further described in detail below with reference to the accompanying drawings.
本发明主要是提出了一种基于已知插件信息, 可以进行多种检测策 略进行组合检测插件的方法, 通过文件检测、 进程检测、 注册表检测、 服务检测等多种检测方法, 进行组合检测, 从而大大的提高了插件检测 的精确度和识别率。  The invention mainly proposes a method for combining detection detection plug-ins based on known plug-in information, and adopts multiple detection methods such as file detection, process detection, registry detection and service detection to perform combined detection. Thereby greatly improving the accuracy and recognition rate of the plug-in detection.
具体如图 1所示,为本发明实施例的插件扫描方法, 包括以下步骤: 步骤 101 , 读取预先保存的已知插件信息, 并根据所述已知插件信 息确定插件的检测位置及检测属性。  Specifically, as shown in FIG. 1 , the method for scanning a plug-in according to an embodiment of the present invention includes the following steps: Step 101: Read pre-stored known plug-in information, and determine a detection location and a detection attribute of the plug-in according to the known plug-in information. .
其中, 已知插件信息是预先对已经被发现的插件进行分析得到的插 件相关信息。 插件被安装后会在计算机系统中留下痕迹, 这些痕迹所处 的位置即插件位置, 可以是某文件路径、 注册表路径、 进程、 服务、 内 存等; 插件在相应位置留下的具体特征文件、特征注册表项、特征进程、 特征服务、 内存中的特征代码等信息即为插件属性。 通过这些预先保存 的已知插件信息, 即可确定后续插件检测时需要检测的具体位置即检测 位置, 和需要检测的内容, 即检测属性。 步骤 102, 在所述检测位置检测是否存在所述检测属性。 The plug-in information is known as plug-in related information obtained by analyzing the plug-in that has been found in advance. After the plugin is installed, it will leave traces in the computer system. The location of these traces is the location of the plugin, which can be a file path, a registry path, a process, a service, a memory, etc.; the specific feature file left by the plugin in the corresponding location Information such as feature registry entries, feature processes, feature services, and feature codes in memory are plug-in properties. Through these pre-stored known plug-in information, the specific location that needs to be detected during subsequent plug-in detection, that is, the detection location, and the content to be detected, that is, the detection attribute, can be determined. Step 102: Detect whether the detection attribute exists in the detection position.
即在需要检测的文件路径下检测是否存在特征文件、 注册表路径下 是否存在特征注册表项、 进程中是否存在特征进程、 服务中是否存在特 征服务、 内存中是否存在特征代码等。  That is, whether the signature file exists in the file path to be detected, whether the feature registry key exists in the registry path, whether the feature process exists in the process, whether the feature service exists in the service, whether the feature code exists in the memory, or the like is detected.
具体例如, 预先存储的已知插件信息里有一条已知插件的信息为 ScanFile(%system%\test.exe) , 通过步骤 101 , 可以确定出该已知插件的 检测位置为 system目录, 检测属性为文件名为 test.exe的文件。 此时在 本步骤中, 即可根据 ScanFile关键字确定检测函数(对于不同的检测位 置,有不同的检测函数,可以预先定义好,例如已知插件信息中, ScanFile 关键字对应文件扫描函数, 用于检测文件; 如果插件还进行了注册表写 入, 还可以定义 ScanReg关键字, 对应注册表扫描函数, 用于检测注册 表, 等等), 确定检测函数后, 把%system%\test.exe 当作查找路径参数 传给确定的检测函数, 检测函数返回检测结果, 即可实现对相应检测位 置的插件属性的检测。  For example, the information about a known plug-in stored in the known plug-in information is ScanFile (%system%\test.exe). In step 101, it can be determined that the detected location of the known plug-in is the system directory, and the detection attribute is Is a file named test.exe. At this point, in this step, the detection function can be determined according to the ScanFile keyword (for different detection positions, there are different detection functions, which can be defined in advance, for example, in the known plug-in information, the ScanFile keyword corresponds to the file scanning function, In the detection file; if the plugin also performs registry writing, you can also define the ScanReg keyword, corresponding to the registry scan function, used to detect the registry, etc.), after determining the detection function, put %system%\test.exe As the search path parameter is passed to the determined detection function, the detection function returns the detection result, and the plug-in attribute of the corresponding detection position can be detected.
步骤 103 , 输出检测结果。  Step 103: Output the detection result.
通过屏幕显示、 声音提示等方式输出步骤 102的插件检测结果。 例 如, 如果检测到插件, 则显示检测到的插件; 没有检测到则不显示或者 显示未检测到插件。 另外, 本步骤中即可进一步输出检测到的插件的评 价。 评价信息是用户对该插件的看法, 可以是综合性的好评、 差评、 中 评等评价, 也可以是所有参与评价用户的投票结果, 还可以是上述两种 方式的结合。 评价可以是预先存储的例如上述预先存储的已知插件信 息, 也可以是通过网络实时获得的, 优选为通过网络实时获得, 以得到 真实、 及时的评价。 通过显示评价, 可以作为不了解该插件的用户的参 考。  The plug-in detection result of step 102 is outputted by a screen display, an audible prompt, or the like. For example, if a plug-in is detected, the detected plug-in is displayed; if it is not detected, it is not displayed or the plug-in is not detected. In addition, in this step, the evaluation of the detected plug-in can be further output. The evaluation information is the user's opinion on the plug-in, and may be a comprehensive evaluation, a bad evaluation, a middle evaluation, or the like, or a voting result of all the users participating in the evaluation, or a combination of the above two methods. The evaluation may be pre-stored, for example, the previously stored known plug-in information, or may be obtained in real time through the network, preferably obtained in real time through the network, to obtain a true and timely evaluation. By displaying the rating, it can be used as a reference for users who do not understand the plugin.
上述实施例中, 已知插件信息中会包含多个插件的信息, 此时, 可 以读取多个或所有的插件的信息同时发起检测, 也可以逐一读取已知插 件信息,检测完一个插件,得到检测结果后再读取下一个已知插件信息, 直到检测完所有的插件。 输出检测结果时也可以逐一输出或同时输出多 个或所有。 In the above embodiment, the information of the plug-in information is included in the plug-in information, and at this time, To read the information of multiple or all plug-ins at the same time to initiate detection, you can also read the known plug-in information one by one, detect a plug-in, get the test results and then read the next known plug-in information, until all plug-ins are detected. . When the detection result is output, it is also possible to output one by one or to output multiple or all at the same time.
其中, 所述已知插件信息中可以保存多种插件属性信息, 例如特征 文件名称、 特征文件大小, 文件内容等, 从而能够在所述步骤 110中确 定更多的检测属性, 通过多种检测属性的检测, 例如通过文件大小的检 测属性, 可以避免检测到具有相同文件名但非插件文件而产生的误判。 同理, 在所述已知插件信息中保存多种插件位置信息, 如文件路径、 注 册表路径、 进程、 服务、 内存等, 即步骤 101中确定的检测位置和检测 属性可以是一个也可以是多个, 这样在步骤 102中, 即可通过多种检测 路径, 多种检测方法精确的检测出插件, 避免漏检、 误检。  The plurality of plug-in attribute information, such as a feature file name, a feature file size, a file content, and the like, may be saved in the known plug-in information, so that more detection attributes can be determined in the step 110, and multiple detection attributes are adopted. The detection, for example, by the detection attribute of the file size, can avoid the detection of false positives with the same file name but not the plug-in file. Similarly, in the known plug-in information, a plurality of plug-in location information, such as a file path, a registry path, a process, a service, a memory, and the like, are saved, that is, the detected location and the detected attribute determined in step 101 may be one or may be Multiple, so in step 102, the plug-in can be accurately detected through multiple detection paths and multiple detection methods to avoid missed detection and false detection.
进一步地, 在上述实施例的基础上, 在步骤 103输出的检测结果界 面上, 还可以提供删除检测到的插件的选项、 并在接收到删除插件的指 令时删除该插件。 例如在检测到插件后, 在输出检测结果的界面中, 紧 跟检测到的插件后提供一个 "删除 "的按钮, 如果用户点击该按钮, 则发 出删除插件的指令, 接收到该指令后即可删除该插件; 从而方便用户操 作, 使用户可以自行确定哪些插件是不需要的插件。 进一步的, 在所述 步骤 103之后, 还可以存储扫描状态, 扫描状态记录了本次扫描结束并 未被用户删除的插件, 在下次执行根据所述已知插件信息确定检测位置 和检测属性时, 忽略对所述未被用户删除的插件, 如此可以提高检测速 度, 节约系统资源。  Further, based on the above embodiment, in the detection result interface outputted in step 103, an option to delete the detected plug-in may be provided, and the plug-in is deleted when receiving the instruction to delete the plug-in. For example, after detecting the plug-in, in the interface for outputting the detection result, a button of "delete" is provided immediately after the detected plug-in, and if the user clicks the button, an instruction to delete the plug-in is issued, and after receiving the instruction, The plugin is removed; thus, it is convenient for the user to operate, so that the user can determine which plugins are unnecessary plugins. Further, after the step 103, the scan status may also be stored, where the scan status records the plug-in that has not been deleted by the user at the end of the scan, and the next time the detection position and the detection attribute are determined according to the known plug-in information, Ignore the plug-ins that are not deleted by the user, which can improve the detection speed and save system resources.
由于网络上经常有新的插件产生, 为保持已知插件信息一直处于较 新的状态, 在上述实施例中, 还可以进一步包括升级更新所述已知插件 信息的步骤, 从而能扫描检测出新的插件。 另外, 读取预先存储的已知 插件信息时, 除了从本地存储器读取外, 还可以直接从网络服务器中读 取, 如此可以不需要更新本地的已知插件信息。 In the above embodiment, the step of upgrading and updating the known plug-in information may be further included in the above-mentioned embodiment, so that a new plug-in is generated on the network. Plugin. Also, read the pre-stored known Plug-in information, in addition to reading from local storage, can also be read directly from the network server, so you do not need to update the local known plug-in information.
另外, 在上述插件扫描方法实施例中, 还可以结合传统的插件扫描 方式, 即除了采用上述步骤外, 还可以通过遍历插件可能相关的注册表 项, 找到存在的插件的全球唯一标识符(CLSID ), 然后通过 CLSID获 取插件的文件路径, 辅助检测未在已知插件信息中定义的插件。  In addition, in the above-mentioned plug-in scanning method embodiment, the traditional plug-in scanning method may also be combined, that is, in addition to the above steps, the global unique identifier (CLSID) of the existing plug-in may be found by traversing the registry key that may be related to the plug-in. ), then get the plugin's file path through CLSID, and help detect plugins that are not defined in the known plugin information.
本发明还提供了一种插件扫描系统的实施例, 如图 2所示, 包括存 储模块 201、 分析模块 202、 检测模块 203及交互模块 204。  The present invention also provides an embodiment of a plug-in scanning system. As shown in FIG. 2, the present invention includes a storage module 201, an analysis module 202, a detection module 203, and an interaction module 204.
存储模块 201 , 用于保存已知插件信息;  a storage module 201, configured to save known plug-in information;
分析模块 202,与所述存储模块 201相连,用于从所述存储模块 201 中读取已知插件信息, 并根据所述已知插件信息确定插件的检测位置及 检测属性, 将所述检测位置及检测属性发送给检测模块 203。  The analysis module 202 is connected to the storage module 201, and is configured to read the known plug-in information from the storage module 201, and determine the detection position and the detection attribute of the plug-in according to the known plug-in information, and the detection location is And the detection attribute is sent to the detection module 203.
检测模块 203, 与所述分析模块 202相连, 接收所述分析模块 202 发送的检测位置及检测属性, 在所述检测位置检测是否存在所述检测属 性; 将检测结果发送给交互模块 204。  The detecting module 203 is connected to the analyzing module 202, and receives the detecting position and the detecting attribute sent by the analyzing module 202, and detects whether the detecting attribute exists in the detecting position; and sends the detection result to the interaction module 204.
交互模块 204, 与所述检测模块 203相连, 接收并输出所述检测模 块 203发送的检测结果。  The interaction module 204 is connected to the detection module 203, and receives and outputs the detection result sent by the detection module 203.
其中, 检测模块 203如图 3所示, 包括:  The detection module 203 is as shown in FIG. 3 and includes:
文件检测单元 301 , 根据所述检测位置及检测属性, 在需要检测的 文件路径下检测是否存在特征文件; 将检测结果发送给所述交互模块 204;  The file detecting unit 301, according to the detection location and the detection attribute, detecting whether a feature file exists in the file path to be detected; sending the detection result to the interaction module 204;
注册表检测单元 302, 根据所述检测位置及检测属性, 在需要检测 的注册表路径下检测是否存在特征注册表项; 将检测结果发送给所述交 互模块 204;  The registry detecting unit 302 detects, according to the detected location and the detection attribute, whether a feature registry entry exists in the registry path that needs to be detected; and sends the detection result to the interaction module 204;
进程检测单元 303, 根据所述检测位置及检测属性, 在需要检测的 进程中检测是否存在特征进程; 将检测结果发送给所述交互模块 204; 服务检测单元 304, 根据所述检测位置及检测属性, 在需要检测的 服务中检测是否存在特征服务; 将检测结果发送给所述交互模块 204; 内存检测单元 305 , 根据所述检测位置及检测属性, 在需要检测的 内存中检测是否存在特征代码; 将检测结果发送给所述交互模块 204。 The process detecting unit 303 is configured to detect according to the detected location and the detection attribute. Detecting whether there is a feature process in the process; sending the detection result to the interaction module 204; the service detection unit 304, according to the detection location and the detection attribute, detecting whether a feature service exists in the service to be detected; sending the detection result to The interaction module 204: the memory detecting unit 305 detects, according to the detection location and the detection attribute, whether a feature code exists in the memory that needs to be detected; and sends the detection result to the interaction module 204.
具体例如, 存储模块 201存储的已知插件信息里有一条已知插件的 信息为 ScanFile(%system%\test.exe), 分析模块 202读取该信息后, 可以 确定出该已知插件的检测位置为 system 目录, 检测属性为文件名为 test.exe的文件。分析模块 202将该检测位置和检测属性发送给检测模块 203 , 检测模块 203可根据 ScanFile关键字确定检测函数(对于不同的 检测位置,有不同的检测函数, 可以预先定义好, 例如已知插件信息中, ScanFile 关键字对应文件扫描函数, 用于检测文件; 如果插件还进行了 注册表写入, 还可以定义 ScanReg关键字, 对应注册表扫描函数, 用于 检测注册表, 等等, 不同的检测函数对应分析模块 202中的各检测单元 301-305 ), 确定检测函数后, 即确定了使用的检测单元后, 本例中确定 文件检测单元 301 , 因此文件检测单元 301 以%system%\test.exe当作查 找路径参数进行检测, 并将检测结果返回交互模块 204。  For example, the information about a known plug-in stored in the known plug-in information stored by the storage module 201 is ScanFile (%system%\test.exe). After the analysis module 202 reads the information, the detection of the known plug-in can be determined. The location is the system directory, and the detection attribute is a file named test.exe. The analysis module 202 sends the detection location and the detection attribute to the detection module 203. The detection module 203 can determine the detection function according to the ScanFile keyword (for different detection positions, there are different detection functions, which can be defined in advance, for example, known plug-in information. In the ScanFile keyword, the file scan function is used to detect the file; if the plugin also performs the registry write, the ScanReg keyword can also be defined, corresponding to the registry scan function, used to detect the registry, etc., different detections After the detection function is determined, that is, after the detection function is determined, the file detection unit 301 is determined in this example, and thus the file detection unit 301 is %system%\test. The exe is detected as a search path parameter, and the detection result is returned to the interaction module 204.
对于已知插件信息中包含多个插件的信息的情况, 分析模块 202可 以读取多个或所有的插件的信息同时发送给检测模块 203进行检测, 也 可以逐一读取已知插件信息逐一发送给检测模块 203 , 检测模块 203检 测完一个插件, 得到检测结果并发送给交互模块 204后, 分析模块 202 再读取下一个已知插件信息, 直到检测完所有的插件。  For the case where the information of the plug-in information is included in the plug-in information, the analysis module 202 may read the information of the plurality of plug-ins and send the information to the detecting module 203 for detection, or may read the information of the known plug-ins one by one. The detecting module 203 detects the plug-in by the detecting module 203, and after receiving the detection result and sending the result to the interaction module 204, the analyzing module 202 reads the next known plug-in information until all the plug-ins are detected.
交互模块 204, 通过屏幕显示、 声音提示等方式输出检测模块 203 发送的检测结果。 例如, 如果检测到插件, 则显示检测到的插件; 没有 检测到则不显示或者显示未检测到插件。 输出检测结果时也可以逐一输 出或同时输出多个或所有检测结果。 The interaction module 204 outputs the detection result sent by the detection module 203 by means of screen display, voice prompt, and the like. For example, if a plugin is detected, the detected plugin is displayed; if it is not detected, it is not displayed or the plugin is not detected. You can also lose one by one when outputting test results. Output multiple or all test results at the same time.
作为另一实施例, 本发明的插件扫描系统如图 4所示, 还可以进一 步包括搜索模块 205 , 与所述检测模块 203和交互模块 204相连, 用于 根据检测模块 203检测的结果(如检测出插件), 从网络服务器中获取 插件的评价, 并发送给交互模块 204进行输出显示。  As another embodiment, the plug-in scanning system of the present invention, as shown in FIG. 4, may further include a search module 205, connected to the detecting module 203 and the interaction module 204, for detecting results according to the detecting module 203 (such as detecting The plug-in is obtained, and the evaluation of the plug-in is obtained from the web server, and sent to the interaction module 204 for output display.
作为另一实施例, 本发明的插件扫描系统如图 5所示, 还可以进一 步包括处理模块 206, 与交互模块 204相连, 在接收到交互模块 204发 送的删除插件指令后, 删除相应插件;  As another embodiment, the plug-in scanning system of the present invention, as shown in FIG. 5, may further include a processing module 206, and is connected to the interaction module 204. After receiving the delete plug-in command sent by the interaction module 204, the corresponding plug-in is deleted.
所述交互模块 204进一步在输出的检测结果界面上, 提供删除检测 到的插件的选项, 例如在检测到插件后, 在输出检测结果的界面中, 紧 跟检测到的插件后提供一个 "删除 "的按钮, 如果用户点击该按钮, 则发 出删除插件指令。  The interaction module 204 further provides an option to delete the detected plug-in on the output detection result interface. For example, after detecting the plug-in, in the interface for outputting the detection result, providing a "delete" after the detected plug-in is followed. Button, if the user clicks the button, the delete plugin command is issued.
进一步的, 处理模块 206还可以用于存储扫描状态, 扫描状态记录 了本次扫描结束并未被用户删除的插件, 处理模块 205进一步与所述存 储模块 201相连, 将扫描状态记录保存到所述存储模块 201 ;  Further, the processing module 206 is further configured to store a scan status, where the scan status records a plug-in that is not deleted by the user at the end of the scan, and the processing module 205 is further connected to the storage module 201, and saves the scan status record to the Storage module 201;
所述分析模块 202下次执行根据所述已知插件信息确定检测位置和 检测属性时, 可以根据所述扫描状态记录, 从而忽略所述未被用户删除 的插件, 如此可以提高检测速度, 节约系统资源。  The next time the analysis module 202 performs the determination of the detection position and the detection attribute according to the known plug-in information, the analysis may be performed according to the scan status, thereby ignoring the plug-in that is not deleted by the user, thereby improving the detection speed and saving the system. Resources.
作为另一实施例, 本发明的插件扫描系统如图 6所示, 还可以进一 步包括升级模块 207, 与存储模块 201相连, 用于从网络服务器读取最 新的已知插件信息,对所述存储模块 201保存的已知插件信息进行升级。  As another embodiment, the plug-in scanning system of the present invention, as shown in FIG. 6, may further include an upgrade module 207, connected to the storage module 201, for reading the latest known plug-in information from the network server, for the storage. The known plug-in information saved by module 201 is upgraded.
上述插件扫描方法和系统, 通过预先存储已知插件信息, 根据该已 知插件信息进行扫描, 从而能有针对性的检索到已知插件, 提高扫描速 度和准确度。 和详细, 但并不能因此而理解为对本发明专利范围的限制。 应当指出的 是, 对于本领域的普通技术人员来说, 在不脱离本发明构思的前提下, 还可以做出若干变形和改进, 这些都属于本发明的保护范围。 因此, 本 发明专利的保护范围应以所附权利要求为准。 The plug-in scanning method and system can scan the known plug-in information by pre-storing the known plug-in information, so that the known plug-in can be retrieved in a targeted manner, and the scanning speed and accuracy can be improved. And the detailed description is not to be construed as limiting the scope of the invention. It should be noted that a number of variations and modifications may be made by those skilled in the art without departing from the spirit and scope of the invention. Therefore, the scope of the invention should be determined by the appended claims.

Claims

权利要求书 Claim
1、 一种插件扫描方法, 其特征在于, 该方法包括:  A plug-in scanning method, characterized in that the method comprises:
读取预先保存的已知插件信息, 并根据所述已知插件信息确定插件 的检测位置及检测属性;  Reading the pre-stored known plug-in information, and determining the detection location and detection attribute of the plug-in according to the known plug-in information;
在所述检测位置检测是否存在所述检测属性;  Detecting whether the detection attribute exists in the detection position;
输出检测结果。  Output test results.
2、根据权利要求 1所述的插件扫描方法, 其特征在于, 所述检测位 置包括:  The method of scanning a plug-in according to claim 1, wherein the detecting location comprises:
文件路径、 注册表路径、 进程、 服务、 内存中的一种或任意多种的 组合。  A combination of file paths, registry paths, processes, services, one of memory, or any combination of any of the following.
3、根据权利要求 2所述的插件扫描方法, 其特征在于, 所述在检测 位置检测是否存在所述检测属性, 包括:  The method of scanning the plug-in according to claim 2, wherein the detecting the presence or absence of the detecting attribute at the detecting position comprises:
在需要检测的文件路径下检测是否存在特征文件、 注册表路径下是 否存在特征注册表项、 进程中是否存在特征进程、 服务中是否存在特征 服务、 内存中是否存在特征代码中的一种或任意多种的组合。  Detect whether there is a signature file in the file path to be detected, whether there is a feature registry entry in the registry path, whether a feature process exists in the process, whether a feature service exists in the service, whether one of the feature codes exists in the memory, or any A variety of combinations.
4、根据权利要求 1所述的插件扫描方法, 其特征在于, 该方法进一 步包括: 输出检测结果后, 如果结果为检测出插件, 则搜索对所述检测 到的插件的评价, 并显示该评价。  The method of scanning a plug-in according to claim 1, wherein the method further comprises: after outputting the detection result, if the result is that the plug-in is detected, searching for the evaluation of the detected plug-in, and displaying the evaluation .
5、根据权利要求 1所述的插件扫描方法, 其特征在于, 该方法进一 步包括: 在所述输出检测结果的界面提供删除检测到的插件的选项, 并 在接收到删除插件的指令时删除该插件。  The method of scanning a plug-in according to claim 1, further comprising: providing an option to delete the detected plug-in at an interface of the output detection result, and deleting the instruction when the plug-in is deleted Plugin.
6、根据权利要求 5所述的插件扫描方法, 其特征在于, 该方法进一 步包括: 存储扫描状态, 所述扫描状态记录本次扫描结束并未被用户删 除的插件; 所述读取预先保存的已知插件信息, 并根据所述已知插件信息确定 插件的检测位置及检测属性时, 根据所述扫描状态忽略所述未被用户删 除的插件。 The method of scanning a plug-in according to claim 5, wherein the method further comprises: storing a scan status, wherein the scan status records a plug-in that is not deleted by the user at the end of the scan; The reading the pre-stored known plug-in information, and determining the detection location and the detection attribute of the plug-in according to the known plug-in information, ignoring the plug-in that is not deleted by the user according to the scan state.
7、根据权利要求 1所述的插件扫描方法, 其特征在于, 该方法进一 步包括:  7. The method of scanning a plug-in according to claim 1, wherein the method further comprises:
更新所述预先保存的已知插件信息; 保持所述预先保存的已知插件 信息为最新。  Updating the pre-saved known plug-in information; keeping the pre-saved known plug-in information up-to-date.
8、 一种插件扫描系统, 其特征在于, 该系统包括:  8. A plug-in scanning system, characterized in that the system comprises:
存储模块, 用于保存已知插件信息;  a storage module, configured to save known plug-in information;
分析模块, 与所述存储模块相连, 用于从所述存储模块中读取已知 插件信息, 并根据所述已知插件信息确定插件的检测位置及检测属性, 将所述检测位置及检测属性发送给检测模块。  An analysis module, connected to the storage module, configured to read known plug-in information from the storage module, and determine a detection location and a detection attribute of the plug-in according to the known plug-in information, and the detection location and the detection attribute Send to the detection module.
检测模块, 与所述分析模块相连, 接收所述分析模块发送的检测位 置及检测属性, 在所述检测位置检测是否存在所述检测属性; 将检测结 果发送给交互模块。  The detecting module is connected to the analyzing module, and receives the detecting position and the detecting attribute sent by the analyzing module, and detects whether the detecting attribute exists in the detecting position; and sends the detection result to the interaction module.
交互模块, 与所述检测模块相连, 接收并输出所述检测模块发送的 检测结果。  The interaction module is connected to the detection module, and receives and outputs the detection result sent by the detection module.
9、 根据权利要求 8 所述的插件扫描系统, 其特征在于, 所述检测 模块包括:  The plug-in scanning system according to claim 8, wherein the detecting module comprises:
文件检测单元, 根据所述检测位置及检测属性, 在需要检测的文件 路径下检测是否存在特征文件; 将检测结果发送给所述交互模块; 注册表检测单元, 根据所述检测位置及检测属性, 在需要检测的注 册表路径下检测是否存在特征注册表项; 将检测结果发送给所述交互模 块;  The file detecting unit detects, according to the detection location and the detection attribute, whether a feature file exists in the file path to be detected; sends the detection result to the interaction module; and the registry detecting unit, according to the detection position and the detection attribute, Detecting whether a feature registry entry exists in a registry path that needs to be detected; sending the detection result to the interaction module;
进程检测单元, 根据所述检测位置及检测属性, 在需要检测的进程 中检测是否存在特征进程; 将检测结果发送给所述交互模块; 服务检测单元, 根据所述检测位置及检测属性, 在需要检测的服务 中检测是否存在特征服务; 将检测结果发送给所述交互模块; a process detection unit, according to the detection location and the detection attribute, in the process that needs to be detected Detecting whether there is a feature process; sending the detection result to the interaction module; the service detection unit, detecting, according to the detection location and the detection attribute, whether a feature service exists in the service to be detected; sending the detection result to the interaction Module
内存检测单元, 根据所述检测位置及检测属性, 在需要检测的内存 中检测是否存在特征代码; 将检测结果发送给所述交互模块。  The memory detecting unit detects, according to the detected position and the detection attribute, whether a feature code exists in the memory that needs to be detected; and sends the detection result to the interaction module.
10、 根据权利要求 8所述的插件扫描系统, 其特征在于, 该系统进 一步包括:  10. The plug-in scanning system of claim 8, wherein the system further comprises:
搜索模块, 与所述检测模块及交互模块分别相连, 用于根据检测模 块的检测结果, 从网络服务器中获取插件的评价, 并发送给交互模块进 行输出显示。  The search module is respectively connected to the detection module and the interaction module, and is configured to obtain an evaluation of the plug-in from the network server according to the detection result of the detection module, and send the evaluation to the interaction module for output display.
11、 根据权利要求 8所述的插件扫描系统, 其特征在于, 该系统进 一步包括:  11. The plug-in scanning system of claim 8, wherein the system further comprises:
处理模块, 与交互模块相连, 在接收到交互模块发送的删除插件指 令后, 删除相应插件;  The processing module is connected to the interaction module, and after receiving the delete plug-in command sent by the interaction module, deleting the corresponding plug-in;
所述交互模块进一步在输出的检测结果界面上, 提供删除检测到的 插件的选项, 当用户点击该按钮, 则发出删除插件指令。  The interaction module further provides an option to delete the detected plug-in on the output detection result interface, and when the user clicks the button, issues a delete plug-in instruction.
12、根据权利要求 11所述的插件扫描系统, 其特征在于, 所述处理 模块进一步与所述存储模块相连, 将扫描状态记录保存到所述存储模 块; 所述扫描状态记录了本次扫描结束并未被用户删除的插件;  The plug-in scanning system according to claim 11, wherein the processing module is further connected to the storage module to save a scan status record to the storage module; and the scan status records the end of the scan a plugin that has not been deleted by the user;
所述分析模块进一步在下次执行根据所述已知插件信息确定检测位 置和检测属性时, 根据所述扫描状态记录, 忽略所述未被用户删除的插 件。  The analysis module further ignores the plug-in that is not deleted by the user according to the scan state record when the detection position and the detection attribute are determined according to the known plug-in information.
13、 根据权利要求 8所述的插件扫描系统, 其特征在于, 该系统进 一步包括:  13. The plug-in scanning system of claim 8, wherein the system further comprises:
升级模块, 与存储模块相连, 用于从网络服务器读取最新的已知插 件信息, 对所述存储模块保存的已知插件信息进行升级。 An upgrade module, connected to the storage module, for reading the latest known plug from the web server Information, upgrade the known plug-in information saved by the storage module.
PCT/CN2011/078522 2010-08-24 2011-08-17 Method and system for scanning plug-in WO2012025026A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
BR112012026735-3A BR112012026735B1 (en) 2010-08-24 2011-08-17 METHOD AND SYSTEM FOR SCANNING A PLUG-IN

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010261782.6A CN102375735B (en) 2010-08-24 2010-08-24 Plugin scanning method and system
CN201010261782.6 2010-08-24

Publications (1)

Publication Number Publication Date
WO2012025026A1 true WO2012025026A1 (en) 2012-03-01

Family

ID=45722892

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/078522 WO2012025026A1 (en) 2010-08-24 2011-08-17 Method and system for scanning plug-in

Country Status (3)

Country Link
CN (1) CN102375735B (en)
BR (1) BR112012026735B1 (en)
WO (1) WO2012025026A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102831021A (en) * 2012-07-27 2012-12-19 腾讯科技(深圳)有限公司 Method and device for interrupting or cleaning plugin
CN103838589A (en) * 2012-11-20 2014-06-04 腾讯科技(深圳)有限公司 Plug-in unit deleting and recovering method and client side
CN102929768B (en) * 2012-11-29 2016-06-01 北京奇虎科技有限公司 Prompting fills method and the client terminal of software by mistake
CN111949280B (en) * 2020-08-12 2023-11-14 深圳市友华软件科技有限公司 Method and device for ensuring correct installation of preassembled plug-in components in factory

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1968154A (en) * 2006-09-15 2007-05-23 华为技术有限公司 System and method for service expansion using plug
CN101387956A (en) * 2007-09-14 2009-03-18 国际商业机器公司 Method and apparatus for expandably implementing non functional logic
CN101571809A (en) * 2009-05-14 2009-11-04 阿里巴巴集团控股有限公司 Implementation method of plug-in registration and device thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1968154A (en) * 2006-09-15 2007-05-23 华为技术有限公司 System and method for service expansion using plug
CN101387956A (en) * 2007-09-14 2009-03-18 国际商业机器公司 Method and apparatus for expandably implementing non functional logic
CN101571809A (en) * 2009-05-14 2009-11-04 阿里巴巴集团控股有限公司 Implementation method of plug-in registration and device thereof

Also Published As

Publication number Publication date
CN102375735B (en) 2014-07-16
BR112012026735A2 (en) 2016-07-12
BR112012026735B1 (en) 2020-11-24
CN102375735A (en) 2012-03-14

Similar Documents

Publication Publication Date Title
US9098370B2 (en) Apparatus and methods for improving uninstall process
WO2015139538A1 (en) Video information push method and device
JP5836889B2 (en) COMMUNICATION START METHOD, COMPUTER PROGRAM, AND COMPUTER DEVICE
US20170132669A1 (en) Resource Downloading Method and Device
US20150127660A1 (en) Method and apparatus for calculating ranks and trust levels for data sources
CN102946343B (en) The method and system of access audio frequency and video community virtual room
CN110955416A (en) Interface document generation method, device, equipment and computer storage medium
US11868710B2 (en) Method and apparatus for displaying a text string copied from a first application in a second application
CN103384290A (en) Mobile terminal with positioning and navigation functions and fast positioning and navigation method of mobile terminal
US9224385B1 (en) Unified recognition of speech and music
WO2020019490A1 (en) Interface testing method, electronic device and storage medium
JP5989781B2 (en) Method and apparatus for progressive pattern matching in a mobile environment
CN111078986B (en) Data retrieval method, device and computer readable storage medium
WO2012094965A1 (en) Method, terminal and server for presenting prompt message
WO2018086476A1 (en) Webpage processing method and apparatus, and storage medium
WO2012025026A1 (en) Method and system for scanning plug-in
WO2013016927A1 (en) Method for downloading video in mac platform browser and browser
WO2013135019A1 (en) Mobile device interface layout method and device
JP5289535B2 (en) Search result providing method and system
WO2018145637A1 (en) Method and device for recording web browsing behavior, and user terminal
JPWO2009066762A1 (en) User interface recognition apparatus and user interface recognition method
US20150222645A1 (en) Method and apparatus for repairing a file
WO2020073493A1 (en) Sql injection vulnerability detection method, apparatus and device, and readable storage medium
WO2015139540A1 (en) Method and device for parsing video webpage
CN109032752B (en) Cloud platform based operation revocation

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11819401

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 7950/CHENP/2012

Country of ref document: IN

NENP Non-entry into the national phase

Ref country code: DE

REG Reference to national code

Ref country code: BR

Ref legal event code: B01A

Ref document number: 112012026735

Country of ref document: BR

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 25/07/2013)

122 Ep: pct application non-entry in european phase

Ref document number: 11819401

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 112012026735

Country of ref document: BR

Kind code of ref document: A2

Effective date: 20121018