WO2020215567A1 - Global hook automatic repair method, apparatus, device, and storage medium - Google Patents

Global hook automatic repair method, apparatus, device, and storage medium Download PDF

Info

Publication number
WO2020215567A1
WO2020215567A1 PCT/CN2019/103162 CN2019103162W WO2020215567A1 WO 2020215567 A1 WO2020215567 A1 WO 2020215567A1 CN 2019103162 W CN2019103162 W CN 2019103162W WO 2020215567 A1 WO2020215567 A1 WO 2020215567A1
Authority
WO
WIPO (PCT)
Prior art keywords
class
crash
name
hooked
loop
Prior art date
Application number
PCT/CN2019/103162
Other languages
French (fr)
Chinese (zh)
Inventor
何兵
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2020215567A1 publication Critical patent/WO2020215567A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/362Software debugging
    • G06F11/3628Software debugging of optimised code

Definitions

  • the present invention relates to the field of operating system security monitoring, in particular to a method, device, equipment and storage medium for automatically repairing a global hook.
  • the embodiments of the present application provide a global hook automatic repair method, device, device, and storage medium, which are used to automatically shield classes that cause global crashes, avoid code modification, and improve repair efficiency.
  • the first aspect of the embodiments of the present application provides a global hook automatic repair method based on data analysis, including: defining a loop for hooking all classes; defining a variable function for Record the name of the class to be hooked; determine whether the name of the class to be hooked is in the filter list according to the loop and the variable function; if the name of the class to be hooked is in the filter list, block A crash class corresponding to the name of the class to be hooked, and the crash class is the class that caused the crash or exception.
  • the method determines whether the name of the class to be hooked is in the filter list according to the loop and the variable function, It also includes: if the name of the class to be hooked is not in the filter list, calling the loop to hook the class to be hooked.
  • the crash class is the class that caused the crash or exception
  • the method further includes: monitoring an abnormal function, the abnormal function is used to monitor and record the array corresponding to the crash class; determining the name of the crash class in the abnormal function according to the array corresponding to the crash class; The name of the crash category is imported into the filtering list.
  • the defining a loop, the loop being used to hook all classes includes: obtaining the path of the currently running target application; obtaining The name and quantity of each class of the target application; a for loop is defined according to the name and quantity of each class, and the for loop is used to globally hook each class according to the path of the target application.
  • the defining a variable function, where the variable function is used to record the name of the class to be hooked includes: obtaining a preset key value;
  • the preset key value calls an array of crash classes stored in the system memory or a preset database;
  • a variable function is defined according to the array of crash classes, and the variable function is used to record the name of the class to be hooked.
  • the determining whether the name of the class to be hooked is included in the filter list according to the loop and the variable function: determining that the The array called in the loop; determine the variable function in the called array; determine the name of the class to be hooked in the variable function, and determine whether the name of the class to be hooked is in the filter list.
  • the method further includes: if the number of crash categories in the filter list is greater than a threshold, integrating the categories that caused the crash; The prefixes of the crash classes of the same type in the crash classes; the crash classes with the prefixes are blocked in batches.
  • the second aspect of the embodiments of the present application provides a global hook automatic repair device, including: a first definition unit for defining a loop, the loop is used for hooking all classes; a second definition unit for Define a variable function, the variable function is used to record the name of the class to be hooked; the judging unit is used to judge whether the name of the class to be hooked is in the filter list according to the loop and the variable function; first The shielding unit, if the name of the class to be hooked is in the filter list, is used to shield the crash class corresponding to the name of the class to be hooked, and the crash class is a class that causes a crash or an exception.
  • the global hook automatic repair device further includes: a calling unit, if the name of the class to be hooked is not in the filter list, it is used Call the loop to hook the class to be hooked.
  • the global hook automatic repair device further includes: a monitoring unit for monitoring abnormal functions, and the abnormal functions are used for monitoring and recording the crash category Corresponding array; a first determining unit for determining the name of the crash class in the abnormal function according to the array corresponding to the crash class; an importing unit for importing the name of the crash class into the filter list.
  • the first definition unit is specifically configured to: obtain the path of the currently running target application; obtain the names and names of various classes of the target application; Quantity: A for loop is defined according to the name and quantity of each class, and the for loop is used to globally hook each class according to the path of the target application.
  • the second definition unit is specifically configured to: obtain a preset key value; call the storage in the system memory or the preset according to the preset key value.
  • An array of crash classes in the database is set; a variable function is defined according to the array of crash classes, and the variable function is used to record the name of the class to be hooked.
  • the judging unit is specifically configured to: determine the array called in the loop; determine the variable function in the called array; State the name of the class to be hooked in the variable function, and determine whether the name of the class to be hooked is in the filter list.
  • the global hook automatic repair device further includes: an integration unit, if the number of crash categories in the filter list is greater than a threshold, it is used to The second determining unit is used to determine the prefix of the crash category of the same type in the crash category; the second shielding unit is used to block the crash categories with the prefix in batches.
  • the third aspect of the embodiments of the present application provides a global hook automatic repair device, which includes a memory, a processor, and a computer program stored on the memory and running on the processor, and the processor executes the The computer program implements the global hook automatic repair method described in any of the above embodiments.
  • the fourth aspect of the embodiments of the present application provides a computer-readable storage medium that stores instructions in the computer-readable storage medium, and when the instructions run on a computer, the computer executes any of the foregoing The steps of the global hook automatic repair method.
  • a loop is defined, which is used to hook all classes; a variable function is defined, which is used to record the name of the class to be hooked; and the loop and variable function are used to determine the Whether the name of the hook class is in the filter list; if the name of the class to be hooked is in the filter list, the crash class corresponding to the name of the class to be hooked is blocked, and the crash class is the class that caused the crash or exception.
  • the embodiment of the application automatically shields classes that cause global crashes, avoids code modification, and improves repair efficiency.
  • FIG. 1 is a schematic diagram of an embodiment of a global hook automatic repair method in an embodiment of the application
  • FIG. 2 is a schematic diagram of another embodiment of the global hook automatic repair method in the embodiment of the application.
  • Fig. 3 is a schematic diagram of an embodiment of a global hook automatic repair device in an embodiment of the application
  • FIG. 4 is a schematic diagram of another embodiment of the global hook automatic repair device in the embodiment of the application.
  • Figure 5 is a schematic diagram of an embodiment of a global hook automatic repair device in an embodiment of the application.
  • the embodiments of the present application provide a global hook automatic repair method, device, device, and storage medium, which are used to automatically shield classes that cause global crashes, avoid code modification, and improve repair efficiency.
  • FIG. 1 a flowchart of a global hook automatic repair method provided by an embodiment of the present application, which specifically includes:
  • the server defines a loop that is used to hook all classes. Specifically, the server defines a for loop through which all classes of the system or application are hooked. For example, the server obtains the path of the currently running target application; the server obtains the name and quantity of each class of the target application; the server defines a for loop according to the name and quantity of each class, and the for loop is used to match the path of the target application All classes are hooked globally.
  • APP when you need to hook an application (application, APP), first obtain the path of the currently running APP, such as dladdr(&_mh_execute_header,&info); secondly, obtain the name of each class of the currently running APP, and each class quantity.
  • classes objc_copyClassNamesForImage(info.dli_fname,&count); among them, the two-dimensional array classes stores the names of all classes, and count stores the number of all classes; finally, a for loop is defined according to the names and numbers of each class. For example, take the array out of the classes in the classes array one by one, and the for loop starts.
  • the server defines a variable function, which is used to record the name of the class to be hooked.
  • the server first obtains the preset key value; then calls the crash class array according to the preset key value, and the crash class array is stored in the system memory or the preset database; and then defines a variable function according to the crash class array, Among them, the variable function is used to record the name of the class to be hooked.
  • a string defined by the server such as PA_HookCrashListKey
  • PA_HookCrashListKey is stored and recalled using the system's own storage (or pre-written database code).
  • the crashed class array is the object obtained from the database by key.
  • the server judges whether the name of the class to be hooked is in the filter list according to the loop and variable function. Specifically, the server determines the array to be called in the loop; the server determines the variable function in the called array; the server determines the name of the class to be hooked in the variable function, and determines whether the name of the class to be hooked is in the filter list. If the name of the class to be hooked is in the filtering list, the server blocks the crash class corresponding to the name of the class to be hooked. If the name of the class to be hooked is not in the filter list, the server will call the hooked class in a loop.
  • the server hooks the hooked class through a for loop.
  • the hook is a platform of the Windows message processing mechanism, and the application (APP) can set up a subroutine on it to monitor a certain message in the specified window, and The monitored window can be created by other processes.
  • the hook mechanism allows applications to intercept and process window messages or specific events.
  • a hook is actually a program segment that processes messages, which is hooked into the system through system calls. Whenever a specific message is sent out and before it reaches the destination window, the hook program captures the message first, that is, the hook function first gets the control right. At this time, the hook function can process (change) the message, or continue to deliver the message without processing, or force the end of the message delivery.
  • the order of hooks is random and depends on the array order of all the classes returned to me by the system method. I then take out one by one from the array to hook.
  • the hook standard is: get all the methods of the class, filter some of the methods that come with the system and the methods that need to be filtered. The method that needs to be filtered depends on the project and business and is pre-configured by the staff. For the remaining methods, the method Address change, forcibly trigger the object-oriented C (objective-C, OC) language message forwarding mechanism, and then rewrite the forwardInvocation method called during message forwarding, change the address in this method, but before changing it back, You can write some hook code to achieve the purpose of hook.
  • the crash class corresponding to the name of the class to be hooked is shielded, and the crash class is the class that caused the crash or exception.
  • the server blocks the crash class corresponding to the name of the class to be hooked, and the crash class is the class that caused the crash or exception.
  • the system monitors through its own abnormal function, and saves the array to the filter list before each crash.
  • the name of a crash category will be added to the filter list and used as a criterion.
  • a loop is defined to hook all classes; a variable function is defined to record the name of the class to be hooked; the name of the class to be hooked is determined according to the loop and variable function Whether it is in the filter list; if the name of the class to be hooked is in the filter list, the crash class corresponding to the name of the class to be hooked is blocked, and the crash class is the class that caused the crash or exception.
  • the classes that cause global crashes can be automatically shielded, avoiding the modification of the system code, and improving the repair efficiency.
  • FIG. 2 another embodiment of the global hook automatic repair method in the embodiment of the present application includes:
  • the server defines a loop that is used to hook all classes. Specifically, the server defines a for loop through which all classes of the system or application are hooked. For example, the server obtains the path of the currently running target application; the server obtains the name and quantity of each class of the target application; the server defines a for loop according to the name and quantity of each class, and the for loop is used to match the path of the target application All classes are hooked globally.
  • APP when you need to hook an application (application, APP), first obtain the path of the currently running APP, such as dladdr(&_mh_execute_header,&info); secondly, obtain the name of each class of the currently running APP, and each class quantity.
  • classes objc_copyClassNamesForImage(info.dli_fname,&count); among them, the two-dimensional array classes stores the names of all classes, and count stores the number of all classes; finally, a for loop is defined according to the names and numbers of each class. For example, take the array out of the classes in the classes array one by one, and the for loop starts.
  • the server defines a variable function, which is used to record the name of the class to be hooked.
  • the server first obtains the preset key value; then calls the crash class array according to the preset key value, and the crash class array is stored in the system memory or the preset database; and then defines a variable function according to the crash class array, Among them, the variable function is used to record the name of the class to be hooked.
  • a string defined by the server such as PA_HookCrashListKey
  • PA_HookCrashListKey is stored and recalled using the system's own storage (or pre-written database code).
  • the crashed class array is the object obtained from the database by key.
  • the server judges whether the name of the class to be hooked is in the filter list according to the loop and variable function. Specifically, the server determines the array to be called in the loop; the server determines the variable function in the called array; the server determines the name of the class to be hooked in the variable function, and determines whether the name of the class to be hooked is in the filter list. If the name of the class to be hooked is in the filtering list, the server blocks the crash class corresponding to the name of the class to be hooked. If the name of the class to be hooked is not in the filter list, the server will call the hooked class in a loop.
  • the server hooks the hooked class through a for loop.
  • the hook is a platform of the Windows message processing mechanism, and the application (APP) can set up a subroutine on it to monitor a certain message in the specified window, and The monitored window can be created by other processes.
  • the hook mechanism allows applications to intercept and process window messages or specific events.
  • a hook is actually a program segment that processes messages, which is hooked into the system through system calls. Whenever a specific message is sent out, and before reaching the destination window, the hook program captures the message first, that is, the hook function first gets the control right. At this time, the hook function can process (change) the message, or continue to deliver the message without processing, or force the end of the message delivery.
  • the order of hooks is random and depends on the array order of all the classes returned to me by the system method. I then take out one by one from the array to hook.
  • the hook standard is: get all the methods of the class, filter some of the methods that come with the system and the methods that need to be filtered. The method that needs to be filtered depends on the project and business and is pre-configured by the staff. For the remaining methods, the method Address changes, forcibly triggering the message forwarding mechanism for OC language, and then rewrite the forwardInvocation method called during message forwarding. In this method, the address is changed back, but before changing back, you can also write some hook code to achieve hook the goal of.
  • the crash class is the class that caused the crash or exception.
  • the server blocks the crash class corresponding to the name of the class to be hooked, and the crash class is the class that caused the crash or exception.
  • the system monitors through its own abnormal function, and saves the array to the filter list before each crash.
  • the name of a crash class will be added to the filter list, and the name of the added crash class will be used as the criterion.
  • Monitor an exception function, which is used to monitor and record the array corresponding to the crash class.
  • the server monitors the abnormal function in the system, where the abnormal function is used to monitor and record the array corresponding to the crash class.
  • the array stores specific data corresponding to each class. For example, if the variable function is a, because the a in the array is stored before the hook is started, that is, a mark is made in the data, and then a is deleted after the method call of the hook code. Conversely, if the hook code crashes and the following code has no chance to run, the a in this array will not be deleted. The next time we hook, we find that a is in the crash array, so we won’t hook it anymore. Fall into a loop.
  • the server determines the name of the crash class in the abnormal function according to the array corresponding to the crash class. For example, the server determines the name of the crashed crash class in the exception function NSSetUncaughtExceptionHandler according to the array corresponding to the crashed class.
  • the server imports the names of crash classes into the filter list, which includes the names of classes that can cause system crashes or exceptions.
  • the server integrates the classes that caused the crash; the server determines the prefixes of the crash classes of the same type in the crash classes; the server blocks the crash classes with prefixes in batches.
  • a loop is defined to hook all classes; a variable function is defined to record the name of the class to be hooked; the name of the class to be hooked is determined according to the loop and variable function Whether it is in the filter list; if the name of the class to be hooked is in the filter list, the crash class corresponding to the name of the class to be hooked will be shielded, the crash class is the class that caused the crash or exception; the exception function is monitored Used to monitor and record the array corresponding to the crash class.
  • each time the system crashes there will be one more class that needs to be blocked in the crash array.
  • hook code is started next time, according to the previous strategy, hooks are not executed for this class, so that the crashed classes will not be executed. Once hooked, it will not cause the system to crash.
  • the classes that cause the global crash can be automatically blocked, avoiding the modification of the system code, and improving the repair efficiency.
  • the server determines whether the variable function in the loop is empty. If the variable function is not empty, the server deletes the class corresponding to the variable function in the array of crash classes. If the variable function is empty, the server ignores the variable function.
  • the method further includes:
  • a loop is defined to hook all classes; a variable function is defined to record the name of the class to be hooked; the name of the class to be hooked is determined according to the loop and variable function Whether it is in the filter list; if the name of the class to be hooked is in the filter list, the crash class corresponding to the name of the class to be hooked will be shielded, the crash class is the class that caused the crash or exception; the exception function is monitored Used to monitor and record the array corresponding to the crash class.
  • the classes that cause global crashes can be automatically shielded, avoiding the modification of the system code, and improving the repair efficiency.
  • An embodiment of the global hook automatic repair device in the embodiment of this application includes:
  • the first definition unit 301 is used to define a loop, and the loop is used to hook all classes;
  • the second definition unit 302 is used to define a variable function, and the variable function is used to record the name of the class to be hooked;
  • the judging unit 303 is configured to judge whether the name of the class to be hooked is in the filter list according to the loop and the variable function;
  • the first shielding unit 304 if the name of the class to be hooked is in the filter list, it is used to shield the crash class corresponding to the name of the class to be hooked, and the crash class is the one that caused the crash or exception class.
  • a loop is defined to hook all classes; a variable function is defined to record the name of the class to be hooked; the name of the class to be hooked is determined according to the loop and variable function Whether it is in the filter list; if the name of the class to be hooked is in the filter list, the crash class corresponding to the name of the class to be hooked is blocked, and the crash class is the class that caused the crash or exception.
  • the classes that cause global crashes can be automatically shielded, avoiding the modification of the system code, and improving the repair efficiency.
  • an embodiment of the global hook automatic repair device in the embodiment of the present application includes:
  • the first definition unit 301 is used to define a loop, and the loop is used to hook all classes;
  • the second definition unit 302 is used to define a variable function, and the variable function is used to record the name of the class to be hooked;
  • the judging unit 303 is configured to judge whether the name of the class to be hooked is in the filter list according to the loop and the variable function;
  • the first shielding unit 304 if the name of the class to be hooked is in the filter list, it is used to shield the crash class corresponding to the name of the class to be hooked, and the crash class is the one that caused the crash or exception class.
  • the global hook automatic repair device also includes:
  • the calling unit 305 if the name of the class to be hooked is not in the filter list, is used to hook the class to be hooked through the loop.
  • the global hook automatic repair device also includes:
  • the monitoring unit 306 is configured to monitor abnormal functions, and the abnormal functions are used to monitor and record the array corresponding to the crash class;
  • the first determining unit 307 is configured to determine the name of the crash class in the abnormal function according to the array corresponding to the crash class;
  • the importing unit 308 is configured to import the name of the crash category into the filtering list.
  • the first definition unit 301 is specifically used for:
  • the second definition unit 302 is specifically configured to:
  • the judging unit 303 is specifically configured to:
  • the global hook automatic repair device also includes:
  • the integration unit 309 if the number of crash categories in the filter list is greater than the threshold, is used to integrate the categories that caused the crash;
  • the second determining unit 310 is configured to determine the prefix of the crash category of the same type in the crash category
  • the second shielding unit 311 is used to shield the crash classes with the prefix in batches.
  • a loop is defined, which is used to hook all classes; a variable function is defined, which is used to record the name of the class to be hooked; the name of the class to be hooked is judged according to the loop and variable function Whether it is in the filter list; if the name of the class to be hooked is in the filter list, the crash class corresponding to the name of the class to be hooked will be shielded, the crash class is the class that caused the crash or exception; the exception function is monitored Used to monitor and record the array corresponding to the crash class.
  • the classes that cause global crashes can be automatically shielded, avoiding the modification of the system code, and improving the repair efficiency.
  • FIG. 5 is a schematic structural diagram of a global hook automatic repair device provided by an embodiment of the present application.
  • the global hook automatic repair device 500 may have relatively large differences due to different configurations or performance, and may include one or more processors (central Processing units, CPU) 501 (for example, one or more processors) and memory 509, and one or more storage media 508 for storing application programs 507 or data 506 (for example, one or one storage device with a large amount of storage).
  • the memory 509 and the storage medium 508 may be short-term storage or persistent storage.
  • the program stored in the storage medium 508 may include one or more modules (not shown in the figure), and each module may include a series of command operations in the global hook automatic repair device.
  • the processor 501 may be configured to communicate with the storage medium 508, and execute a series of instruction operations in the storage medium 508 on the global hook automatic repair device 500.
  • the global hook automatic repair device 500 may also include one or more power supplies 502, one or more wired or wireless network interfaces 503, one or more input and output interfaces 504, and/or one or more operating systems 505, such as Windows Serve, Mac OS X, Unix, Linux, FreeBSD, etc.
  • operating systems 505 such as Windows Serve, Mac OS X, Unix, Linux, FreeBSD, etc.
  • the processor 501 can execute any of the first definition unit 301, the second definition unit 302, the judgment unit 303, the first shielding unit 304, the calling unit 305, the listening unit 306, the first determining unit 307, and the importing unit 308 in the foregoing embodiment.
  • the processor 501 may also perform the function of any one of the integration unit 309, the second determination unit 310, and the second shielding unit 311 in the foregoing embodiment.
  • the processor 501 is the control center of the global hook automatic repair device, and can perform processing according to the set global hook automatic repair method.
  • the processor 501 uses various interfaces and lines to connect the entire global hook to automatically repair various parts of the device, and executes the global hook by running or executing the software program and/or module stored in the memory 509 and calling the data stored in the memory 509 Automatically repair various functions of the device and process data, so as to realize the shielding of crashes.
  • the storage medium 508 and the memory 509 are both carriers for storing data.
  • the storage medium 508 may refer to an internal memory with a small storage capacity but high speed, and the storage 509 may have a large storage capacity but a slow storage speed. External memory.
  • the memory 509 can be used to store software programs and modules.
  • the processor 501 executes various functional applications and data processing of the global hook automatic repair device 500 by running the software programs and modules stored in the memory 509.
  • the memory 509 may mainly include a storage program area and a storage data area, where the storage program area can store the operating system, at least one application program required by the function (such as monitoring abnormal functions, etc.), etc.; the storage data area can store automatic repair according to global hooks Data created by the use of the device (such as defining a variable function, etc.), etc.
  • the memory 509 may include a high-speed random access memory, and may also include a non-volatile memory, such as at least one magnetic disk storage device, a flash memory device, or other non-volatile solid-state storage devices.
  • a non-volatile memory such as at least one magnetic disk storage device, a flash memory device, or other non-volatile solid-state storage devices.
  • the global hook automatic repair method program and the received data stream provided in the embodiment of the present application are stored in the memory, and when needed, the processor 501 calls from the memory 509.
  • the computer-readable storage medium may be a non-volatile computer-readable storage medium.
  • the computer-readable storage medium stores instructions. When the instructions run on a computer When, make the computer execute the following steps of the global hook automatic repair method:
  • the crash class corresponding to the name of the class to be hooked is blocked, and the crash class is the class that caused the crash or exception.
  • the computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices.
  • the computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium.
  • the computer instructions may be transmitted from a website, computer, server, or data center. Transmission to another website site, computer, server or data center via wired (such as coaxial cable, optical fiber, twisted pair) or wireless (such as infrared, wireless, microwave, etc.).
  • the computer-readable storage medium may be any available medium that can be stored by a computer or a data storage device such as a server or data center integrated with one or more available media.
  • the usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, and a magnetic tape), an optical medium (for example, an optical disc), or a semiconductor medium (for example, a solid state disk (SSD)).
  • the disclosed system, device, and method may be implemented in other ways.
  • the device embodiments described above are only illustrative.
  • the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components can be combined or It can be integrated into another system, or some features can be ignored or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
  • the functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the above-mentioned integrated unit can be implemented in the form of hardware or software functional unit.
  • the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium.
  • the technical solution of this application essentially or the part that contributes to the existing technology or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , Including several instructions to make a computer device (which can be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the method described in each embodiment of the present application.
  • the aforementioned storage media include: U disk, mobile hard disk, read-only memory (read-only memory, ROM), random access memory (random access memory, RAM), magnetic disk or optical disk and other media that can store program code .

Abstract

Disclosed by the present application are a global hook automatic repair method, apparatus, device, and storage medium based on the field of security monitoring, used for automatically blocking classes which cause global crashes, avoiding modification of the code and improving repair efficiency. The method of the present application comprises: defining a loop, said loop being used for hooking all classes; defining a variable function, said variable function being used for recording the name of a class to be hooked; according to the loop and the variable function, determining whether the name of the class to be hooked is in a filter list; if the name of the class to be hooked is in said filter list, then blocking the crash class corresponding to the name of the class to be hooked, said crash class being a category which causes a crash or an exception.

Description

全局hook自动修复方法、装置、设备及存储介质Global hook automatic repair method, device, equipment and storage medium
本申请要求于2019年4月26日提交中国专利局、申请号为201910341769.2、发明名称为“全局hook自动修复方法、装置、设备及存储介质”的中国专利申请的优先权,其全部内容通过引用结合在申请中。This application claims the priority of a Chinese patent application filed with the Chinese Patent Office on April 26, 2019, the application number is 201910341769.2, and the invention title is "Global hook automatic repair method, device, equipment and storage medium", the entire content of which is incorporated by reference Incorporate in the application.
技术领域Technical field
本发明涉及操作系统安全监控领域,尤其涉及全局hook自动修复方法、装置、设备及存储介质。The present invention relates to the field of operating system security monitoring, in particular to a method, device, equipment and storage medium for automatically repairing a global hook.
背景技术Background technique
随着手机行业的快速发展,手机系统也相应的发展,目前主流的系统有安卓系统和IOS系统。对于IOS系统而言,IOS项目如果需要测试代码覆盖率,一个比较好的办法就是hook所有的类,然后在所有类的所有方法中添加统计代码,但是因为各个项目的类的种类复杂和数量庞大,有些类的写法会导致一hook就引起崩溃。With the rapid development of the mobile phone industry, mobile phone systems have also developed accordingly. At present, the mainstream systems include Android and IOS systems. For the IOS system, if the IOS project needs to test the code coverage, a better way is to hook all the classes, and then add the statistical code in all the methods of all the classes, but because the types of classes in each project are complex and the number is huge , The writing of some classes will cause a crash on a hook.
目前比较常规的做法是通过人工进行手动排除,发明人意识到需要人工修改代码进行屏蔽引起崩溃的相关的类,修复效率低。At present, the more conventional method is to manually eliminate the problem manually. The inventor realizes that the code needs to be manually modified to shield the related classes that cause the crash, and the repair efficiency is low.
发明内容Summary of the invention
本申请实施例提供了一种全局hook自动修复方法、装置、设备及存储介质,用于自动屏蔽引起全局崩溃的类,避免了对代码的修改,提高了修复效率。The embodiments of the present application provide a global hook automatic repair method, device, device, and storage medium, which are used to automatically shield classes that cause global crashes, avoid code modification, and improve repair efficiency.
本申请实施例的第一方面提供一种基于数据分析的全局hook自动修复方法,包括:定义一个循环,所述循环用于对所有的类进行hook;定义一个变量函数,所述变量函数用于记录待hook的类的名称;根据所述循环和所述变量函数判断所述待hook的类的名称是否在过滤名单中;若所述待hook的类的名称在所述过滤名单中,则屏蔽与所述待hook的类的名称对应的崩溃类,所述崩溃类为引起崩溃或异常的类。The first aspect of the embodiments of the present application provides a global hook automatic repair method based on data analysis, including: defining a loop for hooking all classes; defining a variable function for Record the name of the class to be hooked; determine whether the name of the class to be hooked is in the filter list according to the loop and the variable function; if the name of the class to be hooked is in the filter list, block A crash class corresponding to the name of the class to be hooked, and the crash class is the class that caused the crash or exception.
可选的,在本申请实施例第一方面的第一种实现方式中,所述根据所述循环和所述变量函数判断所述待hook的类的名称是否在过滤名单中之后,所述方法还包括:若所述待hook的类的名称不在所述过滤名单中,则调用所述循环对所述待hook的类进行hook。Optionally, in the first implementation manner of the first aspect of the embodiments of the present application, after the method determines whether the name of the class to be hooked is in the filter list according to the loop and the variable function, It also includes: if the name of the class to be hooked is not in the filter list, calling the loop to hook the class to be hooked.
可选的,在本申请实施例第一方面的第二种实现方式中,所述屏蔽与所述待hook的类的名称对应的崩溃类,所述崩溃类为引起崩溃或异常的类之后,所述方法还包括:监听异常函数,所述异常函数用于监控并记录所述崩溃类对应的数组;根据所述崩溃类对应的数组确定所述异常函数中的崩溃类的名称;将所述崩溃类的名称导入到所述过滤名单。Optionally, in the second implementation manner of the first aspect of the embodiments of the present application, after the shielding the crash class corresponding to the name of the class to be hooked, the crash class is the class that caused the crash or exception, The method further includes: monitoring an abnormal function, the abnormal function is used to monitor and record the array corresponding to the crash class; determining the name of the crash class in the abnormal function according to the array corresponding to the crash class; The name of the crash category is imported into the filtering list.
可选的,在本申请实施例第一方面的第三种实现方式中,所述定义一个循环,所述循环用于对所有的类进行hook包括:获取当前运行的目标应用程序的路径;获取所述目标应用程序的各个类的名称以及数量;根据所述各个类的名称以及数量定义一个for循环,所述for循环用于按照所述目标应用程序的路径对各个类进行全局hook。Optionally, in the third implementation manner of the first aspect of the embodiments of the present application, the defining a loop, the loop being used to hook all classes includes: obtaining the path of the currently running target application; obtaining The name and quantity of each class of the target application; a for loop is defined according to the name and quantity of each class, and the for loop is used to globally hook each class according to the path of the target application.
可选的,在本申请实施例第一方面的第四种实现方式中,所述定义一个变量函数,所述变量函数用于记录待hook的类的名称包括:获取预置的key值;根据所述预置的key值调用存储于系统存储器或者预置数据库中的崩溃类的数组;根据所述崩溃类的数组定义一个变量函数,所述变量函数用于记录待hook的类的名称。Optionally, in the fourth implementation manner of the first aspect of the embodiments of the present application, the defining a variable function, where the variable function is used to record the name of the class to be hooked includes: obtaining a preset key value; The preset key value calls an array of crash classes stored in the system memory or a preset database; a variable function is defined according to the array of crash classes, and the variable function is used to record the name of the class to be hooked.
可选的,在本申请实施例第一方面的第五种实现方式中,所述根据所述循环和所述变量函数判断所述待hook的类的名称是否在过滤名单中包括:确定所述循环中调用的数组;在所述调用的数组中确定所述变量函数;确定所述变量函数中待hook的类的名称,并判断所述待hook的类的名称是否在过滤名单中。Optionally, in the fifth implementation manner of the first aspect of the embodiments of the present application, the determining whether the name of the class to be hooked is included in the filter list according to the loop and the variable function: determining that the The array called in the loop; determine the variable function in the called array; determine the name of the class to be hooked in the variable function, and determine whether the name of the class to be hooked is in the filter list.
可选的,在本申请实施例第一方面的第六种实现方式中,所述方法还包括:若所述过滤名单中崩溃类的数量大于阈值,则对引起崩溃的类进行整合;确定所述崩溃类中相同类型的崩溃类的前缀;将具有所述前缀的崩溃类进行批量屏蔽。Optionally, in the sixth implementation manner of the first aspect of the embodiments of the present application, the method further includes: if the number of crash categories in the filter list is greater than a threshold, integrating the categories that caused the crash; The prefixes of the crash classes of the same type in the crash classes; the crash classes with the prefixes are blocked in batches.
本申请实施例的第二方面提供了一种全局hook自动修复装置,包括:第一定义单元,用于定义一个循环,所述循环用于对所有的类进行hook;第二定义单元,用于定义一个变量函数,所述变量函数用于记录待hook的类的名称;判断单元,用于根据所述循环和所述变量函数判断所述待hook的类的名称是否在过滤名单中;第一屏蔽单元,若所述待hook的类的名称在所述过滤名单中,则用于屏蔽与所述待hook的类的名称对应的崩溃类,所述崩溃类为引起崩溃或异常的类。The second aspect of the embodiments of the present application provides a global hook automatic repair device, including: a first definition unit for defining a loop, the loop is used for hooking all classes; a second definition unit for Define a variable function, the variable function is used to record the name of the class to be hooked; the judging unit is used to judge whether the name of the class to be hooked is in the filter list according to the loop and the variable function; first The shielding unit, if the name of the class to be hooked is in the filter list, is used to shield the crash class corresponding to the name of the class to be hooked, and the crash class is a class that causes a crash or an exception.
可选的,在本申请实施例第二方面的第一种实现方式中,全局hook自动修复装置还包括:调用单元,若所述待hook的类的名称不在所述过滤名单中,则用于调用所述循环对所述待hook的类进行hook。Optionally, in the first implementation manner of the second aspect of the embodiments of the present application, the global hook automatic repair device further includes: a calling unit, if the name of the class to be hooked is not in the filter list, it is used Call the loop to hook the class to be hooked.
可选的,在本申请实施例第二方面的第二种实现方式中,全局hook自动修复装置还包括:监听单元,用于监听异常函数,所述异常函数用于监控并记录所述崩溃类对应的数组;第一确定单元,用于根据所述崩溃类对应的数组确定所述异常函数中的崩溃类的名称;导入单元,用于将所述崩溃类的名称导入到所述过滤名单。Optionally, in the second implementation manner of the second aspect of the embodiments of the present application, the global hook automatic repair device further includes: a monitoring unit for monitoring abnormal functions, and the abnormal functions are used for monitoring and recording the crash category Corresponding array; a first determining unit for determining the name of the crash class in the abnormal function according to the array corresponding to the crash class; an importing unit for importing the name of the crash class into the filter list.
可选的,在本申请实施例第二方面的第三种实现方式中,第一定义单元具体用于:获 取当前运行的目标应用程序的路径;获取所述目标应用程序的各个类的名称以及数量;根据所述各个类的名称以及数量定义一个for循环,所述for循环用于按照所述目标应用程序的路径对各个类进行全局hook。Optionally, in the third implementation manner of the second aspect of the embodiments of the present application, the first definition unit is specifically configured to: obtain the path of the currently running target application; obtain the names and names of various classes of the target application; Quantity: A for loop is defined according to the name and quantity of each class, and the for loop is used to globally hook each class according to the path of the target application.
可选的,在本申请实施例第二方面的第四种实现方式中,第二定义单元具体用于:获取预置的key值;根据所述预置的key值调用存储于系统存储器或者预置数据库中的崩溃类的数组;根据所述崩溃类的数组定义一个变量函数,所述变量函数用于记录待hook的类的名称。Optionally, in the fourth implementation manner of the second aspect of the embodiments of the present application, the second definition unit is specifically configured to: obtain a preset key value; call the storage in the system memory or the preset according to the preset key value. An array of crash classes in the database is set; a variable function is defined according to the array of crash classes, and the variable function is used to record the name of the class to be hooked.
可选的,在本申请实施例第二方面的第五种实现方式中,判断单元具体用于:确定所述循环中调用的数组;在所述调用的数组中确定所述变量函数;确定所述变量函数中待hook的类的名称,并判断所述待hook的类的名称是否在过滤名单中。Optionally, in the fifth implementation manner of the second aspect of the embodiments of the present application, the judging unit is specifically configured to: determine the array called in the loop; determine the variable function in the called array; State the name of the class to be hooked in the variable function, and determine whether the name of the class to be hooked is in the filter list.
可选的,在本申请实施例第二方面的第六种实现方式中,全局hook自动修复装置还包括:整合单元,若所述过滤名单中崩溃类的数量大于阈值,则用于对引起崩溃的类进行整合;第二确定单元,用于确定所述崩溃类中相同类型的崩溃类的前缀;第二屏蔽单元,用于将具有所述前缀的崩溃类进行批量屏蔽。Optionally, in the sixth implementation manner of the second aspect of the embodiments of the present application, the global hook automatic repair device further includes: an integration unit, if the number of crash categories in the filter list is greater than a threshold, it is used to The second determining unit is used to determine the prefix of the crash category of the same type in the crash category; the second shielding unit is used to block the crash categories with the prefix in batches.
本申请实施例的第三方面提供了一种全局hook自动修复设备,包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现上述任一实施方式所述的全局hook自动修复方法。The third aspect of the embodiments of the present application provides a global hook automatic repair device, which includes a memory, a processor, and a computer program stored on the memory and running on the processor, and the processor executes the The computer program implements the global hook automatic repair method described in any of the above embodiments.
本申请实施例的第四方面提供了一种计算机可读存储介质,所述计算机可读存储介质中存储有指令,当所述指令在计算机上运行时,使得计算机执行上述任一实施方式所述的全局hook自动修复方法的步骤。The fourth aspect of the embodiments of the present application provides a computer-readable storage medium that stores instructions in the computer-readable storage medium, and when the instructions run on a computer, the computer executes any of the foregoing The steps of the global hook automatic repair method.
本申请实施例提供的技术方案中,定义一个循环,该循环用于对所有的类进行hook;定义一个变量函数,该变量函数用于记录待hook的类的名称;根据循环和变量函数判断待hook的类的名称是否在过滤名单中;若待hook的类的名称在过滤名单中,则屏蔽与待hook的类的名称对应的崩溃类,该崩溃类为引起崩溃或异常的类。本申请实施例,自动屏蔽引起全局崩溃的类,避免了对代码的修改,提高了修复效率。In the technical solution provided by the embodiment of this application, a loop is defined, which is used to hook all classes; a variable function is defined, which is used to record the name of the class to be hooked; and the loop and variable function are used to determine the Whether the name of the hook class is in the filter list; if the name of the class to be hooked is in the filter list, the crash class corresponding to the name of the class to be hooked is blocked, and the crash class is the class that caused the crash or exception. The embodiment of the application automatically shields classes that cause global crashes, avoids code modification, and improves repair efficiency.
附图说明Description of the drawings
图1为本申请实施例中全局hook自动修复方法的一个实施例示意图;FIG. 1 is a schematic diagram of an embodiment of a global hook automatic repair method in an embodiment of the application;
图2为本申请实施例中全局hook自动修复方法的另一个实施例示意图;2 is a schematic diagram of another embodiment of the global hook automatic repair method in the embodiment of the application;
图3为本申请实施例中全局hook自动修复装置的一个实施例示意图;Fig. 3 is a schematic diagram of an embodiment of a global hook automatic repair device in an embodiment of the application;
图4为本申请实施例中全局hook自动修复装置的另一个实施例示意图;4 is a schematic diagram of another embodiment of the global hook automatic repair device in the embodiment of the application;
图5为本申请实施例中全局hook自动修复设备的一个实施例示意图。Figure 5 is a schematic diagram of an embodiment of a global hook automatic repair device in an embodiment of the application.
具体实施方式Detailed ways
本申请实施例提供了一种全局hook自动修复方法、装置、设备及存储介质,用于自动屏蔽引起全局崩溃的类,避免了对代码的修改,提高了修复效率。The embodiments of the present application provide a global hook automatic repair method, device, device, and storage medium, which are used to automatically shield classes that cause global crashes, avoid code modification, and improve repair efficiency.
为了使本技术领域的人员更好地理解本申请方案,下面将结合本申请实施例中的附图,对本申请实施例进行描述。In order to enable those skilled in the art to better understand the solutions of the present application, the embodiments of the present application will be described below in conjunction with the drawings in the embodiments of the present application.
本申请的说明书和权利要求书及上述附图中的术语“第一”、“第二”、“第三”、“第四”等(如果存在)是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的实施例能够以除了在这里图示或描述的内容以外的顺序实施。此外,术语“包括”或“具有”及其任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。The terms "first", "second", "third", "fourth", etc. (if any) in the specification and claims of this application and the above-mentioned drawings are used to distinguish similar objects, without having to use To describe a specific order or sequence. It should be understood that the data used in this way can be interchanged under appropriate circumstances so that the embodiments described herein can be implemented in an order other than the content illustrated or described herein. In addition, the terms "including" or "having" and any variations thereof are intended to cover non-exclusive inclusions. For example, a process, method, system, product, or device including a series of steps or units is not necessarily limited to those clearly listed Steps or units, but may include other steps or units that are not clearly listed or are inherent to these processes, methods, products, or equipment.
请参阅图1,本申请实施例提供的一种全局hook自动修复方法的流程图,具体包括:Please refer to Fig. 1, a flowchart of a global hook automatic repair method provided by an embodiment of the present application, which specifically includes:
101、定义一个循环,该循环用于对所有的类进行hook。101. Define a loop that is used to hook all classes.
服务器定义一个循环,该循环用于对所有的类进行hook。具体的,服务器定义一个for循环,通过该for循环对系统或应用程序的所有类进行hook。例如,服务器获取当前运行的目标应用程序的路径;服务器获取目标应用程序的各个类的名称以及数量;服务器根据各个类的名称以及数量定义一个for循环,for循环用于按照目标应用程序的路径对各个类进行全局hook。The server defines a loop that is used to hook all classes. Specifically, the server defines a for loop through which all classes of the system or application are hooked. For example, the server obtains the path of the currently running target application; the server obtains the name and quantity of each class of the target application; the server defines a for loop according to the name and quantity of each class, and the for loop is used to match the path of the target application All classes are hooked globally.
例如,当需要对一个应用程序(application,APP)进行hook时,首先获取当前运行的APP的路径,如,dladdr(&_mh_execute_header,&info);其次获取当前运行的APP的各个类的名称,及各个类的数量。例如,classes=objc_copyClassNamesForImage(info.dli_fname,&count);其中,二维数组classes存放有所有类的名称,count存储有所有的类的数量;最后根据各个类的名称以及数量定义一个for循环。例如,将数组将classes数组中的类一个一个取出来,for循环开始。For example, when you need to hook an application (application, APP), first obtain the path of the currently running APP, such as dladdr(&_mh_execute_header,&info); secondly, obtain the name of each class of the currently running APP, and each class quantity. For example, classes=objc_copyClassNamesForImage(info.dli_fname,&count); among them, the two-dimensional array classes stores the names of all classes, and count stores the number of all classes; finally, a for loop is defined according to the names and numbers of each class. For example, take the array out of the classes in the classes array one by one, and the for loop starts.
102、定义一个变量函数,该变量函数用于记录待hook的类的名称。102. Define a variable function, which is used to record the name of the class to be hooked.
服务器定义一个变量函数,该变量函数用于记录待hook的类的名称。The server defines a variable function, which is used to record the name of the class to be hooked.
具体的,服务器先获取预置的key值;然后根据预置的key值调用崩溃类的数组,崩溃类的数组存储于系统存储器或者预置数据库中;再根据崩溃类的数组定义一个变量函数,其中,该变量函数用于记录待hook的类的名称。Specifically, the server first obtains the preset key value; then calls the crash class array according to the preset key value, and the crash class array is stored in the system memory or the preset database; and then defines a variable function according to the crash class array, Among them, the variable function is used to record the name of the class to be hooked.
例如,服务器定义的一个字符串,比如就叫PA_HookCrashListKey,然后使用系统自带的存储器(或者预先写好的数据库代码),进行存储和调用。崩溃的类数组就是,通过key从数据库中获取的对象。For example, a string defined by the server, such as PA_HookCrashListKey, is stored and recalled using the system's own storage (or pre-written database code). The crashed class array is the object obtained from the database by key.
103、根据循环和变量函数判断待hook的类的名称是否在过滤名单中。103. Determine whether the name of the class to be hooked is in the filter list according to the loop and variable function.
服务器根据循环和变量函数判断待hook的类的名称是否在过滤名单中。具体的,服务器确定循环中调用的数组;服务器在调用的数组中确定变量函数;服务器确定变量函数中待hook的类的名称,并判断待hook的类的名称是否在过滤名单中。若待hook的类的名称在过滤名单中,则服务器屏蔽与待hook的类的名称对应的崩溃类。若待hook的类的名称不在过滤名单中,则服务器调用循环对待hook的类进行hook。The server judges whether the name of the class to be hooked is in the filter list according to the loop and variable function. Specifically, the server determines the array to be called in the loop; the server determines the variable function in the called array; the server determines the name of the class to be hooked in the variable function, and determines whether the name of the class to be hooked is in the filter list. If the name of the class to be hooked is in the filtering list, the server blocks the crash class corresponding to the name of the class to be hooked. If the name of the class to be hooked is not in the filter list, the server will call the hooked class in a loop.
具体的,服务器通过for循环对待hook的类进行hook,其中,钩子(hook)是Windows消息处理机制的一个平台,应用程序(APP)可以在上面设置子程以监视指定窗口的某种消息,而且所监视的窗口可以是其他进程所创建的。当消息到达后,在目标窗口处理函数之前处理它。钩子机制允许应用程序截获处理window消息或特定事件。钩子实际上是一个处理消息的程序段,通过系统调用,把它挂入系统。每当特定的消息发出后,且在没有到达目的窗口前,钩子程序就先捕获该消息,即钩子函数先得到控制权。这时钩子函数即可以加工处理(改变)该消息,也可以不作处理而继续传递该消息,还可以强制结束消息的传递。Specifically, the server hooks the hooked class through a for loop. The hook is a platform of the Windows message processing mechanism, and the application (APP) can set up a subroutine on it to monitor a certain message in the specified window, and The monitored window can be created by other processes. When the message arrives, it is processed before the target window processing function. The hook mechanism allows applications to intercept and process window messages or specific events. A hook is actually a program segment that processes messages, which is hooked into the system through system calls. Whenever a specific message is sent out and before it reaches the destination window, the hook program captures the message first, that is, the hook function first gets the control right. At this time, the hook function can process (change) the message, or continue to deliver the message without processing, or force the end of the message delivery.
需要说明的是,hook的顺序是随机的,取决于系统方法返回给我的所有类的数组顺序,我再从数组中一个一个拿出来进行hook。而hook标准为:获取类的所有方法,过滤一些系统自带的方法和需要过滤的方法,需要过滤的方法取决于项目和业务,是工作人员预先配置的,而对剩下的方法,将方法地址更改,强行触发面向对象的C(objective-C,OC)语言的消息转发机制,然后再重写消息转发时调用的forwardInvocation方法,在该方法里面将地址换回去,但是在换回去之前,还可以写一些hook代码,从而达到hook的目的。It should be noted that the order of hooks is random and depends on the array order of all the classes returned to me by the system method. I then take out one by one from the array to hook. The hook standard is: get all the methods of the class, filter some of the methods that come with the system and the methods that need to be filtered. The method that needs to be filtered depends on the project and business and is pre-configured by the staff. For the remaining methods, the method Address change, forcibly trigger the object-oriented C (objective-C, OC) language message forwarding mechanism, and then rewrite the forwardInvocation method called during message forwarding, change the address in this method, but before changing it back, You can write some hook code to achieve the purpose of hook.
104、若待hook的类的名称在过滤名单中,则屏蔽与待hook的类的名称对应的崩溃类,该崩溃类为引起崩溃或异常的类。104. If the name of the class to be hooked is in the filtering list, the crash class corresponding to the name of the class to be hooked is shielded, and the crash class is the class that caused the crash or exception.
若待hook的类的名称在过滤名单中,则服务器屏蔽与待hook的类的名称对应的崩溃 类,该崩溃类为引起崩溃或异常的类。If the name of the class to be hooked is in the filter list, the server blocks the crash class corresponding to the name of the class to be hooked, and the crash class is the class that caused the crash or exception.
可以理解的是,系统通过自带的异常函数进行监控,在每次崩溃之前,将数组保存到过滤名单范围。在下一次启动时,过滤名单会增加一个崩溃类的名称,并用来作为判断标准。It is understandable that the system monitors through its own abnormal function, and saves the array to the filter list before each crash. At the next startup, the name of a crash category will be added to the filter list and used as a criterion.
本申请实施例,定义一个循环,该循环用于对所有的类进行hook;定义一个变量函数,该变量函数用于记录待hook的类的名称;根据循环和变量函数判断待hook的类的名称是否在过滤名单中;若待hook的类的名称在过滤名单中,则屏蔽与待hook的类的名称对应的崩溃类,该崩溃类为引起崩溃或异常的类。可以自动屏蔽引起全局崩溃的类,避免了对系统代码的修改,提高了修复效率。In the embodiment of this application, a loop is defined to hook all classes; a variable function is defined to record the name of the class to be hooked; the name of the class to be hooked is determined according to the loop and variable function Whether it is in the filter list; if the name of the class to be hooked is in the filter list, the crash class corresponding to the name of the class to be hooked is blocked, and the crash class is the class that caused the crash or exception. The classes that cause global crashes can be automatically shielded, avoiding the modification of the system code, and improving the repair efficiency.
请参阅图2,本申请实施例中全局hook自动修复方法的另一个实施例包括:Referring to FIG. 2, another embodiment of the global hook automatic repair method in the embodiment of the present application includes:
201、定义一个循环,该循环用于对所有的类进行hook。201. Define a loop for hooking all classes.
服务器定义一个循环,该循环用于对所有的类进行hook。具体的,服务器定义一个for循环,通过该for循环对系统或应用程序的所有类进行hook。例如,服务器获取当前运行的目标应用程序的路径;服务器获取目标应用程序的各个类的名称以及数量;服务器根据各个类的名称以及数量定义一个for循环,for循环用于按照目标应用程序的路径对各个类进行全局hook。The server defines a loop that is used to hook all classes. Specifically, the server defines a for loop through which all classes of the system or application are hooked. For example, the server obtains the path of the currently running target application; the server obtains the name and quantity of each class of the target application; the server defines a for loop according to the name and quantity of each class, and the for loop is used to match the path of the target application All classes are hooked globally.
例如,当需要对一个应用程序(application,APP)进行hook时,首先获取当前运行的APP的路径,如,dladdr(&_mh_execute_header,&info);其次获取当前运行的APP的各个类的名称,及各个类的数量。例如,classes=objc_copyClassNamesForImage(info.dli_fname,&count);其中,二维数组classes存放有所有类的名称,count存储有所有的类的数量;最后根据各个类的名称以及数量定义一个for循环。例如,将数组将classes数组中的类一个一个取出来,for循环开始。For example, when you need to hook an application (application, APP), first obtain the path of the currently running APP, such as dladdr(&_mh_execute_header,&info); secondly, obtain the name of each class of the currently running APP, and each class quantity. For example, classes=objc_copyClassNamesForImage(info.dli_fname,&count); among them, the two-dimensional array classes stores the names of all classes, and count stores the number of all classes; finally, a for loop is defined according to the names and numbers of each class. For example, take the array out of the classes in the classes array one by one, and the for loop starts.
202、定义一个变量函数,该变量函数用于记录待hook的类的名称。202. Define a variable function, which is used to record the name of the class to be hooked.
服务器定义一个变量函数,该变量函数用于记录待hook的类的名称。The server defines a variable function, which is used to record the name of the class to be hooked.
具体的,服务器先获取预置的key值;然后根据预置的key值调用崩溃类的数组,崩溃类的数组存储于系统存储器或者预置数据库中;再根据崩溃类的数组定义一个变量函数,其中,该变量函数用于记录待hook的类的名称。Specifically, the server first obtains the preset key value; then calls the crash class array according to the preset key value, and the crash class array is stored in the system memory or the preset database; and then defines a variable function according to the crash class array, Among them, the variable function is used to record the name of the class to be hooked.
例如,服务器定义的一个字符串,比如就叫PA_HookCrashListKey,然后使用系统自带的存储器(或者预先写好的数据库代码),进行存储和调用。崩溃的类数组就是,通过 key从数据库中获取的对象。For example, a string defined by the server, such as PA_HookCrashListKey, is stored and recalled using the system's own storage (or pre-written database code). The crashed class array is the object obtained from the database by key.
203、根据循环和变量函数判断待hook的类的名称是否在过滤名单中。203. Determine whether the name of the class to be hooked is in the filter list according to the loop and variable function.
服务器根据循环和变量函数判断待hook的类的名称是否在过滤名单中。具体的,服务器确定循环中调用的数组;服务器在调用的数组中确定变量函数;服务器确定变量函数中待hook的类的名称,并判断待hook的类的名称是否在过滤名单中。若待hook的类的名称在过滤名单中,则服务器屏蔽与待hook的类的名称对应的崩溃类。若待hook的类的名称不在过滤名单中,则服务器调用循环对待hook的类进行hook。The server judges whether the name of the class to be hooked is in the filter list according to the loop and variable function. Specifically, the server determines the array to be called in the loop; the server determines the variable function in the called array; the server determines the name of the class to be hooked in the variable function, and determines whether the name of the class to be hooked is in the filter list. If the name of the class to be hooked is in the filtering list, the server blocks the crash class corresponding to the name of the class to be hooked. If the name of the class to be hooked is not in the filter list, the server will call the hooked class in a loop.
具体的,服务器通过for循环对待hook的类进行hook,其中,钩子(hook)是Windows消息处理机制的一个平台,应用程序(APP)可以在上面设置子程以监视指定窗口的某种消息,而且所监视的窗口可以是其他进程所创建的。当消息到达后,在目标窗口处理函数之前处理它。钩子机制允许应用程序截获处理window消息或特定事件。钩子实际上是一个处理消息的程序段,通过系统调用,把它挂入系统。每当特定的消息发出后,且在没有到达目的窗口前,钩子程序就先捕获该消息,亦即钩子函数先得到控制权。这时钩子函数即可以加工处理(改变)该消息,也可以不作处理而继续传递该消息,还可以强制结束消息的传递。Specifically, the server hooks the hooked class through a for loop. The hook is a platform of the Windows message processing mechanism, and the application (APP) can set up a subroutine on it to monitor a certain message in the specified window, and The monitored window can be created by other processes. When the message arrives, it is processed before the target window processing function. The hook mechanism allows applications to intercept and process window messages or specific events. A hook is actually a program segment that processes messages, which is hooked into the system through system calls. Whenever a specific message is sent out, and before reaching the destination window, the hook program captures the message first, that is, the hook function first gets the control right. At this time, the hook function can process (change) the message, or continue to deliver the message without processing, or force the end of the message delivery.
需要说明的是,hook的顺序是随机的,取决于系统方法返回给我的所有类的数组顺序,我再从数组中一个一个拿出来进行hook。而hook标准为:获取类的所有方法,过滤一些系统自带的方法和需要过滤的方法,需要过滤的方法取决于项目和业务,是工作人员预先配置的,而对剩下的方法,将方法地址更改,强行触发面向OC语言的消息转发机制,然后再重写消息转发时调用的forwardInvocation方法,在该方法里面将地址换回去,但是在换回去之前,还可以写一些hook代码,从而达到hook的目的。It should be noted that the order of hooks is random and depends on the array order of all the classes returned to me by the system method. I then take out one by one from the array to hook. The hook standard is: get all the methods of the class, filter some of the methods that come with the system and the methods that need to be filtered. The method that needs to be filtered depends on the project and business and is pre-configured by the staff. For the remaining methods, the method Address changes, forcibly triggering the message forwarding mechanism for OC language, and then rewrite the forwardInvocation method called during message forwarding. In this method, the address is changed back, but before changing back, you can also write some hook code to achieve hook the goal of.
204、若待hook的类的名称在过滤名单中,则屏蔽与待hook的类的名称对应的崩溃类,该崩溃类为引起崩溃或异常的类。204. If the name of the class to be hooked is in the filtering list, shield the crash class corresponding to the name of the class to be hooked, and the crash class is the class that caused the crash or exception.
若待hook的类的名称在过滤名单中,则服务器屏蔽与待hook的类的名称对应的崩溃类,该崩溃类为引起崩溃或异常的类。If the name of the class to be hooked is in the filter list, the server blocks the crash class corresponding to the name of the class to be hooked, and the crash class is the class that caused the crash or exception.
可以理解的是,系统通过自带的异常函数进行监控,在每次崩溃之前,将数组保存到过滤名单范围。在下一次启动时,过滤名单会增加一个崩溃类的名称,并将增加的崩溃类的名称作为判断标准。It is understandable that the system monitors through its own abnormal function, and saves the array to the filter list before each crash. At the next startup, the name of a crash class will be added to the filter list, and the name of the added crash class will be used as the criterion.
205、监听异常函数,该异常函数用于监控并记录崩溃类对应的数组。205. Monitor an exception function, which is used to monitor and record the array corresponding to the crash class.
服务器对系统中的异常函数进行监听,其中,该异常函数用于监控并记录崩溃类对应的数组。数组存储有与各个类对应的具体数据。例如,若变量函数为a,因为数组中的a,是在开始hook之前存进去的,即在数据中做一个标记,然后在hook代码的方法调用之后,把a删掉。反过来,如果hook代码崩溃了,后面的代码没机会运行,这个数组中的a就不会被删掉,下次hook的时候,发现这个a在崩溃数组中,我们就不再hook了,避免陷入循环崩溃。The server monitors the abnormal function in the system, where the abnormal function is used to monitor and record the array corresponding to the crash class. The array stores specific data corresponding to each class. For example, if the variable function is a, because the a in the array is stored before the hook is started, that is, a mark is made in the data, and then a is deleted after the method call of the hook code. Conversely, if the hook code crashes and the following code has no chance to run, the a in this array will not be deleted. The next time we hook, we find that a is in the crash array, so we won’t hook it anymore. Fall into a loop.
206、根据崩溃类对应的数组确定异常函数中的崩溃类的名称。206. Determine the name of the crash class in the abnormal function according to the array corresponding to the crash class.
服务器根据崩溃类对应的数组确定异常函数中的崩溃类的名称。例如,服务器根据崩溃类对应的数组在异常函数NSSetUncaughtExceptionHandler中确定发生崩溃的崩溃类的名称。The server determines the name of the crash class in the abnormal function according to the array corresponding to the crash class. For example, the server determines the name of the crashed crash class in the exception function NSSetUncaughtExceptionHandler according to the array corresponding to the crashed class.
207、将崩溃类的名称导入到过滤名单。207. Import the name of the crash class into the filtering list.
服务器将崩溃类的名称导入到过滤名单,该过滤名单中包括会引起系统崩溃或异常的类的名称。The server imports the names of crash classes into the filter list, which includes the names of classes that can cause system crashes or exceptions.
可选的,若过滤名单中崩溃类的数量大于阈值,则服务器对引起崩溃的类进行整合;服务器确定崩溃类中相同类型的崩溃类的前缀;服务器将具有前缀的崩溃类进行批量屏蔽。Optionally, if the number of crash classes in the filter list is greater than the threshold, the server integrates the classes that caused the crash; the server determines the prefixes of the crash classes of the same type in the crash classes; the server blocks the crash classes with prefixes in batches.
本申请实施例,定义一个循环,该循环用于对所有的类进行hook;定义一个变量函数,该变量函数用于记录待hook的类的名称;根据循环和变量函数判断待hook的类的名称是否在过滤名单中;若待hook的类的名称在过滤名单中,则屏蔽与待hook的类的名称对应的崩溃类,该崩溃类为引起崩溃或异常的类;监听异常函数,该异常函数用于监控并记录崩溃类对应的数组。本申请实施例中,系统每崩溃一次,崩溃数组中就会多一个需要屏蔽的类,下次启动hook代码的时候,按照前面的策略,对这个类不执行hook,这样崩溃过的类就不会hook了,也就不会导致系统崩溃了,可以自动屏蔽引起全局崩溃的类,避免了对系统代码的修改,提高了修复效率。In the embodiment of this application, a loop is defined to hook all classes; a variable function is defined to record the name of the class to be hooked; the name of the class to be hooked is determined according to the loop and variable function Whether it is in the filter list; if the name of the class to be hooked is in the filter list, the crash class corresponding to the name of the class to be hooked will be shielded, the crash class is the class that caused the crash or exception; the exception function is monitored Used to monitor and record the array corresponding to the crash class. In the embodiment of this application, each time the system crashes, there will be one more class that needs to be blocked in the crash array. When the hook code is started next time, according to the previous strategy, hooks are not executed for this class, so that the crashed classes will not be executed. Once hooked, it will not cause the system to crash. The classes that cause the global crash can be automatically blocked, avoiding the modification of the system code, and improving the repair efficiency.
可选的,在上述图2对应的实施例的基础上,本申请实施例提供的全局hook自动修复方法的可选实施例中,还可以包括:Optionally, on the basis of the above-mentioned embodiment corresponding to FIG. 2, in an optional embodiment of the global hook automatic repair method provided in the embodiment of the present application, it may further include:
判断循环中变量函数是否为空;若变量函数不为空,则将崩溃类的数组中与变量函数对应的类删除。Determine whether the variable function in the loop is empty; if the variable function is not empty, delete the class corresponding to the variable function in the array of crash classes.
具体的,服务器判断循环中变量函数是否为空。若变量函数不为空,则服务器将崩溃类的数组中与变量函数对应的类删除。若变量函数为空,则服务器忽略该变量函数。Specifically, the server determines whether the variable function in the loop is empty. If the variable function is not empty, the server deletes the class corresponding to the variable function in the array of crash classes. If the variable function is empty, the server ignores the variable function.
可选的,在上述图2对应的实施例的基础上,本申请实施例提供的全局hook自动修复方法的可选实施例中,方法还包括:Optionally, on the basis of the embodiment corresponding to FIG. 2 above, in an optional embodiment of the global hook automatic repair method provided in the embodiment of the present application, the method further includes:
若所述待hook的类的名称不在所述过滤名单中,则通过循环对待hook的类进行hook。If the name of the class to be hooked is not in the filter list, hook the class to be hooked in a loop.
本申请实施例,定义一个循环,该循环用于对所有的类进行hook;定义一个变量函数,该变量函数用于记录待hook的类的名称;根据循环和变量函数判断待hook的类的名称是否在过滤名单中;若待hook的类的名称在过滤名单中,则屏蔽与待hook的类的名称对应的崩溃类,该崩溃类为引起崩溃或异常的类;监听异常函数,该异常函数用于监控并记录崩溃类对应的数组。可以自动屏蔽引起全局崩溃的类,避免了对系统代码的修改,提高了修复效率。In the embodiment of this application, a loop is defined to hook all classes; a variable function is defined to record the name of the class to be hooked; the name of the class to be hooked is determined according to the loop and variable function Whether it is in the filter list; if the name of the class to be hooked is in the filter list, the crash class corresponding to the name of the class to be hooked will be shielded, the crash class is the class that caused the crash or exception; the exception function is monitored Used to monitor and record the array corresponding to the crash class. The classes that cause global crashes can be automatically shielded, avoiding the modification of the system code, and improving the repair efficiency.
上面对本申请实施例中全局hook自动修复方法进行了描述,下面对本申请实施例中全局hook自动修复装置进行描述,请参阅图3,本申请实施例中全局hook自动修复装置的一个实施例包括:The global hook automatic repair method in the embodiment of this application is described above, and the global hook automatic repair device in the embodiment of this application is described below. Please refer to FIG. 3. An embodiment of the global hook automatic repair device in the embodiment of this application includes:
第一定义单元301,用于定义一个循环,所述循环用于对所有的类进行hook;The first definition unit 301 is used to define a loop, and the loop is used to hook all classes;
第二定义单元302,用于定义一个变量函数,所述变量函数用于记录待hook的类的名称;The second definition unit 302 is used to define a variable function, and the variable function is used to record the name of the class to be hooked;
判断单元303,用于根据所述循环和所述变量函数判断所述待hook的类的名称是否在过滤名单中;The judging unit 303 is configured to judge whether the name of the class to be hooked is in the filter list according to the loop and the variable function;
第一屏蔽单元304,若所述待hook的类的名称在所述过滤名单中,则用于屏蔽与所述待hook的类的名称对应的崩溃类,所述崩溃类为引起崩溃或异常的类。The first shielding unit 304, if the name of the class to be hooked is in the filter list, it is used to shield the crash class corresponding to the name of the class to be hooked, and the crash class is the one that caused the crash or exception class.
本申请实施例,定义一个循环,该循环用于对所有的类进行hook;定义一个变量函数,该变量函数用于记录待hook的类的名称;根据循环和变量函数判断待hook的类的名称是否在过滤名单中;若待hook的类的名称在过滤名单中,则屏蔽与待hook的类的名称对应的崩溃类,该崩溃类为引起崩溃或异常的类。可以自动屏蔽引起全局崩溃的类,避免了对系统代码的修改,提高了修复效率。In the embodiment of this application, a loop is defined to hook all classes; a variable function is defined to record the name of the class to be hooked; the name of the class to be hooked is determined according to the loop and variable function Whether it is in the filter list; if the name of the class to be hooked is in the filter list, the crash class corresponding to the name of the class to be hooked is blocked, and the crash class is the class that caused the crash or exception. The classes that cause global crashes can be automatically shielded, avoiding the modification of the system code, and improving the repair efficiency.
请参阅图4,本申请实施例中全局hook自动修复装置的一个实施例包括:Referring to FIG. 4, an embodiment of the global hook automatic repair device in the embodiment of the present application includes:
第一定义单元301,用于定义一个循环,所述循环用于对所有的类进行hook;The first definition unit 301 is used to define a loop, and the loop is used to hook all classes;
第二定义单元302,用于定义一个变量函数,所述变量函数用于记录待hook的类的名称;The second definition unit 302 is used to define a variable function, and the variable function is used to record the name of the class to be hooked;
判断单元303,用于根据所述循环和所述变量函数判断所述待hook的类的名称是否在 过滤名单中;The judging unit 303 is configured to judge whether the name of the class to be hooked is in the filter list according to the loop and the variable function;
第一屏蔽单元304,若所述待hook的类的名称在所述过滤名单中,则用于屏蔽与所述待hook的类的名称对应的崩溃类,所述崩溃类为引起崩溃或异常的类。The first shielding unit 304, if the name of the class to be hooked is in the filter list, it is used to shield the crash class corresponding to the name of the class to be hooked, and the crash class is the one that caused the crash or exception class.
可选的,全局hook自动修复装置还包括:Optionally, the global hook automatic repair device also includes:
调用单元305,若所述待hook的类的名称不在所述过滤名单中,则用于通过所述循环对所述待hook的类进行hook。The calling unit 305, if the name of the class to be hooked is not in the filter list, is used to hook the class to be hooked through the loop.
可选的,全局hook自动修复装置还包括:Optionally, the global hook automatic repair device also includes:
监听单元306,用于监听异常函数,所述异常函数用于监控并记录所述崩溃类对应的数组;The monitoring unit 306 is configured to monitor abnormal functions, and the abnormal functions are used to monitor and record the array corresponding to the crash class;
第一确定单元307,用于根据所述崩溃类对应的数组确定所述异常函数中的崩溃类的名称;The first determining unit 307 is configured to determine the name of the crash class in the abnormal function according to the array corresponding to the crash class;
导入单元308,用于将所述崩溃类的名称导入到所述过滤名单。The importing unit 308 is configured to import the name of the crash category into the filtering list.
可选的,第一定义单元301具体用于:Optionally, the first definition unit 301 is specifically used for:
获取当前运行的目标应用程序的路径;获取所述目标应用程序的各个类的名称以及数量;根据所述各个类的名称以及数量定义一个for循环,所述for循环用于按照所述目标应用程序的路径对各个类进行全局hook。Obtain the path of the currently running target application; obtain the name and quantity of each class of the target application; define a for loop according to the name and quantity of each class, and the for loop is used to follow the target application The path of the global hook for each class.
可选的,第二定义单元302具体用于:Optionally, the second definition unit 302 is specifically configured to:
获取预置的key值;根据所述预置的key值调用存储于系统存储器或者预置数据库中的崩溃类的数组;根据所述崩溃类的数组定义一个变量函数,所述变量函数用于记录待hook的类的名称。Obtain a preset key value; call an array of crash classes stored in the system memory or a preset database according to the preset key value; define a variable function according to the array of crash classes, and the variable function is used for recording The name of the class to be hooked.
可选的,判断单元303具体用于:Optionally, the judging unit 303 is specifically configured to:
确定所述循环中调用的数组;在所述调用的数组中确定所述变量函数;确定所述变量函数中待hook的类的名称,并判断所述待hook的类的名称是否在过滤名单中。Determine the array called in the loop; determine the variable function in the called array; determine the name of the class to be hooked in the variable function, and determine whether the name of the class to be hooked is in the filter list .
可选的,全局hook自动修复装置还包括:Optionally, the global hook automatic repair device also includes:
整合单元309,若所述过滤名单中崩溃类的数量大于阈值,则用于对引起崩溃的类进行整合;The integration unit 309, if the number of crash categories in the filter list is greater than the threshold, is used to integrate the categories that caused the crash;
第二确定单元310,用于确定所述崩溃类中相同类型的崩溃类的前缀;The second determining unit 310 is configured to determine the prefix of the crash category of the same type in the crash category;
第二屏蔽单元311,用于将具有所述前缀的崩溃类进行批量屏蔽。The second shielding unit 311 is used to shield the crash classes with the prefix in batches.
本申请实施例,定义一个循环,该循环用于对所有的类进行hook;定义一个变量函数, 该变量函数用于记录待hook的类的名称;根据循环和变量函数判断待hook的类的名称是否在过滤名单中;若待hook的类的名称在过滤名单中,则屏蔽与待hook的类的名称对应的崩溃类,该崩溃类为引起崩溃或异常的类;监听异常函数,该异常函数用于监控并记录崩溃类对应的数组。可以自动屏蔽引起全局崩溃的类,避免了对系统代码的修改,提高了修复效率。In the embodiment of this application, a loop is defined, which is used to hook all classes; a variable function is defined, which is used to record the name of the class to be hooked; the name of the class to be hooked is judged according to the loop and variable function Whether it is in the filter list; if the name of the class to be hooked is in the filter list, the crash class corresponding to the name of the class to be hooked will be shielded, the crash class is the class that caused the crash or exception; the exception function is monitored Used to monitor and record the array corresponding to the crash class. The classes that cause global crashes can be automatically shielded, avoiding the modification of the system code, and improving the repair efficiency.
上面图3至图4从模块化功能实体的角度对本申请实施例中的全局hook自动修复装置进行详细描述,下面从硬件处理的角度对本申请实施例中全局hook自动修复设备进行详细描述。The above Figures 3 to 4 describe the global hook automatic repair device in the embodiment of the present application in detail from the perspective of modular functional entities, and the following describes the global hook automatic repair device in the embodiment of the present application in detail from the perspective of hardware processing.
图5是本申请实施例提供的一种全局hook自动修复设备的结构示意图,该全局hook自动修复设备500可因配置或性能不同而产生比较大的差异,可以包括一个或一个以上处理器(central processing units,CPU)501(例如,一个或一个以上处理器)和存储器509,一个或一个以上存储应用程序507或数据506的存储介质508(例如一个或一个以上海量存储设备)。其中,存储器509和存储介质508可以是短暂存储或持久存储。存储在存储介质508的程序可以包括一个或一个以上模块(图示没标出),每个模块可以包括对全局hook自动修复设备中的一系列指令操作。更进一步地,处理器501可以设置为与存储介质508通信,在全局hook自动修复设备500上执行存储介质508中的一系列指令操作。Figure 5 is a schematic structural diagram of a global hook automatic repair device provided by an embodiment of the present application. The global hook automatic repair device 500 may have relatively large differences due to different configurations or performance, and may include one or more processors (central Processing units, CPU) 501 (for example, one or more processors) and memory 509, and one or more storage media 508 for storing application programs 507 or data 506 (for example, one or one storage device with a large amount of storage). Among them, the memory 509 and the storage medium 508 may be short-term storage or persistent storage. The program stored in the storage medium 508 may include one or more modules (not shown in the figure), and each module may include a series of command operations in the global hook automatic repair device. Further, the processor 501 may be configured to communicate with the storage medium 508, and execute a series of instruction operations in the storage medium 508 on the global hook automatic repair device 500.
全局hook自动修复设备500还可以包括一个或一个以上电源502,一个或一个以上有线或无线网络接口503,一个或一个以上输入输出接口504,和/或,一个或一个以上操作系统505,例如Windows Serve,Mac OS X,Unix,Linux,FreeBSD等等。本领域技术人员可以理解,图5中示出的全局hook自动修复设备结构并不构成对全局hook自动修复设备的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。处理器501可以执行上述实施例中第一定义单元301、第二定义单元302、判断单元303、第一屏蔽单元304、调用单元305、监听单元306、第一确定单元307和导入单元308中任一单元的功能。处理器501还可以执行上述实施例中整合单元309、第二确定单元310和第二屏蔽单元311中任一单元的功能。The global hook automatic repair device 500 may also include one or more power supplies 502, one or more wired or wireless network interfaces 503, one or more input and output interfaces 504, and/or one or more operating systems 505, such as Windows Serve, Mac OS X, Unix, Linux, FreeBSD, etc. Those skilled in the art can understand that the structure of the global hook automatic repair device shown in FIG. 5 does not constitute a limitation on the global hook automatic repair device, and may include more or less components than shown in the figure, or combine certain components, Or different component arrangements. The processor 501 can execute any of the first definition unit 301, the second definition unit 302, the judgment unit 303, the first shielding unit 304, the calling unit 305, the listening unit 306, the first determining unit 307, and the importing unit 308 in the foregoing embodiment. The function of a unit. The processor 501 may also perform the function of any one of the integration unit 309, the second determination unit 310, and the second shielding unit 311 in the foregoing embodiment.
下面结合图5对全局hook自动修复设备的各个构成部件进行具体的介绍:The following is a detailed introduction to each component of the global hook automatic repair device in conjunction with Figure 5:
处理器501是全局hook自动修复设备的控制中心,可以按照设置的全局hook自动修复方法进行处理。处理器501利用各种接口和线路连接整个全局hook自动修复设备的各个部分,通过运行或执行存储在存储器509内的软件程序和/或模块,以及调用存储在存储器 509内的数据,执行全局hook自动修复设备的各种功能和处理数据,从而实现崩溃类的屏蔽。存储介质508和存储器509都是存储数据的载体,本申请实施例中,存储介质508可以是指储存容量较小,但速度快的内存储器,而存储器509可以是储存容量大,但储存速度慢的外存储器。The processor 501 is the control center of the global hook automatic repair device, and can perform processing according to the set global hook automatic repair method. The processor 501 uses various interfaces and lines to connect the entire global hook to automatically repair various parts of the device, and executes the global hook by running or executing the software program and/or module stored in the memory 509 and calling the data stored in the memory 509 Automatically repair various functions of the device and process data, so as to realize the shielding of crashes. The storage medium 508 and the memory 509 are both carriers for storing data. In the embodiment of the present application, the storage medium 508 may refer to an internal memory with a small storage capacity but high speed, and the storage 509 may have a large storage capacity but a slow storage speed. External memory.
存储器509可用于存储软件程序以及模块,处理器501通过运行存储在存储器509的软件程序以及模块,从而执行全局hook自动修复设备500的各种功能应用以及数据处理。存储器509可主要包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序(比如监听异常函数等)等;存储数据区可存储根据全局hook自动修复设备的使用所创建的数据(比如定义一个变量函数等)等。此外,存储器509可以包括高速随机存取存储器,还可以包括非易失性存储器,例如至少一个磁盘存储器件、闪存器件、或其他非易失性固态存储器件。在本申请实施例中提供的全局hook自动修复方法程序和接收到的数据流存储在存储器中,当需要使用时,处理器501从存储器509中调用。The memory 509 can be used to store software programs and modules. The processor 501 executes various functional applications and data processing of the global hook automatic repair device 500 by running the software programs and modules stored in the memory 509. The memory 509 may mainly include a storage program area and a storage data area, where the storage program area can store the operating system, at least one application program required by the function (such as monitoring abnormal functions, etc.), etc.; the storage data area can store automatic repair according to global hooks Data created by the use of the device (such as defining a variable function, etc.), etc. In addition, the memory 509 may include a high-speed random access memory, and may also include a non-volatile memory, such as at least one magnetic disk storage device, a flash memory device, or other non-volatile solid-state storage devices. The global hook automatic repair method program and the received data stream provided in the embodiment of the present application are stored in the memory, and when needed, the processor 501 calls from the memory 509.
本申请还提供一种计算机可读存储介质,该计算机可读存储介质可以为非易失性计算机可读存储介质,所述计算机可读存储介质中存储有指令,当所述指令在计算机上运行时,使得计算机执行如下全局hook自动修复方法的步骤:This application also provides a computer-readable storage medium. The computer-readable storage medium may be a non-volatile computer-readable storage medium. The computer-readable storage medium stores instructions. When the instructions run on a computer When, make the computer execute the following steps of the global hook automatic repair method:
定义一个循环,所述循环用于对所有的类进行hook;Define a loop, which is used to hook all classes;
定义一个变量函数,所述变量函数用于记录待hook的类的名称;Define a variable function, which is used to record the name of the class to be hooked;
根据所述循环和所述变量函数判断所述待hook的类的名称是否在过滤名单中;Determine whether the name of the class to be hooked is in the filter list according to the loop and the variable function;
若所述待hook的类的名称在所述过滤名单中,则屏蔽与所述待hook的类的名称对应的崩溃类,所述崩溃类为引起崩溃或异常的类。If the name of the class to be hooked is in the filtering list, the crash class corresponding to the name of the class to be hooked is blocked, and the crash class is the class that caused the crash or exception.
在计算机上加载和执行所述计算机程序指令时,全部或部分地产生按照本申请实施例所述的流程或功能。所述计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。所述计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、双绞线)或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存储的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质,(例如,软盘、硬 盘、磁带)、光介质(例如,光盘)、或者半导体介质(例如固态硬盘(Solid State Disk,SSD))等。When the computer program instructions are loaded and executed on the computer, the processes or functions described in the embodiments of the present application are generated in whole or in part. The computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium. For example, the computer instructions may be transmitted from a website, computer, server, or data center. Transmission to another website site, computer, server or data center via wired (such as coaxial cable, optical fiber, twisted pair) or wireless (such as infrared, wireless, microwave, etc.). The computer-readable storage medium may be any available medium that can be stored by a computer or a data storage device such as a server or data center integrated with one or more available media. The usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, and a magnetic tape), an optical medium (for example, an optical disc), or a semiconductor medium (for example, a solid state disk (SSD)).
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统,装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for the convenience and conciseness of description, the specific working process of the above-described system, device, and unit can refer to the corresponding process in the foregoing method embodiment, which will not be repeated here.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统,装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed system, device, and method may be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components can be combined or It can be integrated into another system, or some features can be ignored or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
另外,在本申请实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, the functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit. The above-mentioned integrated unit can be implemented in the form of hardware or software functional unit.
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(read-only memory,ROM)、随机存取存储器(random access memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。If the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium. Based on this understanding, the technical solution of this application essentially or the part that contributes to the existing technology or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , Including several instructions to make a computer device (which can be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the method described in each embodiment of the present application. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (read-only memory, ROM), random access memory (random access memory, RAM), magnetic disk or optical disk and other media that can store program code .
以上所述,以上实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围。As mentioned above, the above embodiments are only used to illustrate the technical solutions of the present application, not to limit them; although the present application has been described in detail with reference to the foregoing embodiments, a person of ordinary skill in the art should understand that: The technical solutions recorded in the embodiments are modified, or some of the technical features are equivalently replaced; these modifications or replacements do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of the present application.

Claims (20)

  1. 一种全局hook自动修复方法,包括:A global hook automatic repair method, including:
    定义一个循环,所述循环用于对所有的类进行hook;Define a loop, which is used to hook all classes;
    定义一个变量函数,所述变量函数用于记录待hook的类的名称;Define a variable function, which is used to record the name of the class to be hooked;
    根据所述循环和所述变量函数判断所述待hook的类的名称是否在过滤名单中;Determine whether the name of the class to be hooked is in the filter list according to the loop and the variable function;
    若所述待hook的类的名称在所述过滤名单中,则屏蔽与所述待hook的类的名称对应的崩溃类,所述崩溃类为引起崩溃或异常的类。If the name of the class to be hooked is in the filtering list, the crash class corresponding to the name of the class to be hooked is blocked, and the crash class is the class that caused the crash or exception.
  2. 根据权利要求1所述的全局hook自动修复方法,所述根据所述循环和所述变量函数判断所述待hook的类的名称是否在过滤名单中之后,所述方法还包括:The global hook automatic repair method according to claim 1, after judging whether the name of the class to be hooked is in the filter list according to the loop and the variable function, the method further comprises:
    若所述待hook的类的名称不在所述过滤名单中,则调用所述循环对所述待hook的类进行hook。If the name of the class to be hooked is not in the filter list, call the loop to hook the class to be hooked.
  3. 根据权利要求2所述的全局hook自动修复方法,所述屏蔽与所述待hook的类的名称对应的崩溃类,所述崩溃类为引起崩溃或异常的类之后,所述方法还包括:The method for automatically repairing a global hook according to claim 2, after the shielding the crash class corresponding to the name of the class to be hooked, after the crash class is the class that caused the crash or exception, the method further comprises:
    监听异常函数,所述异常函数用于监控并记录所述崩溃类对应的数组;Monitor abnormal function, the abnormal function is used to monitor and record the array corresponding to the crash class;
    根据所述崩溃类对应的数组确定所述异常函数中的崩溃类的名称;Determine the name of the crash class in the abnormal function according to the array corresponding to the crash class;
    将所述崩溃类的名称导入到所述过滤名单。Import the name of the crash category into the filter list.
  4. 根据权利要求1所述的全局hook自动修复方法,所述定义一个循环,所述循环用于对所有的类进行hook包括:According to the global hook automatic repair method according to claim 1, said defining a loop, the loop being used to hook all classes includes:
    获取当前运行的目标应用程序的路径;Get the path of the currently running target application;
    获取所述目标应用程序的各个类的名称以及数量;Acquiring the name and quantity of each class of the target application;
    根据所述各个类的名称以及数量定义一个for循环,所述for循环用于按照所述目标应用程序的路径对各个类进行全局hook。A for loop is defined according to the name and quantity of each class, and the for loop is used to globally hook each class according to the path of the target application.
  5. 根据权利要求1所述的全局hook自动修复方法,所述定义一个变量函数,所述变量函数用于记录待hook的类的名称包括:The method for automatically repairing a global hook according to claim 1, wherein the defining a variable function, the variable function being used to record the name of the class to be hooked includes:
    获取预置的key值;Get the preset key value;
    根据所述预置的key值调用存储于系统存储器或者预置数据库中的崩溃类的数组;According to the preset key value, call the crash type array stored in the system memory or the preset database;
    根据所述崩溃类的数组定义一个变量函数,所述变量函数用于记录待hook的类的名称。A variable function is defined according to the array of the crash class, and the variable function is used to record the name of the class to be hooked.
  6. 根据权利要求1所述的全局hook自动修复方法,所述根据所述循环和所述变量函数判断所述待hook的类的名称是否在过滤名单中包括:The method for automatically repairing a global hook according to claim 1, wherein the determining whether the name of the class to be hooked is included in the filter list according to the loop and the variable function:
    确定所述循环中调用的数组;Determine the array called in the loop;
    在所述调用的数组中确定所述变量函数;Determine the variable function in the called array;
    确定所述变量函数中待hook的类的名称,并判断所述待hook的类的名称是否在过滤名单中。Determine the name of the class to be hooked in the variable function, and determine whether the name of the class to be hooked is in the filter list.
  7. 根据权利要求1-6中任一所述的全局hook自动修复方法,所述方法还包括:The method for automatically repairing a global hook according to any one of claims 1-6, the method further comprising:
    若所述过滤名单中崩溃类的数量大于阈值,则对引起崩溃的类进行整合;If the number of crash categories in the filter list is greater than the threshold, the categories that caused the crash are integrated;
    确定所述崩溃类中相同类型的崩溃类的前缀;Determine the prefix of the crash category of the same type in the crash category;
    将具有所述前缀的崩溃类进行批量屏蔽。Block the crash classes with the prefix in batches.
  8. 一种全局hook自动修复装置,包括:A global hook automatic repair device, including:
    第一定义单元,用于定义一个循环,所述循环用于对所有的类进行hook;The first definition unit is used to define a loop, and the loop is used to hook all classes;
    第二定义单元,用于定义一个变量函数,所述变量函数用于记录待hook的类的名称;The second definition unit is used to define a variable function, and the variable function is used to record the name of the class to be hooked;
    判断单元,用于根据所述循环和所述变量函数判断所述待hook的类的名称是否在过滤名单中;A judging unit, configured to judge whether the name of the class to be hooked is in the filter list according to the loop and the variable function;
    第一屏蔽单元,若所述待hook的类的名称在所述过滤名单中,则用于屏蔽与所述待hook的类的名称对应的崩溃类,所述崩溃类为引起崩溃或异常的类。The first shielding unit, if the name of the class to be hooked is in the filter list, it is used to shield the crash class corresponding to the name of the class to be hooked, and the crash class is the class that caused the crash or exception .
  9. 根据权利要求8所述的全局hook自动修复装置,全局hook自动修复装置还包括:According to the global hook automatic repair device according to claim 8, the global hook automatic repair device further comprises:
    调用单元,若所述待hook的类的名称不在所述过滤名单中,则用于调用所述循环对所述待hook的类进行hook。The calling unit is used to call the loop to hook the class to be hooked if the name of the class to be hooked is not in the filter list.
  10. 根据权利要求9所述的全局hook自动修复装置,全局hook自动修复装置还包括:According to the global hook automatic repair device according to claim 9, the global hook automatic repair device further comprises:
    监听单元,用于监听异常函数,所述异常函数用于监控并记录所述崩溃类对应的数组;The monitoring unit is used for monitoring abnormal functions, and the abnormal functions are used for monitoring and recording the array corresponding to the crash class;
    第一确定单元,用于根据所述崩溃类对应的数组确定所述异常函数中的崩溃类的名称;The first determining unit is configured to determine the name of the crash class in the abnormal function according to the array corresponding to the crash class;
    导入单元,用于将所述崩溃类的名称导入到所述过滤名单。The import unit is used to import the name of the crash category into the filter list.
  11. 根据权利要求8所述的全局hook自动修复装置,第一定义单元具体用于:According to the global hook automatic repair device according to claim 8, the first definition unit is specifically used for:
    获取当前运行的目标应用程序的路径;Get the path of the currently running target application;
    获取所述目标应用程序的各个类的名称以及数量;Acquiring the name and quantity of each class of the target application;
    根据所述各个类的名称以及数量定义一个for循环,所述for循环用于按照所述目标应用程序的路径对各个类进行全局hook。A for loop is defined according to the name and quantity of each class, and the for loop is used to globally hook each class according to the path of the target application.
  12. 根据权利要求1所述的全局hook自动修复装置,第二定义单元具体用于:According to the global hook automatic repair device according to claim 1, the second definition unit is specifically used for:
    获取预置的key值;Get the preset key value;
    根据所述预置的key值调用存储于系统存储器或者预置数据库中的崩溃类的数组;According to the preset key value, call the crash type array stored in the system memory or the preset database;
    根据所述崩溃类的数组定义一个变量函数,所述变量函数用于记录待hook的类的名称。A variable function is defined according to the array of the crash class, and the variable function is used to record the name of the class to be hooked.
  13. 根据权利要求8所述的全局hook自动修复装置,判断单元具体用于:According to the global hook automatic repair device according to claim 8, the determining unit is specifically configured to:
    确定所述循环中调用的数组;Determine the array called in the loop;
    在所述调用的数组中确定所述变量函数;Determine the variable function in the called array;
    确定所述变量函数中待hook的类的名称,并判断所述待hook的类的名称是否在过滤名单中。Determine the name of the class to be hooked in the variable function, and determine whether the name of the class to be hooked is in the filter list.
  14. 根据权利要求8-13中任一所述的全局hook自动修复装置,全局hook自动修复装置还包括:According to the global hook automatic repair device according to any one of claims 8-13, the global hook automatic repair device further comprises:
    整合单元,若所述过滤名单中崩溃类的数量大于阈值,则用于对引起崩溃的类进行整合;The integration unit, if the number of crash categories in the filter list is greater than the threshold, it is used to integrate the categories that caused the crash;
    第二确定单元,用于确定所述崩溃类中相同类型的崩溃类的前缀;The second determining unit is used to determine the prefix of the crash category of the same type in the crash category;
    第二屏蔽单元,用于将具有所述前缀的崩溃类进行批量屏蔽。The second shielding unit is used to shield the crash classes with the prefix in batches.
  15. 一种全局hook自动修复设备,包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现如下步骤:A global hook automatic repair device includes a memory, a processor, and a computer program stored on the memory and running on the processor, and the processor implements the following steps when the processor executes the computer program:
    定义一个循环,所述循环用于对所有的类进行hook;Define a loop, which is used to hook all classes;
    定义一个变量函数,所述变量函数用于记录待hook的类的名称;Define a variable function, which is used to record the name of the class to be hooked;
    根据所述循环和所述变量函数判断所述待hook的类的名称是否在过滤名单中;Determine whether the name of the class to be hooked is in the filter list according to the loop and the variable function;
    若所述待hook的类的名称在所述过滤名单中,则屏蔽与所述待hook的类的名称对应的崩溃类,所述崩溃类为引起崩溃或异常的类。If the name of the class to be hooked is in the filtering list, the crash class corresponding to the name of the class to be hooked is blocked, and the crash class is the class that caused the crash or exception.
  16. 根据权利要求15所述的全局hook自动修复设备,所述处理器执行所述计算机程序实现所述根据所述循环和所述变量函数判断所述待hook的类的名称是否在过滤名单中之后,还包括以下步骤:According to the global hook automatic repair device according to claim 15, after the processor executes the computer program to realize the judgment according to the loop and the variable function whether the name of the class to be hooked is in the filter list, It also includes the following steps:
    若所述待hook的类的名称不在所述过滤名单中,则调用所述循环对所述待hook的类进行hook。If the name of the class to be hooked is not in the filter list, call the loop to hook the class to be hooked.
  17. 根据权利要求16所述的全局hook自动修复设备,所述处理器执行所述计算机程序实现所述屏蔽与所述待hook的类的名称对应的崩溃类,所述崩溃类为引起崩溃或异常的类之后,还包括以下步骤:According to the global hook automatic repair device according to claim 16, the processor executes the computer program to realize the shielding of the crash class corresponding to the name of the class to be hooked, and the crash class is the one that caused the crash or exception After the class, it also includes the following steps:
    监听异常函数,所述异常函数用于监控并记录所述崩溃类对应的数组;Monitor abnormal function, the abnormal function is used to monitor and record the array corresponding to the crash class;
    根据所述崩溃类对应的数组确定所述异常函数中的崩溃类的名称;Determine the name of the crash class in the abnormal function according to the array corresponding to the crash class;
    将所述崩溃类的名称导入到所述过滤名单。Import the name of the crash category into the filter list.
  18. 根据权利要求17所述的全局hook自动修复设备,所述处理器执行所述计算机程序实现所述定义一个循环,所述循环用于对所有的类进行hook时,包括以下步骤:According to the global hook automatic repair device according to claim 17, the processor executes the computer program to realize the definition of a loop, and when the loop is used for hooking all classes, it includes the following steps:
    获取当前运行的目标应用程序的路径;Get the path of the currently running target application;
    获取所述目标应用程序的各个类的名称以及数量;Acquiring the name and quantity of each class of the target application;
    根据所述各个类的名称以及数量定义一个for循环,所述for循环用于按照所述目标应用程序的路径对各个类进行全局hook。A for loop is defined according to the name and quantity of each class, and the for loop is used to globally hook each class according to the path of the target application.
  19. 根据权利要求15所述的全局hook自动修复设备,所述处理器执行所述计算机程序实现所述定义一个变量函数,所述变量函数用于记录待hook的类的名称时,包括以下步骤:According to the global hook automatic repair device according to claim 15, the processor executes the computer program to realize the definition of a variable function, and when the variable function is used to record the name of the class to be hooked, it comprises the following steps:
    获取预置的key值;Get the preset key value;
    根据所述预置的key值调用存储于系统存储器或者预置数据库中的崩溃类的数组;According to the preset key value, call the crash type array stored in the system memory or the preset database;
    根据所述崩溃类的数组定义一个变量函数,所述变量函数用于记录待hook的类的名称。A variable function is defined according to the array of the crash class, and the variable function is used to record the name of the class to be hooked.
  20. 一种计算机可读存储介质,所述计算机可读存储介质中存储有指令,当所述指令在计算机上运行时,使得计算机执行如下步骤:A computer-readable storage medium in which instructions are stored, and when the instructions are run on a computer, the computer executes the following steps:
    定义一个循环,所述循环用于对所有的类进行hook;Define a loop, which is used to hook all classes;
    定义一个变量函数,所述变量函数用于记录待hook的类的名称;Define a variable function, which is used to record the name of the class to be hooked;
    根据所述循环和所述变量函数判断所述待hook的类的名称是否在过滤名单中;Determine whether the name of the class to be hooked is in the filter list according to the loop and the variable function;
    若所述待hook的类的名称在所述过滤名单中,则屏蔽与所述待hook的类的名称对应的崩溃类,所述崩溃类为引起崩溃或异常的类。If the name of the class to be hooked is in the filtering list, the crash class corresponding to the name of the class to be hooked is blocked, and the crash class is the class that caused the crash or exception.
PCT/CN2019/103162 2019-04-26 2019-08-29 Global hook automatic repair method, apparatus, device, and storage medium WO2020215567A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910341769.2 2019-04-26
CN201910341769.2A CN110221961A (en) 2019-04-26 2019-04-26 Global hook self-repairing method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
WO2020215567A1 true WO2020215567A1 (en) 2020-10-29

Family

ID=67819920

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/103162 WO2020215567A1 (en) 2019-04-26 2019-08-29 Global hook automatic repair method, apparatus, device, and storage medium

Country Status (2)

Country Link
CN (1) CN110221961A (en)
WO (1) WO2020215567A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113110965A (en) * 2021-03-12 2021-07-13 北京健康之家科技有限公司 Abnormal information monitoring method and device, computer storage medium and terminal
CN115859311A (en) * 2023-02-17 2023-03-28 杭州孝道科技有限公司 Taint analysis method and system based on shielding hook, storage medium and electronic equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120304160A1 (en) * 2011-05-27 2012-11-29 Ridgeway Internet Security, Llc Systems and Methods for Run-Time Interception of Software Methods
CN104050418A (en) * 2013-03-13 2014-09-17 阿里巴巴集团控股有限公司 Method and device for realizing safety print of text background of web browser
CN104966018A (en) * 2015-06-18 2015-10-07 华侨大学 Windows system-based software program abnormal behavior analysis method
CN104992123A (en) * 2015-04-16 2015-10-21 中安比特(江苏)软件技术有限公司 Database transparency encryption method
CN106997313A (en) * 2017-03-28 2017-08-01 腾讯科技(深圳)有限公司 A kind of signal processing method of application program, system and terminal device

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8255931B2 (en) * 2008-02-11 2012-08-28 Blue Coat Systems, Inc. Method for implementing ejection-safe API interception
CN102831043B (en) * 2011-06-17 2015-05-20 阿里巴巴集团控股有限公司 Monitoring method and device for application program
CN106126397A (en) * 2016-06-19 2016-11-16 乐视控股(北京)有限公司 The processing method of program crashing message and system
CN109656773B (en) * 2017-10-12 2023-03-10 卓望数码技术(深圳)有限公司 Processing framework based on IOS application abnormal crash
CN108052407A (en) * 2017-12-13 2018-05-18 深圳乐信软件技术有限公司 A kind of application crash means of defence, device, equipment and storage medium
CN109582574B (en) * 2018-11-27 2024-03-19 平安科技(深圳)有限公司 Code coverage rate statistical method, device, storage medium and terminal equipment
CN109669798B (en) * 2018-12-25 2022-09-16 北京金山安全软件有限公司 Crash analysis method, crash analysis device, electronic equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120304160A1 (en) * 2011-05-27 2012-11-29 Ridgeway Internet Security, Llc Systems and Methods for Run-Time Interception of Software Methods
CN104050418A (en) * 2013-03-13 2014-09-17 阿里巴巴集团控股有限公司 Method and device for realizing safety print of text background of web browser
CN104992123A (en) * 2015-04-16 2015-10-21 中安比特(江苏)软件技术有限公司 Database transparency encryption method
CN104966018A (en) * 2015-06-18 2015-10-07 华侨大学 Windows system-based software program abnormal behavior analysis method
CN106997313A (en) * 2017-03-28 2017-08-01 腾讯科技(深圳)有限公司 A kind of signal processing method of application program, system and terminal device

Also Published As

Publication number Publication date
CN110221961A (en) 2019-09-10

Similar Documents

Publication Publication Date Title
US20180131706A1 (en) Filtering and redacting blockchain transactions
CN109271793B (en) Internet of things cloud platform equipment category identification method and system
US20070207800A1 (en) Diagnostics And Monitoring Services In A Mobile Network For A Mobile Device
US11604674B2 (en) Systems and methods for detecting and filtering function calls within processes for malware behavior
WO2020215567A1 (en) Global hook automatic repair method, apparatus, device, and storage medium
CN109858243B (en) Method and device for tracking virus source
CN106656989B (en) Flow monitoring method and terminal
US9723075B2 (en) Systems and methods for data synchronization management between call centers and CRM systems
CN107644075B (en) Method and device for collecting page information
CN109800571B (en) Event processing method and device, storage medium and electronic device
CN109783316B (en) Method and device for identifying tampering behavior of system security log, storage medium and computer equipment
CN105553770B (en) Data acquisition control method and device
CN107423090B (en) Flash player abnormal log management method and system
CN114208114A (en) Multi-view security context per participant
WO2019140738A1 (en) Method for avoiding excess return visits, and electronic apparatus and computer-readable storage medium
CN105939345A (en) Management method and device of protocol table item timer
CN111782621A (en) Service application log processing method and device
CN107885634B (en) Method and device for processing abnormal information in monitoring
CN114070755B (en) Virtual machine network flow determination method and device, electronic equipment and storage medium
CN106385413A (en) Intruding message flow processing method and device
US9813927B2 (en) Mobile terminal flow identification method and apparatus
US10713226B1 (en) Managing data using archiving
CN111143177B (en) Method, system, device and storage medium for collecting RMF III data of IBM host
CN112035824A (en) Authority management method, device, equipment and computer readable storage medium
US20230300201A1 (en) Session border controller with dynamic reporting

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19925797

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19925797

Country of ref document: EP

Kind code of ref document: A1