WO2020215567A1 - Procédé, appareil, dispositif et support de stockage pour réparation automatique de hook global - Google Patents

Procédé, appareil, dispositif et support de stockage pour réparation automatique de hook global Download PDF

Info

Publication number
WO2020215567A1
WO2020215567A1 PCT/CN2019/103162 CN2019103162W WO2020215567A1 WO 2020215567 A1 WO2020215567 A1 WO 2020215567A1 CN 2019103162 W CN2019103162 W CN 2019103162W WO 2020215567 A1 WO2020215567 A1 WO 2020215567A1
Authority
WO
WIPO (PCT)
Prior art keywords
class
crash
name
hooked
loop
Prior art date
Application number
PCT/CN2019/103162
Other languages
English (en)
Chinese (zh)
Inventor
何兵
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2020215567A1 publication Critical patent/WO2020215567A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/362Software debugging
    • G06F11/3628Software debugging of optimised code

Definitions

  • the present invention relates to the field of operating system security monitoring, in particular to a method, device, equipment and storage medium for automatically repairing a global hook.
  • the embodiments of the present application provide a global hook automatic repair method, device, device, and storage medium, which are used to automatically shield classes that cause global crashes, avoid code modification, and improve repair efficiency.
  • the first aspect of the embodiments of the present application provides a global hook automatic repair method based on data analysis, including: defining a loop for hooking all classes; defining a variable function for Record the name of the class to be hooked; determine whether the name of the class to be hooked is in the filter list according to the loop and the variable function; if the name of the class to be hooked is in the filter list, block A crash class corresponding to the name of the class to be hooked, and the crash class is the class that caused the crash or exception.
  • the method determines whether the name of the class to be hooked is in the filter list according to the loop and the variable function, It also includes: if the name of the class to be hooked is not in the filter list, calling the loop to hook the class to be hooked.
  • the crash class is the class that caused the crash or exception
  • the method further includes: monitoring an abnormal function, the abnormal function is used to monitor and record the array corresponding to the crash class; determining the name of the crash class in the abnormal function according to the array corresponding to the crash class; The name of the crash category is imported into the filtering list.
  • the defining a loop, the loop being used to hook all classes includes: obtaining the path of the currently running target application; obtaining The name and quantity of each class of the target application; a for loop is defined according to the name and quantity of each class, and the for loop is used to globally hook each class according to the path of the target application.
  • the defining a variable function, where the variable function is used to record the name of the class to be hooked includes: obtaining a preset key value;
  • the preset key value calls an array of crash classes stored in the system memory or a preset database;
  • a variable function is defined according to the array of crash classes, and the variable function is used to record the name of the class to be hooked.
  • the determining whether the name of the class to be hooked is included in the filter list according to the loop and the variable function: determining that the The array called in the loop; determine the variable function in the called array; determine the name of the class to be hooked in the variable function, and determine whether the name of the class to be hooked is in the filter list.
  • the method further includes: if the number of crash categories in the filter list is greater than a threshold, integrating the categories that caused the crash; The prefixes of the crash classes of the same type in the crash classes; the crash classes with the prefixes are blocked in batches.
  • the second aspect of the embodiments of the present application provides a global hook automatic repair device, including: a first definition unit for defining a loop, the loop is used for hooking all classes; a second definition unit for Define a variable function, the variable function is used to record the name of the class to be hooked; the judging unit is used to judge whether the name of the class to be hooked is in the filter list according to the loop and the variable function; first The shielding unit, if the name of the class to be hooked is in the filter list, is used to shield the crash class corresponding to the name of the class to be hooked, and the crash class is a class that causes a crash or an exception.
  • the global hook automatic repair device further includes: a calling unit, if the name of the class to be hooked is not in the filter list, it is used Call the loop to hook the class to be hooked.
  • the global hook automatic repair device further includes: a monitoring unit for monitoring abnormal functions, and the abnormal functions are used for monitoring and recording the crash category Corresponding array; a first determining unit for determining the name of the crash class in the abnormal function according to the array corresponding to the crash class; an importing unit for importing the name of the crash class into the filter list.
  • the first definition unit is specifically configured to: obtain the path of the currently running target application; obtain the names and names of various classes of the target application; Quantity: A for loop is defined according to the name and quantity of each class, and the for loop is used to globally hook each class according to the path of the target application.
  • the second definition unit is specifically configured to: obtain a preset key value; call the storage in the system memory or the preset according to the preset key value.
  • An array of crash classes in the database is set; a variable function is defined according to the array of crash classes, and the variable function is used to record the name of the class to be hooked.
  • the judging unit is specifically configured to: determine the array called in the loop; determine the variable function in the called array; State the name of the class to be hooked in the variable function, and determine whether the name of the class to be hooked is in the filter list.
  • the global hook automatic repair device further includes: an integration unit, if the number of crash categories in the filter list is greater than a threshold, it is used to The second determining unit is used to determine the prefix of the crash category of the same type in the crash category; the second shielding unit is used to block the crash categories with the prefix in batches.
  • the third aspect of the embodiments of the present application provides a global hook automatic repair device, which includes a memory, a processor, and a computer program stored on the memory and running on the processor, and the processor executes the The computer program implements the global hook automatic repair method described in any of the above embodiments.
  • the fourth aspect of the embodiments of the present application provides a computer-readable storage medium that stores instructions in the computer-readable storage medium, and when the instructions run on a computer, the computer executes any of the foregoing The steps of the global hook automatic repair method.
  • a loop is defined, which is used to hook all classes; a variable function is defined, which is used to record the name of the class to be hooked; and the loop and variable function are used to determine the Whether the name of the hook class is in the filter list; if the name of the class to be hooked is in the filter list, the crash class corresponding to the name of the class to be hooked is blocked, and the crash class is the class that caused the crash or exception.
  • the embodiment of the application automatically shields classes that cause global crashes, avoids code modification, and improves repair efficiency.
  • FIG. 1 is a schematic diagram of an embodiment of a global hook automatic repair method in an embodiment of the application
  • FIG. 2 is a schematic diagram of another embodiment of the global hook automatic repair method in the embodiment of the application.
  • Fig. 3 is a schematic diagram of an embodiment of a global hook automatic repair device in an embodiment of the application
  • FIG. 4 is a schematic diagram of another embodiment of the global hook automatic repair device in the embodiment of the application.
  • Figure 5 is a schematic diagram of an embodiment of a global hook automatic repair device in an embodiment of the application.
  • the embodiments of the present application provide a global hook automatic repair method, device, device, and storage medium, which are used to automatically shield classes that cause global crashes, avoid code modification, and improve repair efficiency.
  • FIG. 1 a flowchart of a global hook automatic repair method provided by an embodiment of the present application, which specifically includes:
  • the server defines a loop that is used to hook all classes. Specifically, the server defines a for loop through which all classes of the system or application are hooked. For example, the server obtains the path of the currently running target application; the server obtains the name and quantity of each class of the target application; the server defines a for loop according to the name and quantity of each class, and the for loop is used to match the path of the target application All classes are hooked globally.
  • APP when you need to hook an application (application, APP), first obtain the path of the currently running APP, such as dladdr(&_mh_execute_header,&info); secondly, obtain the name of each class of the currently running APP, and each class quantity.
  • classes objc_copyClassNamesForImage(info.dli_fname,&count); among them, the two-dimensional array classes stores the names of all classes, and count stores the number of all classes; finally, a for loop is defined according to the names and numbers of each class. For example, take the array out of the classes in the classes array one by one, and the for loop starts.
  • the server defines a variable function, which is used to record the name of the class to be hooked.
  • the server first obtains the preset key value; then calls the crash class array according to the preset key value, and the crash class array is stored in the system memory or the preset database; and then defines a variable function according to the crash class array, Among them, the variable function is used to record the name of the class to be hooked.
  • a string defined by the server such as PA_HookCrashListKey
  • PA_HookCrashListKey is stored and recalled using the system's own storage (or pre-written database code).
  • the crashed class array is the object obtained from the database by key.
  • the server judges whether the name of the class to be hooked is in the filter list according to the loop and variable function. Specifically, the server determines the array to be called in the loop; the server determines the variable function in the called array; the server determines the name of the class to be hooked in the variable function, and determines whether the name of the class to be hooked is in the filter list. If the name of the class to be hooked is in the filtering list, the server blocks the crash class corresponding to the name of the class to be hooked. If the name of the class to be hooked is not in the filter list, the server will call the hooked class in a loop.
  • the server hooks the hooked class through a for loop.
  • the hook is a platform of the Windows message processing mechanism, and the application (APP) can set up a subroutine on it to monitor a certain message in the specified window, and The monitored window can be created by other processes.
  • the hook mechanism allows applications to intercept and process window messages or specific events.
  • a hook is actually a program segment that processes messages, which is hooked into the system through system calls. Whenever a specific message is sent out and before it reaches the destination window, the hook program captures the message first, that is, the hook function first gets the control right. At this time, the hook function can process (change) the message, or continue to deliver the message without processing, or force the end of the message delivery.
  • the order of hooks is random and depends on the array order of all the classes returned to me by the system method. I then take out one by one from the array to hook.
  • the hook standard is: get all the methods of the class, filter some of the methods that come with the system and the methods that need to be filtered. The method that needs to be filtered depends on the project and business and is pre-configured by the staff. For the remaining methods, the method Address change, forcibly trigger the object-oriented C (objective-C, OC) language message forwarding mechanism, and then rewrite the forwardInvocation method called during message forwarding, change the address in this method, but before changing it back, You can write some hook code to achieve the purpose of hook.
  • the crash class corresponding to the name of the class to be hooked is shielded, and the crash class is the class that caused the crash or exception.
  • the server blocks the crash class corresponding to the name of the class to be hooked, and the crash class is the class that caused the crash or exception.
  • the system monitors through its own abnormal function, and saves the array to the filter list before each crash.
  • the name of a crash category will be added to the filter list and used as a criterion.
  • a loop is defined to hook all classes; a variable function is defined to record the name of the class to be hooked; the name of the class to be hooked is determined according to the loop and variable function Whether it is in the filter list; if the name of the class to be hooked is in the filter list, the crash class corresponding to the name of the class to be hooked is blocked, and the crash class is the class that caused the crash or exception.
  • the classes that cause global crashes can be automatically shielded, avoiding the modification of the system code, and improving the repair efficiency.
  • FIG. 2 another embodiment of the global hook automatic repair method in the embodiment of the present application includes:
  • the server defines a loop that is used to hook all classes. Specifically, the server defines a for loop through which all classes of the system or application are hooked. For example, the server obtains the path of the currently running target application; the server obtains the name and quantity of each class of the target application; the server defines a for loop according to the name and quantity of each class, and the for loop is used to match the path of the target application All classes are hooked globally.
  • APP when you need to hook an application (application, APP), first obtain the path of the currently running APP, such as dladdr(&_mh_execute_header,&info); secondly, obtain the name of each class of the currently running APP, and each class quantity.
  • classes objc_copyClassNamesForImage(info.dli_fname,&count); among them, the two-dimensional array classes stores the names of all classes, and count stores the number of all classes; finally, a for loop is defined according to the names and numbers of each class. For example, take the array out of the classes in the classes array one by one, and the for loop starts.
  • the server defines a variable function, which is used to record the name of the class to be hooked.
  • the server first obtains the preset key value; then calls the crash class array according to the preset key value, and the crash class array is stored in the system memory or the preset database; and then defines a variable function according to the crash class array, Among them, the variable function is used to record the name of the class to be hooked.
  • a string defined by the server such as PA_HookCrashListKey
  • PA_HookCrashListKey is stored and recalled using the system's own storage (or pre-written database code).
  • the crashed class array is the object obtained from the database by key.
  • the server judges whether the name of the class to be hooked is in the filter list according to the loop and variable function. Specifically, the server determines the array to be called in the loop; the server determines the variable function in the called array; the server determines the name of the class to be hooked in the variable function, and determines whether the name of the class to be hooked is in the filter list. If the name of the class to be hooked is in the filtering list, the server blocks the crash class corresponding to the name of the class to be hooked. If the name of the class to be hooked is not in the filter list, the server will call the hooked class in a loop.
  • the server hooks the hooked class through a for loop.
  • the hook is a platform of the Windows message processing mechanism, and the application (APP) can set up a subroutine on it to monitor a certain message in the specified window, and The monitored window can be created by other processes.
  • the hook mechanism allows applications to intercept and process window messages or specific events.
  • a hook is actually a program segment that processes messages, which is hooked into the system through system calls. Whenever a specific message is sent out, and before reaching the destination window, the hook program captures the message first, that is, the hook function first gets the control right. At this time, the hook function can process (change) the message, or continue to deliver the message without processing, or force the end of the message delivery.
  • the order of hooks is random and depends on the array order of all the classes returned to me by the system method. I then take out one by one from the array to hook.
  • the hook standard is: get all the methods of the class, filter some of the methods that come with the system and the methods that need to be filtered. The method that needs to be filtered depends on the project and business and is pre-configured by the staff. For the remaining methods, the method Address changes, forcibly triggering the message forwarding mechanism for OC language, and then rewrite the forwardInvocation method called during message forwarding. In this method, the address is changed back, but before changing back, you can also write some hook code to achieve hook the goal of.
  • the crash class is the class that caused the crash or exception.
  • the server blocks the crash class corresponding to the name of the class to be hooked, and the crash class is the class that caused the crash or exception.
  • the system monitors through its own abnormal function, and saves the array to the filter list before each crash.
  • the name of a crash class will be added to the filter list, and the name of the added crash class will be used as the criterion.
  • Monitor an exception function, which is used to monitor and record the array corresponding to the crash class.
  • the server monitors the abnormal function in the system, where the abnormal function is used to monitor and record the array corresponding to the crash class.
  • the array stores specific data corresponding to each class. For example, if the variable function is a, because the a in the array is stored before the hook is started, that is, a mark is made in the data, and then a is deleted after the method call of the hook code. Conversely, if the hook code crashes and the following code has no chance to run, the a in this array will not be deleted. The next time we hook, we find that a is in the crash array, so we won’t hook it anymore. Fall into a loop.
  • the server determines the name of the crash class in the abnormal function according to the array corresponding to the crash class. For example, the server determines the name of the crashed crash class in the exception function NSSetUncaughtExceptionHandler according to the array corresponding to the crashed class.
  • the server imports the names of crash classes into the filter list, which includes the names of classes that can cause system crashes or exceptions.
  • the server integrates the classes that caused the crash; the server determines the prefixes of the crash classes of the same type in the crash classes; the server blocks the crash classes with prefixes in batches.
  • a loop is defined to hook all classes; a variable function is defined to record the name of the class to be hooked; the name of the class to be hooked is determined according to the loop and variable function Whether it is in the filter list; if the name of the class to be hooked is in the filter list, the crash class corresponding to the name of the class to be hooked will be shielded, the crash class is the class that caused the crash or exception; the exception function is monitored Used to monitor and record the array corresponding to the crash class.
  • each time the system crashes there will be one more class that needs to be blocked in the crash array.
  • hook code is started next time, according to the previous strategy, hooks are not executed for this class, so that the crashed classes will not be executed. Once hooked, it will not cause the system to crash.
  • the classes that cause the global crash can be automatically blocked, avoiding the modification of the system code, and improving the repair efficiency.
  • the server determines whether the variable function in the loop is empty. If the variable function is not empty, the server deletes the class corresponding to the variable function in the array of crash classes. If the variable function is empty, the server ignores the variable function.
  • the method further includes:
  • a loop is defined to hook all classes; a variable function is defined to record the name of the class to be hooked; the name of the class to be hooked is determined according to the loop and variable function Whether it is in the filter list; if the name of the class to be hooked is in the filter list, the crash class corresponding to the name of the class to be hooked will be shielded, the crash class is the class that caused the crash or exception; the exception function is monitored Used to monitor and record the array corresponding to the crash class.
  • the classes that cause global crashes can be automatically shielded, avoiding the modification of the system code, and improving the repair efficiency.
  • An embodiment of the global hook automatic repair device in the embodiment of this application includes:
  • the first definition unit 301 is used to define a loop, and the loop is used to hook all classes;
  • the second definition unit 302 is used to define a variable function, and the variable function is used to record the name of the class to be hooked;
  • the judging unit 303 is configured to judge whether the name of the class to be hooked is in the filter list according to the loop and the variable function;
  • the first shielding unit 304 if the name of the class to be hooked is in the filter list, it is used to shield the crash class corresponding to the name of the class to be hooked, and the crash class is the one that caused the crash or exception class.
  • a loop is defined to hook all classes; a variable function is defined to record the name of the class to be hooked; the name of the class to be hooked is determined according to the loop and variable function Whether it is in the filter list; if the name of the class to be hooked is in the filter list, the crash class corresponding to the name of the class to be hooked is blocked, and the crash class is the class that caused the crash or exception.
  • the classes that cause global crashes can be automatically shielded, avoiding the modification of the system code, and improving the repair efficiency.
  • an embodiment of the global hook automatic repair device in the embodiment of the present application includes:
  • the first definition unit 301 is used to define a loop, and the loop is used to hook all classes;
  • the second definition unit 302 is used to define a variable function, and the variable function is used to record the name of the class to be hooked;
  • the judging unit 303 is configured to judge whether the name of the class to be hooked is in the filter list according to the loop and the variable function;
  • the first shielding unit 304 if the name of the class to be hooked is in the filter list, it is used to shield the crash class corresponding to the name of the class to be hooked, and the crash class is the one that caused the crash or exception class.
  • the global hook automatic repair device also includes:
  • the calling unit 305 if the name of the class to be hooked is not in the filter list, is used to hook the class to be hooked through the loop.
  • the global hook automatic repair device also includes:
  • the monitoring unit 306 is configured to monitor abnormal functions, and the abnormal functions are used to monitor and record the array corresponding to the crash class;
  • the first determining unit 307 is configured to determine the name of the crash class in the abnormal function according to the array corresponding to the crash class;
  • the importing unit 308 is configured to import the name of the crash category into the filtering list.
  • the first definition unit 301 is specifically used for:
  • the second definition unit 302 is specifically configured to:
  • the judging unit 303 is specifically configured to:
  • the global hook automatic repair device also includes:
  • the integration unit 309 if the number of crash categories in the filter list is greater than the threshold, is used to integrate the categories that caused the crash;
  • the second determining unit 310 is configured to determine the prefix of the crash category of the same type in the crash category
  • the second shielding unit 311 is used to shield the crash classes with the prefix in batches.
  • a loop is defined, which is used to hook all classes; a variable function is defined, which is used to record the name of the class to be hooked; the name of the class to be hooked is judged according to the loop and variable function Whether it is in the filter list; if the name of the class to be hooked is in the filter list, the crash class corresponding to the name of the class to be hooked will be shielded, the crash class is the class that caused the crash or exception; the exception function is monitored Used to monitor and record the array corresponding to the crash class.
  • the classes that cause global crashes can be automatically shielded, avoiding the modification of the system code, and improving the repair efficiency.
  • FIG. 5 is a schematic structural diagram of a global hook automatic repair device provided by an embodiment of the present application.
  • the global hook automatic repair device 500 may have relatively large differences due to different configurations or performance, and may include one or more processors (central Processing units, CPU) 501 (for example, one or more processors) and memory 509, and one or more storage media 508 for storing application programs 507 or data 506 (for example, one or one storage device with a large amount of storage).
  • the memory 509 and the storage medium 508 may be short-term storage or persistent storage.
  • the program stored in the storage medium 508 may include one or more modules (not shown in the figure), and each module may include a series of command operations in the global hook automatic repair device.
  • the processor 501 may be configured to communicate with the storage medium 508, and execute a series of instruction operations in the storage medium 508 on the global hook automatic repair device 500.
  • the global hook automatic repair device 500 may also include one or more power supplies 502, one or more wired or wireless network interfaces 503, one or more input and output interfaces 504, and/or one or more operating systems 505, such as Windows Serve, Mac OS X, Unix, Linux, FreeBSD, etc.
  • operating systems 505 such as Windows Serve, Mac OS X, Unix, Linux, FreeBSD, etc.
  • the processor 501 can execute any of the first definition unit 301, the second definition unit 302, the judgment unit 303, the first shielding unit 304, the calling unit 305, the listening unit 306, the first determining unit 307, and the importing unit 308 in the foregoing embodiment.
  • the processor 501 may also perform the function of any one of the integration unit 309, the second determination unit 310, and the second shielding unit 311 in the foregoing embodiment.
  • the processor 501 is the control center of the global hook automatic repair device, and can perform processing according to the set global hook automatic repair method.
  • the processor 501 uses various interfaces and lines to connect the entire global hook to automatically repair various parts of the device, and executes the global hook by running or executing the software program and/or module stored in the memory 509 and calling the data stored in the memory 509 Automatically repair various functions of the device and process data, so as to realize the shielding of crashes.
  • the storage medium 508 and the memory 509 are both carriers for storing data.
  • the storage medium 508 may refer to an internal memory with a small storage capacity but high speed, and the storage 509 may have a large storage capacity but a slow storage speed. External memory.
  • the memory 509 can be used to store software programs and modules.
  • the processor 501 executes various functional applications and data processing of the global hook automatic repair device 500 by running the software programs and modules stored in the memory 509.
  • the memory 509 may mainly include a storage program area and a storage data area, where the storage program area can store the operating system, at least one application program required by the function (such as monitoring abnormal functions, etc.), etc.; the storage data area can store automatic repair according to global hooks Data created by the use of the device (such as defining a variable function, etc.), etc.
  • the memory 509 may include a high-speed random access memory, and may also include a non-volatile memory, such as at least one magnetic disk storage device, a flash memory device, or other non-volatile solid-state storage devices.
  • a non-volatile memory such as at least one magnetic disk storage device, a flash memory device, or other non-volatile solid-state storage devices.
  • the global hook automatic repair method program and the received data stream provided in the embodiment of the present application are stored in the memory, and when needed, the processor 501 calls from the memory 509.
  • the computer-readable storage medium may be a non-volatile computer-readable storage medium.
  • the computer-readable storage medium stores instructions. When the instructions run on a computer When, make the computer execute the following steps of the global hook automatic repair method:
  • the crash class corresponding to the name of the class to be hooked is blocked, and the crash class is the class that caused the crash or exception.
  • the computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices.
  • the computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium.
  • the computer instructions may be transmitted from a website, computer, server, or data center. Transmission to another website site, computer, server or data center via wired (such as coaxial cable, optical fiber, twisted pair) or wireless (such as infrared, wireless, microwave, etc.).
  • the computer-readable storage medium may be any available medium that can be stored by a computer or a data storage device such as a server or data center integrated with one or more available media.
  • the usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, and a magnetic tape), an optical medium (for example, an optical disc), or a semiconductor medium (for example, a solid state disk (SSD)).
  • the disclosed system, device, and method may be implemented in other ways.
  • the device embodiments described above are only illustrative.
  • the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components can be combined or It can be integrated into another system, or some features can be ignored or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
  • the functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the above-mentioned integrated unit can be implemented in the form of hardware or software functional unit.
  • the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium.
  • the technical solution of this application essentially or the part that contributes to the existing technology or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , Including several instructions to make a computer device (which can be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the method described in each embodiment of the present application.
  • the aforementioned storage media include: U disk, mobile hard disk, read-only memory (read-only memory, ROM), random access memory (random access memory, RAM), magnetic disk or optical disk and other media that can store program code .

Abstract

La présente invention concerne un procédé, un appareil, un dispositif et un support de stockage pour la réparation automatique d'un hook (« crochet ») global, appartenant au domaine de la surveillance de sécurité, utilisés pour bloquer automatiquement des classes qui provoquent des plantages globaux, éviter une modification du code et améliorer l'efficacité de réparation. Le procédé de la présente invention comprend les étapes consistant à : définir une boucle, ladite boucle étant utilisée pour accrocher toutes les classes ; définir une fonction variable, ladite fonction variable étant utilisée pour enregistrer le nom d'une classe à accrocher ; selon la boucle et la fonction variable, déterminer si le nom de la classe à accrocher est dans une liste de filtre ; si le nom de la classe à accrocher est dans ladite liste de filtre, alors bloquer la classe de plantage correspondant au nom de la classe à accrocher, ladite classe de plantage étant une catégorie qui provoque un plantage ou une exception.
PCT/CN2019/103162 2019-04-26 2019-08-29 Procédé, appareil, dispositif et support de stockage pour réparation automatique de hook global WO2020215567A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910341769.2 2019-04-26
CN201910341769.2A CN110221961A (zh) 2019-04-26 2019-04-26 全局hook自动修复方法、装置、设备及存储介质

Publications (1)

Publication Number Publication Date
WO2020215567A1 true WO2020215567A1 (fr) 2020-10-29

Family

ID=67819920

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/103162 WO2020215567A1 (fr) 2019-04-26 2019-08-29 Procédé, appareil, dispositif et support de stockage pour réparation automatique de hook global

Country Status (2)

Country Link
CN (1) CN110221961A (fr)
WO (1) WO2020215567A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113110965A (zh) * 2021-03-12 2021-07-13 北京健康之家科技有限公司 异常信息的监控方法及装置、计算机存储介质、终端
CN115859311A (zh) * 2023-02-17 2023-03-28 杭州孝道科技有限公司 基于屏蔽hook的污点分析方法、系统、存储介质及电子设备

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120304160A1 (en) * 2011-05-27 2012-11-29 Ridgeway Internet Security, Llc Systems and Methods for Run-Time Interception of Software Methods
CN104050418A (zh) * 2013-03-13 2014-09-17 阿里巴巴集团控股有限公司 一种网页浏览器文本背景安全打印的方法和装置
CN104966018A (zh) * 2015-06-18 2015-10-07 华侨大学 基于Windows系统的软件程序异常行为分析方法
CN104992123A (zh) * 2015-04-16 2015-10-21 中安比特(江苏)软件技术有限公司 一种数据库透明加密方法
CN106997313A (zh) * 2017-03-28 2017-08-01 腾讯科技(深圳)有限公司 一种应用程序的信号处理方法、系统及终端设备

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8255931B2 (en) * 2008-02-11 2012-08-28 Blue Coat Systems, Inc. Method for implementing ejection-safe API interception
CN102831043B (zh) * 2011-06-17 2015-05-20 阿里巴巴集团控股有限公司 应用程序监控方法和装置
CN106126397A (zh) * 2016-06-19 2016-11-16 乐视控股(北京)有限公司 程序崩溃消息的处理方法及系统
CN109656773B (zh) * 2017-10-12 2023-03-10 卓望数码技术(深圳)有限公司 一种基于ios系统应用异常崩溃的处理框架
CN108052407A (zh) * 2017-12-13 2018-05-18 深圳乐信软件技术有限公司 一种应用程序崩溃防护方法、装置、设备及存储介质
CN109582574B (zh) * 2018-11-27 2024-03-19 平安科技(深圳)有限公司 一种代码覆盖率统计方法、装置、存储介质及终端设备
CN109669798B (zh) * 2018-12-25 2022-09-16 北京金山安全软件有限公司 崩溃分析方法、装置、电子设备,及存储介质

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120304160A1 (en) * 2011-05-27 2012-11-29 Ridgeway Internet Security, Llc Systems and Methods for Run-Time Interception of Software Methods
CN104050418A (zh) * 2013-03-13 2014-09-17 阿里巴巴集团控股有限公司 一种网页浏览器文本背景安全打印的方法和装置
CN104992123A (zh) * 2015-04-16 2015-10-21 中安比特(江苏)软件技术有限公司 一种数据库透明加密方法
CN104966018A (zh) * 2015-06-18 2015-10-07 华侨大学 基于Windows系统的软件程序异常行为分析方法
CN106997313A (zh) * 2017-03-28 2017-08-01 腾讯科技(深圳)有限公司 一种应用程序的信号处理方法、系统及终端设备

Also Published As

Publication number Publication date
CN110221961A (zh) 2019-09-10

Similar Documents

Publication Publication Date Title
US10171509B2 (en) Filtering and redacting blockchain transactions
US6507852B1 (en) Location-independent service for monitoring and alerting on an event log
US20070207800A1 (en) Diagnostics And Monitoring Services In A Mobile Network For A Mobile Device
US11604674B2 (en) Systems and methods for detecting and filtering function calls within processes for malware behavior
WO2020215567A1 (fr) Procédé, appareil, dispositif et support de stockage pour réparation automatique de hook global
CN106656989B (zh) 一种流量监控方法及终端
US9723075B2 (en) Systems and methods for data synchronization management between call centers and CRM systems
CN107644075B (zh) 收集页面信息的方法和装置
CN109800571B (zh) 事件处理方法和装置、以及存储介质和电子装置
CN109783316B (zh) 系统安全日志篡改行为的识别方法及装置、存储介质、计算机设备
CN112799925A (zh) 数据采集方法、装置、电子设备和可读存储介质
CN107423090B (zh) 一种Flash播放器异常日志管理方法及系统
WO2019140738A1 (fr) Procédé permettant d'éviter des visites de retour en excès, appareil électronique et support d'informations lisible par ordinateur
CN105939345A (zh) 协议表项定时器的管理方法及装置
CN111782621A (zh) 一种业务应用日志处理方法及装置
CN114070755B (zh) 虚拟机网络流量确定方法、装置、电子设备和存储介质
CN109902030A (zh) 一种手机应用程序自动化测试步骤记录与回放的方法
CN106385413A (zh) 入侵报文流的处理方法及装置
US9813927B2 (en) Mobile terminal flow identification method and apparatus
US10713226B1 (en) Managing data using archiving
US20140143264A1 (en) Policy event driven remote desktop recording across a data network
US20230300201A1 (en) Session border controller with dynamic reporting
CN106162609B (zh) 一种推送数据的方法及装置
WO2014173129A1 (fr) Appareil et procédé d'identification de flux de terminal mobile
WO2017035820A1 (fr) Dispositif et procédé de gestion de chaîne de service

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19925797

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19925797

Country of ref document: EP

Kind code of ref document: A1