Method for intercepting target progress with self-protection

A target process, program technology, applied in the computer field

Inactive Publication Date: 2012-11-28
北京伸得纬科技有限公司 +1
View PDF5 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] In order to solve the problem that the process with self-protection function shields all API HOOK interception in the prior art, the present invention provides a new imitation target process with the same function for the target process, and changes the target process in the imitation target process The method of calling the pointing address of the system service command to achieve the purpose of interception, the specific scheme is as follows:

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for intercepting target progress with self-protection
  • Method for intercepting target progress with self-protection
  • Method for intercepting target progress with self-protection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0011] The technical solutions of the embodiments of the present invention will be further described below in conjunction with the accompanying drawings and specific embodiments. Such as figure 1 Shown, the present invention comprises the steps:

[0012] 101. Transfer the target process into the memory for debugging and find the call system service instruction therein;

[0013] The method establishes a virtual environment in the memory, then transfers the target process into the virtual environment in the memory, disassembles the target process and obtains the disassembled code. Matching is performed in the disassembled code. The purpose of matching is to find out all calling system service instructions in the target process. The specific matching instructions are defined by the user. The defined standard is the instruction that is shielded according to the self-protection program of the target process. The routine is call, jmp, jz, jnz call instructions or jump instructions...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for intercepting a target progress with self-protection. The method comprises the following steps of: calling the target progress into a memory to debug and searching all calling system service instructions; building mapping codes with different forms and same execution original functions for a directing code of each determined calling system service instruction; building a simulating target progress document and copying the codes of the target progresses to the simulating target progress document in the debugging process, and replacing the directing codes of the corresponding instructions by the mapping codes; compiling the simulating target progress document to form an executive simulating target progress; replacing the target progress by the simulating target progress when the system calls the target progress and executing; and intercepting the simulating target progress to realize the interception of the target progress. By the method, a corresponding relation between the target progress and the simulating target progress is built, and since the target progress is replaced by the simulating target progress, so an application program interface (API) hook can be used for interception.

Description

technical field [0001] The invention relates to the field of computers, in particular to a method for avoiding the interception of process shielding HOOK with self-protection. Background technique [0002] The Windows operating system is built on an event-driven mechanism, and all parts of the system communicate through the mutual transmission of messages. However, under normal circumstances, applications can only process messages from within the process or from For messages sent by other processes, if you need to intercept the messages passed outside the process, you must adopt a technology called HOOK (hook). HOOK is a very important system interface in the Windows operating system. It can be used to easily intercept and process messages passed between other applications, and thus complete some special functions that are difficult for ordinary applications to achieve. [0003] In the Windows operating system, an API refers to a function that is provided by the operating s...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/00G06F9/45
Inventor 李瑞平
Owner 北京伸得纬科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap