Method and device for protecting against webpage attacks

Abstract

The invention relates to a method and equipment used for preventing webpage attack. The method comprises the following steps of: before a linked function to be detected which changes the memory protection attribute of a memory address is invoked, obtaining a first parameter and a second parameter of the linked function to be detected, wherein the linked function to be detected is a linked function to be detected which finished a linking operation; detecting whether the first attribute of the memory address page relevant to the first parameter is an executable-relevant permission; detecting whether the second attribute of the memory address page relevant to the second parameter is revised into a writable-relevant permission; and when the first attribute is the executable-relevant permission and the second attribute is revised into the writable-relevant permission, warning or stopping the execution of the linked function to be detected.

Description

technical field [0001] The invention relates to computer network security technology, in particular to a method and equipment for protecting webpage attacks. Background technique [0002] Web page Trojan horse attack is one of the most popular network attacks at present. Currently, most web page Trojans are based on buffer overflow vulnerabilities in browsers. Attackers use overflow vulnerabilities to change and control the execution process of programs, and ultimately control the system to download and run Trojans. The process of webpage Trojan horse attack is generally that the attacker manipulates the heap memory of the browser through javascript, writes the malicious code shellcode into the heap memory address of the browser, and changes the execution process of the program through the buffer overflow vulnerability, so that the shellcode in the browser heap memory be implemented. [0003] As web Trojan attacks become more and more common, the security products of vario...

AI Technical Summary

Problems solved by technology

[0010] The main purpose of the present invention is to provide a method and device for protecting against webpage attacks, so as to solve the problem of malicious attacks aimed at unhooking key API functions of HOOK hooks in the prior art, wherein the method may include: changing the memory when calling Before the hooked function to be detected of the memory protection attribute of the address, obtain the first parameter and the second parameter of the hooked function to be detected, wherein, the hooked function to be detected is a function to be detected that completes the hook operation; detection and the described Whether the first attribute of the memory address page associated with the first parameter is a permission associated with execution, and detecting whether the second attribute of the memory address page associated with the second parameter is modified to be associated with writable and when the first attribute is a permission associated with executable and the second attribute is modified to be a permission associated with writable, warning or preventing execution of the hooked function to be detected

Images