Unlock instant, AI-driven research and patent intelligence for your innovation.

Positioning method and positioning system for target address

A technology of target address and positioning method, applied in the field of target address positioning method and system, can solve the problems of feature hard coding failure, poor backward compatibility, weak cross-platform capability of original address positioning technology, etc. Good backward compatibility, overcoming blue screen or crash effect

Active Publication Date: 2012-12-19
三六零数字安全科技集团有限公司
View PDF6 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

According to the binary byte stream method depends on the specific operating system version or compiler option settings, as long as there is a single bit change in the new platform, the hard-coded features will be invalidated. Therefore, the existing original address positioning technology has weak cross-platform capabilities. poor backwards compatibility

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Positioning method and positioning system for target address
  • Positioning method and positioning system for target address
  • Positioning method and positioning system for target address

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0031] Example 1, reference figure 1 , Shows a target address locating method, which can specifically include:

[0032] Step 101: Load the target driver into the user mode memory space;

[0033] Step 102, simulating the parameters and environment required for the operation of the target driver;

[0034] Step 103: The target driver runs in the user mode, and the original address of the target driver is obtained.

[0035] In specific implementation, step 102 may include (refer to figure 2 ):

[0036] Step 1021: Forge, traverse, and replace all imported functions of the target driver;

[0037] Step 1022, create a thread, forge and initialize the object structure and string pointer of the target driver;

[0038] Step 1023: Call the export entry of the target driver in the thread.

[0039] When obtaining the original address of the target driver in step 103 of the above embodiment 1, it can include (refer to image 3 ):

[0040] Step 1031: Read system variables and routine address values;

[004...

Embodiment 6

[0066] In Embodiment 6, the present invention also discloses a target address positioning system (refer to Image 6 ). Embodiment 6, a target address locating system includes: loading device 601, used to load the target driver into the user-mode memory space; simulation device 602, used to simulate the parameters and environment required for the operation of the target driver; acquiring device 603, It is used for the target driver to run in user mode to obtain the original address of the target driver. After the loading device 601 loads the target driver into the memory space of the user mode, the simulation device 602 simulates the parameters and environment required for the operation of the target driver in the user mode; during the operation of the target driver, some system variables are required Values ​​such as the address of the routine and the routine address are filled, and the relocation information of the target driver is accumulated to obtain the actual original add...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a positioning method for a target address. The positioning method comprises the steps: loading a target driving program to a user mode memory space; simulating parameters and environments required by operation of the target driving program; and operating the target driving program under the user mode and obtaining an original address of the target driving program. The positioning method has the advantages that associated information such as core environments and parameters for operation of the target driving program is stimulated, so that the target driving program is operated in the user mode so as to obtain the actual original address, thereby the problem that in the prior art, hard code cannot be overcome by searching for the original address through the binary byte stream is solved. The positioning method for the target address has strong cross-platform capacity and good backward compatibility.

Description

Technical field [0001] The present invention relates to the field of security software, in particular to a method and system for locating a target address. Background technique [0002] Due to certain flaws in the design theory (such as lack of integrity check mechanism, etc.), there are a lot of possibilities for tampering with the Microsoft Windows 32-bit operating system platform. In the process of detecting and killing malicious programs (computer viruses), security software needs to find and locate the original address of the suspected poisoned program and function, and then compare its original address value with its current value to find out the differences. Among these differences The place is the secret modification point tampered with by the virus, and then the value of the secret modification point is restored to the original default value. This is an important step for security software and virus attack and defense. [0003] From the above description of anti-virus of ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00
Inventor 潘剑锋王宇
Owner 三六零数字安全科技集团有限公司