Unlock instant, AI-driven research and patent intelligence for your innovation.

Positioning method and positioning system for target address

A technology of target address and positioning method, applied in the field of target address positioning method and system, can solve the problems of feature hard coding failure, poor backward compatibility, weak cross-platform capability of original address positioning technology, etc. Good post-compatibility, overcoming blue screen or crash effect

Active Publication Date: 2014-12-17
三六零数字安全科技集团有限公司
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

According to the binary byte stream method depends on the specific operating system version or compiler option settings, as long as there is a single bit change in the new platform, the hard-coded features will be invalidated. Therefore, the existing original address positioning technology has weak cross-platform capabilities. poor backwards compatibility

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Positioning method and positioning system for target address
  • Positioning method and positioning system for target address
  • Positioning method and positioning system for target address

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0031] Embodiment 1, reference figure 1 , showing a method for locating a target address, which may specifically include:

[0032] Step 101, loading the target driver program to the user mode memory space;

[0033] Step 102, simulating the parameters and environment required for the operation of the target driver;

[0034] Step 103, the target driver runs in the user state, and obtains the original address of the target driver.

[0035] During specific implementation, step 102 may include (refer to figure 2 ):

[0036] Step 1021, forging and traversing and replacing all imported functions of the target driver;

[0037] Step 1022, creating a thread, forging and initializing the target driver object structure and string pointer;

[0038] Step 1023, call the export entry of the target driver in the thread.

[0039] When specifically implementing the above-mentioned embodiment 1 step 103 to obtain the original address of the target driver, it may include (refer to image 3...

Embodiment 6

[0066] In embodiment 6, the present invention also discloses a target address positioning system (refer to Image 6 ). Embodiment 6, a system for locating a target address includes: a loading device 601, configured to load the target driver program into the user-mode memory space; a simulation device 602, used to simulate the parameters and environment required for the operation of the target driver program; an acquisition device 603, It is used for the target driver to run in the user mode and obtain the original address of the target driver. After the loading device 601 loads the target driver program into the user mode memory space, the simulation device 602 simulates the parameters and environment required for the target driver program to run in the user mode; during the target driver program running process, some required system variables Values ​​such as the address of the routine and the address of the routine are filled by execution, and the actual original address of...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a positioning method for a target address. The positioning method comprises the steps: loading a target driving program to a user mode memory space; simulating parameters and environments required by operation of the target driving program; and operating the target driving program under the user mode and obtaining an original address of the target driving program. The positioning method has the advantages that associated information such as core environments and parameters for operation of the target driving program is stimulated, so that the target driving program is operated in the user mode so as to obtain the actual original address, thereby the problem that in the prior art, hard code cannot be overcome by searching for the original address through the binary byte stream is solved. The positioning method for the target address has strong cross-platform capacity and good backward compatibility.

Description

technical field [0001] The invention relates to the field of security software, in particular to a method and system for locating a target address. Background technique [0002] Due to certain flaws in the design theory (such as lack of integrity verification mechanism, etc.), there are a large number of possibilities of being tampered with on the Microsoft Windows 32-bit operating system platform. In the process of killing malicious programs (computer viruses), security software needs to find and locate the original address of the suspected poisoning program and function, and then compare the original address value with the current value to find out the difference. The location is the hidden modification point tampered with by the virus, and then restore the value of the hidden modification point to the original default value, which is an important step for security software to attack and defend against viruses. [0003] It can be known from the description of the antiviru...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/51G06F21/56
Inventor 潘剑锋王宇
Owner 三六零数字安全科技集团有限公司