Target program processing method, processing device and cloud service equipment

Abstract

The application discloses a target program processing method, a processing device and cloud service equipment. The target program processing method comprises the steps of: obtaining a name of a third-party function library and the name of a function included in the third-party function library, wherein the third-party function library is the third-party function library to be introduced when a target program is loaded to a memory; constructing a blank function library, and faking the blank function library into the third-party function library according to the name of the third-party function library and the name of the function included in the third-party function library; introducing the faked third-party function library and reading the corresponding function name so as to load the target program to the memory; and shucking and scanning the target program, and processing the target program according to the scanning result. According to the application, loading of the target file is ensured by automatically constructing the third-party function library, so that shucking and scanning can be performed in an antivirus environment without the third-party function library.

Description

technical field [0001] The present application belongs to the field of computers, and in particular, relates to an object program processing method, processing device and cloud service equipment. Background technique [0002] PE files are program files on the Windows operating system and are called Portable Executable (PE, Portable Execute) files. Common PE files include: EXE, DLL, OCX, SYS, COM and other files. [0003] Packing a PE file requires a special algorithm to compress and encrypt resources in the PE file, and the PE file after packing can run independently. After the shell code attached to the original program of the PE file is loaded into the memory through the Windows loader at runtime, it is executed before the original program of the PE file to obtain the control right of the PE file. During the execution of the shell code, the original program of the PE file is decrypted, Decompression, this restoration process is completely hidden, and it is all completed ...

AI Technical Summary

Problems solved by technology

When performing dynamic unpacking, many PE files need to import third-party function libraries before they can be loaded into memory for execution. The so-called third-party function libraries refer to non-system function libraries that need to be imported when PE files are loaded into memory. The third-party function library does not exist in the isolation environment, so the Windows operating system cannot load the PE file into the memory, and it cannot be unpacked

Images