Method and device for reconstruction of Native API function

A function and loading function technology, applied in the computer field, can solve problems such as pre-processing of malicious programs, application program security, and hidden dangers, so as to avoid being processed by malicious programs and improve security

Active Publication Date: 2014-01-22
GUANGZHOU HUADUO NETWORK TECH
View PDF2 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In order to solve the problem in the prior art that the process of calling the API function is easily pre-processed by a malicious program, causing t

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for reconstruction of Native API function
  • Method and device for reconstruction of Native API function
  • Method and device for reconstruction of Native API function

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0061] In order to make the object, technical solution and advantages of the present invention clearer, the implementation manner of the present invention will be further described in detail below in conjunction with the accompanying drawings.

[0062] In the process of realizing the present invention, the inventor found that in the prior art, before calling the WINDOWS API function or Native API function required to execute the application program, the address of the WINDOWS API function or the address of the Native API function is easily obtained by a malicious program preferentially. In this way, the final result obtained by the application program is likely to be monitored or modified by the malicious program, so there is a great security risk for the application program. However, the inventor found that during the execution of the application, the WINDOWS API function called will eventually call the lower-level Native API function to complete the corresponding function, an...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and device for reconstruction of a Native API function, and belongs to the technical field of computers. The method comprises the steps that system call numbers of loading functions are obtained; the system call numbers of the loading functions are respectively copied into codes of a user-defined loading function; NTDLL.DLL is loaded to a defined position of internal storage according to the user-defined loading function; the Native API function in the NTDLL.DLL is utilized to reconstruct user-defined Native API functions of user-defined code segments respectively. According to the method and device, the loading function is simulated to load the NTDLL.DLL, and the Native API function is reconstructed by means of the loaded NTDLL.DLL; the problem that high safety hidden danger exists in the prior art when the API function is called is resolved; when an application program operates, the reconstructed user-defined Native API functions can be directly called, and the advantages that the application program is prevented from being processed by a rogue program and safety of the application program is improved are achieved.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a Native API function reconstruction method and device. Background technique [0002] With the widespread popularization and application of WINDOWS API (WINDOWS Application Programming Interface, WINDOWS application programming interface) programming, more and more applications can complete corresponding functions by calling WINDOWS API functions. [0003] At present, when an application implements a specific function, at the application layer, it first needs to load a function-related DLL (Dynamic Link Library, dynamic link library), and then obtain the starting address of the WINDOWS API function in the DLL according to the GetProcAddress function. The initial address calls corresponding WINDOWS API functions, and these WINDOWS API functions usually call lower-level Native API functions at last, and these Native API functions finally complete the access to the driver layer. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/51
CPCG06F21/556
Inventor 冯世杰
Owner GUANGZHOU HUADUO NETWORK TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap