Process monitoring method and device and intelligent terminal

A process monitoring and sub-process technology, applied in the field of communication, can solve problems such as inability to monitor native sub-processes, and achieve the effect of improving security, avoiding threats and ensuring system security.

Active Publication Date: 2014-11-19
BEIJING QIHOO TECH CO LTD
View PDF5 Cites 29 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, now the JAVA process will also create a Native sub-p

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Process monitoring method and device and intelligent terminal
  • Process monitoring method and device and intelligent terminal
  • Process monitoring method and device and intelligent terminal

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0085] figure 1 It is a method for process monitoring in the embodiment of the present application, which can be implemented based on an intelligent terminal; as figure 1 As indicated, it may specifically include:

[0086] S101: When a parent process creates a child process, intercept the creation of the child process, and use an injector to replace the child process, thereby creating an injector.

[0087] Among them, when the parent process creates a child process, the creation of the child process is intercepted, and the injector is used to replace the child process, thereby creating an injector, including:

[0088] When the parent process creates a child process, the parent process first creates a mirror image of the child process through the fork function, and then calls the path parameter corresponding to the child process through the Execve function, thus completing the creation of the child process. However, in order to obtain an injector in this application, it is nece...

Embodiment 2

[0099] figure 2 It is the process monitoring method of the second embodiment of the present application, which can be implemented based on an intelligent terminal; as figure 2 As indicated, it may specifically include:

[0100] S201: When the parent process creates a child process, determine whether the parent process creates the child process through account switching SU privilege escalation, if yes, execute S202; otherwise, execute S203.

[0101] Among them, judging whether the parent process creates a child process by means of account switching SU privilege escalation includes:

[0102] Determine whether the child process contains a function that shares the S attribute;

[0103] If it contains a function with the S attribute, it is determined that the child process is created through SU privilege escalation;

[0104] If the function of the S attribute is not included, it is determined that the child process is not created through SU privilege escalation.

[0105] S202...

Embodiment 3

[0118] image 3 It is the device for process monitoring in the third embodiment of the present application, which can be implemented based on an intelligent terminal; for example image 3 As indicated, it may specifically include:

[0119] The interception module 301 is used to intercept the creation of the child process when the parent process creates the child process, and use the injector to replace the child process, thereby creating the injector;

[0120] The injection module 302 is used to create a monitoring process through the injector, continue to create the sub-process by using the parameters obtained when intercepting the creation of the sub-process, and inject the preset Hook monitoring module into the sub-process through the monitoring process, thereby completing the creation of the sub-process ;

[0121] The monitoring module 303 is configured to cause the monitoring process to quit running after the creation of the sub-process is completed, and monitor the opera...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a process monitoring method and device and an intelligent terminal and belongs to the technical field of communication. The method comprises the steps that when a parent process establishes a child process, the establishment of the child process is intercepted, an injector is used for replacing the child process, and thus the injector is established; a monitoring process is established through the injector, the child process is established continually by using parameters obtained when the establishment of the child process is intercepted, a preset Hook monitoring module is injected into the child process through the monitoring process, and thus the establishment of the child process is completed; after the establishment of the child process is completed, the monitoring process stops operating, and the operation of the child process is monitored through the Hook monitoring module. The device comprises an intersecting module, an injecting module and a monitoring module. The intelligent terminal comprises a distributing platform and a Hook platform. The process monitoring method and device and the intelligent terminal can monitor any child process.

Description

technical field [0001] The present application relates to the field of communication technology, and in particular to a process monitoring method, device and intelligent terminal. Background technique [0002] With the development of communication technology, the functions of mobile terminals such as mobile phones are becoming more and more powerful. Not only can you make calls and send short messages through mobile terminals, but you can also shop and pay through mobile terminals. Therefore, the security of mobile terminals is getting higher and higher. more important. For mobile terminals using the Android (Android) system, general applications (such as instant messaging applications, game applications, etc.) all create JAVA sub-processes through the JAVA process to run. [0003] In recent years, taking advantage of the fact that the Android platform can only grant behavioral permissions to applications as a whole, the number of malicious applications targeting the Androi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/54G06F21/56
CPCG06F21/566
Inventor 李常坤孙年忠
Owner BEIJING QIHOO TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap