Unlock instant, AI-driven research and patent intelligence for your innovation.

Script monitoring method and device

A technology for scripting and monitoring information, applied in hardware monitoring, computer security devices, instruments, etc., can solve problems such as being susceptible to interference and poor script monitoring effect, and achieve the effect of strengthening monitoring

Inactive Publication Date: 2019-07-30
BEIJING CHEETAH MOBILE TECH CO LTD +4
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The present application provides a script monitoring method and device, to at least solve the problem that the way of using plaintext for virus feature matching is easily interfered, resulting in poor script monitoring effect

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Script monitoring method and device
  • Script monitoring method and device
  • Script monitoring method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0052] In the dynamic analysis platform, when the VBS script is running, use the API hooking technology to hook the decryption function used for script decryption in the memory, which is located in the vbscript.dll module. When Wscript.exe executes VBS scripts, it will load vbscript.dll as the execution engine. For encrypted or unencrypted functions (that is, functions in the script), the code of the script must be compiled by vbscript.dll before the code of the script can be executed by the machine.

[0053] Figure 6 It is a flow chart of VBS script monitoring according to a preferred embodiment of the present application, such as Figure 6 As shown, the process includes the following steps:

[0054] Step S602, locate the function responsible for compiling by the VBS engine, and the function is located in COleScript::Compile.

[0055] Step S604, when the normal execution of the VBS script proceeds to the compiling function, the content pointed to by a field in the compili...

Embodiment 2

[0060] In this preferred embodiment, another script file: batch file is taken as an example for description.

[0061] Batch file: it is a file with the suffix .bat under the Windows series operating system (Windows) platform. Batch files are interpreted and executed by the system process cmd.exe.

[0062] Figure 7 It is a flow chart of BAT script monitoring according to a preferred embodiment of the present application, such as Figure 7 As shown, the process includes the following steps:

[0063] Step S702, the cmd.exe process performs syntax analysis on the BAT file (that is, the batch file) to be executed.

[0064] Step S704, the cmd.exe process divides each instruction.

[0065] Step S706, when the cmd.exe process dispatches and executes, obtain the execution right, and print out a log (log).

[0066] In step S708, the cmd.exe process distributes the divided instructions.

[0067] Through the above steps, the execution command of the entire BAT script can be obtaine...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The application discloses a script monitoring method and a script monitoring device, wherein the method comprises the following steps of acquiring the monitoring information of an assembly generated in the process of running a script, wherein the assembly is a system assembly in an operating system; monitoring the script according to the monitoring information. Through the application, the problem that the mode of matching virus characteristics by adopting a plain text is easily disturbed to cause the poor monitoring effect of the script is solved, and the monitoring for the script is enhanced.

Description

technical field [0001] The invention relates to the field of computer security, in particular to a script monitoring method and device. Background technique [0002] Script files generally do not need to be compiled into binary files, but are executed by programs included in the operating system, for example, Microsoft Visual Basic Script Edition (Microsoft Visual Basic Script Edition, abbreviated as VBScript, also abbreviated as VBS) , the script is a scripting language based on Visual Basic programming language (VisualBasic). The VBS script can be directly interpreted and executed by the host (for example, wscript.exe in the operating system) without being compiled into a binary file. [0003] For the script file, in related technologies, the antivirus software generally scans the plaintext of the script file through characteristic information, and if the characteristic information is matched, it prompts the user that it is a virus. However, for encrypted scripts, if the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F11/30
CPCG06F11/302G06F21/566
Inventor 苏海峰白彦庚杨景杰邹义鹏张楠陈勇
Owner BEIJING CHEETAH MOBILE TECH CO LTD