Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Program monitoring method and defending method thereof, as well as relevant device

A monitoring device and program technology, applied in the direction of electrical digital data processing, instruments, platform integrity maintenance, etc., can solve problems such as memory access errors, improper recycling, process crashes, etc.

Active Publication Date: 2015-05-06
BEIJING QIHOO TECH CO LTD
View PDF5 Cites 44 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, in the ART mode, it will become more difficult to attempt to monitor the functions called by the program process through the traditional security defense technology, especially some monitoring operations imposed on the process in the ART mode will be Improve the structure of its memory stack, leaving traces on the stack, resulting in memory access errors
[0006] More importantly, ART's garbage collection mechanism is also different from Dalvik. The former only recycles memory garbage in the virtual space, while the latter recycles garbage in the real space in a mixed environment. The memory data of itself, or the data of the monitored process itself, is prone to be improperly recycled by ART's garbage collection mechanism when resources are tight, causing the process to crash
In particular, after Android 5.0, the compact memory recovery mechanism will be used to move memory objects. If this change is not tracked, it will also cause memory access exceptions.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Program monitoring method and defending method thereof, as well as relevant device
  • Program monitoring method and defending method thereof, as well as relevant device
  • Program monitoring method and defending method thereof, as well as relevant device

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment approach

[0097] The jump module 12 is used for writing jump instructions to hook the target function. ARM is a 32-bit instruction set. The hooked target function is compiled into an ARM instruction set, and the target function jump instruction is written to make the target function jump to a custom hook function. The specific implementation method is as follows:

[0098] First save the custom hook function and the address of the hooked target function;

[0099] Generate hook code, specifically 12 bytes, and load the custom hook function address into the PC register;

[0100] Write jump instructions into the first 12 bytes of the target function.

[0101] When calling the hooked target function, execute the jump instruction to jump to the custom hook function.

[0102] After finding the machine code executed by the target function, use an inline hook (inline hook) method to hook it, and write a jump instruction in the first 12 bytes. The jump instruction uses an arm instruction, speci...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a program monitoring method and device. The program monitoring method comprises the following steps: writing in a skip instruction for positioned objective functions so as to perform a hook operation; distributing hook functions to registered Java callback functions, and preventing created temporary variables from being collected by a garbage collection mechanism of a system; enabling the objective functions which are not processed to skip back to hook positions, or else, continuing to process the objective functions. Through the adoption of the program monitoring method disclosed by the invention, any Java function of an Android system under an ART mode can be monitored without destroying the stack of the objective functions, so that the garbage collection mechanism of the ART can perform normal memory collection. The invention further provides a program defending method and device, which realize a defending mechanism of the Android system under the ART mode by adopting the program monitoring method disclosed by the invention.

Description

technical field [0001] The present invention relates to the technical field of computer software security. Specifically, the present invention relates to a program monitoring method and a related device, as well as a program defense method and a related device. Background technique [0002] The security defense technology in the Android system injects codes into the process in a known manner, hijacks the process function, and realizes the monitoring and response to the process by such means. The existing technology is mainly aimed at the Dalvik virtual Machine technology to achieve this purpose of security defense. Since Android 4.4, Android has gradually adopted the ART virtual machine instead of Dalvik, and there are some technical differences between the two. [0003] Dalvik is a Java virtual machine designed by Google itself for the Android platform. The Dalvik virtual machine is one of the core components of the Android mobile device platform jointly developed by manu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/52
CPCG06F21/53G06F2221/033
Inventor 李常坤路轶
Owner BEIJING QIHOO TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com