Application process monitoring method and apparatus

Abstract

An application process monitoring method comprises the steps of acquiring an application process start instruction, calling a dynamic-link library opening function according to the application process start instruction, determining whether the application process contains a loading program according to the dynamic-link library opening function, determining whether the loading program is a dangerous loading program when the application program contains the loading program, and if the loading program is a dangerous loading program, blocking the application program and returning a failure. The invention further provides an application process monitoring apparatus. When the application process is started, whether the application process is attached and whether the attached program is a dangerous loading program are determined; when the application process contains an attached program, immediate quit is not directly conducted; only when a dangerous loading program is loaded to the application process, the corresponding application process is blocked and failures are returned, so more accurate risk prevention is provided; and the great application performance is achieved, and injection behaviors of malicious software can be effectively prevented.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to a method and device for monitoring an application process. Background technique [0002] Code injection is a commonly used technique for malicious software such as plug-ins and viruses. Malware dynamically injects executable files containing malicious behavior into third-party application processes to run, tampering, stealing data, and destroying third-party application processes. Common third-party application processes such as banking, online shopping, payment, and games are often easy targets for this type of malware. [0003] Usually, the process of code injection into an application process includes two steps. The first step is to attach malware to the target application process to make it in a debuggable state. The second step is to send a debugging command to the target application process to make it load the Executable code for malicious behavior. Correspondingly...

AI Technical Summary

Problems solved by technology

[0004] 1. Through continuous detection to determine whether the application process is being debugged by malicious software, once it is found to be debugged, it will exit immediately, and the user cannot know the real reason for the application process exit in time, resulting in some application processes that are upgraded by loading programs and cannot be used normally. , causing troubles to users;

[0005] 2. Creating a daemon process attached to the application process requires an additional daemon process, which has a certain impact on application performance, and if the daemon process is killed, there will be no way to prevent it from being attached by malware

[0006] In related technologies, there is no effective solution for the above problems

Images