Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and system for detecting incredible search path loophole

A search path and detection method technology, applied in the field of data security, can solve problems such as easy to miss, let go of loopholes, untrustworthy search path loopholes, etc.

Active Publication Date: 2018-05-04
北京明朝万达科技股份有限公司
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] 5) There may be an untrusted search path vulnerability, end;
[0011] At this stage, process monitoring tools are mainly used to manually judge whether it is a vulnerability. Due to the need for manual detection, the efficiency is low and it is easy to miss, resulting in the vulnerability being missed.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for detecting incredible search path loophole
  • Method and system for detecting incredible search path loophole
  • Method and system for detecting incredible search path loophole

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment approach

[0072] like figure 2 , illustrates the detection flowchart when Windows loads the dynamic link library. Specifically, it is loaded according to: the directory where the application is located → the current directory → the Windows SYSTEM directory → the Windows directory → the path specified by the PATH environment variable. If the DLL is not in the directory where the application is located, it will search in turn. If we open a file in a certain folder, the current directory of the software will change to this folder, and the software will load the DLL at this time. If it is not in the directory where the application program is located, it will search in this folder. At this time, if the Trojan horse file is disguised as this DLL file, it will be loaded by the software and executed successfully. This is the Untrusted Search Path Vulnerability Untrusted Search Path Vulnerability , the process of detecting untrusted search path vulnerabilities in Windows is as follows:

[007...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and system for detecting an incredible search path loophole. The method comprises the following steps of configuring detection parameters of target software; generating corresponding test files on the basis of file types supported by the target software; opening the test files one by one, and starting a target process; according to a return value of a DLL loading function of the started target process when the test files are opened, judging whether or not the incredible search path loophole exists. According to the scheme, the accuracy and comprehensiveness ofloophole detection are improved.

Description

technical field [0001] The invention relates to the field of data security, in particular to a method and system for detecting loopholes in untrustworthy search paths. Background technique [0002] The untrusted search path vulnerability is a kind of software vulnerability, and the mining method of this type of vulnerability is generally manually excavated by researchers in security laboratories of various research institutions. [0003] For example, a target file B is stored in a folder DIR. At this time, there are no other files in the folder. Double-click to open file B. At this time, the target software starts to open file B. If the software starts, the dynamic link library abc is loaded. .dll (DLL file), but there is no such dynamic link library file in the folder DIR, so the dynamic link library is not loaded successfully, and the software continues to execute; but if a dynamic link with this non-existent is stored in this folder If there is a Trojan horse file with t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F11/36G06F21/57
CPCG06F11/3688G06F21/577
Inventor 曲恩纯喻波王志海彭洪涛安鹏
Owner 北京明朝万达科技股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products