Method, device, electronic device and storage medium for monitoring application program
An application program and monitored technology, applied in hardware monitoring, electrical digital data processing, instruments, etc., can solve problems such as monitoring failure and achieve the effect of improving the success rate of monitoring
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
Method used
Image
Examples
Embodiment 1
[0051] figure 1 It is a schematic flowchart of a method for monitoring an application program provided by Embodiment 1 of the present invention. The application program monitoring method disclosed in this embodiment is specifically based on the Windows platform through the IAT HOOK technology to monitor the application program. The method can be performed by an application program monitoring device, wherein the device can be implemented by software and / or hardware. And it is generally integrated in a terminal, such as a computer. For details, see figure 1 As shown, the method includes the following steps:
[0052] 110. Determine the monitored target function address from the input address table IAT of the corresponding portable executable PE file when the application program is running.
[0053]Wherein, when a specific application program is run on the Windows platform, the system module functions to be called when the specific application program is running or the API func...
Embodiment 2
[0081] figure 2 It is a schematic flowchart of a method for monitoring an application program provided by Embodiment 2 of the present invention. On the basis of the above-mentioned embodiments, this embodiment is embodied, provides specific implementation steps, and presents a specific monitoring process by way of example. For details, see figure 2 As shown, the method includes the following steps:
[0082] 210. Write a monitoring function according to the monitoring task.
[0083] Assume that in this embodiment, it is necessary to perform IAT HOOK on the ExitProcess function of the exit process, that is, the ExitProcess function is the target function to be monitored. Through HOOK, you can monitor the event when the program exits, so that you can do some resource release or data storage work. For IAT HOOK, it is first necessary to write a monitoring function to replace the function originally called by the system (that is, to replace the monitored target function). In t...
Embodiment 3
[0158] image 3 It is a schematic structural diagram of an application program monitoring device provided in Embodiment 3 of the present invention. see image 3 As shown, the device includes: a determination module 310, a replacement module 320, a calling module 330 and a monitoring module 340;
[0159] Wherein, the determination module 310 is used to determine the monitored target function address from the input address table IAT of the portable executable PE file corresponding to the application program running;
[0160] A replacement module 320, configured to replace the monitored target function address in the IAT with a predetermined free memory address belonging to a system module;
[0161] A calling module 330, configured to call a monitoring function through the free memory address belonging to the system module;
[0162] A monitoring module 340, configured to monitor the application program based on the monitoring function;
[0163] Wherein, the monitoring functio...
PUM
Abstract
Description
Claims
Application Information
- R&D Engineer
- R&D Manager
- IP Professional
- Industry Leading Data Capabilities
- Powerful AI technology
- Patent DNA Extraction
Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.
© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap