Method, device, electronic device and storage medium for monitoring application program

An application program and monitored technology, applied in hardware monitoring, electrical digital data processing, instruments, etc., can solve problems such as monitoring failure and achieve the effect of improving the success rate of monitoring

Active Publication Date: 2018-12-25
WUHAN DOUYU NETWORK TECH CO LTD
View PDF11 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, when IAT HOOK is used to monitor the application, it is usually detected by the developer of the monitoring application, which leads to the failure of monitoring. Therefore, how to bypass the detection of IAT and improve the success rate of IAT HOOK to monitor the application is very meaningful.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device, electronic device and storage medium for monitoring application program
  • Method, device, electronic device and storage medium for monitoring application program
  • Method, device, electronic device and storage medium for monitoring application program

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0051] figure 1 It is a schematic flowchart of a method for monitoring an application program provided by Embodiment 1 of the present invention. The application program monitoring method disclosed in this embodiment is specifically based on the Windows platform through the IAT HOOK technology to monitor the application program. The method can be performed by an application program monitoring device, wherein the device can be implemented by software and / or hardware. And it is generally integrated in a terminal, such as a computer. For details, see figure 1 As shown, the method includes the following steps:

[0052] 110. Determine the monitored target function address from the input address table IAT of the corresponding portable executable PE file when the application program is running.

[0053]Wherein, when a specific application program is run on the Windows platform, the system module functions to be called when the specific application program is running or the API func...

Embodiment 2

[0081] figure 2 It is a schematic flowchart of a method for monitoring an application program provided by Embodiment 2 of the present invention. On the basis of the above-mentioned embodiments, this embodiment is embodied, provides specific implementation steps, and presents a specific monitoring process by way of example. For details, see figure 2 As shown, the method includes the following steps:

[0082] 210. Write a monitoring function according to the monitoring task.

[0083] Assume that in this embodiment, it is necessary to perform IAT HOOK on the ExitProcess function of the exit process, that is, the ExitProcess function is the target function to be monitored. Through HOOK, you can monitor the event when the program exits, so that you can do some resource release or data storage work. For IAT HOOK, it is first necessary to write a monitoring function to replace the function originally called by the system (that is, to replace the monitored target function). In t...

Embodiment 3

[0158] image 3 It is a schematic structural diagram of an application program monitoring device provided in Embodiment 3 of the present invention. see image 3 As shown, the device includes: a determination module 310, a replacement module 320, a calling module 330 and a monitoring module 340;

[0159] Wherein, the determination module 310 is used to determine the monitored target function address from the input address table IAT of the portable executable PE file corresponding to the application program running;

[0160] A replacement module 320, configured to replace the monitored target function address in the IAT with a predetermined free memory address belonging to a system module;

[0161] A calling module 330, configured to call a monitoring function through the free memory address belonging to the system module;

[0162] A monitoring module 340, configured to monitor the application program based on the monitoring function;

[0163] Wherein, the monitoring functio...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses a monitoring method, a device, an electronic device and a storage medium of an application program. The method comprises the following steps: determining a monitored target function address from an input address table IAT of a portable executable PE file corresponding to an application program running; and determining a target function address from an input address table IAT of the portable executable PE file; replacing the monitored target function address in the IAT with a predetermined free memory address belonging to the system module; calling a monitoring function through an idle memory address belonging to the system module; monitoring the application program based on the monitoring function; wherein the monitoring function is written in advance based on the monitoring task. By adopting the technical scheme, the purpose of avoiding detecting the IAT is realized, and the success rate of monitoring the application program is improved.

Description

technical field [0001] The embodiment of the present invention relates to the technical field of IAT (Import Address Table, input address table) HOOK monitoring on the Windows platform, and in particular to a monitoring method, device, electronic device and storage medium of an application program. Background technique [0002] At present, some application software developed based on the Windows platform have more and more functions, and based on the strong support of the Windows platform, some software with special functions can be developed, such as monitoring all read and write files of a certain program, monitoring keyboard input or monitoring network traffic. software with special functions. However, for the Windows platform, many functions need to be realized through HOOK technology. For example, to monitor all files opened by a program, the API (Application Programming Interface, application programming interface) function of the file can be opened through HOOK techno...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/30
CPCG06F11/302
Inventor 周志刚
Owner WUHAN DOUYU NETWORK TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap