Unlock instant, AI-driven research and patent intelligence for your innovation.

Method, device and equipment for acquiring executable file in memory and storage medium

A technology for executing files and obtaining methods, which is applied in the direction of program control devices, computer security devices, program control design, etc., can solve problems such as inability to obtain fingerprint features, inability to be detected by anti-virus software, inability to detect and kill processing, etc., to achieve enhanced security defense effect of ability

Pending Publication Date: 2020-05-19
TENCENT TECH (SHENZHEN) CO LTD
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, because these encrypted malicious executable files will not land on the device, antivirus software cannot detect them, and cannot obtain the corresponding fingerprint features. Even if these malicious executable files land on the device, because the virus signature database There is no corresponding fingerprint feature in the file, and the antivirus software still cannot confirm that it is a malicious file, so it cannot detect and kill it.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device and equipment for acquiring executable file in memory and storage medium
  • Method, device and equipment for acquiring executable file in memory and storage medium
  • Method, device and equipment for acquiring executable file in memory and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0084] The core of the present application is to provide a method for obtaining executable files in memory. Set the virtual memory of the pre-built virtual environment to non-executable permissions. Select a task file to be tested in the task file library, and determine the selected task file to be tested as the target task file. In the virtual environment, start the target task file. After the target task file is started, it will run in virtual memory. During the running of the target task file, the executable file embedded in it may be executed, and the virtual memory of the current virtual environment has non-executable permissions, so once the executable file embedded in the target task file is executed, it can be monitored obtained, so that it is determined that an executable file is executed in the current virtual memory, and then the executable file can be obtained. Further analysis can be performed on the executable file, such as extracting fingerprint features, det...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for obtaining an executable file in a memory, and the method comprises the following steps: starting a target task file in a pre-built virtual environment, wherein a virtual memory of the virtual environment has an unexecutable permission; and in the running process of the target task file, if it is monitored that the executable file is executed in the virtual memory, obtaining the executable file, and further analyzing the executable file. The technical scheme provided by the embodiment of the invention is applied; according to the method, the virtual memory of the virtual environment is set to be the non-executable permission, so that the executable file can be monitored in time when the executable file is executed in the virtual memory, the executable file can be obtained in time, the executable file can be further analyzed, a basis is provided for expansion of a virus knowledge base, and the security defense capability is enhanced. The invention further discloses a device and equipment for obtaining the executable file in the memory and a storage medium, and the corresponding technical effects are achieved.

Description

technical field [0001] The present application relates to the technical field of computer applications, and in particular to a method, device, device and storage medium for obtaining executable files in memory. Background technique [0002] In daily work and life, the use of mobile phones, computers and other equipment is becoming more and more common. With the rapid development of computer technology and Internet technology, these devices are more and more likely to be infected with viruses. Viruses will affect the normal use of devices and the security of files and data in devices. This requires antivirus software to scan and kill viruses to ensure the security of files and data in the device. [0003] When antivirus software scans and kills viruses, it usually matches the fingerprint features of suspicious files with the pre-obtained virus signature database to determine whether the suspicious files are malicious files, and further process them according to the determina...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F9/455
CPCG06F21/566G06F9/45558G06F2009/45583
Inventor 齐文杰刘敏杨耀荣曹有理谭昱
Owner TENCENT TECH (SHENZHEN) CO LTD