Unlock instant, AI-driven research and patent intelligence for your innovation.

Sample detection method and device, electronic equipment and storage medium

A sample detection and sample technology, applied in the field of electronic equipment and storage media, devices, and sample detection methods, can solve the problem of sandbox loss of effectiveness

Pending Publication Date: 2022-04-01
BEIJING ANTIY NETWORK SAFETY TECH CO LTD
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] However, when the sample itself is anti-injected, such as creatingRemoteThread is hooked globally, various anti-debugging, such as peb debugging environment detection, anti-hooking, such as inlineHook bytecode judgment, such as rop, etc., will make the existing sand box out of use

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Sample detection method and device, electronic equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] Embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0044] It should be noted that, in the case of no conflict, the following embodiments and the features in the embodiments can be combined with each other; and, based on the embodiments in the application, those of ordinary skill in the art obtained without creative work All other embodiments belong to the protection scope of this application.

[0045] It is noted that the following describes various aspects of the embodiments that are within the scope of the appended claims. It should be apparent that the aspects described herein may be embodied in a wide variety of forms and that any specific structure and / or function described herein is illustrative only. Based on the present application one skilled in the art should appreciate that an aspect described herein may be implemented independently of any other aspects and that two or more of these aspects...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a sample detection method and device, electronic equipment and a storage medium. The method comprises the following steps: receiving a detection environment establishment instruction, and establishing a detection environment process in a current operating system; the detection environment process can simulate the process environment of the current operating system; loading a sample to be processed into the detection environment process; controlling the to-be-processed sample to run in the detection environment process; obtaining target behavior data when the to-be-processed sample runs in the detection environment; the address called by the to-be-processed sample during operation is an offset address processed according to an actual calling address. According to the sample detection method provided by the invention, the to-be-processed sample and the detection environment process are located in the same virtual address, and the behavior of the to-be-processed sample is directly hijacked without performing injection operation on the to-be-processed sample, so that the to-be-processed sample can be monitored and data can be acquired even if the to-be-processed sample has anti-injection capability.

Description

technical field [0001] The invention relates to the field of executable program detection, in particular to a sample detection method, device, electronic equipment and storage medium. Background technique [0002] There are a large number of viruses in the current network world, and some of them will take anti-injection, anti-debugging, and anti-hooking countermeasures in order to prevent being detected, analyzed, and reversed. However, the existing virus detection sandboxes, such as cuckoo abroad and some sandboxes of other domestic brands, often start a sample independent process, and then inject monitoring modules into the sample process through remote thread injection (createRemoteThread). , and the rules for judging dangerous behaviors are in another independent process, and the two establish communication mechanisms, such as pipes (pipe), network (tcp / ip), etc., and then hook the system call of the module injected into the sample, and the sample behavior is output. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/53
Inventor 孙鹏肖新光
Owner BEIJING ANTIY NETWORK SAFETY TECH CO LTD