Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Disassembly function hijacking method and device based on Linux system and storage medium

A storage medium and disassembly technology, applied in the field of network security, can solve problems such as malicious program evasion, inability to parse complex function parameters, abnormal impact caused by system applications, etc., to avoid hijacking failure.

Pending Publication Date: 2022-04-01
科来网络技术股份有限公司
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] One is to implement function hijacking by prioritizing the loading of dynamic libraries. This method is easily circumvented by malicious programs or causes abnormal effects on system applications. For example, statically compiled programs will not load dynamic libraries;
[0005] The second is to modify the system kernel function symbol table to implement function hijacking. This method is implemented in the kernel, which is difficult to operate, requires high permissions, and cannot hijack dynamic library functions;
[0006] The third is to hijack through some API interfaces or programs provided by the Linux system itself, but this method cannot parse complex parameters of functions, such as pointer parameters, only the pointer value can be obtained, but the real content pointed to by the pointer cannot be obtained

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Disassembly function hijacking method and device based on Linux system and storage medium
  • Disassembly function hijacking method and device based on Linux system and storage medium
  • Disassembly function hijacking method and device based on Linux system and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0034] In order to solve the problems existing in the function hijacking method under the current Linux system, this embodiment proposes a disassembly function hijacking method based on the Linux system, so as to be able to hijack all dynamic library functions and system API functions at the application layer, and obtain The parameters and return values ​​of the function, so that it can more accurately determine whether the executable program has dangerous behavior, thereby reducing the loss caused by the threat program. Such as figure 1 As shown, the present embodiment proposes a disassembly function hijacking method based on Linux system, comprising the following steps:

[0035] (1) Obtain the function address of the target program that needs to be hijacked;

[0036] (2) performing a disassembly operation on the function address to obtain an assembly instruction of the function address;

[0037] (3) the assembly instruction of modifying the function address is a jump instr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a disassembling function hijacking method and device based on a Linux system and a storage medium. The method comprises the following steps of (1) obtaining a function address of a target program needing to be hijacked; (2) disassembling the function address to obtain an assembly instruction of the function address; (3) modifying an assembly instruction of the function address into a jump instruction, wherein a jump target of the jump instruction is an intermediate processing function; (4) calling and executing an original assembly instruction of the function address by the intermediate processing function; (5) the intermediate processing function records the parameter and the return value of the function address; and (6) the intermediate processing function returns a return value of the function address to the caller. According to the disassembling function hijacking method, all functions can be hijacked, whether static compiling or system API functions or dynamic library functions can be hijacked as long as function prototypes are known, and the problem of hijacking failure caused by technologies such as static compiling and the like can be avoided.

Description

technical field [0001] The present invention relates to the technical field of network security, in particular to a Linux system-based disassembly function hijacking method, device and storage medium. Background technique [0002] With the widespread use of the Linux system, the security monitoring technology of the Linux system is not as comprehensive as that of the Windows system. We cannot find out in time whether the operation behavior of an executable file is harmful to our system; and there will be a large number of executable programs. Function call process, which includes library functions and API functions provided by the Linux system to users; how to know whether the executable program uses these functions to achieve some behaviors that cause harm to users and the system is particularly important, which is an important aspect in the field of computer security. research topic; [0003] Currently, there are three main methods for function hijacking under the Linux s...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/57G06F11/34
Inventor 李林聪
Owner 科来网络技术股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com