[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN114048463A - Program operation checking method and device, storage medium and electronic equipment - Google Patents

Program operation checking method and device, storage medium and electronic equipment Download PDF

Info

Publication number
CN114048463A
CN114048463A CN202111325499.XA CN202111325499A CN114048463A CN 114048463 A CN114048463 A CN 114048463A CN 202111325499 A CN202111325499 A CN 202111325499A CN 114048463 A CN114048463 A CN 114048463A
Authority
CN
China
Prior art keywords
dynamic link
link library
library file
module
program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111325499.XA
Other languages
Chinese (zh)
Inventor
李阳
周伟
贾林江
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingdong Century Trading Co Ltd
Beijing Wodong Tianjun Information Technology Co Ltd
Original Assignee
Beijing Jingdong Century Trading Co Ltd
Beijing Wodong Tianjun Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Century Trading Co Ltd, Beijing Wodong Tianjun Information Technology Co Ltd filed Critical Beijing Jingdong Century Trading Co Ltd
Priority to CN202111325499.XA priority Critical patent/CN114048463A/en
Publication of CN114048463A publication Critical patent/CN114048463A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The present disclosure relates to the field of computer technologies, and in particular, to a program operation checking method and apparatus, a storage medium, and an electronic device. The program operation checking method comprises the steps of responding to a checking request sent by a login module of a target program, and acquiring a process identifier of a process corresponding to the target program; extracting dynamic link library file information loaded to the process according to the process identifier; performing security check based on the dynamic link library file information to judge whether an abnormal dynamic link library file exists; and when the abnormal dynamic link library file exists, unloading the abnormal dynamic link library file to obtain an unloading processing result, and returning the unloading processing result to the login module. The program operation checking method provided by the disclosure can reduce the crash rate of the program and increase the safety of the program.

Description

Program operation checking method and device, storage medium and electronic equipment
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a program operation checking method, a program operation checking apparatus, a storage medium, and an electronic device.
Background
Dynamic library loading is a common technique in software development, and the benefits of using dynamic libraries such as: the method can not be controlled by a programming language, is easier for project management, saves disk space and memory and the like, but has some outstanding defects, such as illegal injection of DLL (Dynamic Link Library), which influences program operation slightly and causes security holes such as illegal acquisition of some data and the like.
At present, the verification of the dependent dynamic library only adopts the technical means of digital signature verification and the like, and the DLL which the program depends on is issued after digital signature before the installation package is issued. And then, when the program runs, carrying out digital signature verification on the DLL under the installation package, and prompting corresponding information for a check result. However, for a third-party library that depends on other open sources and conforms to the lglp (gnu Lesser General Public license) protocol, it is impossible to check its security and whether it is the version that the program depends on.
It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present disclosure, and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
The present disclosure is directed to a program operation checking method, which aims to solve the problems of reducing a crash rate of a program and increasing program security.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of the disclosure.
According to an aspect of the embodiments of the present disclosure, a program operation checking method is provided, including: responding to a verification request sent by a login module of a target program, and acquiring a process identifier of a process corresponding to the target program; extracting dynamic link library file information loaded to the process according to the process identifier; performing security check based on the dynamic link library file information to judge whether an abnormal dynamic link library file exists; and when the abnormal dynamic link library file exists, unloading the abnormal dynamic link library file to obtain an unloading processing result, and returning the unloading processing result to the login module.
According to some embodiments of the present disclosure, based on the foregoing scheme, the security check includes a version check and/or a validity check.
According to some embodiments of the present disclosure, based on the foregoing scheme, when the security check includes the version check, the performing security check based on the dynamic link library file information to determine whether an abnormal dynamic link library file exists includes: extracting version information of the loaded dynamic link library file based on the dynamic link library file information; acquiring version information of the dynamic link library file to be loaded to the process; and comparing the version information of the loaded dynamic link library file with the version information of the dynamic link library file to be loaded so as to judge whether the abnormal dynamic link library file exists.
According to some embodiments of the present disclosure, based on the foregoing scheme, when the security check includes the validity check, the performing security check based on the dynamic link library file information to determine whether an abnormal dynamic link library file exists includes: extracting the name of the loaded dynamic link library file based on the dynamic link library file information; acquiring a dynamic link library file blacklist; and comparing the name of the loaded dynamic link library file with a dynamic link library file blacklist to judge whether the abnormal dynamic link library file exists.
According to some embodiments of the present disclosure, based on the foregoing solution, the extracting, according to the process identifier, dynamic link library file information loaded into the process includes: acquiring a module handle of the process according to the process identifier; and calling an application program interface based on the module handle to acquire the dynamic link library file information.
According to some embodiments of the present disclosure, based on the foregoing solution, the method further comprises: and when the abnormal dynamic link library file does not exist, returning an abnormal result to the login module.
According to a second aspect of the embodiments of the present disclosure, there is provided a program operation checking method, including: responding to a user login request of a target program, sending a verification request to a verification module so that the verification module obtains a process identifier of a process corresponding to the target program, extracting dynamic link library file information loaded to the process according to the process identifier to perform security verification, and further judging whether an abnormal dynamic link library file exists or not; and receiving an unloading processing result returned by the checking module when the checking module judges that the abnormal dynamic link library file exists.
According to some embodiments of the present disclosure, based on the foregoing scheme, when the offloading process is an offloading success, the method further includes: and starting a business module of the target program.
According to some embodiments of the present disclosure, based on the foregoing scheme, when the offloading process is an offloading failure, the method further includes: and ending the process.
According to some embodiments of the present disclosure, based on the foregoing solution, the method further comprises: when the checking module judges that the abnormal dynamic link library file does not exist, receiving an abnormal result returned by the checking module; and starting a business module of the target program.
According to a third aspect of the embodiments of the present disclosure, there is provided a program operation checking apparatus including: the response module is used for responding to the verification request sent by the login module of the target program and acquiring the process identifier of the process corresponding to the target program; the extraction module is used for extracting the dynamic link library file information loaded to the process according to the process identifier; the checking module is used for carrying out safety checking on the basis of the dynamic link library file information so as to judge whether an abnormal dynamic link library file exists or not; and the unloading module is used for unloading the abnormal dynamic link library file to obtain an unloading processing result and returning the unloading processing result to the login module when the abnormal dynamic link library file exists.
According to a fourth aspect of the embodiments of the present disclosure, there is provided a program operation checking apparatus including: the request module is used for responding to a user login request of a target program, sending a verification request to a verification module so that the verification module can acquire a process identifier of a process corresponding to the target program, extracting dynamic link library file information loaded to the process according to the process identifier to perform security verification, and further judging whether an abnormal dynamic link library file exists or not; and the receiving module is used for receiving the unloading processing result returned by the checking module when the checking module judges that the abnormal dynamic link library file exists.
According to a fifth aspect of the embodiments of the present disclosure, there is provided a computer-readable storage medium on which a computer program is stored, the program, when executed by a processor, implementing the program execution verification method as in the above embodiments.
According to a sixth aspect of the embodiments of the present disclosure, there is provided an electronic apparatus, comprising: one or more processors; a storage device for storing one or more programs, which when executed by the one or more processors, cause the one or more processors to implement the program operation checking method as in the above embodiments.
Exemplary embodiments of the present disclosure may have some or all of the following benefits:
in the technical solutions provided in some embodiments of the present disclosure, after a target program logs in, a verification request is sent to invoke a verification module, so that the verification module obtains a process identifier, then extracts, according to the process identifier, information of a dynamic link library file loaded to the process to perform security verification, to determine whether an abnormal dynamic link library file exists, and performs an unloading process on the abnormal dynamic link library file when the abnormal dynamic link library file exists, and finally returns an unloading process result to the login module to complete a verification process. Based on the method, the verification logic of the dynamic link library file DLL can be illegally injected when the program logs in the entry, and the unloading processing is carried out when the abnormal dynamic link library file is verified, so that on one hand, the normal running of the program can be ensured, and the collapse rate of the program is reduced; and on the other hand, the security of the service data can be ensured by unloading illegally injected DLLs.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure. It is to be understood that the drawings in the following description are merely exemplary of the disclosure, and that other drawings may be derived from those drawings by one of ordinary skill in the art without the exercise of inventive faculty. In the drawings:
fig. 1 schematically illustrates a flow chart of a program operation checking method in an exemplary embodiment of the present disclosure;
fig. 2 schematically illustrates a flow chart of another program operation checking method in an exemplary embodiment of the present disclosure;
fig. 3 schematically illustrates a flow chart of a program operation checking method in an exemplary embodiment of the present disclosure;
FIG. 4 is a data interaction diagram schematically illustrating a program operation checking method in an exemplary embodiment of the present disclosure;
fig. 5 is a schematic diagram illustrating a component of a program operation verifying apparatus according to an exemplary embodiment of the present disclosure;
fig. 6 schematically shows a composition diagram of another program operation checking apparatus in an exemplary embodiment of the present disclosure;
FIG. 7 schematically illustrates a schematic diagram of a computer-readable storage medium in an exemplary embodiment of the disclosure;
fig. 8 schematically shows a structural diagram of a computer system of an electronic device in an exemplary embodiment of the disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the subject matter of the present disclosure can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, implementations, or operations have not been shown or described in detail to avoid obscuring aspects of the disclosure.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
The dynamic library loading technology is a mature technology at present, but has some outstanding defects, such as illegal injection of DLL (dynamic link library), which affects program operation slightly and causes security vulnerabilities such as illegal acquisition of data seriously. At present, the verification of the dependence dynamic library only adopts technical means such as digital signature verification and the like, but aiming at a third-party library which depends on other open sources and accords with an LGLP protocol, the safety of the third-party library and whether the third-party library is a version which is required by the dependence of the program can not be verified. Wherein, the LGPL refers to a form of code that allows business software to use the LGPL class library by way of class library reference (link) without the need for open source business software.
Therefore, the present disclosure provides a program operation checking method, which mainly solves the problem of checking the version inconsistency and the security of a third-party library which depends on other open sources and conforms to the LGLP protocol, reduces the crash rate of the program, and increases the security of the program.
Implementation details of the technical solution of the embodiments of the present disclosure are set forth in detail below.
Fig. 1 schematically illustrates a flowchart of a program operation checking method in an exemplary embodiment of the present disclosure. As shown in fig. 1, the program operation checking method includes steps S11 to S14:
step S11, responding to the verification request sent by the login module of the target program, and acquiring the process identifier of the process corresponding to the target program;
step S12, extracting the dynamic link library file information loaded to the process according to the process identifier;
step S13, safety check is carried out based on the dynamic link library file information to judge whether an abnormal dynamic link library file exists;
step S14, when the abnormal dynamic link library file exists, uninstalling the abnormal dynamic link library file to obtain an uninstallation processing result, and returning the uninstallation processing result to the login module.
In the technical solutions provided in some embodiments of the present disclosure, after a target program logs in, a verification request is sent to invoke a verification module, so that the verification module obtains a process identifier, then extracts, according to the process identifier, information of a dynamic link library file loaded to the process to perform security verification, to determine whether an abnormal dynamic link library file exists, and performs an unloading process on the abnormal dynamic link library file when the abnormal dynamic link library file exists, and finally returns an unloading process result to the login module to complete a verification process. Based on the method, the verification logic of the dynamic link library file DLL can be illegally injected when the program logs in the entry, and the unloading processing is carried out when the abnormal dynamic link library file is verified, so that on one hand, the normal running of the program can be ensured, and the collapse rate of the program is reduced; and on the other hand, the security of the service data can be ensured by unloading illegally injected DLLs.
Hereinafter, each step of the program operation checking method in the present exemplary embodiment will be described in more detail with reference to the drawings and examples.
Further, steps S11 to S14 may be applied to the check module. According to the checking method logic illegally injected into the DLL, the checking methods are subjected to internal aggregation and packaged into an ACINTjectCheckModule component serving as a checking module, and the ACINTCheckModule component can be directly called externally through a Router. Router is a framework method, and can facilitate mutual calling among modules, and the coupling degree among the modules is low.
Step S11, in response to the check request sent by the login module of the target program, obtaining a process identifier of a process corresponding to the target program.
In an embodiment of the present disclosure, when a user logs in when using an object program, the login module starts to perform verification of the DLL when receiving a user login request, and calls the verification module through the Router, that is, sends a verification request to the verification module.
The process identifier is the pid (process identification) number of the current process in the operating system where the target program is located. For example, every time a program is opened in the Windows operating system, a process ID, i.e., PID, is created. The login module transmits the PID number of the current program to the verification module at the same time of sending the verification request, so that the verification module can extract the PID number of the process corresponding to the target program after receiving the verification request.
Step S12, extracting the dynamic link library file information loaded to the process according to the process identifier.
In an embodiment of the present disclosure, since the use of the dynamic library loading technology may cause that the DLL is illegally injected, that is, there is a DLL file already loaded to the current process, it is necessary to extract information of the dynamic link library DLL file already loaded to the process according to the PID number and then perform security check on the DLLs.
The dynamic link library file information may include information such as a name, a path, a version number, and an operation handle of the DLL. A class may be defined for storing such information about DLLs, such as:
Figure BDA0003346954920000071
of course, in other embodiments of the present disclosure, the dynamic link library file information may also include other content types according to the DLL security check requirement.
It should be noted that, after the target program is started, there may be one or more DLL files illegally injected based on the dynamic library loading technique. Therefore, the obtained dynamic link library file information is the information corresponding to all DLL files which are illegally injected into the program process. The information can be stored in ModuleInfo in a unified manner, and finally a QList list is formed.
In an embodiment of the present disclosure, the extracting, according to the process identifier, the dynamic link library file information loaded into the process includes:
step S121, acquiring a module handle of the process according to the process identifier;
step S122, calling an application program interface based on the module handle to obtain the dynamic link library file information.
Specifically, the checking module may obtain a module handle of the current process according to the PID number, and then obtain the dynamic link library file information loaded to the current process by using the module handle as an input parameter of the application program interface API.
For example, after the acijectcheckmodule checks the Module handle, the Module32First and Module32Next of the Windows operating system API obtain the detailed information of the DLL.
And step S13, performing security check based on the dynamic link library file information to judge whether an abnormal dynamic link library file exists.
Specifically, security verification is performed according to the dynamic link library file information, and the result of the verification is whether an abnormal dynamic link library file exists.
In one embodiment of the present disclosure, the security check includes a version check and/or a validity check. Specifically, the security check on the DLL file may be only the version check, only the validity check, or both, as required.
The version check refers to checking whether the version of the DLL loaded in the current process is consistent with the version of the normal DLL to be loaded by the program. And the validity check is to check whether the DLL loaded into the current process is a DLL file disabled by the program.
Further, in an embodiment of the present disclosure, when the security check includes the version check, the performing security check based on the dynamic link library file information to determine whether an abnormal dynamic link library file exists includes:
step S1311, extracting version information of the loaded dynamic link library file based on the dynamic link library file information; and
step S1312, acquiring version information of the dynamic link library file to be loaded to the process;
step S1313, comparing the version information of the loaded dynamic link library file with the version information of the dynamic link library file to be loaded, to determine whether the abnormal dynamic link library file exists.
The dynamic link library file information includes all DLL files loaded to the current process and version numbers of the DLL files. And meanwhile, the version number of the DLL file to be loaded to the current process can be obtained according to the basic information of the target program.
For each DLL file, comparing the version number of the loaded DLL file with the version number of the loaded DLL file, and if the version number of the loaded DLL file does not meet the requirement of the version number of the loaded DLL file, judging the loaded DLL file as an abnormal dynamic link library file; otherwise, if the version is consistent, the dynamic link library file is abnormal-free.
Further, in an embodiment of the present disclosure, when the security check includes the validity check, the performing security check based on the dynamic link library file information to determine whether an abnormal dynamic link library file exists includes:
step S1331, extracting the name of the loaded dynamic link library file based on the dynamic link library file information; and
step S1332, obtaining a dynamic link library file blacklist;
step S1333, comparing the name of the loaded dynamic link library file with the dynamic link library file blacklist to determine whether the abnormal dynamic link library file exists.
The dynamic link library file information includes all DLL files loaded to the current process and names of the DLL files.
Meanwhile, the DLL file blacklist, namely the forbidden illegal DLL file corresponding to the target program, can be pulled from the server. The blacklist is pulled from the server, so that the client can obtain the latest blacklist information after the blacklist information is updated every time, and the updating is not required to be carried out again.
For each DLL file, comparing all DLL files loaded to the current process with blacklist information, and if the loaded DLL file belongs to an illegal DLL file forbidden by the target program, judging the DLL file as an abnormal dynamic link library file; otherwise, the dynamic link library file is the abnormal-free dynamic link library file.
In view of the defects of the prior art, the security check in the present disclosure includes version check and/or validity check, so that the version of the program can be checked against the security check, the crash rate of the program can be reduced, and the security of the program can be increased.
And when the security check is carried out, all DLL files in the QList list are traversed to carry out the check respectively, and the DLL files with inconsistent versions or illegal versions are judged to be abnormal dynamic link library files. After the traversal is finished, whether the abnormal dynamic link library file exists or not can be obtained, and when the abnormal dynamic link library file exists, a list of all the abnormal dynamic link library files can be obtained.
Step S14, when the abnormal dynamic link library file exists, uninstalling the abnormal dynamic link library file to obtain an uninstallation processing result, and returning the uninstallation processing result to the login module.
In one embodiment of the present disclosure, in order to ensure that the program can run normally and the data is safe, the abnormal dynamic link library file may be tried to be uninstalled. Specifically, a FreeLibrary attempt using the operating system API may be made to unload the DLL.
Attempting to offload a single exception DLL file has two consequences, one being successful offload and the other being failed offload. When the QList list comprises an abnormal DLL file, the unloading of the file is successful, otherwise, the unloading is failed; when the QList list comprises a plurality of abnormal DLL files, all DLL uninstalled successfully is regarded as uninstalled successfully, and only partial abnormal DLL files or all abnormal DLL files are uninstalled unsuccessfully is regarded as uninstalled failure.
Therefore, when the check module acijectcheckmodule determines that the abnormal dynamic link library file exists, the acijectcheckmodule attempts to unload the abnormal DLL file to obtain an uninstalling processing result, and then returns the uninstalling processing result to the login module of the target program for subsequent processing.
In one embodiment of the present disclosure, the method further comprises: and when the abnormal dynamic link library file does not exist, returning an abnormal result to the login module.
Specifically, if the checking module traverses all DLL files in the QList and does not find an abnormal dynamic link library file, it may be regarded that the security check is passed, and the result of no abnormality is returned to the logging module for subsequent operations.
Based on the method, forced check is carried out before normal service logic is not processed after the program is started, some DLLs which do not accord with the software are unloaded, and then the safety of the service data when the program can normally run and the program runs later can be ensured.
Fig. 2 schematically shows a flowchart of another program operation checking method in an exemplary embodiment of the present disclosure. As shown in fig. 2, the program operation checking method includes steps S21 and S22:
step S21, responding to a user login request of a target program, sending a verification request to a verification module so that the verification module can acquire a process identifier of a process corresponding to the target program, extracting dynamic link library file information loaded to the process according to the process identifier to perform security verification, and further judging whether an abnormal dynamic link library file exists;
step S22, when the check module determines that the abnormal dynamic link library file exists, receiving an uninstall processing result returned by the check module.
Specifically, steps S21 and S22 may be applied to a login module of the target program.
In step S21, after receiving the user login request from the user, the login module of the target program needs to perform a DLL file forced check before the program starts and the logic of normal business is not processed yet. Therefore, the main function entry can be run in the main program, the check module is called through Router, and the PID number of the current process is transmitted to the check module to send a check request to the check module.
And then, the check module ACINTjectCheckModule performs security check on the dynamic link DLL file loaded to the current process according to a preset check logic. The verification process is described in detail in the previous step S11-step S13, and will not be described in detail herein.
In step S22, when the verification module determines that there is an abnormal dynamic link library file after completing the security verification, the verification module will attempt to unload the abnormal dynamic link library file and obtain an unloading processing result, and then return the unloading processing result to the login module.
And after the verification module completes the safety verification, all unloading processing results are fed back to the logged main function. And after receiving the unloading processing result returned by the verification module, executing corresponding steps according to different processing results.
In one embodiment of the present disclosure, when the offloading process is an offloading success, the method further includes: and starting a business module of the target program.
Specifically, when the unloading processing result returned by the checking module is successful unloading, that is, it indicates that all abnormal DLL files have been successfully unloaded, operation logic such as service initialization can be entered at this time, and normal service operation of the target program is completed.
In an embodiment of the present disclosure, when the offloading process is an offloading failure, the method further includes: and ending the process.
Specifically, when the result of the uninstall processing returned by the verification module is an uninstall failure, that is, the current process has an abnormal DLL file that is not cleared, the program may be flashed back or data may be lost if the current process continues to run, and therefore, the running of the program needs to be directly finished.
In addition, error information can be prompted in the login page of the target program, and good interaction experience is provided for the user.
In one embodiment of the present disclosure, the method further comprises: when the checking module judges that the abnormal dynamic link library file does not exist, receiving an abnormal result returned by the checking module; and starting a business module of the target program.
Specifically, after the security check is performed on the check module, the existence of the abnormal DLL file is not found, the data security of subsequent operation of the program is not affected, and at this time, an abnormal result can be directly returned.
If the login module receives the abnormal result, the operation is the same as the operation after the successful uninstallation, and the service module is started to finish the normal service operation of the target program.
Fig. 3 schematically illustrates a flowchart of a program operation checking method in an exemplary embodiment of the present disclosure. Referring to fig. 3, the overall flow of the program operation checking method provided by the present disclosure is further described in detail.
Step S31, the program starts;
step S32, acquiring the current process PID, namely the process ID created by the program opened by the operating system;
step S33, obtaining DLL information depended by the current process PID, namely dynamically loading the program to the dynamic link library of the process after running the program;
step S34, safety check determines abnormal DLL, and unloads the abnormal DLL;
step S35, judging whether all abnormal DLLs are unloaded normally; performing step S36 if all normal unloads are not performed, and performing step S37 if all normal unloads are not performed;
step S36, starting the service module, starting the service logic processing until the service processing is finished, and executing step S38;
step S37, prompting abnormal information, exiting the current program, and then directly executing step S38;
at step S38, the routine exits.
Fig. 4 schematically illustrates a data interaction diagram of a program operation checking method in an exemplary embodiment of the disclosure. Referring to fig. 4, there are four execution entities, namely, a user, a program registration module, a verification module, and a program service module.
Step S41, the user starts the target program;
step S42, the login module of the target program calls the check module through Router;
step S43, the check module carries out safety check according to the check logic to obtain an abnormal DLL and unloads the abnormal DLL to obtain an unloading processing result;
step S44, the check module returns the unloading processing result to the login module;
then, step S45 or step S46 is executed, step S45 is to call the service module when the uninstall is successful, and step S46 is to exit the procedure when the uninstall is failed.
Fig. 5 schematically illustrates a composition diagram of a program operation checking apparatus in an exemplary embodiment of the disclosure, and as shown in fig. 5, the program operation checking apparatus 500 may include a response module 501, an extraction module 502, a checking module 503, and an uninstalling module 504. Wherein:
a response module 501, configured to respond to a verification request sent by a login module of a target program, and obtain a process identifier of a process corresponding to the target program;
an extracting module 502, configured to extract, according to the process identifier, dynamic link library file information that has been loaded to the process;
a checking module 503, configured to perform security checking based on the dynamic link library file information to determine whether an abnormal dynamic link library file exists;
the uninstalling module 504 is configured to, when the abnormal dynamic link library file exists, uninstall the abnormal dynamic link library file to obtain an uninstalling processing result, and return the uninstalling processing result to the login module.
According to an exemplary embodiment of the present disclosure, the security check includes a version check and/or a validity check.
According to an exemplary embodiment of the present disclosure, when the security check includes the version check, the checking module 503 is configured to extract version information of the loaded dynamic link library file based on the dynamic link library file information; acquiring version information of the dynamic link library file to be loaded to the process; and comparing the version information of the loaded dynamic link library file with the version information of the dynamic link library file to be loaded so as to judge whether the abnormal dynamic link library file exists.
According to an exemplary embodiment of the present disclosure, when the security check includes the validity check, the checking module 503 is configured to extract a name of the loaded dynamic link library file based on the dynamic link library file information; acquiring a dynamic link library file blacklist; and comparing the name of the loaded dynamic link library file with a dynamic link library file blacklist to judge whether the abnormal dynamic link library file exists.
According to an exemplary embodiment of the present disclosure, the extracting module 502 is configured to obtain a module handle of the process according to the process identifier; and calling an application program interface based on the module handle to acquire the dynamic link library file information.
According to an exemplary embodiment of the present disclosure, the checking module 503 is further configured to return an abnormal result to the login module when the abnormal dynamic link library file does not exist.
The specific details of each module in the program operation checking apparatus 500 have been described in detail in the corresponding program operation checking method, and therefore are not described herein again.
Fig. 6 schematically illustrates a composition diagram of another program operation verifying apparatus in an exemplary embodiment of the disclosure, and as shown in fig. 6, the program operation verifying apparatus 600 may include a request module 601 and a receiving module 602. Wherein:
the request module 601 is configured to send a verification request to a verification module in response to a user login request of a target program, so that the verification module obtains a process identifier of a process corresponding to the target program, extracts dynamic link library file information loaded to the process according to the process identifier to perform security verification, and further determines whether an abnormal dynamic link library file exists;
a receiving module 602, configured to receive an offload processing result returned by the checking module when the checking module determines that the abnormal dynamic link library file exists.
According to an exemplary embodiment of the present disclosure, the program operation checking device 600 is further configured to start a service module of the target program when the uninstalling process is successful.
According to an exemplary embodiment of the disclosure, the program operation verifying unit 600 is further configured to end the process when the uninstalling process is an uninstalling failure.
According to an exemplary embodiment of the present disclosure, the program operation checking device 600 is further configured to receive an abnormal result returned by the checking module when the checking module determines that the abnormal dynamic link library file does not exist; and starting a business module of the target program.
The specific details of each module in the program operation checking apparatus 600 have been described in detail in the corresponding program operation checking method, and therefore are not described herein again.
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
In an exemplary embodiment of the present disclosure, there is also provided a storage medium capable of implementing the above-described method. Fig. 7 schematically illustrates a schematic diagram of a computer-readable storage medium in an exemplary embodiment of the disclosure. As shown in fig. 7, a program product 700 for implementing the above method according to an embodiment of the present disclosure is described, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a cell phone. However, the program product of the present disclosure is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
In an exemplary embodiment of the present disclosure, an electronic device capable of implementing the above method is also provided. Fig. 8 schematically shows a structural diagram of a computer system of an electronic device in an exemplary embodiment of the disclosure.
It should be noted that the computer system 800 of the electronic device shown in fig. 8 is only an example, and should not bring any limitation to the functions and the scope of the application of the embodiments of the present disclosure.
As shown in fig. 8, a computer system 800 includes a Central Processing Unit (CPU)801 that can perform various appropriate actions and processes according to a program stored in a Read-Only Memory (ROM) 802 or a program loaded from a storage section 808 into a Random Access Memory (RAM) 803. In the RAM 803, various programs and data necessary for system operation are also stored. The CPU 801, ROM802, and RAM 803 are connected to each other via a bus 804. An Input/Output (I/O) interface 805 is also connected to bus 804.
The following components are connected to the I/O interface 805: an input portion 806 including a keyboard, a mouse, and the like; an output section 807 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and a speaker; a storage portion 808 including a hard disk and the like; and a communication section 809 including a Network interface card such as a LAN (Local Area Network) card, a modem, or the like. The communication section 809 performs communication processing via a network such as the internet. A drive 810 is also connected to the I/O interface 805 as necessary. A removable medium 811 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 810 as necessary, so that a computer program read out therefrom is mounted on the storage section 808 as necessary.
In particular, the processes described below with reference to the flowcharts may be implemented as computer software programs, according to embodiments of the present disclosure. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 809 and/or installed from the removable medium 811. When the computer program is executed by a Central Processing Unit (CPU)801, various functions defined in the system of the present disclosure are executed.
It should be noted that the computer readable medium shown in the embodiments of the present disclosure may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a Read-Only Memory (ROM), an Erasable Programmable Read-Only Memory (EPROM), a flash Memory, an optical fiber, a portable Compact Disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer-readable signal medium may include a propagated data signal with computer-readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present disclosure may be implemented by software, or may be implemented by hardware, and the described units may also be disposed in a processor. Wherein the names of the elements do not in some way constitute a limitation on the elements themselves.
As another aspect, the present disclosure also provides a computer-readable medium, which may be contained in the electronic device described in the above embodiments; or may exist separately without being assembled into the electronic device. The computer readable medium carries one or more programs which, when executed by an electronic device, cause the electronic device to implement the method described in the above embodiments.
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a touch terminal, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This disclosure is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims (14)

1. A program operation checking method, comprising:
responding to a verification request sent by a login module of a target program, and acquiring a process identifier of a process corresponding to the target program;
extracting dynamic link library file information loaded to the process according to the process identifier;
performing security check based on the dynamic link library file information to judge whether an abnormal dynamic link library file exists;
and when the abnormal dynamic link library file exists, unloading the abnormal dynamic link library file to obtain an unloading processing result, and returning the unloading processing result to the login module.
2. The program operation checking method according to claim 1, wherein the security check includes a version check and/or a validity check.
3. The program operation checking method according to claim 2, wherein when the security check includes the version check, the performing security check based on the dynamic link library file information to determine whether an abnormal dynamic link library file exists includes:
extracting version information of the loaded dynamic link library file based on the dynamic link library file information; and
acquiring version information of a dynamic link library file to be loaded to the process;
and comparing the version information of the loaded dynamic link library file with the version information of the dynamic link library file to be loaded so as to judge whether the abnormal dynamic link library file exists.
4. The program operation checking method according to claim 2, wherein when the security check includes the validity check, the performing security check based on the dynamic link library file information to determine whether an abnormal dynamic link library file exists includes:
extracting the name of the loaded dynamic link library file based on the dynamic link library file information; and
acquiring a dynamic link library file blacklist;
and comparing the name of the loaded dynamic link library file with a dynamic link library file blacklist to judge whether the abnormal dynamic link library file exists.
5. The program operation checking method according to claim 1, wherein the extracting the dynamic link library file information loaded into the process according to the process identifier includes:
acquiring a module handle of the process according to the process identifier;
and calling an application program interface based on the module handle to acquire the dynamic link library file information.
6. The program operation checking method according to claim 1, further comprising:
and when the abnormal dynamic link library file does not exist, returning an abnormal result to the login module.
7. A program operation checking method, comprising:
responding to a user login request of a target program, sending a verification request to a verification module so that the verification module obtains a process identifier of a process corresponding to the target program, extracting dynamic link library file information loaded to the process according to the process identifier to perform security verification, and further judging whether an abnormal dynamic link library file exists or not;
and receiving an unloading processing result returned by the checking module when the checking module judges that the abnormal dynamic link library file exists.
8. The program operation checking method according to claim 7, wherein when the uninstall process is an uninstall success, the method further comprises: and starting a business module of the target program.
9. The program operation checking method according to claim 7, wherein when the uninstall process is an uninstall failure, the method further comprises: and ending the process.
10. The program operation checking method according to claim 7, further comprising:
when the checking module judges that the abnormal dynamic link library file does not exist, receiving an abnormal result returned by the checking module;
and starting a business module of the target program.
11. A program operation verifying apparatus, comprising:
the response module is used for responding to the verification request sent by the login module of the target program and acquiring the process identifier of the process corresponding to the target program;
the extraction module is used for extracting the dynamic link library file information loaded to the process according to the process identifier;
the checking module is used for carrying out safety checking on the basis of the dynamic link library file information so as to judge whether an abnormal dynamic link library file exists or not;
and the unloading module is used for unloading the abnormal dynamic link library file to obtain an unloading processing result and returning the unloading processing result to the login module when the abnormal dynamic link library file exists.
12. A program operation verifying apparatus, comprising:
the request module is used for responding to a user login request of a target program, sending a verification request to a verification module so that the verification module can acquire a process identifier of a process corresponding to the target program, extracting dynamic link library file information loaded to the process according to the process identifier to perform security verification, and further judging whether an abnormal dynamic link library file exists or not;
and the receiving module is used for receiving the unloading processing result returned by the checking module when the checking module judges that the abnormal dynamic link library file exists.
13. A computer-readable storage medium on which a computer program is stored, which program, when being executed by a processor, implements the program execution verification method according to any one of claims 1 to 10.
14. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement a program execution checking method according to any one of claims 1 to 10.
CN202111325499.XA 2021-11-10 2021-11-10 Program operation checking method and device, storage medium and electronic equipment Pending CN114048463A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111325499.XA CN114048463A (en) 2021-11-10 2021-11-10 Program operation checking method and device, storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111325499.XA CN114048463A (en) 2021-11-10 2021-11-10 Program operation checking method and device, storage medium and electronic equipment

Publications (1)

Publication Number Publication Date
CN114048463A true CN114048463A (en) 2022-02-15

Family

ID=80207936

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111325499.XA Pending CN114048463A (en) 2021-11-10 2021-11-10 Program operation checking method and device, storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN114048463A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114647549A (en) * 2022-03-10 2022-06-21 苏州浪潮智能科技有限公司 Management method, device, equipment and medium for heterogeneous acceleration chip
CN114756298A (en) * 2022-04-20 2022-07-15 广州博冠信息科技有限公司 Program instance management method and device, computer storage medium and electronic equipment

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114647549A (en) * 2022-03-10 2022-06-21 苏州浪潮智能科技有限公司 Management method, device, equipment and medium for heterogeneous acceleration chip
CN114647549B (en) * 2022-03-10 2024-07-05 苏州浪潮智能科技有限公司 Heterogeneous acceleration chip management method, heterogeneous acceleration chip management device, heterogeneous acceleration chip management equipment and medium
CN114756298A (en) * 2022-04-20 2022-07-15 广州博冠信息科技有限公司 Program instance management method and device, computer storage medium and electronic equipment
CN114756298B (en) * 2022-04-20 2024-06-04 广州博冠信息科技有限公司 Program instance management method and device, computer storage medium and electronic equipment

Similar Documents

Publication Publication Date Title
US11295004B2 (en) Unlock and recovery for encrypted devices
CN107733847B (en) Method and device for platform login website, computer equipment and readable storage medium
CN112181541A (en) Data processing method and device, electronic equipment and storage medium
CN114048463A (en) Program operation checking method and device, storage medium and electronic equipment
CN106131612A (en) The method and system of Android app dynamic load resource function module
CN109863475A (en) The upgrade method and relevant device of a kind of application in safety element
CN111159657A (en) Application program authentication method and system
CN113569285A (en) Identity authentication and authorization method, device, system, equipment and storage medium
CN113360868A (en) Application program login method and device, computer equipment and storage medium
CN112448956A (en) Authority processing method and device of short message verification code and computer equipment
CN106570402A (en) Encryption module and process trusted measurement method
CN109657454B (en) Trusted verification method for android application based on TF (TransFlash) cryptographic module
CN111191216B (en) OFD signature client with JAVA interface and method and system for signature verification
CN111538566A (en) Mirror image file processing method, device and system, electronic equipment and storage medium
CN114745185B (en) Cluster access method and device
CN115509556A (en) Application management method, device, equipment and medium
CN115185551A (en) Application program installation method, device, system and storage medium
CN115035637A (en) Lock control method and system based on block chain and electronic lock
US20220224539A1 (en) Verification of valid client library binary file on connecting to server system
CN110580179A (en) information processing method and device, electronic device and storage medium
CN110286913B (en) Check code packet deployment method and device
CN117609980A (en) Login verification method and device, electronic equipment and storage medium
CN113032039A (en) Plug-in reconstruction method and device for application, electronic equipment and storage medium
CN116049814A (en) Method and device for establishing information security protection, storage medium and electronic equipment
CN118260727A (en) Reprogramming method with enhanced security and device thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination