CN104239781A - Method and unit for preventing processes from being injected - Google Patents
Method and unit for preventing processes from being injected Download PDFInfo
- Publication number
- CN104239781A CN104239781A CN201410441405.9A CN201410441405A CN104239781A CN 104239781 A CN104239781 A CN 104239781A CN 201410441405 A CN201410441405 A CN 201410441405A CN 104239781 A CN104239781 A CN 104239781A
- Authority
- CN
- China
- Prior art keywords
- application program
- privately owned
- parameter
- injected
- hatching
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
Abstract
The invention provides a method and a unit for preventing processes from being injected. The method includes the following steps: the starting parameters of an application are received; according to the starting parameters, whether the application is an application to be protected is judged; if so, the starting parameters are sent to a precreated private process, so that the private process is incubated according to the starting parameters to obtain the application, wherein the private process is an uninjected incubation carrier. The method can enhance the effect of preventing inter-process injection.
Description
Technical field
The present invention relates to security technology area, particularly relate to a kind of method and apparatus avoiding process to be injected into.
Background technology
Process is injected and is referred to that the module of oneself is passed through the modes such as debugging by a program process, is inserted in Another application program process and then performs, so just can kidnap arbitrarily the operational scheme of the other side's application program, steal its internal storage data.In android system, program process all hatches (fork) by Zygote process, so injecting Zygote process is method for implanting general at present, once Zygote process is injected into, all processes of being hatched by Zygote process afterwards are all injected into.
In correlation technique, can the Zygote process be injected into be repaired, to avoid injecting between process.But adopt the mode of repairing Zygote process, the effect obtained is unsatisfactory.
Summary of the invention
The present invention is intended to solve one of technical matters in correlation technique at least to a certain extent.
For this reason, one object of the present invention is to propose a kind of method avoiding process to be injected into, and the method can improve the effect avoiding injecting between process.
Another object of the present invention is to propose a kind of device avoiding process to be injected into.
For achieving the above object, the method avoiding process to be injected into that first aspect present invention embodiment proposes, comprising: the start-up parameter receiving application program; Judge whether described application program is the application program needing protection according to described start-up parameter; If so, described start-up parameter is sent to the privately owned process be pre-created, make described privately owned process obtain described application program according to described start-up parameter hatching, wherein, described privately owned process is the hatching carrier be not injected into.
The method avoiding process to be injected into that first aspect present invention embodiment proposes; during by being the application program needing protection in application program; the hatching of this application program is completed by privately owned process; because privately owned process is not injected into; therefore the process of this application program can be avoided to be injected into, and the present embodiment adopt the mode setting up privately owned process; instead of the mode of repairing, the effect avoiding process to be injected into can be improved.
For achieving the above object, the device avoiding process to be injected into that second aspect present invention embodiment proposes, comprising: receiver module, for receiving the start-up parameter of application program; Judge module, for judging according to described start-up parameter whether described application program is the application program needing protection; Sending module; during for being the application program needing protection in described application program; described start-up parameter is sent to the privately owned process be pre-created; described privately owned process is made to obtain described application program according to described start-up parameter hatching; wherein, described privately owned process is the hatching carrier be not injected into.
The device avoiding process to be injected into that second aspect present invention embodiment proposes; during by being the application program needing protection in application program; the hatching of this application program is completed by privately owned process; because privately owned process is not injected into; therefore the process of this application program can be avoided to be injected into, and the present embodiment adopt the mode setting up privately owned process; instead of the mode of repairing, the effect avoiding process to be injected into can be improved.
The aspect that the present invention adds and advantage will part provide in the following description, and part will become obvious from the following description, or be recognized by practice of the present invention.
Accompanying drawing explanation
The present invention above-mentioned and/or additional aspect and advantage will become obvious and easy understand from the following description of the accompanying drawings of embodiments, wherein:
Fig. 1 is the schematic flow sheet of application program launching in correlation technique;
Fig. 2 is the schematic flow sheet that in correlation technique, process is injected;
Fig. 3 is the schematic flow sheet of the method avoiding process to be injected into that one embodiment of the invention proposes;
Fig. 4 is a kind of specific implementation schematic diagram avoiding process to be injected in the embodiment of the present invention;
Fig. 5 is the schematic flow sheet of the method avoiding process to be injected into that another embodiment of the present invention proposes;
Fig. 6 is the implement device avoiding process to be injected into that another embodiment of the present invention proposes;
Fig. 7 is the implement device avoiding process to be injected into that another embodiment of the present invention proposes.
Embodiment
Be described below in detail embodiments of the invention, the example of described embodiment is shown in the drawings, and wherein same or similar label represents same or similar element or has element that is identical or similar functions from start to finish.Being exemplary below by the embodiment be described with reference to the drawings, only for explaining the present invention, and can not limitation of the present invention being interpreted as.On the contrary, embodiments of the invention comprise fall into attached claims spirit and intension within the scope of all changes, amendment and equivalent.
For a better understanding of the present invention, first the Booting sequence of application programs (app) is described.
For Android platform, see Fig. 1, in correlation technique, under Android platform, the Booting sequence of application program (app) comprising:
S11: starter starts app, and the start-up parameter of app is sent to service thread.
Starter specifically can refer to launcher.Service thread specifically can refer to the ActivityManagerService service thread in system_server process.
S12: the start-up parameter of app is sent to hatching carrier by service thread.
Wherein, hatch carrier and can specifically refer to Zygote process.Zygote process can be monitored socket and connect, and start-up parameter is sent to Zygote process by socket connection by service processes.
S13: hatching carrier completes app hatching.
Wherein, after Zygote process receives start-up parameter, can analytic parameter hatch the process of corresponding app.Afterwards, Zygote process can will hatch process identification (PID) (the Process Identifier of the new process obtained, etc. PID) data return to ActivityManagerService, after ActivityManagerService receives the data such as PID, at this in-process startup Activity Tread, and then complete the startup of app.
In correlation technique, see Fig. 2, after Zygote process is injected into, the process of the application program of its hatching is also injected into.
In order to avoid process is injected into, the present invention provides following embodiment.
Fig. 3 is the schematic flow sheet of the method avoiding process to be injected into that one embodiment of the invention proposes, and the method comprises:
S31: the start-up parameter receiving application program;
Wherein, see Fig. 4, sygote bridge (sygoteBridge) can be set between Zygote process and ActivityManagerService (hereinafter referred to as AMS), socket service end is created in sygoteBridge, and the socket client in amendment AMS, make amended socket client be redirected the socket service end being connected to and creating in sygoteBridge.Thus sygoteBridge can receive the start-up parameter that service thread ActivityManagerService is sent by socket.
S32: judge whether described application program is the application program needing protection according to described start-up parameter;
Wherein, see Fig. 4; can the pre-configured information list of application program needing protection in safety entrance equipment; this information list comprises: application package name (app bag name) and user ID (user ID); in addition; can comprise in start-up parameter: app bag name and user ID
When the app bag name comprised in the start-up parameter received is consistent with the app bag name of preserving in the information list of the application program that pre-configured needs are protected and user ID with user ID, can judge that this application program is the application program needing protection.
S33: if described start-up parameter to be sent to the privately owned process be pre-created, make described privately owned process obtain described application program according to described start-up parameter hatching, wherein, described privately owned process is the hatching carrier be not injected into.
Wherein, privately owned process can be called Sygote process, means safe Zygote.Sygote process proceeding internal memory space in itself and Zygote about the same, its object is to provide a new clean hatching carrier, allows and needs the app of protection to be hatched by it.
See Fig. 4, when application program is the application program needing protection, start-up parameter can be sent to Sygote process, complete app by Sygote process and hatch.
On the other hand, see Fig. 4, when the application program that start-up parameter is corresponding is not the app needing protection, start-up parameter can be sent to original Zygote process, complete corresponding hatching by Zygote process, now can there is process and be injected into problem.
When the present embodiment is by being the application program needing protection in application program; the hatching of this application program is completed by privately owned process; because privately owned process is not injected into; therefore the process of this application program can be avoided to be injected into; and; the present embodiment adopts the mode setting up privately owned process, instead of the mode of repairing, and can improve the effect avoiding process to be injected into.
Fig. 5 is the schematic flow sheet of the method avoiding process to be injected into that another embodiment of the present invention proposes, and the method comprises:
S51: create privately owned process, and create the finger daemon of this privately owned process.
For Android platform, privately owned process can be called Sygote process.
Wherein, can create a new zygote process, the zygote process that this is new is defined as Sygote process.
Concrete, Zygote process by performing in android system/system/bin/app_process file creates.In order to new zygote process can be created, the present embodiment can write a privately owned app_process, revise the name of socket service end with this privately owned app_process, such as amended name is sygote, creates Sygote process by performing this privately owned app_process.
During Sygote process creation, a finger daemon can be created simultaneously.Finger daemon can protect Sygote process, avoids Sygote process to be injected into.
Concrete, when after establishment finger daemon, can preferentially debug Sygote process with finger daemon, and forward all Signal to Sygote process.Because Sygote process has been debugged by finger daemon, so other processes just cannot remove debugging Sygote again; Simultaneously because finger daemon forwarded all signal to Sygote process, so Sygote process can normally be run.Because the prerequisite injected is to debug, so once Sygote is protected avoid debugging, so other programs also just cannot inject Sygote.
S52: the parameter that the application program needing protection is set.
The parameter arranged can comprise: app bag name and user ID.
S53: the start-up parameter receiving application program.
Safety entrance equipment can receive the start-up parameter that service thread ActivityManagerService is sent by socket.
Start-up parameter can comprise app bag name and user ID.
S54: judge whether described application program is the application program needing protection, if so, performs S55 according to described start-up parameter, otherwise, perform 56.
S55: described start-up parameter is sent to the privately owned process be pre-created, makes described privately owned process obtain described application program according to described start-up parameter hatching.
Such as, start-up parameter is sent to Sygote process, complete app by Sygote process and hatch.
S56: start-up parameter is sent to original hatching carrier, completes application program by original hatching carrier and hatches.
Such as, start-up parameter can be sent to original Zygote process, complete corresponding hatching by Zygote process, now can there is process and be injected into problem.
When the present embodiment is by being the application program needing protection in application program; the hatching of this application program is completed by privately owned process; because privately owned process is not injected into; therefore the process of this application program can be avoided to be injected into; and; the present embodiment adopts the mode setting up privately owned process, instead of the mode of repairing, and can improve the effect avoiding process to be injected into.In addition, the present embodiment is by creating finger daemon, and can ensure that privately owned process and the application program by its hatching are avoided being injected into, further raising process is exempted to inject effect.
Fig. 6 is the implement device avoiding process to be injected into that another embodiment of the present invention proposes, and this device 60 comprises receiver module 61, judge module 62 and sending module 63.
Receiver module 61 is for receiving the start-up parameter of application program;
Wherein, see Fig. 4, sygote bridge (sygoteBridge) can be set between Zygote process and ActivityManagerService (hereinafter referred to as AMS), socket service end is created in sygoteBridge, and the socket client in amendment AMS, make amended socket client be redirected the socket service end being connected to and creating in sygoteBridge.Thus sygoteBridge can receive the start-up parameter that service thread ActivityManagerService is sent by socket.
Judge module 62 is for judging according to described start-up parameter whether described application program is the application program needing protection;
In an embodiment, in described start-up parameter, comprise application package name and user ID, described judge module 62 specifically for:
Obtain the information list of the application program of the needs protection of preserving in advance, records application program bag name and corresponding user ID in described information list;
Judge the application package name that comprises in described start-up parameter and user ID, whether belong to the described information list preserved in advance;
If belonged to, judge that described application program is the application program needing protection.
Wherein, see Fig. 4; can the pre-configured information list of application program needing protection in the module that safety entrance scheme is corresponding; this information list comprises: application package name (app bag name) and user ID (user ID); in addition; can comprise in start-up parameter: app bag name and user ID
When the app bag name comprised in the start-up parameter received is consistent with the app bag name of preserving in the information list of the application program that pre-configured needs are protected and user ID with user ID, can judge that this application program is the application program needing protection.
When sending module 63 is for being the application program needing protection in described application program; described start-up parameter is sent to the privately owned process be pre-created; described privately owned process is made to obtain described application program according to described start-up parameter hatching; wherein, described privately owned process is the hatching carrier be not injected into.
Wherein, privately owned process can be called Sygote process, means safe Zygote.Sygote process proceeding internal memory space in itself and Zygote about the same, its object is to provide a new clean hatching carrier, allows and needs the app of protection to be hatched by it.
See Fig. 4, when application program is the application program needing protection, start-up parameter can be sent to Sygote process, complete app by Sygote process and hatch.
On the other hand, see Fig. 4, when the application program that start-up parameter is corresponding is not the app needing protection, start-up parameter can be sent to original Zygote process, complete corresponding hatching by Zygote process, now can there is process and be injected into problem.
In an embodiment, see Fig. 7, this device 60 also comprises:
Creation module 64, for the original hatching carrier of correspondence, creates new process, described new process is defined as described privately owned process.
In an embodiment, described method is applied in Android platform, and described original hatching carrier is zygote process, described creation module specifically for:
Create new zygote process, described new zygote process is defined as described privately owned process.
Concrete, Zygote process by performing in android system/system/bin/app_process file creates.In order to new zygote process can be created, the present embodiment can write a privately owned app_process, revise the name of socket service end with this privately owned app_process, such as amended name is sygote, creates Sygote process by performing this privately owned app_process.
In an embodiment, described creation module 64 also for:
Create the finger daemon of described privately owned process, described finger daemon is used for avoiding described privately owned process to be injected into.
During Sygote process creation, a finger daemon can be created simultaneously.Finger daemon can protect Sygote process, avoids Sygote process to be injected into.
In an embodiment, see Fig. 7, this device 60 also comprises:
Debugging module 65, debugs described privately owned process for adopting described finger daemon.
Concrete, when after establishment finger daemon, can preferentially debug Sygote process with finger daemon, and forward all Signal to Sygote process.Because Sygote process has been debugged by finger daemon, so other processes just cannot remove debugging Sygote again; Simultaneously because finger daemon forwarded all signal to Sygote process, so Sygote process can normally be run.Because the prerequisite injected is to debug, so once Sygote is protected avoid debugging, so other programs also just cannot inject Sygote.
When the present embodiment is by being the application program needing protection in application program; the hatching of this application program is completed by privately owned process; because privately owned process is not injected into; therefore the process of this application program can be avoided to be injected into; and; the present embodiment adopts the mode setting up privately owned process, instead of the mode of repairing, and can improve the effect avoiding process to be injected into.In addition, the present embodiment is by creating finger daemon, and can ensure that privately owned process and the application program by its hatching are avoided being injected into, further raising process is exempted to inject effect.It should be noted that, in describing the invention, term " first ", " second " etc. only for describing object, and can not be interpreted as instruction or hint relative importance.In addition, in describing the invention, except as otherwise noted, the implication of " multiple " is two or more.
Describe and can be understood in process flow diagram or in this any process otherwise described or method, represent and comprise one or more for realizing the module of the code of the executable instruction of the step of specific logical function or process, fragment or part, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can not according to order that is shown or that discuss, comprise according to involved function by the mode while of basic or by contrary order, carry out n-back test, this should understand by embodiments of the invention person of ordinary skill in the field.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, multiple step or method can with to store in memory and the software performed by suitable instruction execution system or firmware realize.Such as, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: the discrete logic with the logic gates for realizing logic function to data-signal, there is the special IC of suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries is that the hardware that can carry out instruction relevant by program completes, described program can be stored in a kind of computer-readable recording medium, this program perform time, step comprising embodiment of the method one or a combination set of.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing module, also can be that the independent physics of unit exists, also can be integrated in a module by two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, and the form of software function module also can be adopted to realize.If described integrated module using the form of software function module realize and as independently production marketing or use time, also can be stored in a computer read/write memory medium.
The above-mentioned storage medium mentioned can be ROM (read-only memory), disk or CD etc.
In the description of this instructions, specific features, structure, material or feature that the description of reference term " embodiment ", " some embodiments ", " example ", " concrete example " or " some examples " etc. means to describe in conjunction with this embodiment or example are contained at least one embodiment of the present invention or example.In this manual, identical embodiment or example are not necessarily referred to the schematic representation of above-mentioned term.And the specific features of description, structure, material or feature can combine in an appropriate manner in any one or more embodiment or example.
Although illustrate and describe embodiments of the invention above, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, and those of ordinary skill in the art can change above-described embodiment within the scope of the invention, revises, replace and modification.
Claims (12)
1. the method avoiding process to be injected into, is characterized in that, comprising:
Receive the start-up parameter of application program;
Judge whether described application program is the application program needing protection according to described start-up parameter;
If so, described start-up parameter is sent to the privately owned process be pre-created, make described privately owned process obtain described application program according to described start-up parameter hatching, wherein, described privately owned process is the hatching carrier be not injected into.
2. method according to claim 1, is characterized in that, also comprises:
Corresponding original hatching carrier, creates new process, described new process is defined as described privately owned process.
3. method according to claim 2, is characterized in that, described method is applied in Android platform, described original hatching carrier is zygote process, and the original hatching carrier of described correspondence, creates new process, described new process is defined as described privately owned process, comprises:
Create new zygote process, described new zygote process is defined as described privately owned process.
4. method according to claim 2, is characterized in that, also comprises:
Create the finger daemon of described privately owned process, described finger daemon is used for avoiding described privately owned process to be injected into.
5. method according to claim 4, is characterized in that, after the finger daemon of the described privately owned process of described establishment, described method comprises:
Described finger daemon is adopted to debug described privately owned process.
6. method according to claim 1, is characterized in that, comprises application package name and user ID in described start-up parameter, describedly judges that whether described application program is the application program needing protection according to described start-up parameter, comprising:
Obtain the information list of the application program of the needs protection of preserving in advance, records application program bag name and corresponding user ID in described information list;
Judge the application package name that comprises in described start-up parameter and user ID, whether belong to the described information list preserved in advance;
If belonged to, judge that described application program is the application program needing protection.
7. the device avoiding process to be injected into, is characterized in that, comprising:
Receiver module, for receiving the start-up parameter of application program;
Judge module, for judging according to described start-up parameter whether described application program is the application program needing protection;
Sending module; during for being the application program needing protection in described application program; described start-up parameter is sent to the privately owned process be pre-created; described privately owned process is made to obtain described application program according to described start-up parameter hatching; wherein, described privately owned process is the hatching carrier be not injected into.
8. device according to claim 7, is characterized in that, also comprises:
Creation module, for the original hatching carrier of correspondence, creates new process, described new process is defined as described privately owned process.
9. device according to claim 8, is characterized in that, described method is applied in Android platform, and described original hatching carrier is zygote process, described creation module specifically for:
Create new zygote process, described new zygote process is defined as described privately owned process.
10. device according to claim 8, is characterized in that, described creation module also for:
Create the finger daemon of described privately owned process, described finger daemon is used for avoiding described privately owned process to be injected into.
11. devices according to claim 10, is characterized in that, also comprise:
Debugging module, debugs described privately owned process for adopting described finger daemon.
12. devices according to claim 7, is characterized in that, comprise application package name and user ID in described start-up parameter, described judge module specifically for:
Obtain the information list of the application program of the needs protection of preserving in advance, records application program bag name and corresponding user ID in described information list;
Judge the application package name that comprises in described start-up parameter and user ID, whether belong to the described information list preserved in advance;
If belonged to, judge that described application program is the application program needing protection.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410441405.9A CN104239781A (en) | 2014-09-01 | 2014-09-01 | Method and unit for preventing processes from being injected |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410441405.9A CN104239781A (en) | 2014-09-01 | 2014-09-01 | Method and unit for preventing processes from being injected |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104239781A true CN104239781A (en) | 2014-12-24 |
Family
ID=52227826
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410441405.9A Pending CN104239781A (en) | 2014-09-01 | 2014-09-01 | Method and unit for preventing processes from being injected |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104239781A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105184151A (en) * | 2015-09-23 | 2015-12-23 | 北京北信源软件股份有限公司 | 32-bit progress and 64-bit progress alternate injecting method and device |
CN106681801A (en) * | 2016-05-09 | 2017-05-17 | 腾讯科技(深圳)有限公司 | Method and apparatus for executing events |
CN112527403A (en) * | 2019-09-19 | 2021-03-19 | 华为技术有限公司 | Application starting method and electronic equipment |
CN112948241A (en) * | 2021-02-09 | 2021-06-11 | 北京奇艺世纪科技有限公司 | Anti-debugging method and device of application program, electronic equipment and storage medium |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090089879A1 (en) * | 2007-09-28 | 2009-04-02 | Microsoft Corporation | Securing anti-virus software with virtualization |
CN102184356A (en) * | 2011-04-21 | 2011-09-14 | 奇智软件(北京)有限公司 | Method, device and safety browser by utilizing sandbox technology to defend |
-
2014
- 2014-09-01 CN CN201410441405.9A patent/CN104239781A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090089879A1 (en) * | 2007-09-28 | 2009-04-02 | Microsoft Corporation | Securing anti-virus software with virtualization |
CN102184356A (en) * | 2011-04-21 | 2011-09-14 | 奇智软件(北京)有限公司 | Method, device and safety browser by utilizing sandbox technology to defend |
Non-Patent Citations (1)
Title |
---|
周荣誉: "《RSA CONFERENCE 2014 https://www.rsaconference.com/writable/presentations/file_upload/man-w07-_app_-_android_.pdf》", 23 July 2014 * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105184151A (en) * | 2015-09-23 | 2015-12-23 | 北京北信源软件股份有限公司 | 32-bit progress and 64-bit progress alternate injecting method and device |
CN105184151B (en) * | 2015-09-23 | 2018-04-03 | 北京北信源软件股份有限公司 | 32 processes and 64 processes intersect method for implanting and device |
CN106681801A (en) * | 2016-05-09 | 2017-05-17 | 腾讯科技(深圳)有限公司 | Method and apparatus for executing events |
CN106681801B (en) * | 2016-05-09 | 2019-07-23 | 腾讯科技(深圳)有限公司 | The execution method and apparatus of event |
CN112527403A (en) * | 2019-09-19 | 2021-03-19 | 华为技术有限公司 | Application starting method and electronic equipment |
WO2021052437A1 (en) * | 2019-09-19 | 2021-03-25 | 华为技术有限公司 | Application start method and electronic device |
US11947974B2 (en) | 2019-09-19 | 2024-04-02 | Honor Device Co., Ltd. | Application start method and electronic device |
CN112948241A (en) * | 2021-02-09 | 2021-06-11 | 北京奇艺世纪科技有限公司 | Anti-debugging method and device of application program, electronic equipment and storage medium |
CN112948241B (en) * | 2021-02-09 | 2024-02-06 | 北京奇艺世纪科技有限公司 | Anti-debugging method and device for application program, electronic equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20160357958A1 (en) | Computer System Security | |
US8725702B1 (en) | Systems and methods for repairing system files | |
US10025674B2 (en) | Framework for running untrusted code | |
CN104239781A (en) | Method and unit for preventing processes from being injected | |
CN105630557B (en) | Hot patch method and apparatus | |
CN112906008B (en) | Kernel vulnerability restoration method, device, server and system | |
CN102867141B (en) | The method that Main Boot Record rogue program is processed and device | |
US20120192160A1 (en) | Handling breakpoints in an asynchronous debug model | |
EP3127036B1 (en) | Systems and methods for identifying a source of a suspect event | |
CN105809055A (en) | Access control method and device, and related equipment | |
CN106303709B (en) | A kind of set-top box and its application program updating method, system | |
KR101974989B1 (en) | Method and apparatus for determining behavior information corresponding to a dangerous file | |
CN108845875A (en) | A kind of Resident Process keep-alive system and method | |
CN111258591A (en) | Program deployment task execution method and device, computer equipment and storage medium | |
CN104915594B (en) | Application program operation method and device | |
CN109408099B (en) | Remote FPGA firmware code updating system, method and medium | |
WO2016082450A1 (en) | Method for upgrading user terminal, and user terminal | |
CN107657170B (en) | Trusted loading starting control system and method supporting intelligent repair | |
CN112231649A (en) | Firmware encryption processing method, device, equipment and medium | |
CN103605922B (en) | A kind of method and apparatus downloading protection | |
CN109271181A (en) | Using compatible restorative procedure, terminal device and computer readable storage medium | |
CN108229147B (en) | Memory detection device and method based on Android virtual container | |
US20190147164A1 (en) | Novel methodology, process and program for the repair of disabled, badly infected or slow windows computers | |
CN112241529A (en) | Malicious code detection method and device, storage medium and computer equipment | |
CN107844703B (en) | Client security detection method and device based on Android platform Unity3D game |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20141224 |