CN111857971A - Method for running executable file under android virtual machine system and storage medium - Google Patents
Method for running executable file under android virtual machine system and storage medium Download PDFInfo
- Publication number
- CN111857971A CN111857971A CN202010744855.0A CN202010744855A CN111857971A CN 111857971 A CN111857971 A CN 111857971A CN 202010744855 A CN202010744855 A CN 202010744855A CN 111857971 A CN111857971 A CN 111857971A
- Authority
- CN
- China
- Prior art keywords
- virtual environment
- target process
- function
- target
- android
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45575—Starting, stopping, suspending or resuming virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The invention relates to a method and a storage medium for running an executable file under an android virtual machine system, wherein the method comprises the following steps: hooking an execute function of the current process and executing a transfer process; loading an elf file of a target process in a transfer process, and adding virtual environment parameters required by a virtual environment; and jumping to the entry function of the target process. In an android virtual machine system, when a running current process needs to start a target process, an execute function of the current process is hooked first, and a transfer process is executed; then the elf file of the target process is loaded in the transfer process, after the virtual environment parameters required by the virtual environment are added, the entry function of the target process is skipped, and then the target function is started, so that the target process is prevented from being separated from the control of the virtual environment in an android virtual machine, and various uncontrollable abnormal effects are avoided.
Description
Technical Field
The invention relates to the technical field of android virtual machine systems, in particular to a method and a storage medium for running an executable file in an android virtual machine system.
Background
The Android virtual machine can realize the installation and operation of a simulation Android system on a PC (computer). The android system can be operated on almost any mobile phone at the computer end, and even can be connected with a computer like a mobile phone and detected by a mobile phone assistant, so that android systems of all official versions can be simulated. If the process A is already in the control of the virtual environment in the android virtual machine which is already running; when the process a intends to start the process B, the process a finally executes syscall (NR _ execute) to enter the kernel space and transfer the specified parameters, and if no processing is performed, the process B running from the beginning runs in a system outside the virtual machine, which is out of the control of the virtual environment, and various uncontrollable abnormal results are caused.
Disclosure of Invention
Therefore, it is desirable to provide a method and a storage medium for running an executable file in an android virtual machine system, which solve various uncontrollable abnormal results caused when a process a intends to start a process B in the existing android virtual machine system.
To achieve the above object, the inventor provides a method for running an executable file under an android virtual machine system, including the following steps:
hooking an execute function of the current process and executing a transfer process;
loading an elf file of a target process in a transfer process, and adding virtual environment parameters required by a virtual environment;
and jumping to the entry function of the target process.
Further optimization, the step of hooking the execute function of the current process and executing the transfer process specifically comprises the following steps:
hooking an execute function of the current process;
modifying syscalls/execute.S files in libc libraries in android source codes of an android virtual system, modifying filename parameters of the syscalls/execute.S files into paths of a transfer process, and adding a realpath field in envp parameters of the syscalls/execute.S files to store a process path corresponding to a target process;
further optimization, the step of loading the elf file of the target process in the transfer process specifically comprises the following steps:
analyzing a realpath field in the envp parameter to acquire a process path of the target process;
and judging whether the target process is an executable file, if so, calling the modified kernel code load _ elf _ bind function to load into the memory.
Further optimization, the "adding virtual environment parameters required by the virtual environment" specifically includes the following steps:
adding a section in an auxv list stacked AT the program entry in the user space, and marking the section as an AT _ FLAG section;
a structure pointer of a virtual environment parameter required by a virtual environment is stored in an AT _ FLAG section.
Further optimization, the step of "jump to entry function of target process" specifically includes the following steps:
when the target process is analyzed, calling an internal Linker file to perform function analysis;
analyzing data of AT _ FLAG sections in the auxv list to analyze needed virtual environment parameters;
and monitoring the execution condition of the target process.
The inventor also provides another technical scheme that: a storage medium having a computer program stored therein, the computer program when executed by a processor performing the steps of:
hooking an execute function of the current process and executing a transfer process;
loading an elf file of a target process in a transfer process, and adding virtual environment parameters required by a virtual environment;
and jumping to the entry function of the target process.
Further optimization, the step of hooking the execute function of the current process and executing the transfer process specifically comprises the following steps:
hooking an execute function of the current process;
modifying syscalls/execute.S files in libc libraries in android source codes of an android virtual system, modifying filename parameters of the syscalls/execute.S files into paths of a transfer process, and adding a realpath field in envp parameters of the syscalls/execute.S files to store a process path corresponding to a target process;
further optimization, the step of loading the elf file of the target process in the transfer process specifically comprises the following steps:
analyzing a realpath field in the envp parameter to acquire a process path of the target process;
and judging whether the target process is an executable file, if so, calling the modified kernel code load _ elf _ bind function to load into the memory.
Further optimization, the "adding virtual environment parameters required by the virtual environment" specifically includes the following steps:
adding a section in an auxv list stacked AT the program entry in the user space, and marking the section as an AT _ FLAG section;
a structure pointer of a virtual environment parameter required by a virtual environment is stored in an AT _ FLAG section.
Further optimization, the step of "jump to entry function of target process" specifically includes the following steps:
when the target process is analyzed, calling an internal Linker file to perform function analysis;
analyzing data of AT _ FLAG sections in the auxv list to analyze needed virtual environment parameters;
and monitoring the execution condition of the target process.
Different from the prior art, in the technical scheme, in the android virtual machine system, when the running current process needs to start the target process, the exeve function of the current process is hooked firstly, and the transfer process is executed; then the elf file of the target process is loaded in the transfer process, after the virtual environment parameters required by the virtual environment are added, the entry function of the target process is skipped, and then the target function is started, so that the target process is prevented from being separated from the control of the virtual environment in an android virtual machine, and various uncontrollable abnormal effects are avoided.
Drawings
Fig. 1 is a schematic flowchart of a method for running an executable file in an android virtual machine system according to an embodiment;
fig. 2 is a schematic structural diagram of a storage medium according to an embodiment.
Detailed Description
To explain technical contents, structural features, and objects and effects of the technical solutions in detail, the following detailed description is given with reference to the accompanying drawings in conjunction with the embodiments.
Referring to fig. 1, the present embodiment provides a method for running an executable file in an android virtual machine system, including the following steps:
step S110: hooking an execute function of the current process and executing a transfer process;
step S120: loading an elf file of a target process in a transfer process, and adding virtual environment parameters required by a virtual environment;
step S130: and jumping to the entry function of the target process.
In an android virtual machine system, when a running current process needs to start a target process, an execute function of the current process is hooked first, and a transfer process is executed; then the elf file of the target process is loaded in the transfer process, after the virtual environment parameters required by the virtual environment are added, the entry function of the target process is skipped, and then the target function is started, so that the target process is prevented from being separated from the control of the virtual environment in an android virtual machine, and various uncontrollable abnormal effects are avoided.
In this embodiment, since the android virtual machine system itself is controllable, the "hooking the execute function of the current process and executing the relay process" specifically includes the following steps:
hooking an execute function of the current process;
modifying syscalls/execute.S files in libc libraries in android source codes of an android virtual system, modifying filename parameters of the syscalls/execute.S files into paths of a transfer process, and adding a realpath field in envp parameters of the syscalls/execute.S files to store a process path corresponding to a target process;
the method comprises the steps of modifying syscalls/execute.S files of libc libraries in android source codes of the android virtual machine, processing parameters (filename, argv [ ], envp [ ]) of the syscall/execute.S files, changing the filename into a path for transferring a process, keeping argv unchanged, adding a realpath field to the envp, and storing the path filename corresponding to the B process.
In this embodiment, the code system for loading the elf file of the target process is implemented in a kernel, and needs a root right, and in order to achieve the purpose of avoiding root, the "loading the elf file of the target process in the relay process" specifically includes the following steps:
analyzing a realpath field in the envp parameter to acquire a process path of the target process;
and judging whether the target process is an executable file, if so, calling the modified kernel code load _ elf _ bind function to load into the memory.
The first function of the transit process is to load the bin file of the target process, i.e. load the elf file of the target process, and in order to achieve the root-free authority, the part of code of the bin file loaded in the kernel needs to be transplanted into the transit process. Acquiring a process path of a target process through a realpath field in the analyzed envp parameter; and judging whether the target process is an executable file, if so, calling the modified kernel code load _ elf _ bind function to load into the memory. In the load _ elf _ binding function, a linker path is modified, and the link path and an internal linker path point to the virtual machine system, but not a default external linker path.
If the argv or envp array of exeve is directly modified, the number and the characteristics of the parameters are added, and the parameters are acquired by the target, analyzed and possibly made mistakes, in order to avoid the situation, the step of adding the virtual environment parameters required by the virtual environment specifically comprises the following steps:
adding a section in an auxv list stacked AT the program entry in the user space, and marking the section as an AT _ FLAG section;
a structure pointer of a virtual environment parameter required by a virtual environment is stored in an AT _ FLAG section.
The other function of the transfer process is the virtual environment parameters needed for adding the virtual environment; in the user space, the stacking sequence at the program entry is: argv, envp, auxv. Where argv belongs to the user incoming parameters, preferably unchanged. envp is a running environment that only adds paths to the original process B. The virtual environment parameters are placed in the auxv list. Namely, a section is added in the auxv list, marked as (AT _ FLAG), and a needed environment parameter structure body pointer is stored. By adopting the auxv field, parameters needing to be transmitted are stored in the auxv field in a mode of transferring the loading and packaging of the process, the argv content is not modified, and the envp is only added with one field. Only character strings can be transmitted in the envp array, and one field needs to be added for each parameter. Whereas in auxv parameters are passed, it is the structure that is passed, requiring only one field in total.
In this embodiment, the step "jump to the entry function of the target process" specifically includes the following steps:
when the target process is analyzed, calling an internal Linker file to perform function analysis;
analyzing data of AT _ FLAG sections in the auxv list to analyze needed virtual environment parameters;
and monitoring the execution condition of the target process.
The initialization of the virtual environment and the modification of the internal linker path are already completed in the above steps, so that a jump to the entry point (EntryPoint) of the target process is directly made. When the target process starts to analyze, an internal Linker file is called to analyze the function. AT this time, the internal linker can analyze data of the AT _ FLAG section in the auxv list, analyze the required virtual environment parameters, and monitor the execution condition of the target process. And finally, the controllable effect of the target process in the virtual environment is realized.
Referring to fig. 2, in another embodiment, a storage medium stores a computer program, and the computer program is executed by a processor to perform the following steps:
hooking an execute function of the current process and executing a transfer process;
loading an elf file of a target process in a transfer process, and adding virtual environment parameters required by a virtual environment;
and jumping to the entry function of the target process.
In an android virtual machine system, when a running current process needs to start a target process, an execute function of the current process is hooked first, and a transfer process is executed; then the elf file of the target process is loaded in the transfer process, after the virtual environment parameters required by the virtual environment are added, the entry function of the target process is skipped, and then the target function is started, so that the target process is prevented from being separated from the control of the virtual environment in an android virtual machine, and various uncontrollable abnormal effects are avoided.
In this embodiment, since the android virtual machine system itself is controllable, the "hooking the execute function of the current process and executing the relay process" specifically includes the following steps:
hooking an execute function of the current process;
modifying syscalls/execute.S files in libc libraries in android source codes of an android virtual system, modifying filename parameters of the syscalls/execute.S files into paths of a transfer process, and adding a realpath field in envp parameters of the syscalls/execute.S files to store a process path corresponding to a target process;
the method comprises the steps of modifying syscalls/execute.S files of libc libraries in android source codes of the android virtual machine, processing parameters (filename, argv [ ], envp [ ]) of the syscall/execute.S files, changing the filename into a path for transferring a process, keeping argv unchanged, adding a realpath field to the envp, and storing the path filename corresponding to the B process.
In this embodiment, the code system for loading the elf file of the target process is implemented in a kernel, and needs a root right, and in order to achieve the purpose of avoiding root, the "loading the elf file of the target process in the relay process" specifically includes the following steps:
analyzing a realpath field in the envp parameter to acquire a process path of the target process;
and judging whether the target process is an executable file, if so, calling the modified kernel code load _ elf _ bind function to load into the memory.
The first function of the relay process is to load the bin file of the target process, that is, to load the elf file of the target process, in order to achieve the root-free permission, the part of code of the bin file loaded in the kernel needs to be transplanted into the relay process. Acquiring a process path of a target process through a realpath field in the analyzed envp parameter; and judging whether the target process is an executable file, if so, calling the modified kernel code load _ elf _ bind function to load into the memory. In the load _ elf _ binding function, a linker path is modified, and the link path and an internal linker path point to the virtual machine system, but not a default external linker path.
If the argv or envp array of exeve is directly modified, the number and the characteristics of the parameters are added, and the parameters are acquired by the target, analyzed and possibly made mistakes, in order to avoid the situation, the step of adding the virtual environment parameters required by the virtual environment specifically comprises the following steps:
adding a section in an auxv list stacked AT the program entry in the user space, and marking the section as an AT _ FLAG section;
a structure pointer of a virtual environment parameter required by a virtual environment is stored in an AT _ FLAG section.
The other function of the transfer process is the virtual environment parameters needed for adding the virtual environment; in the user space, the stacking sequence at the program entry is: argv, envp, auxv. Where argv belongs to the user incoming parameters, preferably unchanged. envp is a running environment that only adds paths to the original process B. The virtual environment parameters are placed in the auxv list. Namely, a section is added in the auxv list, marked as (AT _ FLAG), and a needed environment parameter structure body pointer is stored. By adopting the auxv field, parameters needing to be transmitted are stored in the auxv field in a mode of transferring the loading and packaging of the process, the argv content is not modified, and the envp is only added with one field. Only character strings can be transmitted in the envp array, and one field needs to be added for each parameter. Whereas in auxv parameters are passed, it is the structure that is passed, requiring only one field in total.
In this embodiment, the step "jump to the entry function of the target process" specifically includes the following steps:
when the target process is analyzed, calling an internal Linker file to perform function analysis;
analyzing data of AT _ FLAG sections in the auxv list to analyze needed virtual environment parameters;
and monitoring the execution condition of the target process.
The initialization of the virtual environment and the modification of the internal linker path are already completed in the above steps, so that a jump to the entry point (EntryPoint) of the target process is directly made. When the target process starts to analyze, an internal Linker file is called to analyze the function. AT this time, the internal linker can analyze data of the AT _ FLAG section in the auxv list, analyze the required virtual environment parameters, and monitor the execution condition of the target process. And finally, the controllable effect of the target process in the virtual environment is realized.
It should be noted that, although the above embodiments have been described herein, the invention is not limited thereto. Therefore, based on the innovative concepts of the present invention, the technical solutions of the present invention can be directly or indirectly applied to other related technical fields by making changes and modifications to the embodiments described herein, or by using equivalent structures or equivalent processes performed in the content of the present specification and the attached drawings, which are included in the scope of the present invention.
Claims (10)
1. A method for running an executable file under an android virtual machine system is characterized by comprising the following steps:
hooking an execute function of the current process and executing a transfer process;
loading an elf file of a target process in a transfer process, and adding virtual environment parameters required by a virtual environment;
and jumping to the entry function of the target process.
2. The method for running the executable file under the android virtual machine system according to claim 1, wherein the step of hooking the execute function of the current process and executing the relay process specifically comprises the following steps:
hooking an execute function of the current process;
and modifying syscalls/execute.S files in libc libraries in android source codes of the android virtual system, modifying the filename parameters into a path of a transfer process, and adding a realpath field in the envp parameters to store a process path corresponding to a target process.
3. The method for running the executable file under the android virtual machine system according to claim 2, wherein the step of "loading the elf file of the target process in the relay process" specifically comprises the steps of:
analyzing a realpath field in the envp parameter to acquire a process path of the target process;
and judging whether the target process is an executable file, if so, calling the modified kernel code load _ elf _ bind function to load into the memory.
4. The method for running the executable file under the android virtual machine system according to claim 2, wherein the "adding the virtual environment parameters required by the virtual environment" specifically includes the following steps:
adding a section in an auxv list stacked AT the program entry in the user space, and marking the section as an AT _ FLAG section;
a structure pointer of a virtual environment parameter required by a virtual environment is stored in an AT _ FLAG section.
5. The method for running the executable file under the android virtual machine system according to claim 4, wherein the step of "jumping to the entry function of the target process" specifically includes the following steps:
when the target process is analyzed, calling an internal Linker file to perform function analysis;
analyzing data of AT _ FLAG sections in the auxv list to analyze needed virtual environment parameters;
and monitoring the execution condition of the target process.
6. A storage medium having a computer program stored therein, the computer program when executed by a processor performing the steps of:
hooking an execute function of the current process and executing a transfer process;
loading an elf file of a target process in a transfer process, and adding virtual environment parameters required by a virtual environment;
and jumping to the entry function of the target process.
7. The storage medium of claim 6, wherein hooking the execute function of the current process and executing the intermediate process specifically comprises:
hooking an execute function of the current process;
and modifying syscalls/execute.S files in libc libraries in android source codes of the android virtual system, modifying the filename parameters into a path of a transfer process, and adding a realpath field in the envp parameters to store a process path corresponding to a target process.
8. The storage medium according to claim 7, wherein the step of "loading the elf file of the target process in the transit process" specifically comprises the steps of:
analyzing a realpath field in the envp parameter to acquire a process path of the target process;
and judging whether the target process is an executable file, if so, calling the modified kernel code load _ elf _ bind function to load into the memory.
9. The storage medium according to claim 7, wherein the step of adding the virtual environment parameters required by the virtual environment specifically comprises the steps of:
adding a section in an auxv list stacked AT the program entry in the user space, and marking the section as an AT _ FLAG section;
a structure pointer of a virtual environment parameter required by a virtual environment is stored in an AT _ FLAG section.
10. The storage medium according to claim 9, wherein the step "jump to the entry function of the target process" specifically comprises the steps of:
when the target process is analyzed, calling an internal Linker file to perform function analysis;
analyzing data of AT _ FLAG sections in the auxv list to analyze needed virtual environment parameters;
and monitoring the execution condition of the target process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010744855.0A CN111857971B (en) | 2020-07-29 | 2020-07-29 | Method for running executable file under android virtual machine system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010744855.0A CN111857971B (en) | 2020-07-29 | 2020-07-29 | Method for running executable file under android virtual machine system and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111857971A true CN111857971A (en) | 2020-10-30 |
| CN111857971B CN111857971B (en) | 2024-03-15 |
Family
ID=72945682
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010744855.0A Active CN111857971B (en) | 2020-07-29 | 2020-07-29 | Method for running executable file under android virtual machine system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111857971B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103778368A (en) * | 2014-01-23 | 2014-05-07 | 重庆邮电大学 | Safe progress isolating method based on system virtualization technology |
| CN105068916A (en) * | 2015-08-28 | 2015-11-18 | 福建六壬网安股份有限公司 | Kernel hook based process behavior monitoring method |
| CN106897611A (en) * | 2017-03-03 | 2017-06-27 | 金光 | Secure virtual mobile applications running environment system and method and application without root authority |
| US20180357085A1 (en) * | 2016-08-10 | 2018-12-13 | Beijing Qihoo Technology Company Limited | Method and apparatus for running android application on windows system |
| CN111125688A (en) * | 2019-12-13 | 2020-05-08 | 北京浪潮数据技术有限公司 | Process control method and device, electronic equipment and storage medium |
-
2020
- 2020-07-29 CN CN202010744855.0A patent/CN111857971B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103778368A (en) * | 2014-01-23 | 2014-05-07 | 重庆邮电大学 | Safe progress isolating method based on system virtualization technology |
| CN105068916A (en) * | 2015-08-28 | 2015-11-18 | 福建六壬网安股份有限公司 | Kernel hook based process behavior monitoring method |
| US20180357085A1 (en) * | 2016-08-10 | 2018-12-13 | Beijing Qihoo Technology Company Limited | Method and apparatus for running android application on windows system |
| CN106897611A (en) * | 2017-03-03 | 2017-06-27 | 金光 | Secure virtual mobile applications running environment system and method and application without root authority |
| CN111125688A (en) * | 2019-12-13 | 2020-05-08 | 北京浪潮数据技术有限公司 | Process control method and device, electronic equipment and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| YG@HUNTER: "Linux上监控应用程序启动 (hook execve系统调用)", pages 1 - 4, Retrieved from the Internet <URL:https://blog.csdn.net/weixin_42915431/article/details/106389272> * |
| 王全民 等: "基于Linux内核2.6的进程拦截机制的研究和实现", 《科技与创新》, vol. 28, no. 9, pages 13 - 15 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111857971B (en) | 2024-03-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11232015B2 (en) | Automated software verification service | |
| KR101806090B1 (en) | Generic unpacking of applications for malware detection | |
| US5748964A (en) | Bytecode program interpreter apparatus and method with pre-verification of data type restrictions | |
| CN106203120A (en) | A kind of multiple spot Hook reverse method for Android reinforcement application | |
| KR20130069555A (en) | Virtual application extension points | |
| US20110145924A1 (en) | Method for detection and prevention of loading executable files from the current working directory | |
| US7404107B2 (en) | Fault injection selection | |
| CN109388946B (en) | Malicious process detection method and device, electronic equipment and storage medium | |
| CN107102944A (en) | The analysis method and device of a kind of call function | |
| US20130311600A1 (en) | Event-responsive download of portions of streamed applications | |
| CN110209520B (en) | Method and device for improving SSD (solid State disk) testing efficiency, computer equipment and storage medium | |
| CN111176722A (en) | Method and device for detecting file version of third-party library and storage medium | |
| CN109271789B (en) | Malicious process detection method and device, electronic equipment and storage medium | |
| CN113391874A (en) | Virtual machine detection countermeasure method and device, electronic equipment and storage medium | |
| CN112114866A (en) | Data conversion loading method and device of JSON file and storage medium | |
| CN111026609B (en) | Information auditing method, system, equipment and computer readable storage medium | |
| CN111857971A (en) | Method for running executable file under android virtual machine system and storage medium | |
| Farrelly et al. | Splits: Split input-to-state mapping for effective firmware fuzzing | |
| US20060126799A1 (en) | Fault injection | |
| WO2025162196A1 (en) | Application risk detection method and apparatus | |
| US20190026649A1 (en) | System and method for generating a file execution record of address tuples | |
| US9448782B1 (en) | Reducing a size of an application package | |
| CN112579111A (en) | Installation method and device of installation package, electronic equipment and storage medium | |
| CN109426546B (en) | Application starting method and device, computer storage medium and equipment | |
| WO2016126206A1 (en) | Method for obfuscation of code using return oriented programming |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |