[go: up one dir, main page]

CN116089912A - Software identification information acquisition method and device, electronic equipment and storage medium - Google Patents

Software identification information acquisition method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN116089912A
CN116089912A CN202211733415.0A CN202211733415A CN116089912A CN 116089912 A CN116089912 A CN 116089912A CN 202211733415 A CN202211733415 A CN 202211733415A CN 116089912 A CN116089912 A CN 116089912A
Authority
CN
China
Prior art keywords
software
identification information
header
target
software identification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211733415.0A
Other languages
Chinese (zh)
Other versions
CN116089912B (en
Inventor
廖恒
潘明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Luyi Technology Co ltd
Original Assignee
Chengdu Luyi Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Luyi Technology Co ltd filed Critical Chengdu Luyi Technology Co ltd
Priority to CN202211733415.0A priority Critical patent/CN116089912B/en
Publication of CN116089912A publication Critical patent/CN116089912A/en
Application granted granted Critical
Publication of CN116089912B publication Critical patent/CN116089912B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Stored Programmes (AREA)

Abstract

The application provides a method and a device for acquiring software identification information, electronic equipment and a storage medium, wherein the method comprises the following steps: acquiring the dos header of the pe file of the target software; acquiring a pe header of the pe file based on the last byte of the dos header; determining a specified code segment in the main program according to the pe header; extracting a predetermined number of bytes from the specified code segment; and determining the hash value of the target software based on the bytes and a preset hash value calculation mode, and taking the hash value as the software identification information of the target software. According to the technical scheme, the software identification information can be kept unchanged during software updating, so that resources consumed by regenerating the software identification information are reduced, the cost of maintaining the software identification information is reduced, and the convenience and safety of software identification are improved.

Description

软件识别信息获取方法及装置、电子设备和存储介质Software identification information acquisition method and device, electronic equipment and storage medium

【技术领域】【Technical field】

本申请涉及计算机技术领域,尤其涉及一种软件识别信息获取方法及装置、电子设备和存储介质。The present application relates to the field of computer technology, and in particular to a method and device for acquiring software identification information, electronic equipment, and a storage medium.

【背景技术】【Background technique】

为及时阻止违规软件运行,相关技术中为软件设置了软件识别信息,通过软件识别信息可以识别软件,从而进一步判断其是否为被认定为违规的软件。然而,现有的软件识别信息的生成依赖于软件的程序本身,一旦软件更新,软件的程序变动,就需要重新为软件计算新的软件识别信息,而这一计算所消耗的后台维护资源很大。In order to prevent illegal software from running in a timely manner, software identification information is set for the software in related technologies, and the software can be identified through the software identification information, so as to further determine whether it is identified as illegal software. However, the generation of existing software identification information depends on the software program itself. Once the software is updated and the software program changes, it is necessary to recalculate new software identification information for the software, and this calculation consumes a lot of background maintenance resources. .

因此,如何减少因软件更新而重新计算软件识别信息所导致的消耗,成为目前亟待解决的技术问题。Therefore, how to reduce the consumption caused by recalculating software identification information due to software updates has become a technical problem to be solved urgently.

【发明内容】【Content of invention】

本申请实施例提供了一种软件识别信息获取方法及装置、电子设备和存储介质,旨在解决相关技术中因软件更新而重新计算软件识别信息导致后台维护资源很大的技术问题。Embodiments of the present application provide a method and device for acquiring software identification information, electronic equipment, and a storage medium, aiming to solve the technical problem in the related art that recalculation of software identification information due to software updates results in large background maintenance resources.

第一方面,本申请实施例提供了一种软件识别信息获取方法,包括:获取目标软件的pe文件的dos头;基于所述dos头的末位字节,获取所述pe文件的pe头;根据所述pe头,在所述主程序中确定指定代码段;从所述指定代码段中提取预定数量的字节;基于所述字节和预定哈希值计算方式,确定所述目标软件的哈希值,作为所述目标软件的软件识别信息。In the first aspect, the embodiment of the present application provides a method for acquiring software identification information, comprising: acquiring the dos header of the pe file of the target software; based on the last byte of the dos header, acquiring the pe header of the pe file; According to the pe header, determine a specified code segment in the main program; extract a predetermined number of bytes from the specified code segment; determine the target software based on the bytes and a predetermined hash value calculation method The hash value is used as the software identification information of the target software.

在一种可能的设计中,在所述获取目标软件的pe文件的dos头之前,还包括:安装所述目标软件,并基于安装操作更新注册表和系统配置信息;基于所述注册表或所述系统配置信息,获取所述目标软件的主程序。In a possible design, before obtaining the dos header of the pe file of the target software, it also includes: installing the target software, and updating the registry and system configuration information based on the installation operation; based on the registry or the The system configuration information is obtained to obtain the main program of the target software.

在一种可能的设计中,所述根据所述pe头,在所述主程序中确定指定代码段,包括:基于所述pe头的首字节,确定所述目标软件的目标运行平台;按照所述目标运行平台对应的pe头长度确定方式,确定所述pe头的长度;基于所述pe头的首字节和所述pe头的长度进行偏移,获得所述pe文件的多个节表;在所述多个节表中确定.text节所在的目标节表,并获取所述目标节表中的所述.text节,作为所述指定代码段。In a possible design, the determining the specified code segment in the main program according to the pe header includes: determining the target operating platform of the target software based on the first byte of the pe header; The pe header length determination method corresponding to the target operating platform determines the length of the pe header; offsets based on the first byte of the pe header and the length of the pe header to obtain multiple sections of the pe file Table; determine the target section table where the .text section is located in the plurality of section tables, and obtain the .text section in the target section table as the specified code segment.

在一种可能的设计中,所述从所述指定代码段中提取预定数量的字节,包括:按照指定提取规则从所述指定代码段中提取预定数量的字节。In a possible design, the extracting the predetermined number of bytes from the specified code segment includes: extracting the predetermined number of bytes from the specified code segment according to a specified extraction rule.

在一种可能的设计中,所述基于所述字节和预定哈希值计算方式,确定所述目标软件的哈希值,包括:通过md5算法、sha1算法或sm3算法对所述字节进行处理,得到所述目标软件的哈希值。In a possible design, the determining the hash value of the target software based on the byte and a predetermined hash value calculation method includes: performing an md5 algorithm, a sha1 algorithm, or an sm3 algorithm on the byte processing to obtain the hash value of the target software.

第二方面,本申请实施例提供了一种软件识别方法,包括:响应于目标软件的运行请求,获取所述目标软件的软件识别信息;若所述软件识别信息与软件黑名单内的指定识别信息相匹配,阻止所述目标软件运行,其中,在所述获取所述目标软件的软件识别信息之前,通过执行上述第一方面中任一项所述方法生成所述软件识别信息。In the second aspect, the embodiment of the present application provides a software identification method, including: obtaining the software identification information of the target software in response to the running request of the target software; if the software identification information matches the specified identification in the software blacklist The information is matched to prevent the target software from running, wherein, before the acquisition of the software identification information of the target software, the software identification information is generated by executing any one of the methods in the first aspect above.

第三方面,本申请实施例提供了一种软件识别信息获取装置,包括:第一获取单元,用于获取目标软件的pe文件的dos头;第二获取单元,用于基于所述dos头的末位字节,获取所述pe文件的pe头;代码段确定单元,用于根据所述pe头,在所述主程序中确定指定代码段;字节提取单元,用于从所述指定代码段中提取预定数量的字节;哈希计算单元,用于基于所述字节和预定哈希值计算方式,确定所述目标软件的哈希值,作为所述目标软件的软件识别信息。In a third aspect, an embodiment of the present application provides a device for acquiring software identification information, including: a first acquiring unit, configured to acquire the dos header of the pe file of the target software; a second acquiring unit, configured to acquire the The last byte obtains the pe header of the pe file; the code segment determination unit is used to determine the specified code segment in the main program according to the pe header; the byte extraction unit is used to obtain the specified code from the specified code Extracting a predetermined number of bytes from the segment; a hash calculation unit configured to determine the hash value of the target software as software identification information of the target software based on the bytes and a predetermined hash value calculation method.

在一种可能的设计中,所述软件识别信息获取装置还包括:软件安装单元,用于在所述获取目标软件的pe文件的dos头之前,安装所述目标软件,并基于安装操作更新注册表和系统配置信息;主程序获取单元,用于基于所述注册表或所述系统配置信息,获取所述目标软件的主程序。In a possible design, the device for acquiring software identification information further includes: a software installation unit, configured to install the target software before acquiring the dos header of the pe file of the target software, and update the registration based on the installation operation. table and system configuration information; a main program acquiring unit, configured to acquire the main program of the target software based on the registry or the system configuration information.

在一种可能的设计中,所述代码段确定单元用于:基于所述pe头的首字节,确定所述目标软件的目标运行平台;按照所述目标运行平台对应的pe头长度确定方式,确定所述pe头的长度;基于所述pe头的首字节和所述pe头的长度进行偏移,获得所述pe文件的多个节表;在所述多个节表中确定.text节所在的目标节表,并获取所述目标节表中的所述.text节,作为所述指定代码段。In a possible design, the code segment determination unit is configured to: determine the target operating platform of the target software based on the first byte of the pe header; determine the length of the pe header corresponding to the target operating platform , determine the length of the pe header; offset based on the first byte of the pe header and the length of the pe header to obtain multiple section tables of the pe file; determine in the multiple section tables. The target section table where the text section is located, and obtain the .text section in the target section table as the specified code segment.

在一种可能的设计中,所述字节提取单元用于按照指定提取规则从所述指定代码段中提取预定数量的字节。In a possible design, the byte extracting unit is configured to extract a predetermined number of bytes from the specified code segment according to a specified extraction rule.

在一种可能的设计中,所述哈希计算单元用于:通过md5算法、sha1算法或sm3算法对所述字节进行处理,得到所述目标软件的哈希值。In a possible design, the hash calculation unit is configured to: process the byte through an md5 algorithm, a sha1 algorithm or an sm3 algorithm, to obtain a hash value of the target software.

第四方面,本申请实施例提供了一种软件识别装置,包括:软件识别信息生成单元,用于基于上述第三方面所述的软件识别信息获取装置生成软件识别信息;识别信息获取单元,用于响应于目标软件的运行请求,获取所述目标软件的所述软件识别信息;软件识别单元,用于若所述软件识别信息与软件黑名单内的指定识别信息相匹配,阻止所述目标软件运行。In a fourth aspect, an embodiment of the present application provides a software identification device, including: a software identification information generation unit configured to generate software identification information based on the software identification information acquisition device described in the third aspect above; an identification information acquisition unit configured to Acquire the software identification information of the target software in response to the running request of the target software; a software identification unit is configured to block the target software if the software identification information matches specified identification information in the software blacklist run.

第五方面,本申请实施例提供了一种电子设备,包括:至少一个处理器;以及,与所述至少一个处理器通信连接的存储器;其中,所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被设置为用于执行上述第一方面所述的方法。In a fifth aspect, the embodiment of the present application provides an electronic device, including: at least one processor; and a memory connected in communication with the at least one processor; wherein, the memory stores information that can be processed by the at least one processor. An instruction executed by a device, the instruction being configured to execute the method described in the first aspect above.

第六方面,本申请实施例提供了一种存储介质,存储有计算机可执行指令,所述计算机可执行指令用于执行上述第一方面所述的方法。In a sixth aspect, the embodiment of the present application provides a storage medium storing computer-executable instructions, and the computer-executable instructions are used to execute the method described in the above-mentioned first aspect.

以上技术方案,可基于指定代码段中预定数量的字节生成软件识别信息,由于所述指定代码段在所述目标软件发生更新时保持不变,则在目标软件发生更新时,基于指定代码段中预定数量的字节生成的软件识别信息也不变。换言之,相对于相关技术中因软件更新而重新计算软件识别信息的技术方案,本申请的技术方案可以在软件更新时保持软件识别信息不变,从而减少因重新生成软件识别信息而消耗的资源,降低维护软件识别信息的成本,提升了软件识别的便利性和安全性。The above technical solution can generate software identification information based on a predetermined number of bytes in the specified code segment. Since the specified code segment remains unchanged when the target software is updated, when the target software is updated, based on the specified code segment The software identification information generated by the predetermined number of bytes is also unchanged. In other words, compared with the technical solution of recalculating software identification information due to software update in the related art, the technical solution of the present application can keep the software identification information unchanged during software update, thereby reducing the resources consumed by regenerating software identification information, The cost of maintaining software identification information is reduced, and the convenience and security of software identification are improved.

【附图说明】【Description of drawings】

为了更清楚地说明本申请实施例的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其它的附图。In order to more clearly illustrate the technical solutions of the embodiments of the present application, the following will briefly introduce the accompanying drawings that need to be used in the embodiments. Obviously, the accompanying drawings in the following description are only some embodiments of the present application. Those of ordinary skill in the art can also obtain other drawings based on these drawings without any creative effort.

图1示出了根据本申请的一个实施例的软件识别信息获取方法的流程图;FIG. 1 shows a flowchart of a method for acquiring software identification information according to an embodiment of the present application;

图2示出了根据本申请的另一个实施例的软件识别信息获取方法的流程图;FIG. 2 shows a flow chart of a method for acquiring software identification information according to another embodiment of the present application;

图3示出了根据本申请的一个实施例的软件识别方法的流程图;Fig. 3 shows the flowchart of the software identification method according to one embodiment of the present application;

图4示出了根据本申请的一个实施例的云端与本地端交互过程的示意图;FIG. 4 shows a schematic diagram of an interaction process between the cloud and the local end according to an embodiment of the present application;

图5示出了根据本申请的一个实施例的软件识别信息获取装置的框图;FIG. 5 shows a block diagram of an apparatus for acquiring software identification information according to an embodiment of the present application;

图6示出了根据本申请的一个实施例的电子设备的框图。FIG. 6 shows a block diagram of an electronic device according to an embodiment of the present application.

【具体实施方式】【Detailed ways】

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are some of the embodiments of the present invention, but not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

图1示出了根据本申请的一个实施例的软件识别信息获取方法的流程图。Fig. 1 shows a flowchart of a method for acquiring software identification information according to an embodiment of the present application.

如图1所示,根据本申请的一个实施例的软件识别信息获取方法包括:As shown in Figure 1, a method for acquiring software identification information according to an embodiment of the present application includes:

步骤102,获取目标软件的pe文件的dos头。Step 102, obtaining the dos header of the pe file of the target software.

步骤104,基于所述dos头的末位字节,获取所述pe文件的pe头。Step 104: Obtain the pe header of the pe file based on the last byte of the dos header.

pe文件是windows系统中的可执行文件,常见的文件后缀包括但不限于exe、dll、sys、com、ocx等。在32位windows系统上运行的pe文件格式为pe32,在64位windows系统上运行的pe文件格式为pe32+,不同格式的pe文件之差别之一在于其pe头不同。pe file is an executable file in the windows system. Common file suffixes include but are not limited to exe, dll, sys, com, ocx, etc. The format of the pe file running on the 32-bit windows system is pe32, and the format of the pe file running on the 64-bit windows system is pe32+. One of the differences between the different formats of the pe files lies in the different pe headers.

pe文件的dos头是一段二进制的数据,其末位字节用于反映pe文件中pe头的位置,故可由此获取pe文件的pe头。The dos header of the pe file is a piece of binary data, and its last byte is used to reflect the position of the pe header in the pe file, so the pe header of the pe file can be obtained from this.

步骤106,根据所述pe头,在所述主程序中确定指定代码段。Step 106, according to the pe header, determine the specified code segment in the main program.

pe头相当于指定代码段的位置参照信息,换言之,pe头的位置能够作为确定指定代码段的位置的条件。其中,指定代码段中往往具有一段不会因软件更新而变动的特征段,以不会因软件更新而变动的特征段为基础确定软件的软件识别信息,在软件发生更新时可保证软件的软件识别信息不变,从而避免软件更新所带来的软件识别信息重置,节省计算资源。The pe header is equivalent to the position reference information of the specified code segment, in other words, the position of the pe header can be used as a condition for determining the position of the specified code segment. Among them, the specified code segment often has a feature segment that will not change due to software updates, and the software identification information of the software is determined on the basis of the feature segments that will not change due to software updates, so that the software can be guaranteed when the software is updated. The identification information remains unchanged, thereby avoiding software identification information resetting caused by software updates, and saving computing resources.

具体地,可基于所述pe头的首字节,确定所述目标软件的目标运行平台;按照所述目标运行平台对应的pe头长度确定方式,确定所述pe头的长度;基于所述pe头的首字节和所述pe头的长度进行偏移,获得所述pe文件的多个节表;在所述多个节表中确定.text节所在的目标节表,并获取所述目标节表中的所述.text节,作为所述指定代码段。Specifically, the target operating platform of the target software may be determined based on the first byte of the pe header; the length of the pe header may be determined according to the pe header length determination method corresponding to the target operating platform; based on the pe The first byte of the header and the length of the pe header are offset to obtain multiple section tables of the pe file; determine the target section table where the .text section is located in the multiple section tables, and obtain the target The .text section in the section table is used as the specified code segment.

pe头的首字节反映了目标软件的目标运行平台为何,目标运行平台包括但不限于32位平台和64位平台,还可以是任何能够运行目标软件的其他平台。在不同的运行平台中,对pe头长度的计算方式具有差别,因此,可按照所述目标运行平台对应的pe头长度确定方式,确定所述pe头的长度。The first byte of the pe header reflects the target operating platform of the target software. The target operating platform includes but is not limited to a 32-bit platform and a 64-bit platform, and can also be any other platform capable of running the target software. Different operating platforms have different calculation methods for the length of the pe header. Therefore, the length of the pe header can be determined according to the determination method of the length of the pe header corresponding to the target operating platform.

具体地,在不同的运行平台中可选pe头的大小不一样,在64位平台中,其pe头为IMAGE_OPTIONAL_HEADER64这个结构体,通过sizeof(IMAGE_OPTIONAL_HEADER64)来得到pe头的长度。Specifically, the size of the optional pe header is different in different operating platforms. On a 64-bit platform, the pe header is a structure of IMAGE_OPTIONAL_HEADER64, and the length of the pe header is obtained through sizeof(IMAGE_OPTIONAL_HEADER64).

而在32位平台中,其pe头为IMAGE_OPTIONAL_HEADER,用sizeof(IMAGE_OPTIONAL_HEADER)得到pe头的长度。On the 32-bit platform, the pe header is IMAGE_OPTIONAL_HEADER, use sizeof(IMAGE_OPTIONAL_HEADER) to get the length of the pe header.

在确定pe头的长度后,由于pe头之后分布有多个节表,故可以通过pe头的首字节和pe头的长度进行偏移,来得到多个节表。每个节表用于描述软件所涉及的不同的功能,如存放初始数据,存放调用函数等。同时,每个节表包括多个列表项,或者说多个代码段。进一步地,可遍历各节表,确定.text节所在的节表,将.text节提取出来作为指定代码段。After the length of the pe header is determined, since there are multiple section tables distributed after the pe header, multiple section tables can be obtained by offsetting the first byte of the pe header and the length of the pe header. Each section table is used to describe different functions involved in the software, such as storing initial data, storing and calling functions, and so on. Meanwhile, each section table includes multiple list items, or multiple code segments. Further, each section table can be traversed to determine the section table where the .text section is located, and the .text section can be extracted as a specified code segment.

步骤108,从所述指定代码段中提取预定数量的字节。Step 108, extracting a predetermined number of bytes from the specified code segment.

在一种可能的设计中,所述从所述指定代码段中提取预定数量的字节,包括:按照指定提取规则从所述指定代码段中提取预定数量的字节。In a possible design, the extracting the predetermined number of bytes from the specified code segment includes: extracting the predetermined number of bytes from the specified code segment according to a specified extraction rule.

其中,指定提取规则可为:提取指定代码段中分别位于多个指定位置的多个字节,多个指定位置的数量为预定数量。Wherein, the specified extraction rule may be: extract multiple bytes respectively located at multiple specified positions in the specified code segment, and the number of the multiple specified positions is a predetermined number.

指定提取规则还可为:提取指定代码段中分别位于多个指定位置的字节,其中,在每个指定位置所提取的字节数量为指定的多个。The specified extraction rule may also be: extracting bytes at multiple specified positions in the specified code segment, wherein the number of bytes extracted at each specified position is a specified multiple.

通过以上技术方案,可使得获取的预定数量的字节更具复杂性,从而提升了以该预定数量的字节所得的软件识别信息的复杂性,提升了软件识别信息对于目标软件的唯一性,提升了软件安全。Through the above technical solution, the acquired predetermined number of bytes can be made more complex, thereby increasing the complexity of the software identification information obtained with the predetermined number of bytes, and improving the uniqueness of the software identification information for the target software, Improved software security.

可选地,预定数量为60。当然,预定数量可以为任何符合对软件识别信息的安全需要的数量,而不限于60这一示例。Optionally, the predetermined number is sixty. Of course, the predetermined number may be any number that meets the security requirements for software identification information, and is not limited to the example of 60.

步骤110,基于所述字节和预定哈希值计算方式,确定所述目标软件的哈希值,作为所述目标软件的软件识别信息。Step 110: Determine the hash value of the target software as software identification information of the target software based on the bytes and a predetermined hash value calculation method.

最终,基于指定代码段中预定数量的字节生成软件识别信息,由于该预定数量的字节为指定代码段中不会因软件更新而变动的特征段,则在目标软件发生更新时,基于指定代码段中预定数量的字节生成的软件识别信息也不变。换言之,相对于相关技术中因软件更新而重新计算软件识别信息的技术方案,本申请的技术方案可以在软件更新时保持软件识别信息不变,从而减少因重新生成软件识别信息而消耗的资源,降低维护软件识别信息的成本,提升了软件识别的便利性和安全性。Finally, software identification information is generated based on a predetermined number of bytes in the specified code segment. Since the predetermined number of bytes is a characteristic segment that will not change due to software updates in the specified code segment, when the target software is updated, based on the specified The software identification information generated by the predetermined number of bytes in the code segment is also unchanged. In other words, compared with the technical solution of recalculating software identification information due to software update in the related art, the technical solution of the present application can keep the software identification information unchanged during software update, thereby reducing the resources consumed by regenerating software identification information, The cost of maintaining software identification information is reduced, and the convenience and security of software identification are improved.

在一种可能的设计中,所述基于所述字节和预定哈希值计算方式,确定所述目标软件的哈希值,包括:通过md5算法、sha1算法或sm3算法对所述字节进行处理,得到所述目标软件的哈希值。In a possible design, the determining the hash value of the target software based on the byte and a predetermined hash value calculation method includes: performing an md5 algorithm, a sha1 algorithm, or an sm3 algorithm on the byte processing to obtain the hash value of the target software.

其中,md5算法即MD5信息摘要算法,是一种被广泛使用的密码散列函数,可以将从所述指定代码段中提取的预定数量的字节转换为一个128位(16字节)的散列值,作为目标软件的软件识别信息。sha1算法是Hash算法的一种,可将从所述指定代码段中提取的预定数量的字节以512比特的分组为单位处理,输出160比特的消息摘要作为目标软件的软件识别信息。sm3算法是一种密码散列函数标准,将从所述指定代码段中提取的预定数量的字节作为散列函数的输入,经散列函数输出消息摘要作为目标软件的软件识别信息。Among them, the md5 algorithm is the MD5 information digest algorithm, which is a widely used cryptographic hash function, which can convert a predetermined number of bytes extracted from the specified code segment into a 128-bit (16-byte) hash Column value, as the software identification information of the target software. The sha1 algorithm is a kind of Hash algorithm, which can process a predetermined number of bytes extracted from the specified code segment in units of 512 bits, and output a 160-bit message digest as the software identification information of the target software. The sm3 algorithm is a cryptographic hash function standard. The predetermined number of bytes extracted from the specified code segment is used as the input of the hash function, and the message digest is output by the hash function as the software identification information of the target software.

需要知晓,本申请中的预定哈希值计算方式包括但不限于md5算法、sha1算法或sm3算法,还可以是任何能够把从所述指定代码段中提取的预定数量的字节转换为更为简短的密文的计算方式。It needs to be known that the predetermined hash value calculation methods in this application include but are not limited to md5 algorithm, sha1 algorithm or sm3 algorithm, and can also be any method that can convert the predetermined number of bytes extracted from the specified code segment into more How the short ciphertext is computed.

图2示出了根据本申请的另一个实施例的软件识别信息获取方法的流程图。Fig. 2 shows a flowchart of a method for acquiring software identification information according to another embodiment of the present application.

如图2所示,根据本申请的另一个实施例的软件识别信息获取方法包括:As shown in Figure 2, a method for acquiring software identification information according to another embodiment of the present application includes:

步骤202,安装目标软件,并基于安装操作更新注册表和系统配置信息。Step 202, install the target software, and update the registry and system configuration information based on the installation operation.

步骤204,基于所述注册表或所述系统配置信息,获取所述目标软件的主程序。Step 204, based on the registry or the system configuration information, acquire the main program of the target software.

若要获取目标软件的软件识别信息,需要从其主程序中获取其pe文件,而只有安装有目标软件,才能够获得其主程序。因此,可安装目标软件,并通过安装后所更新的注册表或所述系统配置信息检索到其主程序。To obtain the software identification information of the target software, it is necessary to obtain its pe file from its main program, and the main program can be obtained only when the target software is installed. Therefore, the target software can be installed, and its main program can be retrieved through the registry updated after installation or the system configuration information.

步骤206,获取所述目标软件的pe文件的dos头。Step 206, obtaining the dos header of the pe file of the target software.

步骤208,基于所述dos头的末位字节,获取所述pe文件的pe头。Step 208: Obtain the pe header of the pe file based on the last byte of the dos header.

pe文件是windows系统中的可执行文件,常见的文件后缀包括但不限于exe、dll、sys、com、ocx等。在32位windows系统上运行的pe文件格式为pe32,在64位windows系统上运行的pe文件格式为pe32+,不同格式的pe文件之差别之一在于其pe头不同。pe file is an executable file in the windows system. Common file suffixes include but are not limited to exe, dll, sys, com, ocx, etc. The format of the pe file running on the 32-bit windows system is pe32, and the format of the pe file running on the 64-bit windows system is pe32+. One of the differences between the different formats of the pe files lies in the different pe headers.

pe文件的dos头是一段二进制的数据,其末位字节用于反映pe文件中pe头的位置,故可由此获取pe文件的pe头。The dos header of the pe file is a piece of binary data, and its last byte is used to reflect the position of the pe header in the pe file, so the pe header of the pe file can be obtained from this.

步骤210,基于所述pe头的首字节,确定所述目标软件的目标运行平台。Step 210, based on the first byte of the pe header, determine the target operating platform of the target software.

pe头的首字节反映了目标软件的目标运行平台为何,目标运行平台包括但不限于32位平台和64位平台,还可以是任何能够运行目标软件的其他平台。在不同的运行平台中,对pe头长度的确定方式具有差别,因此,可先确定目标软件所安装于的目标运行平台,以便在后续步骤中针对目标运行平台选择对应的pe头长度的确定方式。The first byte of the pe header reflects the target operating platform of the target software. The target operating platform includes but is not limited to a 32-bit platform and a 64-bit platform, and can also be any other platform capable of running the target software. In different operating platforms, there are differences in determining the length of the pe header. Therefore, the target operating platform on which the target software is installed can be determined first, so that in the subsequent steps, the corresponding determining method of the length of the pe header can be selected for the target operating platform. .

步骤212,按照所述目标运行平台对应的pe头长度确定方式,确定所述pe头的长度。Step 212: Determine the length of the pe header according to the pe header length determination method corresponding to the target operating platform.

在不同的运行平台中可选pe头的大小不一样,在64位平台中,其pe头为IMAGE_OPTIONAL_HEADER64这个结构体,通过sizeof(IMAGE_OPTIONAL_HEADER64)来得到pe头的长度。The size of the optional pe header is different in different operating platforms. On the 64-bit platform, the pe header is the structure IMAGE_OPTIONAL_HEADER64, and the length of the pe header can be obtained by sizeof(IMAGE_OPTIONAL_HEADER64).

而在32位平台中,其pe头为IMAGE_OPTIONAL_HEADER,用sizeof(IMAGE_OPTIONAL_HEADER)得到pe头的长度。On the 32-bit platform, the pe header is IMAGE_OPTIONAL_HEADER, use sizeof(IMAGE_OPTIONAL_HEADER) to get the length of the pe header.

步骤214,基于所述pe头的首字节和所述pe头的长度进行偏移,获得所述pe文件的多个节表。Step 214: Obtain multiple section tables of the pe file by offsetting based on the first byte of the pe header and the length of the pe header.

步骤216,在所述多个节表中确定.text节所在的目标节表,并获取所述目标节表中的所述.text节,作为所述指定代码段。Step 216, determine the target section table where the .text section is located in the plurality of section tables, and obtain the .text section in the target section table as the specified code segment.

在确定pe头的长度后,由于pe头之后分布有多个节表,故可以通过pe头的首字节和pe头的长度进行偏移,来得到多个节表。每个节表用于描述软件所涉及的不同的功能,如存放初始数据,存放调用函数等。同时,每个节表包括多个列表项,或者说多个代码段。进一步地,可遍历各节表,确定.text节所在的节表,将.text节提取出来作为指定代码段。After the length of the pe header is determined, since there are multiple section tables distributed after the pe header, multiple section tables can be obtained by offsetting the first byte of the pe header and the length of the pe header. Each section table is used to describe different functions involved in the software, such as storing initial data, storing and calling functions, and so on. Meanwhile, each section table includes multiple list items, or multiple code segments. Further, each section table can be traversed to determine the section table where the .text section is located, and the .text section can be extracted as a specified code segment.

步骤218,从所述指定代码段中提取预定数量的字节。Step 218, extracting a predetermined number of bytes from the specified code segment.

可选地,预定数量为60。当然,预定数量可以为任何符合对软件识别信息的安全需要的数量,而不限于60这一示例。Optionally, the predetermined number is sixty. Of course, the predetermined number may be any number that meets the security requirements for software identification information, and is not limited to the example of 60.

步骤220,基于所述字节和预定哈希值计算方式,确定所述目标软件的哈希值,作为所述目标软件的软件识别信息。Step 220: Determine the hash value of the target software as software identification information of the target software based on the bytes and a predetermined hash value calculation method.

最终,基于指定代码段中预定数量的字节生成软件识别信息,由于所述指定代码段在所述目标软件发生更新时保持不变,则在目标软件发生更新时,基于指定代码段中预定数量的字节生成的软件识别信息也不变。Finally, software identification information is generated based on a predetermined number of bytes in the specified code segment. Since the specified code segment remains unchanged when the target software is updated, when the target software is updated, based on the predetermined number of bytes in the specified code segment The software identification information generated by the byte is also unchanged.

通过本技术方案,可以在软件更新时保持软件识别信息不变,从而减少因重新生成软件识别信息而消耗的资源,降低维护软件识别信息的成本,提升了软件识别的便利性和安全性。Through the technical solution, the software identification information can be kept unchanged when the software is updated, thereby reducing the resources consumed for regenerating the software identification information, reducing the cost of maintaining the software identification information, and improving the convenience and safety of software identification.

图3示出了根据本申请的一个实施例的软件识别方法的流程图。Fig. 3 shows a flowchart of a software identification method according to an embodiment of the present application.

如图3所示,根据本申请的一个实施例的软件识别方法包括:As shown in Figure 3, the software identification method according to one embodiment of the present application includes:

步骤302,响应于目标软件的运行请求,获取所述目标软件的软件识别信息。Step 302, in response to the running request of the target software, acquire software identification information of the target software.

步骤304,若所述软件识别信息与软件黑名单内的指定识别信息相匹配,阻止所述目标软件运行。Step 304, if the software identification information matches the specified identification information in the software blacklist, prevent the target software from running.

软件识别信息可用于识别目标软件的身份,通过将目标软件的软件识别信息与软件黑名单内的指定识别信息进行匹配,可判断目标软件是否为软件黑名单的一员,从而在目标软件为软件黑名单的一员的情况下,阻止所述目标软件运行,保护系统安全和网络安全。The software identification information can be used to identify the identity of the target software. By matching the software identification information of the target software with the specified identification information in the software blacklist, it can be judged whether the target software is a member of the software blacklist. In the case of being a member of the blacklist, the target software is prevented from running to protect system security and network security.

其中,在步骤302之前,还包括:通过执行上述任一实施例中任一项所述的技术方案来生成软件识别信息。因此,本技术方案具有上述全部技术效果,在此处不再赘述。Wherein, before step 302, it further includes: generating software identification information by executing the technical solution described in any one of the above-mentioned embodiments. Therefore, this technical solution has all the above-mentioned technical effects, which will not be repeated here.

至此可以知晓,所述软件识别信息的生成过程可以在云端进行,也可以在本地端进行。So far, it can be known that the process of generating the software identification information can be performed on the cloud or locally.

图4示出了根据本申请的一个实施例的云端与本地端交互过程的示意图。如图4所示,在云端设置有自动化下载安装模块、分析主程序模块、哈希提取模块和特征哈希数据库,而在本地端则设置有外部调用模块。Fig. 4 shows a schematic diagram of an interaction process between the cloud and the local terminal according to an embodiment of the present application. As shown in Figure 4, an automatic download and installation module, an analysis main program module, a hash extraction module and a feature hash database are set on the cloud, while an external calling module is set on the local side.

具体地,在云端,自动化下载安装模块安装所述目标软件,并基于安装操作更新注册表和系统配置信息,以便基于所述注册表或所述系统配置信息,获取所述目标软件的主程序。Specifically, in the cloud, the automatic download and installation module installs the target software, and updates the registry and system configuration information based on the installation operation, so as to obtain the main program of the target software based on the registry or the system configuration information.

分析主程序模块则获取目标软件的pe文件的dos头,并根据所述dos头的末位字节,获取所述pe文件的pe头,接着,基于所述pe头的首字节,确定所述目标软件的目标运行平台,然后,按照所述目标运行平台对应的pe头长度确定方式,确定所述pe头的长度,接下来,基于所述pe头的首字节和所述pe头的长度进行偏移,获得所述pe文件的多个节表,至此,在所述多个节表中确定.text节所在的目标节表,并获取所述目标节表中的所述.text节,作为所述指定代码段。The analysis main program module then obtains the dos header of the pe file of the target software, and according to the last byte of the dos header, obtains the pe header of the pe file, and then, based on the first byte of the pe header, determines the The target operating platform of the target software, then, according to the pe header length determination method corresponding to the target operating platform, determine the length of the pe header, and then, based on the first byte of the pe header and the pe header The length is offset to obtain multiple section tables of the pe file, so far, determine the target section table where the .text section is located in the multiple section tables, and obtain the .text section in the target section table , as the specified snippet.

接下来,哈希提取模块从所述指定代码段中提取预定数量的字节,并基于所述字节和预定哈希值计算方式,确定所述目标软件的哈希值,作为所述目标软件的软件识别信息。Next, the hash extraction module extracts a predetermined number of bytes from the specified code segment, and based on the bytes and a predetermined hash value calculation method, determines the hash value of the target software as the target software software identification information.

特征哈希数据库则可将哈希提取模块生成的目标软件的软件识别信息进行存储。The feature hash database can store the software identification information of the target software generated by the hash extraction module.

在本地端,响应于目标软件的运行请求,通过外部调用模块访问云端的特征哈希数据库,调用目标软件的软件识别信息。若所述软件识别信息与软件黑名单内的指定识别信息相匹配,本地端阻止所述目标软件运行,否则,本地端允许所述目标软件运行。On the local side, in response to the running request of the target software, the feature hash database in the cloud is accessed through the external calling module, and the software identification information of the target software is called. If the software identification information matches the specified identification information in the software blacklist, the local end prevents the target software from running; otherwise, the local end allows the target software to run.

本技术方案中,软件识别信息可用于识别目标软件的身份,通过将目标软件的软件识别信息与软件黑名单内的指定识别信息进行匹配,可判断目标软件是否为软件黑名单的一员,从而在目标软件为软件黑名单的一员的情况下,阻止所述目标软件运行,保护系统安全和网络安全。In this technical solution, the software identification information can be used to identify the identity of the target software. By matching the software identification information of the target software with the specified identification information in the software blacklist, it can be judged whether the target software is a member of the software blacklist, thereby When the target software is a member of the software blacklist, the target software is prevented from running to protect system security and network security.

图5示出了根据本申请的一个实施例的软件识别信息获取装置的框图。Fig. 5 shows a block diagram of an apparatus for acquiring software identification information according to an embodiment of the present application.

如图5所示,根据本申请的一个实施例的软件识别信息获取装置500包括:第一获取单元502,用于获取目标软件的pe文件的dos头;第二获取单元504,用于基于所述dos头的末位字节,获取所述pe文件的pe头;代码段确定单元506,用于根据所述pe头,在所述主程序中确定指定代码段;字节提取单元508,用于从所述指定代码段中提取预定数量的字节;哈希计算单元510,用于基于所述字节和预定哈希值计算方式,确定所述目标软件的哈希值,作为所述目标软件的软件识别信息。As shown in FIG. 5 , a software identification information acquisition device 500 according to an embodiment of the present application includes: a first acquisition unit 502, configured to acquire the dos header of the pe file of the target software; a second acquisition unit 504, configured to The last byte of the dos header obtains the pe header of the pe file; the code segment determination unit 506 is used to determine the specified code segment in the main program according to the pe header; the byte extraction unit 508 uses to extract a predetermined number of bytes from the specified code segment; the hash calculation unit 510 is configured to determine the hash value of the target software as the target based on the bytes and a predetermined hash value calculation method Software identification information for the software.

在一种可能的设计中,所述软件识别信息获取装置500还包括:软件安装单元,用于在所述获取目标软件的pe文件的dos头之前,安装所述目标软件,并基于安装操作更新注册表和系统配置信息;主程序获取单元,用于基于所述注册表或所述系统配置信息,获取所述目标软件的主程序。In a possible design, the software identification information acquisition device 500 also includes: a software installation unit, configured to install the target software before acquiring the dos header of the pe file of the target software, and update the target software based on the installation operation Registry and system configuration information; a main program acquiring unit, configured to acquire the main program of the target software based on the registry or the system configuration information.

在一种可能的设计中,所述代码段确定单元506用于:基于所述pe头的首字节,确定所述目标软件的目标运行平台;按照所述目标运行平台对应的pe头长度确定方式,确定所述pe头的长度;基于所述pe头的首字节和所述pe头的长度进行偏移,获得所述pe文件的多个节表;在所述多个节表中确定.text节所在的目标节表,并获取所述目标节表中的所述.text节,作为所述指定代码段。In a possible design, the code segment determination unit 506 is configured to: determine the target operating platform of the target software based on the first byte of the pe header; determine the target software according to the length of the pe header corresponding to the target operating platform way, determine the length of the pe header; offset based on the first byte of the pe header and the length of the pe header to obtain multiple section tables of the pe file; determine in the multiple section tables The target section table where the .text section is located, and obtain the .text section in the target section table as the specified code segment.

在一种可能的设计中,所述字节提取单元508用于按照指定提取规则从所述指定代码段中提取预定数量的字节。In a possible design, the byte extracting unit 508 is configured to extract a predetermined number of bytes from the specified code segment according to a specified extraction rule.

在一种可能的设计中,所述哈希计算单元510用于:通过md5算法、sha1算法或sm3算法对所述字节进行处理,得到所述目标软件的哈希值。In a possible design, the hash calculation unit 510 is configured to: process the bytes through an md5 algorithm, a sha1 algorithm or an sm3 algorithm to obtain a hash value of the target software.

该软件识别信息获取装置500使用上述实施例中任一项所述的方案,因此,具有上述所有技术效果,在此不再赘述。The apparatus 500 for acquiring software identification information uses any of the solutions described in the foregoing embodiments, and therefore has all the technical effects described above, which will not be repeated here.

另外,本申请实施例还提供了一种软件识别装置,包括:软件识别信息生成单元,用于基于软件识别信息获取装置500生成软件识别信息;识别信息获取单元,用于响应于目标软件的运行请求,获取所述目标软件的所述软件识别信息;软件识别单元,用于若所述软件识别信息与软件黑名单内的指定识别信息相匹配,阻止所述目标软件运行。In addition, the embodiment of the present application also provides a software identification device, including: a software identification information generation unit, used to generate software identification information based on the software identification information acquisition device 500; an identification information acquisition unit, used to respond to the operation of the target software requesting to obtain the software identification information of the target software; a software identification unit configured to prevent the target software from running if the software identification information matches specified identification information in the software blacklist.

该软件识别装置使用软件识别信息获取装置500的所有技术效果,在此不再赘述。The software identification device uses software to identify all the technical effects of the information acquisition device 500, which will not be repeated here.

图6示出了根据本申请的一个实施例的电子设备的框图。FIG. 6 shows a block diagram of an electronic device according to an embodiment of the present application.

如图6所示,本申请的一个实施例的电子设备600,包括至少一个存储器602;以及,与所述至少一个存储器602通信连接的处理器604;其中,所述存储器存储有可被所述至少一个处理器604执行的指令,所述指令被设置为用于执行上述任一实施例中所述的方案。因此,该电子设备600具有和上述任一实施例中相同的技术效果,在此不再赘述。As shown in FIG. 6, an electronic device 600 according to an embodiment of the present application includes at least one memory 602; and a processor 604 communicatively connected to the at least one memory 602; Instructions executed by at least one processor 604, the instructions are configured to implement the solutions described in any of the foregoing embodiments. Therefore, the electronic device 600 has the same technical effect as that in any of the foregoing embodiments, which will not be repeated here.

本申请实施例的电子设备以多种形式存在,包括但不限于:The electronic equipment of the embodiment of the present application exists in various forms, including but not limited to:

(1)移动通信设备:这类设备的特点是具备移动通信功能,并且以提供话音、数据通信为主要目标。这类终端包括:智能手机、多媒体手机、功能性手机,以及低端手机等。(1) Mobile communication equipment: This type of equipment is characterized by mobile communication functions, and its main goal is to provide voice and data communication. Such terminals include: smart phones, multimedia phones, feature phones, and low-end phones.

(2)超移动个人计算机设备:这类设备属于个人计算机的范畴,有计算和处理功能,一般也具备移动上网特性。这类终端包括:PDA、MID和UMPC设备等。(2) Ultra-mobile personal computer equipment: This type of equipment belongs to the category of personal computers, has computing and processing functions, and generally has the characteristics of mobile Internet access. Such terminals include: PDA, MID and UMPC equipment, etc.

(3)便携式娱乐设备:这类设备可以显示和播放多媒体内容。该类设备包括:音频、视频播放器,掌上游戏机,电子书,以及智能玩具和便携式车载导航设备。(3) Portable entertainment equipment: This type of equipment can display and play multimedia content. Such devices include: audio and video players, handheld game consoles, e-books, as well as smart toys and portable car navigation devices.

(4)服务器:提供计算服务的设备,服务器的构成包括处理器、硬盘、内存、系统总线等,服务器和通用的计算机架构类似,但是由于需要提供高可靠的服务,因此在处理能力、稳定性、可靠性、安全性、可扩展性、可管理性等方面要求较高。(4) Server: A device that provides computing services. The composition of a server includes a processor, hard disk, memory, system bus, etc. The server is similar to a general-purpose computer architecture, but due to the need to provide high-reliability services, it is important in terms of processing power and stability. , Reliability, security, scalability, manageability and other aspects have high requirements.

(5)其他具有数据交互功能的电子装置。(5) Other electronic devices with data interaction function.

需要知晓,本申请建立在对windows系统下的pe文件的特征提取的基础之上,因此,可适用于各类Surface设备。It should be known that this application is based on the feature extraction of pe files under the windows system, so it can be applied to various Surface devices.

另外,本申请实施例提供了一种存储介质,存储有计算机可执行指令,所述计算机可执行指令用于执行以下步骤:获取目标软件的pe文件的dos头;基于所述dos头的末位字节,获取所述pe文件的pe头;根据所述pe头,在所述主程序中确定指定代码段;从所述指定代码段中提取预定数量的字节;基于所述字节和预定哈希值计算方式,确定所述目标软件的哈希值,作为所述目标软件的软件识别信息。In addition, the embodiment of the present application provides a storage medium, which stores computer-executable instructions, and the computer-executable instructions are used to perform the following steps: obtain the dos header of the pe file of the target software; Byte, obtain the pe header of the pe file; according to the pe header, determine the specified code segment in the main program; extract a predetermined number of bytes from the specified code segment; based on the byte and the predetermined The hash value calculation method is to determine the hash value of the target software as the software identification information of the target software.

需要说明的是,上述关于存储介质或电子设备所能实现的功能或步骤,可对应参阅前述方法实施例中的相关描述,为避免重复,这里不再一一描述。It should be noted that, for the above functions or steps that can be implemented by the storage medium or the electronic device, reference may be made to the relevant descriptions in the foregoing method embodiments, and to avoid repetition, they are not described here one by one.

以上结合附图详细说明了本申请的技术方案,通过本申请的技术方案,可以在软件更新时保持软件识别信息不变,从而减少因重新生成软件识别信息而消耗的资源,降低维护软件识别信息的成本,提升了软件识别的便利性和安全性。The technical solution of the present application has been described in detail above in conjunction with the accompanying drawings. Through the technical solution of the present application, the software identification information can be kept unchanged when the software is updated, thereby reducing the resources consumed by regenerating the software identification information and reducing the maintenance of software identification information. The cost has improved the convenience and security of software identification.

取决于语境,如在此所使用的词语“如果”可以被解释成为“在……时”或“当……时”或“响应于确定”或“响应于检测”。类似地,取决于语境,短语“如果确定”或“如果检测(陈述的条件或事件)”可以被解释成为“当确定时”或“响应于确定”或“当检测(陈述的条件或事件)时”或“响应于检测(陈述的条件或事件)”。Depending on the context, the word "if" as used herein may be interpreted as "at" or "when" or "in response to determining" or "in response to detecting". Similarly, depending on the context, the phrases "if determined" or "if detected (the stated condition or event)" could be interpreted as "when determined" or "in response to the determination" or "when detected (the stated condition or event) )" or "in response to detection of (a stated condition or event)".

在本申请实施例中使用的术语是仅仅出于描述特定实施例的目的,而非旨在限制本申请。在本申请实施例和所附权利要求书中所使用的单数形式的“一种”、“所述”和“该”也旨在包括多数形式,除非上下文清楚地表示其他含义。Terms used in the embodiments of the present application are only for the purpose of describing specific embodiments, and are not intended to limit the present application. The singular forms "a", "said" and "the" used in the embodiments of this application and the appended claims are also intended to include plural forms unless the context clearly indicates otherwise.

在本申请所提供的几个实施例中,应该理解到,所揭露的系统、装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如,多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed systems, devices and methods may be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components can be combined Or it can be integrated into another system, or some features can be ignored, or not implemented. In another point, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms.

另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用硬件加软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, each unit may exist separately physically, or two or more units may be integrated into one unit. The above-mentioned integrated units can be implemented in the form of hardware, or in the form of hardware plus software functional units.

本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的计算机程序可存储于一非易失性计算机可读取存储介质中,该计算机程序在执行时,可包括如上述各方法的实施例的流程。其中,本申请所提供的各实施例中所使用的对存储器、存储、数据库或其它介质的任何引用,均可包括非易失性和/或易失性存储器。非易失性存储器可包括只读存储器(ROM)、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)或闪存。易失性存储器可包括随机存取存储器(RAM)或者外部高速缓冲存储器。作为说明而非局限,RAM以多种形式可得,诸如静态RAM(SRAM)、动态RAM(DRAM)、同步DRAM(SDRAM)、双数据率SDRAM(DDRSDRAM)、增强型SDRAM(ESDRAM)、同步链路(Synchlink)DRAM(SLDRAM)、存储器总线(Rambus)直接RAM(RDRAM)、直接存储器总线动态RAM(DRDRAM)、以及存储器总线动态RAM(RDRAM)等。Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above-mentioned embodiments can be completed by instructing related hardware through computer programs, and the computer programs can be stored in a non-volatile computer-readable memory In the medium, when the computer program is executed, it may include the processes of the embodiments of the above-mentioned methods. Wherein, any references to memory, storage, database or other media used in the various embodiments provided in the present application may include non-volatile and/or volatile memory. Nonvolatile memory can include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory can include random access memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in many forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Chain Synchlink DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.

以上所述实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围,均应包含在本发明的保护范围之内。The above-described embodiments are only used to illustrate the technical solutions of the present invention, rather than to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: it can still carry out the foregoing embodiments Modifications to the technical solutions recorded in the examples, or equivalent replacement of some of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions of the various embodiments of the present invention, and should be included in within the protection scope of the present invention.

Claims (10)

1.一种软件识别信息获取方法,其特征在于,包括:1. A method for acquiring software identification information, comprising: 获取目标软件的pe文件的dos头;Obtain the dos header of the pe file of the target software; 基于所述dos头的末位字节,获取所述pe文件的pe头;Obtain the pe header of the pe file based on the last byte of the dos header; 根据所述pe头,在所述主程序中确定指定代码段;According to the pe header, determine the specified code segment in the main program; 从所述指定代码段中提取预定数量的字节;extracting a predetermined number of bytes from said specified code segment; 基于所述字节和预定哈希值计算方式,确定所述目标软件的哈希值,作为所述目标软件的软件识别信息。Based on the bytes and a predetermined hash value calculation method, determine the hash value of the target software as software identification information of the target software. 2.根据权利要求1所述的软件识别信息获取方法,其特征在于,在所述获取目标软件的pe文件的dos头之前,还包括:2. the software identification information acquisition method according to claim 1, is characterized in that, before the dos header of the pe file of described acquisition target software, also comprises: 安装所述目标软件,并基于安装操作更新注册表和系统配置信息;Install the target software, and update the registry and system configuration information based on the installation operation; 基于所述注册表或所述系统配置信息,获取所述目标软件的主程序。Obtain the main program of the target software based on the registry or the system configuration information. 3.根据权利要求1所述的软件识别信息获取方法,其特征在于,所述根据所述pe头,在所述主程序中确定指定代码段,包括:3. The method for obtaining software identification information according to claim 1, wherein, according to the pe header, determining a specified code segment in the main program includes: 基于所述pe头的首字节,确定所述目标软件的目标运行平台;Based on the first byte of the pe header, determine the target operating platform of the target software; 按照所述目标运行平台对应的pe头长度确定方式,确定所述pe头的长度;Determine the length of the pe header according to the pe header length determination method corresponding to the target operating platform; 基于所述pe头的首字节和所述pe头的长度进行偏移,获得所述pe文件的多个节表;Obtaining multiple section tables of the pe file by offsetting based on the first byte of the pe header and the length of the pe header; 在所述多个节表中确定.text节所在的目标节表,并获取所述目标节表中的所述.text节,作为所述指定代码段。Determine the target section table where the .text section is located in the plurality of section tables, and obtain the .text section in the target section table as the specified code segment. 4.根据权利要求1至3中任一项所述的软件识别信息获取方法,其特征在于,所述从所述指定代码段中提取预定数量的字节,包括:4. The software identification information acquisition method according to any one of claims 1 to 3, wherein said extracting a predetermined number of bytes from said specified code segment comprises: 按照指定提取规则从所述指定代码段中提取预定数量的字节。Extracting a predetermined number of bytes from the specified code segment according to a specified extraction rule. 5.根据权利要求1至3中任一项所述的软件识别信息获取方法,其特征在于,所述基于所述字节和预定哈希值计算方式,确定所述目标软件的哈希值,包括:5. The software identification information acquisition method according to any one of claims 1 to 3, wherein the hash value of the target software is determined based on the byte and a predetermined hash value calculation method, include: 通过md5算法、sha1算法或sm3算法对所述字节进行处理,得到所述目标软件的哈希值。The bytes are processed through the md5 algorithm, the sha1 algorithm or the sm3 algorithm to obtain the hash value of the target software. 6.一种软件识别方法,其特征在于,包括:6. A software identification method, characterized in that, comprising: 响应于目标软件的运行请求,获取所述目标软件的软件识别信息;Acquiring software identification information of the target software in response to the running request of the target software; 若所述软件识别信息与软件黑名单内的指定识别信息相匹配,阻止所述目标软件运行,其中,在所述获取所述目标软件的软件识别信息之前,通过执行权利要求1至5中任一项所述方法生成所述软件识别信息。If the software identification information matches the specified identification information in the software blacklist, the target software is prevented from running, wherein, before the acquisition of the software identification information of the target software, by executing any one of claims 1 to 5 A said method generates said software identification information. 7.一种软件识别信息获取装置,其特征在于,包括:7. A software identification information acquisition device, characterized in that it comprises: 第一获取单元,用于获取目标软件的pe文件的dos头;The first obtaining unit is used to obtain the dos header of the pe file of the target software; 第二获取单元,用于基于所述dos头的末位字节,获取所述pe文件的pe头;The second obtaining unit is used to obtain the pe header of the pe file based on the last byte of the dos header; 代码段确定单元,用于根据所述pe头,在所述主程序中确定指定代码段;a code segment determining unit, configured to determine a specified code segment in the main program according to the pe header; 字节提取单元,用于从所述指定代码段中提取预定数量的字节;a byte extraction unit, configured to extract a predetermined number of bytes from the specified code segment; 哈希计算单元,用于基于所述字节和预定哈希值计算方式,确定所述目标软件的哈希值,作为所述目标软件的软件识别信息。A hash calculation unit, configured to determine the hash value of the target software as software identification information of the target software based on the bytes and a predetermined hash value calculation method. 8.一种软件识别装置,其特征在于,包括:8. A software identification device, characterized in that it comprises: 软件识别信息生成单元,用于基于权利要求7所述的软件识别信息获取装置生成软件识别信息;A software identification information generation unit, configured to generate software identification information based on the software identification information acquisition device described in claim 7; 识别信息获取单元,用于响应于目标软件的运行请求,获取所述目标软件的所述软件识别信息;an identification information acquiring unit, configured to acquire the software identification information of the target software in response to a running request of the target software; 软件识别单元,用于若所述软件识别信息与软件黑名单内的指定识别信息相匹配,阻止所述目标软件运行。A software identification unit, configured to prevent the target software from running if the software identification information matches specified identification information in the software blacklist. 9.一种电子设备,其特征在于,包括:至少一个处理器;以及,与所述至少一个处理器通信连接的存储器;9. An electronic device, comprising: at least one processor; and a memory connected to the at least one processor in communication; 其中,所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被设置为用于执行上述权利要求1至6中任一项所述的方法。Wherein, the memory stores instructions executable by the at least one processor, and the instructions are configured to execute the method according to any one of claims 1 to 6 above. 10.一种存储介质,其特征在于,存储有计算机可执行指令,所述计算机可执行指令用于执行如权利要求1至6中任一项所述的方法。10. A storage medium, characterized by storing computer-executable instructions, the computer-executable instructions being used to execute the method according to any one of claims 1-6.
CN202211733415.0A 2022-12-30 2022-12-30 Software identification information acquisition method and device, electronic device and storage medium Active CN116089912B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211733415.0A CN116089912B (en) 2022-12-30 2022-12-30 Software identification information acquisition method and device, electronic device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211733415.0A CN116089912B (en) 2022-12-30 2022-12-30 Software identification information acquisition method and device, electronic device and storage medium

Publications (2)

Publication Number Publication Date
CN116089912A true CN116089912A (en) 2023-05-09
CN116089912B CN116089912B (en) 2024-11-08

Family

ID=86198597

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211733415.0A Active CN116089912B (en) 2022-12-30 2022-12-30 Software identification information acquisition method and device, electronic device and storage medium

Country Status (1)

Country Link
CN (1) CN116089912B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116305172A (en) * 2023-05-23 2023-06-23 北京安天网络安全技术有限公司 OneNote document detection method, oneNote document detection device, oneNote document detection medium and OneNote document detection equipment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090013405A1 (en) * 2007-07-06 2009-01-08 Messagelabs Limited Heuristic detection of malicious code
CN104573524A (en) * 2014-12-19 2015-04-29 中国航天科工集团第二研究院七〇六所 Fuzz testing method based on static detection
US20180307837A1 (en) * 2017-04-20 2018-10-25 Line Corporation Method and system for evaluating security of application
CN110619212A (en) * 2018-06-20 2019-12-27 深信服科技股份有限公司 Character string-based malicious software identification method, system and related device
CN111310184A (en) * 2020-03-05 2020-06-19 北京安码科技有限公司 Method and system for generating pe file feature code based on rich head identification, electronic device and storage medium
CN114417335A (en) * 2022-01-19 2022-04-29 杭州安恒信息技术股份有限公司 Malicious file detection method and device, electronic equipment and storage medium
US20220147628A1 (en) * 2020-11-10 2022-05-12 Huawei Technologies Co., Ltd. System, method and apparatus for malicious software detection

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090013405A1 (en) * 2007-07-06 2009-01-08 Messagelabs Limited Heuristic detection of malicious code
CN104573524A (en) * 2014-12-19 2015-04-29 中国航天科工集团第二研究院七〇六所 Fuzz testing method based on static detection
US20180307837A1 (en) * 2017-04-20 2018-10-25 Line Corporation Method and system for evaluating security of application
CN110619212A (en) * 2018-06-20 2019-12-27 深信服科技股份有限公司 Character string-based malicious software identification method, system and related device
CN111310184A (en) * 2020-03-05 2020-06-19 北京安码科技有限公司 Method and system for generating pe file feature code based on rich head identification, electronic device and storage medium
US20220147628A1 (en) * 2020-11-10 2022-05-12 Huawei Technologies Co., Ltd. System, method and apparatus for malicious software detection
CN114417335A (en) * 2022-01-19 2022-04-29 杭州安恒信息技术股份有限公司 Malicious file detection method and device, electronic equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
黄强波;唐倩;刘新桥;: "基于PE可执行文件的软件水印研究", 长沙航空职业技术学院学报, no. 03, 15 September 2009 (2009-09-15) *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116305172A (en) * 2023-05-23 2023-06-23 北京安天网络安全技术有限公司 OneNote document detection method, oneNote document detection device, oneNote document detection medium and OneNote document detection equipment

Also Published As

Publication number Publication date
CN116089912B (en) 2024-11-08

Similar Documents

Publication Publication Date Title
EP3178011B1 (en) Method and system for facilitating terminal identifiers
TWI667586B (en) System and method for verifying changes to uefi authenticated variables
US9092598B2 (en) Version-based software product activation
US8219805B1 (en) Application identification
CN104134021A (en) Software tamper-proofing verification method and software tamper-proofing verification device
US6928548B1 (en) System and method for verifying the integrity of stored information within an electronic device
CN111163182A (en) Block chain-based device registration method and apparatus, electronic device, and storage medium
WO2022088666A1 (en) Service instance verification method and apparatus, electronic device, and storage medium
US20200244444A1 (en) Blockchain-based advertisement monitoring method and apparatus, and electronic device
CN106534268B (en) Data sharing method and device
US20190325043A1 (en) Method, device and computer program product for replicating data block
CN109710695A (en) The identification of transactions requests validity and initiating method, device, equipment and medium
US10917484B2 (en) Identifying and managing redundant digital content transfers
CN116089912A (en) Software identification information acquisition method and device, electronic equipment and storage medium
CN114238874A (en) Digital signature verification method and device, computer equipment and storage medium
CN109040088B (en) Authentication information transmission method, key management client and computer equipment
US10776271B2 (en) Method, device and computer program product for validating cache file
CN113626772B (en) A dynamic trust measurement method, device, system and terminal for a process
US20080010246A1 (en) System and method for providing operating system component version verification
CN114372297A (en) A method and device for verifying file integrity based on message digest algorithm
CN111291336B (en) Game registration method and device in game platform
CN112905464B (en) Application running environment data processing method and device
US11507511B2 (en) Method, electronic device and computer program product for storing data
CN114218191A (en) System function migration method and device, computer equipment and storage medium
CN113849802A (en) Equipment authentication method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant