Method and apparatus for detecting application
First Claim
1. A method for detecting an application, comprising:
- disassembling a binary program of an application running on a target device to generate a to-be-recovered assembly program;
selecting, from the to-be-recovered assembly program, a function having function information consistent with function information of a preset reference function in a reference assembly program to obtain at least one candidate function, wherein a matching degree between the function information of the function selected from the to-be-recovered assembly program and the consistent function information of the preset reference function in the reference assembly program is greater than a preset threshold, and the matching degree comprises at least one of;
a matching degree between function names, a matching degree between constants in the functions, or a matching degree between calling relationships of the functions;
selecting, among the at least one candidate function, the candidate function having grammatical and/or semantic information consistent with grammatical and/or semantic information of the preset reference function as an object function;
selecting, from the object function, a variable having grammatical and/or semantic information consistent with grammatical and/or semantic information of a preset reference variable in the preset reference function as a target variable; and
outputting positional information of the object function and the target variable in the to-be-recovered assembly program as a detection result.
1 Assignment
0 Petitions
Accused Products
Abstract
The present disclosure discloses a method and an apparatus for detecting an application. The method comprises: disassembling a binary program of an application running on a target device to generate a to-be-recovered assembly program; selecting, from the to-be-recovered assembly program, a function having function information consistent with function information of a preset reference function in a reference assembly program to obtain at least one candidate function; selecting, among the at least one candidate function, a candidate function having grammatical and/or semantic information consistent with grammatical and/or semantic information of the preset reference function as an object function; selecting, from the object function, a variable having grammatical and/or semantic information consistent with grammatical and/or semantic information of a preset reference variable in the preset reference function as a target variable; and outputting positional information of the object function and the target variable in the to-be-recovered assembly program as a detection result.
9 Citations
19 Claims
-
1. A method for detecting an application, comprising:
-
disassembling a binary program of an application running on a target device to generate a to-be-recovered assembly program; selecting, from the to-be-recovered assembly program, a function having function information consistent with function information of a preset reference function in a reference assembly program to obtain at least one candidate function, wherein a matching degree between the function information of the function selected from the to-be-recovered assembly program and the consistent function information of the preset reference function in the reference assembly program is greater than a preset threshold, and the matching degree comprises at least one of;
a matching degree between function names, a matching degree between constants in the functions, or a matching degree between calling relationships of the functions;selecting, among the at least one candidate function, the candidate function having grammatical and/or semantic information consistent with grammatical and/or semantic information of the preset reference function as an object function; selecting, from the object function, a variable having grammatical and/or semantic information consistent with grammatical and/or semantic information of a preset reference variable in the preset reference function as a target variable; and outputting positional information of the object function and the target variable in the to-be-recovered assembly program as a detection result. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 18, 19)
-
-
9. An apparatus for detecting an application, comprising:
-
at least one processor; and a memory storing instructions, which when executed by the at least one processor, cause the at least one processor to perform operations, the operations comprising; disassembling a binary program of an application running on a target device to generate a to-be-recovered assembly program; selecting, from the to-be-recovered assembly program, a function having function information consistent with function information of a preset reference function in a reference assembly program to obtain at least one candidate function, wherein a matching degree between the function information of the function selected from the to-be-recovered assembly program and the consistent function information of the preset reference function in the reference assembly program is greater than a preset threshold, and the function information comprises at least one of;
a function name, a constant in the function, or a calling relationship of the function;selecting, among the at least one candidate function, a candidate function having grammatical and/or semantic information consistent with grammatical and/or semantic information of the preset reference function as an object function; selecting, from the object function, a variable having grammatical and/or semantic information consistent with grammatical and/or semantic information of a preset reference variable in the preset reference function as a target variable; and outputting positional information of the object function and the target variable in the to-be-recovered assembly program as a detection result. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory storage medium storing one or more programs, the one or more programs when executed by an apparatus, causing the apparatus to perform operations, the operations comprising:
-
disassembling a binary program of an application running on a target device to generate a to-be-recovered assembly program; selecting, from the to-be-recovered assembly program, a function having function information consistent with function information of a preset reference function in a reference assembly program to obtain at least one candidate function, wherein a matching degree between the function information of the function selected from the to-be-recovered assembly program and the consistent function information of the preset reference function in the reference assembly program is greater than a preset threshold, and the function information comprises at least one of;
a function name, a constant in the function, or a calling relationship of the function;selecting, among the at least one candidate function, a candidate function having grammatical and/or semantic information consistent with grammatical and/or semantic information of the preset reference function as an object function; selecting, from the object function, a variable having grammatical and/or semantic information consistent with grammatical and/or semantic information of a preset reference variable in the preset reference function as a target variable; and outputting positional information of the object function and the target variable in the to-be-recovered assembly program as a detection result.
-
Specification