Method and device for intercepting call for service by application
First Claim
1. A method for intercepting a call for a service by an application among a plurality of applications running on an operating system of an electronic apparatus comprising:
- loading, by at least one processor, an interception dynamic link library to a process where the service is located;
replacing, by the at least one processor, an address of an input/output control function in the process with a first address of the interception dynamic link library;
when the application is calling the service, executing, by the at least one processor, the interception dynamic link library based on the first address to obtain a name and information of the application and information of the call, and replacing an address of the service to be called included in the information of the call with a second address of the interception dynamic link library; and
determining, by the at least one processor, the application to be malicious or not, and executing processing based on the second address according to at least one of the name and the information of the application, wherein the determining the application to be malicious or not and executing processing according to at least one of the name and the information of the application further comprises;
comparing at least one of the name and the information of the application with information in a predefined database, and one of (a) executing the call according to the address of the service and returning an actual service result to the application, and (b) returning a predefined service result to the application.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed are a method and a device for intercepting a call for a service by an application in an operating system of an electronic apparatus. The method comprises: loading an interception dynamic link library to a process where the service is located; replacing the address of an input/output control function in the process with a first address of the interception dynamic link library; when the application is calling the service, executing the interception dynamic link library based on the first address so as to obtain the name and information of the application as well as the information of the call, and replacing the address of the service to be called comprised in the information of the call with a second address of the interception dynamic link library; and executing processing based on the second address according to the name and/or information of the application. The invention increases the security of the operating system of the electronic apparatus.
16 Citations
18 Claims
-
1. A method for intercepting a call for a service by an application among a plurality of applications running on an operating system of an electronic apparatus comprising:
-
loading, by at least one processor, an interception dynamic link library to a process where the service is located; replacing, by the at least one processor, an address of an input/output control function in the process with a first address of the interception dynamic link library; when the application is calling the service, executing, by the at least one processor, the interception dynamic link library based on the first address to obtain a name and information of the application and information of the call, and replacing an address of the service to be called included in the information of the call with a second address of the interception dynamic link library; and determining, by the at least one processor, the application to be malicious or not, and executing processing based on the second address according to at least one of the name and the information of the application, wherein the determining the application to be malicious or not and executing processing according to at least one of the name and the information of the application further comprises;
comparing at least one of the name and the information of the application with information in a predefined database, and one of (a) executing the call according to the address of the service and returning an actual service result to the application, and (b) returning a predefined service result to the application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A device for intercepting a call for a service by an application among a plurality of applications running on an operating system of an electronic apparatus comprising:
-
a memory having instructions stored thereon; and at least one processor configured to execute the instructions to perform operations for intercepting a call for a service by an application in an operating system of an electronic apparatus, the operations comprising; loading an interception dynamic link library to a process where the service is located; replacing an address of an input/output control function in the process with a first address of the interception dynamic link library; when the application is calling the service, executing the interception dynamic link library based on the first address to obtain a name and information of the application and information of the call, and replacing an address of the service to be called included in the information of the call with a second address of the interception dynamic link library; and determining the application to be malicious or not and executing processing based on the second address according to at least one of the name and the information of the application, wherein the determining the application to be malicious or not and executing processing according to at least one of the name and the information of the application comprises;
comparing at least one of the name and the information of the application with information in a predefined database, and one of (a) executing the call according to the address of the service and returning an actual service result to the application, and (b) returning a predefined service result to the application. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory computer readable medium having instructions stored thereon that, when executed by at least one processor, cause the at least one processor to perform operations for intercepting a call for a service by an application among a plurality of applications running on an operating system of an electronic apparatus comprising:
-
loading an interception dynamic link library to a process where the service is located; replacing an address of an input/output control function in the process with a first address of the interception dynamic link library; when the application is calling the service, executing the interception dynamic link library based on the first address to obtain a name and information of the application and the information of the call, and replacing an address of the service to be called included in the information of the call with a second address of the interception dynamic link library; and determining the application to be malicious or not and executing processing based on the second address according to at least one of the name and the information of the application, wherein the determining the application to be malicious or not and executing processing according to at least one of the name and the information of the application further comprises;
comparing at least one of the name and the information of the application with information in a predefined database, and one of (a) executing the call according to the address of the service and returning an actual service result to the application, and (b) returning a predefined service result to the application.
-
Specification