Movatterモバイル変換

[0]ホーム
URL:

CN101710375A - Anti-viral device in anti-viral software and anti-viral method thereof - Google Patents

Anti-viral device in anti-viral software and anti-viral method thereofDownload PDF

Info

Publication number
CN101710375A
CN101710375ACN200910214011ACN200910214011ACN101710375ACN 101710375 ACN101710375 ACN 101710375ACN 200910214011 ACN200910214011 ACN 200910214011ACN 200910214011 ACN200910214011 ACN 200910214011ACN 101710375 ACN101710375 ACN 101710375A
Authority
CN
China
Prior art keywords
source code
viral
virus
code
viral software
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN200910214011A
Other languages
Chinese (zh)
Other versions
CN101710375B (en
Inventor
蒋冯兵
彭宁
邱锐锋
张康宗
刘海峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Kingsoft Internet Security Software Co Ltd
Conew Network Technology Beijing Co Ltd
Shell Internet Beijing Security Technology Co Ltd
Zhuhai Juntian Electronic Technology Co Ltd
Beijing Kingsoft Internet Science and Technology Co Ltd
Original Assignee
Zhuhai Juntian Electronic Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhuhai Juntian Electronic Technology Co LtdfiledCriticalZhuhai Juntian Electronic Technology Co Ltd
Priority to CN2009102140119ApriorityCriticalpatent/CN101710375B/en
Publication of CN101710375ApublicationCriticalpatent/CN101710375A/en
Application grantedgrantedCritical
Publication of CN101710375BpublicationCriticalpatent/CN101710375B/en
Expired - Fee Relatedlegal-statusCriticalCurrent
Anticipated expirationlegal-statusCritical

Links

Landscapes

Abstract

The invention relates to an anti-viral device embedded in anti-viral software and an anti-viral method for anti-virus by using the anti-viral device. The anti-viral device in the anti-viral software comprises an anti-viral characteristic loading device, a source code compiling device and a native code execution device, wherein the anti-viral characteristic loading device is arranged in an anti-viral software engine and used for loading encrypted and compressed source code characteristics and transferring a result to the source code compiling device; the source code compiling device is arranged in the anti-viral software engine and used for compiling, discovering and clearing away the source code characteristics of virus and generating a native code which can be recognized by an instruction architecture; and the native code execution device is arranged in the anti-viral software engine and used for executing the native code generated by the source code compiling device and associating the native code and a functional function in the anti-viral software engine so as to control and execute the native code generated by the source code compiling device. The device allows antivirus software to use a storage characteristic with smaller size and can execute by higher efficiency.

Description

Anti-virus device and anti-viral method thereof in the anti-viral software
Technical field
The present invention relates to the computer anti-virus software field, relate in particular to a kind of anti-virus device that is embedded in the anti-viral software, and use this anti-virus device to carry out anti-microbial method.
Background technology
In the anti-virus field, several viroids (as polymorphic virus, infection type virus) more complicated is arranged, adopt common aspect ratio very difficult this viroid of mode killing, at the virus of these kinds, anti-viral software need use complicated method could discern it or remove them.At present, general anti-viral software can adopt following technological means: script machine technology, virtual machine technique or primary instruction technique.But all there is certain shortcoming in these methods:
The script machine technology, the anti-virus script is inconvenient to debug in the process that virus analysis person writes;
Virtual machine technique, anti-virus code are to carry out in virtual machine, rather than directly carry out on CPU, so the more primary instruction of execution speed is slow, being whole system design and realizing very complicated of most critical;
Primary instruction technique exists and to stride instruction framework problem, and anti-viral software need all be prepared a primary instruction code separately for the instruction framework of its compatibility, and to relate to the reorientation so the storage volume of code bigger because of primary instruction.
Summary of the invention
First purpose of the present invention is to overcome deficiency of the prior art, a kind of anti-virus device that is embedded in the anti-viral software is provided, this anti-virus device can allow antivirus software use the storage feature of smaller size smaller, can carry out with higher efficient, and make things convenient for the virus analysis personnel to write this feature.
Second purpose of the present invention provides a kind of anti-viral method of above-mentioned anti-virus device.
In order to realize above-mentioned first purpose, by the following technical solutions: the anti-virus device in the anti-viral software, it comprises:
Be positioned at the anti-virus feature loading attachment of anti-viral software engine, it is used for loading encrypted and source code feature that compressed, and the result is passed to following compilation of source code device;
Be positioned at the compilation of source code device of anti-viral software engine, it is used for compiling the source code feature of finding and removing virus, generates the discernible primary code of place instruction framework;
Be positioned at the primary code actuating unit of anti-viral software engine, it is used for carrying out the primary code that the compilation of source code device produces, and the power function of described primary code and anti-viral software engine internal is carried out related, control and carry out the primary code that compilation device produces.
In order to realize above-mentioned second purpose, by the following technical solutions: the anti-viral method of the anti-virus device in the anti-viral software, its process be, source code feature encrypted or compression is decrypted and decompresses; Source code feature after deciphering and the decompression is compiled, produce the primary code of current anti-viral software place instruction framework; The power function of described primary code and anti-virus engine internal is carried out related, control and carry out described primary code.
Anti-virus device of the present invention and anti-viral method are that direct service routine source code carries out anti-virus.It has following advantage:
1, similar script machine technology, the program source code of use plain text format, ratio of compression is big, and final storage volume is less, the convenient editor of feature;
2, instruction framework onrelevant can be striden the instruction framework and be carried out, and a cover anti-virus feature can be suitable for all platforms;
3, middle compilation speed is fast, and final execution speed is fast, near the travelling speed of direct primary instruction;
4, debugging cost is low, and the virus analysis personnel can debug the anti-virus source code easily.
Embodiment
Anti-virus device in the anti-viral software, it comprises:
Be based upon an anti-virus feature loading attachment in the anti-viral software engine, be used for loading encrypted and source code feature that compressed, after being decrypted and decompressing, pass to the compilation of source code device and compile, produce the primary code of current place instruction framework;
Be based upon the device of compilation of source code efficiently of a lightweight in the anti-viral software engine, be used for compiling the source code feature of finding and removing virus, with the almost negligible speed of required time with respect to the magnetic disc i/o operation, generate the primary code of place instruction framework;
Be based upon a primary code actuating unit in the anti-viral software engine, be used for carrying out the primary code that the compilation of source code device produces; The primary code that this device is produced the compilation of source code device and the power function of anti-virus engine internal carry out related, and control and carry out the primary code that the compilation of source code device produces reaches the purpose of finding virus or removing virus.
Described source code feature is the virus characteristic that exists with the source code form that is stored in the virus base of anti-viral software.Source code is characterized as the program source code of plain text format.
Some is the feature that exists with the binary code form in the virus base of anti-viral software, and it is employed that these features are that anti-viral software is used for some street virus of killing.And being bogusware, the feature of these binary codes compiles out in advance.At special viruses such as the polymorphic virus described in the background technology of the present invention, infection type viruses.Adopt anti-virus device of the present invention to handle.The compilation of source code device that employing is present in the lightweight in the anti-viral software compiles.
The anti-viral method of above-mentioned anti-virus device is, source code feature encrypted or compression is decrypted and decompresses; Source code feature after deciphering and the decompression is compiled, produce the primary code of current anti-viral software place instruction framework; The power function of described primary code and anti-virus engine internal is carried out related, control and carry out described primary code.
1, the special case on x86 instruction framework:
This method is set up an anti-virus feature loading attachment in the anti-virus engine internal of x86 instruction framework, is responsible for loading the anti-virus feature database after encrypted and the compression;
Anti-virus feature loading attachment passes to one to the anti-virus source code with the C language compilation of the anti-virus feature database the inside that loads and is integrated with the compilation of source code device of lightweight C CompilerTools efficiently;
The compilation of source code device becomes the primary code of the very high x86 of execution speed to the anti-virus compilation of source code of the C language compilation that anti-virus feature loading attachment passes over;
Anti-virus engine internal on x86 instruction framework is set up a primary code actuating unit in addition, be responsible for carrying out related with the x86 machine code that the compilation of source code device produces the power function of anti-virus engine internal, and the x86 machine code of control and the generation of execution compilation of source code device, reach and on the computing machine of x86, find virus and the viral purpose of removing.
2, the special case on arm instruction framework:
This method is set up an anti-virus feature loading attachment in the anti-virus engine internal of arm instruction framework, is responsible for loading the anti-virus feature;
Anti-virus feature loading attachment passes to the anti-virus source code of the C language compilation of the anti-virus feature database the inside that loads in the compilation of source code device that lightweight C CompilerTools is arranged of an integrated efficient;
The compilation of source code device becomes the primary code of the very high arm of execution speed to the anti-virus compilation of source code of the C language compilation that anti-virus feature loading attachment passes over;
Anti-virus engine internal on arm instruction framework is set up a primary code actuating unit in addition, be responsible for carrying out related with the arm machine code that the compilation of source code device produces the power function of anti-virus engine internal, and the arm machine code of control and the generation of execution compilation of source code device, reach morbidity poison and the viral purpose of removing on the computing machine of arm.
Above embodiment is the unrestricted technical scheme of the present invention in order to explanation only.Any modification or partial replacement that does not break away from spirit and scope of the invention should be encompassed in the middle of the claim scope of the present invention.

Claims (6)

CN2009102140119A2009-12-162009-12-16Anti-viral device in anti-viral software and anti-viral method thereofExpired - Fee RelatedCN101710375B (en)

Priority Applications (1)

Application NumberPriority DateFiling DateTitle
CN2009102140119ACN101710375B (en)2009-12-162009-12-16Anti-viral device in anti-viral software and anti-viral method thereof

Applications Claiming Priority (1)

Application NumberPriority DateFiling DateTitle
CN2009102140119ACN101710375B (en)2009-12-162009-12-16Anti-viral device in anti-viral software and anti-viral method thereof

Publications (2)

Publication NumberPublication Date
CN101710375Atrue CN101710375A (en)2010-05-19
CN101710375B CN101710375B (en)2013-01-23

Family

ID=42403161

Family Applications (1)

Application NumberTitlePriority DateFiling Date
CN2009102140119AExpired - Fee RelatedCN101710375B (en)2009-12-162009-12-16Anti-viral device in anti-viral software and anti-viral method thereof

Country Status (1)

CountryLink
CN (1)CN101710375B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN102893580A (en)*2012-07-042013-01-23华为技术有限公司 Anti-virus method and device and firewall equipment
CN104134039A (en)*2014-07-242014-11-05北京奇虎科技有限公司Virus checking and killing method, virus checking and killing client, virus checking and killing server and virus checking and killing system
CN104850782A (en)*2014-02-182015-08-19腾讯科技(深圳)有限公司Method and device for matching virus characteristics

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
US5359659A (en)*1992-06-191994-10-25Doren RosenthalMethod for securing software against corruption by computer viruses
US7603712B2 (en)*2005-04-212009-10-13Microsoft CorporationProtecting a computer that provides a Web service from malware
CN101320413A (en)*2007-06-072008-12-10李武Anti-virus device for mobile memory and its anti-virus method
CN101441687B (en)*2007-11-212010-07-14珠海金山软件股份有限公司Method and apparatus for extracting virus characteristic of virus document

Cited By (6)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN102893580A (en)*2012-07-042013-01-23华为技术有限公司 Anti-virus method and device and firewall equipment
CN104850782A (en)*2014-02-182015-08-19腾讯科技(深圳)有限公司Method and device for matching virus characteristics
WO2015124086A1 (en)*2014-02-182015-08-27Tencent Technology (Shenzhen) Company LimitedVirus signature matching method and apparatus
US10114951B2 (en)2014-02-182018-10-30Tencent Technology (Shenzhen) Company LimitedVirus signature matching method and apparatus
CN104850782B (en)*2014-02-182019-05-14腾讯科技(深圳)有限公司Match the method and device of virus characteristic
CN104134039A (en)*2014-07-242014-11-05北京奇虎科技有限公司Virus checking and killing method, virus checking and killing client, virus checking and killing server and virus checking and killing system

Also Published As

Publication numberPublication date
CN101710375B (en)2013-01-23

Similar Documents

PublicationPublication DateTitle
Qian et al.{RAZOR}: A framework for post-deployment software debloating
Yan et al.Understanding the performance of webassembly applications
Hu et al.Binary code clone detection across architectures and compiling configurations
Wang et al.Ramblr: Making Reassembly Great Again.
CN103324872B (en)Based on the guard method of Android application program and the system of order confusion
CN106096338B (en)A kind of virtualization software guard method obscured with data flow
US8726255B2 (en)Recompiling with generic to specific replacement
Yadavalli et al.Raising binaries to llvm ir with mctoll (wip paper)
CN104134039B (en)Checking and killing virus method, client, server and checking and killing virus system
Liu et al.Exploring missed optimizations in webassembly optimizers
Jung et al.B2R2: Building an efficient front-end for binary analysis
CN101710375B (en)Anti-viral device in anti-viral software and anti-viral method thereof
CN105303072A (en)ART mode based software hardening method and apparatus
CN102841844A (en)Method for binary code vulnerability discovery on basis of simple symbolic execution
Engelke et al.Instrew: Leveraging LLVM for high performance dynamic binary instrumentation
CN101339519B (en)Soft and hard combined control stream checking method facing to embedded microprocessor
Liu et al.Decompiling x86 deep neural network executables
US9098355B2 (en)Method and apparatus for substituting compiler built-in helper functions with machine instructions
Fu et al.Improving SIMD code generation in QEMU
CN110147238A (en)A kind of program compiling method, apparatus and system
CA2820058A1 (en)Multi-modal compiling apparatus and method for generating a hybrid codefile
Cifuentes et al.Computer security analysis through decompilation and high-level debugging
CN115756480A (en) An Android application reinforcement method, system and device
Shapiro et al.{“Weird}{Machines”} in {ELF}: A spotlight on the underappreciated metadata
CN107341403B (en) A file conversion method and device

Legal Events

DateCodeTitleDescription
C06Publication
PB01Publication
C10Entry into substantive examination
SE01Entry into force of request for substantive examination
C14Grant of patent or utility model
GR01Patent grant
ASSSuccession or assignment of patent right

Owner name:BEIKE INTERNET (BEIJING) SECURITY TECHNOLOGY CO.,

Free format text:FORMER OWNER: ZHUHAI JUNTIAN ELECTRONICS TECHNOLOGY CO., LTD.

Effective date:20140704

Owner name:BEIJING GOLDEN HILL NETWORK TECHNOLOGY CO., LTD. K

Effective date:20140704

C41Transfer of patent application or patent right or utility model
CORChange of bibliographic data

Free format text:CORRECT: ADDRESS; FROM: 519015 ZHUHAI, GUANGDONG PROVINCE TO: 100041 SHIJINGSHAN, BEIJING

TR01Transfer of patent right

Effective date of registration:20140704

Address after:100041 Beijing, Shijingshan District Xing Xing street, building 30, No. 3, building 2, A-0071

Patentee after:SHELL INTERNET (BEIJING) SECURITY TECHNOLOGY Co.,Ltd.

Patentee after:BEIJING KINGSOFT NETWORK TECHNOLOGY Co.,Ltd.

Patentee after:BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd.

Patentee after:CONEW NETWORK TECHNOLOGY (BEIJING) Co.,Ltd.

Patentee after:ZHUHAI JUNTIAN ELECTRONIC TECHNOLOGY Co.,Ltd.

Address before:Jinshan computer Building No. 8 Jingshan Hill Road, Lane 519015 Lianshan Jida Zhuhai city in Guangdong Province

Patentee before:Zhuhai Juntian Electronic Technology Co.,Ltd.

CF01Termination of patent right due to non-payment of annual fee

Granted publication date:20130123

Termination date:20191216

CF01Termination of patent right due to non-payment of annual fee
[8]ページ先頭
©2009-2025 Movatter.jp