Nothing Special   »   [go: up one dir, main page]

CN105844156A - Process information acquisition method and device and electronic equipment - Google Patents

Process information acquisition method and device and electronic equipment Download PDF

Info

Publication number
CN105844156A
CN105844156A CN201610166352.3A CN201610166352A CN105844156A CN 105844156 A CN105844156 A CN 105844156A CN 201610166352 A CN201610166352 A CN 201610166352A CN 105844156 A CN105844156 A CN 105844156A
Authority
CN
China
Prior art keywords
information
identity information
progress information
target process
progress
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610166352.3A
Other languages
Chinese (zh)
Inventor
李文靖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhuhai Baoqu Technology Co Ltd
Original Assignee
Beijing Kingsoft Internet Security Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Kingsoft Internet Security Software Co Ltd filed Critical Beijing Kingsoft Internet Security Software Co Ltd
Priority to CN201610166352.3A priority Critical patent/CN105844156A/en
Publication of CN105844156A publication Critical patent/CN105844156A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The embodiment of the invention provides a process information acquisition method, a device and electronic equipment, wherein the process information acquisition method comprises the following steps: acquiring process identification information of a target process, judging whether the process identification information of the target process exists in the process identification information corresponding to the locally stored process information, and if so, acquiring the process information corresponding to the process identification information of the target process. In the embodiment of the invention, the corresponding relation between the process information and the process identification information is stored locally, the process information of the target process is obtained in a mode of locally searching the process identification information of the target process, and a corresponding function is not required to be called to obtain the process information.

Description

A kind of progress information acquisition methods, device and electronic equipment
Technical field
The present invention relates to technical field of system security, particularly relate to a kind of progress information acquisition methods, device And electronic equipment.
Background technology
In the system of defense of electronic equipment, process defence, file defence and registration table defence can be divided into, Each defence stand can be subdivided into again and open defence minutiae point, reads defence minutiae point and write defence minutiae point etc..Example As: the read-write defence details opening defence minutiae point, the read-write defence minutiae point of file and registration table of process Point.In each defence minutiae point, this critical data of progress information being required for obtaining current process is come Carry out differentiation for security.Such as: in the defence minutiae point write of registration table, acquisition is operating this note The progress information of volume table, it can thus be appreciated that be which process carries out write operation to this registration table, works as obtaining After the progress information of front operation plan, facilitate backstage killing and system that this behavior write is done safety mirror Fixed, it is also used for follow-up this behavior write being intercepted.Therefore, progress information is obtained most important.
Generally within the time of 1 second, the operation in system carried out process, file and registration table etc. is no less than 1000 times, so defence minutiae point is the most all being carried out, the most also can obtain current all the time The progress information of operation.In prior art, obtaining progress information each time all needs by calling corresponding function Obtain progress information, due to system all the time be required for obtain current operation progress information, therefore, It is relatively time consuming for using the method frequently to obtain progress information, and easily causes the phenomenon that system card is slow.
Summary of the invention
The purpose of the embodiment of the present invention is to provide a kind of progress information acquisition methods, device and electronic equipment, Time-consumingly long and cause the slow problem of system card to solve frequently to obtain progress information.Concrete technical scheme is as follows:
A kind of progress information acquisition methods, is applied to electronic equipment, and described method includes:
Obtain the process identity information of target process;
Judge whether the process identity information that the local progress information preserved is corresponding exists described target process Process identity information;
If there is the progress information that the process identity information of, it is thus achieved that described target process is corresponding.
Optionally, described method also includes:
If it does not, calling process acquisition of information function obtains the progress information of described target process.
Optionally, described method also includes:
Preserve the process identity information of its correspondence for the progress information of the described target process obtained in this locality.
Optionally, described progress information includes:
Process fullpath, process commands row, parent process identification information and parent process fullpath.
Optionally, the corresponding process of each node in local Hash table, the key value of each node is for entering Journey identification information, the value value of each node is progress information, the progress information pair that described judgement this locality preserves Whether the process identity information answered exists the process identity information of described target process, including:
Judge whether described local Hash table exists in each node key value the process mark of described target process Knowledge information.
Optionally, the process identity information of described acquisition target process, including:
Call kernel function and obtain the process identity information of target process.
A kind of progress information acquisition device, is applied to electronic equipment, and described device includes:
Acquisition module, for obtaining the process identity information of target process;
Judge module, for judging whether exist in the process identity information that the progress information of local preservation is corresponding The process identity information of described target process;
First obtains module, for judging the process that the progress information of this locality preservation is corresponding at described judge module When identification information exists the process identity information of described target process, it is thus achieved that the process mark of described target process The progress information that knowledge information is corresponding.
Optionally, described device also includes:
Second obtains module, for judging the process that the progress information of this locality preservation is corresponding at described judge module When there is not the process identity information of described target process in identification information, calling process acquisition of information function obtains Obtain the progress information of described target process.
Optionally, described device also includes:
Preserve module, for preserving its correspondence in this locality for the progress information of described target process obtained Process identity information.
Optionally, described progress information includes:
Process fullpath, process commands row, parent process identification information and parent process fullpath.
Optionally, described judge module, specifically for:
Judge whether described local Hash table exists in each node key value the process mark of described target process Knowledge information, wherein, the corresponding process of each node in local Hash table, the key value of each node is Process identity information, the value value of each node is progress information.
Optionally, described acquisition module, specifically for:
Call kernel function and obtain the process identity information of target process.
A kind of electronic equipment, described electronic equipment includes:
Housing, processor, memorizer, circuit board and power circuit, wherein, circuit board is placed in housing and encloses The interior volume become, processor and memorizer are arranged on circuit boards;Power circuit, is used for as electronic equipment Each circuit or device power;Memorizer is used for storing executable program code;Processor is deposited by reading In reservoir, the executable program code of storage runs the program corresponding with executable program code, for holding Row following steps:
Obtain the process identity information of target process;
Judge whether the process identity information that the local progress information preserved is corresponding exists described target process Process identity information;
If there is the progress information that the process identity information of, it is thus achieved that described target process is corresponding.
For reaching above-mentioned purpose, the embodiment of the present application additionally provides a kind of storage medium, and wherein, this storage is situated between Matter is used for storing application program, and described application program is for operationally performing a kind of process described herein Information getting method.Wherein, a kind of progress information acquisition methods described herein, it is applied to electronic equipment, The method includes:
Obtain the process identity information of target process;
Judge whether the process identity information that the local progress information preserved is corresponding exists described target process Process identity information;
If there is the progress information that the process identity information of, it is thus achieved that described target process is corresponding.
For reaching above-mentioned purpose, the embodiment of the present application additionally provides a kind of application program, wherein, this application journey Sequence is for operationally performing a kind of progress information acquisition methods described herein.Wherein, herein described A kind of progress information acquisition methods, be applied to electronic equipment, the method includes:
Obtain the process identity information of target process;
Judge whether the process identity information that the local progress information preserved is corresponding exists described target process Process identity information;
If there is the progress information that the process identity information of, it is thus achieved that described target process is corresponding.
In embodiments of the present invention, preserve progress information and the corresponding relation of process identity information in this locality, logical Cross the mode of the process identity information searching target process in this locality, it is thus achieved that the progress information of target process, nothing Corresponding function need to be called to obtain progress information, owing to the process elapsed time searched is less, therefore, subtract Lack elapsed time, solved and frequently call function and obtain progress information and cause the slow problem of system card.Certainly, Arbitrary product or the method for implementing the present invention must be not necessarily required to reach all the above advantage simultaneously.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to enforcement In example or description of the prior art, the required accompanying drawing used is briefly described, it should be apparent that, describe below In accompanying drawing be only some embodiments of the present invention, for those of ordinary skill in the art, do not paying On the premise of going out creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
The schematic flow sheet of a kind of progress information acquisition methods that Fig. 1 provides for the embodiment of the present invention;
A kind of Hash table schematic diagram that Fig. 2 provides for the embodiment of the present invention;
A kind of Hash table schematic diagram preserved for progress information that Fig. 3 provides for the embodiment of the present invention;
Another schematic flow sheet of a kind of progress information acquisition methods that Fig. 4 provides for the embodiment of the present invention;
Another schematic flow sheet of a kind of progress information acquisition methods that Fig. 5 provides for the embodiment of the present invention;
The structural representation of a kind of progress information acquisition device that Fig. 6 provides for the embodiment of the present invention;
Another structural representation of a kind of progress information acquisition device that Fig. 7 provides for the embodiment of the present invention;
Another structural representation of a kind of progress information acquisition device that Fig. 8 provides for the embodiment of the present invention;
The structural representation of a kind of electronic equipment that Fig. 9 provides for the embodiment of the present invention.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clearly Chu, be fully described by, it is clear that described embodiment be only a part of embodiment of the present invention rather than Whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creation The every other embodiment obtained under property work premise, broadly falls into the scope of protection of the invention.
In order to solve prior art problem, embodiments provide a kind of progress information acquisition methods, dress Put and electronic equipment.
A kind of progress information acquisition methods provided the embodiment of the present invention first below is introduced.
It should be noted that a kind of progress information acquisition methods that the embodiment of the present invention is provided is applied to electronics Equipment.In actual applications, this electronic equipment can be mobile phone, panel computer, desktop computer and notebook electricity Brains etc., this is all rational.
Moreover, it is achieved that the functional software of a kind of progress information acquisition methods that the embodiment of the present invention is provided is permissible For the independent client software for realizing progress information acquisition.
As it is shown in figure 1, a kind of progress information acquisition methods that the embodiment of the present invention provides, it is applied to electronics and sets Standby, may include that
S101: obtain the process identity information of target process.
Wherein, target process is the process being currently running, such as: A process just at written document, then A Process is target process.Process identity information is the identity of process, for example, can be process PID, Certainly being not limited thereto, when a program is run, system will be automatically assigned to the process one of this program Individual unique PID, after process terminates, this PID will be regained by system, may continue to distribute to newly The program run, can identify the process of correspondence by the identification information of process.
When target process runs, kernel function PsGetCurrentProcessId obtain entering of target process Journey identification information, in order to carry out subsequent step.
S102: judge whether there is described target in the process identity information that the local progress information preserved is corresponding The process identity information of process, if it is, perform step S103.
The corresponding relation of progress information and process identity information is preserved, when obtaining entering of target process in this locality After journey identification information, it is judged that whether the process identity information that the local progress information preserved is corresponding exists this mesh The process identity information of mark process, and according to judged result, perform different operations.
Wherein, for each process, process can be obtained by the way of calling process acquisition of information function Progress information, when this process is run, determines the identification information of this process, by this progress information and this process Identification information is saved in this locality;For each process, it is also possible to executive mode can obtain process letter by other Breath, when this process is run, determines the identification information of this process, this progress information and this process identification (PID) is believed Breath is saved in this locality, and this is all rational.
S103: obtain the progress information that the process identity information of described target process is corresponding.
In judged result is the process identity information that the local progress information preserved is corresponding, there is this target enter During the process identity information of journey, it is thus achieved that corresponding the entering of process identity information of this target process preserved in this locality Journey information.
Compared with prior art, in embodiments of the present invention, progress information and process identification (PID) letter is preserved in this locality The corresponding relation of breath, by the way of searching the process identity information of target process, it is thus achieved that target is entered in this locality The progress information of journey, it is not necessary to call corresponding function to obtain progress information, when the process owing to searching consumes Between less, therefore, decrease elapsed time, solve frequently call function obtain progress information cause system Block slow problem.
Concrete, described progress information may include that
Process fullpath, process commands row, parent process identification information and parent process fullpath.
Wherein, process fullpath is the complete trails of process;One parameter of process commands behavior, is used for performing Corresponding order;Parent process is the process having created one or more subprocess, and parent process is that target is entered herein The parent process of journey, parent process identification information is the identity of parent process, can be parent process PID;Father enters Journey fullpath is the complete trails of parent process.
Obtain the process fullpath of process, process commands row, parent process identification information and the father being currently running Process fullpath, the behavior that process is carried out can be done security authentication by system, it is possible to do this behavior Intercept.
Concrete, the process identity information that the local progress information preserved is corresponding can leave local Hash table in In.The corresponding process of each node in local Hash table, the key value of each node is believed for process identification (PID) Breath, the value value of each node is progress information, the process corresponding to progress information of described judgement this locality preservation Whether identification information exists the process identity information of described target process, may include that
Judge whether described local Hash table exists in each node key value the process mark of described target process Knowledge information.
Wherein, the principle of Hash table HASHMAP is for mapping, and in HASHMAP, each node comprises one Key value and a value value, a corresponding value value of key value, multiple nodes are preserved by the form of array, As shown in Figure 2.
It is understood that HASHMAP can be used in the preservation of progress information as it is shown on figure 3, When process identity information is process PID, the corresponding process of each node in local HASHMAP, The key value of each node is process identity information, and the value value of each node is progress information, due to system On process typically not over 200, the pid value of each process will not repeat, thus use HASHMAP preserves, search and to add data the most efficient.Thus, just can be looked for by process PID To the progress information that this process PID is corresponding.
According to process PID of target process, the PID of each node in the local HASHMAP of circulation coupling The most identical with process PID of this target process, if identical, the most find the process with this target process The node that PID is identical, returns the value value of this node, it is thus achieved that the progress information of this target process.
When after the process release being currently running, in local Hash table, delete this process discharged corresponding Node, to update local Hash table.
Concrete, the process identity information of described acquisition target process, may include that
Call kernel function and obtain the process identity information of target process.
In order to obtain the process identity information of target process, need to call kernel function PsGetCurrentProcessId obtains the process identity information of the target process being currently running.
Further, on the basis of embodiment illustrated in fig. 1, as shown in Figure 4, the embodiment of the present invention provides A kind of progress information acquisition methods, is applied to electronic equipment, it is also possible to including:
S104: calling process acquisition of information function obtains the progress information of described target process.
Wherein, when the judged result in step S102 is no, perform step S104.
When process identity information is process PID, according to process PID of target process, circulation coupling this locality The PID of each node in HASHMAP is the most identical with process PID of this target process, if phase With, the most find the node identical with process PID of this target process, returned the value value of this node, obtain Obtain the progress information of this target process.
If it is not the same, i.e. do not find the node identical with process PID of this target process, represent HASHMAP table does not exist the data that process PID of target process is corresponding, therefore cannot obtain target and enter The progress information of journey, now, calls kernel function PsGetCurrentProcessId and obtains entering of target process Journey PID, by this process PID as parameter, calls ZwQueryInformationProcess and kernel path The progress informations such as conversion obtain function and obtain the progress information of target process.
Thus, when cannot obtain the progress information of target process in this locality, by calling process acquisition of information letter The mode of number obtains the progress information of target process.
Further, on the basis of embodiment illustrated in fig. 4, as it is shown in figure 5, the embodiment of the present invention provides A kind of progress information acquisition methods, be applied to electronic equipment, after step S104, it is also possible to including:
S105: preserve the process identification (PID) of its correspondence in this locality for the progress information of the described target process obtained Information.
When process identity information is process PID, using process PID of target process as key value, acquisition The node that this key value and value value form, as value value, is saved in by the progress information of target process In HASHMAP, typically can be saved on the position of final node.
Due to, in the situation of the progress information obtaining process by the way of calling process acquisition of information function Under, generate HASHMAP time only understand calling process obtain function obtain progress information once, upper once During use, can first search process PID that whether there is target process in HASHMAP, so can find It is saved in process PID of this locality, again will not obtain function acquisition progress information by calling process, therefore, subtract Lack elapsed time, solved and frequently call function and obtain progress information and cause the slow problem of system card;Logical Cross other can executive mode obtain in the case of progress information, the not calling process when generating HASHMAP Obtain function obtain progress information, therefore, decrease elapsed time, solve frequently call function obtain into Journey information causes the problem that system card is slow.
Simultaneously as the process of system is typically not over 200, the number of the progress information in 200 quantity Being fewer according to amount, therefore, it is the most efficient and stable for being saved in HASHMAP by progress information, So guard system does not the most frequently obtain progress information, do not result in the phenomenon that system card is slow yet.
Thus, when cannot obtain the progress information of target process in this locality, at calling process acquisition of information function Mode obtain the progress information of target process after, progress information and the process identity information of target process are protected It is stored to this locality.
Relative to said method embodiment, the embodiment of the present invention additionally provides a kind of progress information acquisition device, Being applied to electronic equipment, as shown in Figure 6, this device may include that
Acquisition module 201, for obtaining the process identity information of target process;
Whether judge module 202, for judging in the process identity information that the progress information of local preservation is corresponding There is the process identity information of described target process;
First obtains module 203, for judging that at described judge module 202 progress information of local preservation is corresponding Process identity information in when there is the process identity information of described target process, it is thus achieved that described target process The progress information that process identity information is corresponding.
Compared with prior art, in embodiments of the present invention, progress information and process identification (PID) letter is preserved in this locality The corresponding relation of breath, by the way of searching the process identity information of target process, it is thus achieved that target is entered in this locality The progress information of journey, it is not necessary to call corresponding function to obtain progress information, when the process owing to searching consumes Between less, therefore, decrease elapsed time, solve frequently call function obtain progress information cause system Block slow problem.
Concrete, described progress information may include that
Process fullpath, process commands row, parent process identification information and parent process fullpath.
Concrete, described judge module 202, can be specifically for:
Judge whether described local Hash table exists in each node key value the process mark of described target process Knowledge information, wherein, the corresponding process of each node in local Hash table, the key value of each node is Process identity information, the value value of each node is progress information.
Concrete, described acquisition module 201, can be specifically for:
Call kernel function and obtain the process identity information of target process.
Further, on the basis of embodiment illustrated in fig. 6, as it is shown in fig. 7, what the embodiment of the present invention provided A kind of progress information acquisition device, is applied to electronic equipment, and this device can also include:
Second obtains module 204, for judging that at described judge module 202 progress information of local preservation is corresponding Process identity information in when there is not the process identity information of described target process, calling process acquisition of information Function obtains the progress information of described target process.
Further, on the basis of embodiment illustrated in fig. 7, as shown in Figure 8, the embodiment of the present invention provides A kind of progress information acquisition device, be applied to electronic equipment, this device can also include:
Preserve module 205, right for preserving it in this locality for the progress information of the described target process obtained The process identity information answered.
Correspondingly, as described in Figure 9, the embodiment of the present application additionally provides a kind of electronic equipment, and described electronics sets For may include that
Housing 901, processor 902, memorizer 903, circuit board 904 and power circuit 905, wherein, electricity Road plate 904 is placed in the interior volume that housing surrounds, processor 902 and memorizer 903 and is arranged on circuit board 904 On;Power circuit 905, powers for each circuit or the device for electronic equipment;Memorizer 903 is used for depositing Storage executable program code;Processor 902 comes by reading the executable program code of storage in memorizer 903 Run the program corresponding with executable program code, for performing following steps:
Obtain the process identity information of target process;
Judge whether the process identity information that the local progress information preserved is corresponding exists described target process Process identity information;
If there is the progress information that the process identity information of, it is thus achieved that described target process is corresponding.
Correspondingly, the embodiment of the present application additionally provides a kind of storage medium, and wherein, this storage medium is used for depositing Storage application program, described application program obtains for operationally performing a kind of progress information described herein Method.Wherein, a kind of progress information acquisition methods described herein, it is applied to electronic equipment, the method May include that
Obtain the process identity information of target process;
Judge whether the process identity information that the local progress information preserved is corresponding exists described target process Process identity information;
If there is the progress information that the process identity information of, it is thus achieved that described target process is corresponding.
Correspondingly, the embodiment of the present application additionally provides a kind of application program, and wherein, this application program is used for A kind of progress information acquisition methods described herein is performed during operation.Wherein, one described herein is entered Journey information getting method, is applied to electronic equipment, and the method may include that
Obtain the process identity information of target process;
Judge whether the process identity information that the local progress information preserved is corresponding exists described target process Process identity information;
If there is the progress information that the process identity information of, it is thus achieved that described target process is corresponding.
It should be noted that in this article, the relational terms of such as first and second or the like be used merely to by One entity or operation separate with another entity or operating space, and not necessarily require or imply these Relation or the order of any this reality is there is between entity or operation.And, term " includes ", " bag Contain " or its any other variant be intended to comprising of nonexcludability, so that include a series of key element Process, method, article or equipment not only include those key elements, but also include being not expressly set out Other key elements, or also include the key element intrinsic for this process, method, article or equipment.? In the case of there is no more restriction, statement " including ... " key element limited, it is not excluded that at bag Include and the process of described key element, method, article or equipment there is also other identical element.
Each embodiment in this specification all uses relevant mode to describe, phase homophase between each embodiment As part see mutually, what each embodiment stressed is different from other embodiments it Place.For system embodiment, owing to it is substantially similar to embodiment of the method, so describe Fairly simple, relevant part sees the part of embodiment of the method and illustrates.
The foregoing is only presently preferred embodiments of the present invention, be not intended to limit the protection model of the present invention Enclose.All any modification, equivalent substitution and improvement etc. made within the spirit and principles in the present invention, all wrap Containing within the scope of the present invention.

Claims (10)

1. a progress information acquisition methods, it is characterised in that be applied to electronic equipment, described method bag Include:
Obtain the process identity information of target process;
Judge whether the process identity information that the local progress information preserved is corresponding exists described target process Process identity information;
If there is the progress information that the process identity information of, it is thus achieved that described target process is corresponding.
Method the most according to claim 1, it is characterised in that described method also includes:
If it does not, calling process acquisition of information function obtains the progress information of described target process.
Method the most according to claim 2, it is characterised in that described method also includes:
Preserve the process identity information of its correspondence for the progress information of the described target process obtained in this locality.
Method the most according to claim 1, it is characterised in that described progress information includes:
Process fullpath, process commands row, parent process identification information and parent process fullpath.
Method the most according to claim 1, it is characterised in that each node in local Hash table is corresponding One process, the key value of each node is process identity information, and the value value of each node is progress information, Whether the process identity information that the described progress information judging that this locality preserves is corresponding exists described target process Process identity information, including:
Judge whether described local Hash table exists in each node key value the process mark of described target process Knowledge information.
Method the most according to claim 1, it is characterised in that the process identification (PID) of described acquisition target process Information, including:
Call kernel function and obtain the process identity information of target process.
7. a progress information acquisition device, it is characterised in that be applied to electronic equipment, described device bag Include:
Acquisition module, for obtaining the process identity information of target process;
Judge module, for judging whether exist in the process identity information that the progress information of local preservation is corresponding The process identity information of described target process;
First obtains module, for judging the process that the progress information of this locality preservation is corresponding at described judge module When identification information exists the process identity information of described target process, it is thus achieved that the process mark of described target process The progress information that knowledge information is corresponding.
Device the most according to claim 7, it is characterised in that described device also includes:
Second obtains module, for judging the process that the progress information of this locality preservation is corresponding at described judge module When there is not the process identity information of described target process in identification information, calling process acquisition of information function obtains Obtain the progress information of described target process.
Device the most according to claim 8, it is characterised in that described device also includes:
Preserve module, for preserving its correspondence in this locality for the progress information of described target process obtained Process identity information.
10. an electronic equipment, it is characterised in that described electronic equipment includes:
Housing, processor, memorizer, circuit board and power circuit, wherein, circuit board is placed in housing and encloses The interior volume become, processor and memorizer are arranged on circuit boards;Power circuit, is used for as electronic equipment Each circuit or device power;Memorizer is used for storing executable program code;Processor is deposited by reading In reservoir, the executable program code of storage runs the program corresponding with executable program code, for holding Row following steps:
Obtain the process identity information of target process;
Judge whether the process identity information that the local progress information preserved is corresponding exists described target process Process identity information;
If there is the progress information that the process identity information of, it is thus achieved that described target process is corresponding.
CN201610166352.3A 2016-03-22 2016-03-22 Process information acquisition method and device and electronic equipment Pending CN105844156A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610166352.3A CN105844156A (en) 2016-03-22 2016-03-22 Process information acquisition method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610166352.3A CN105844156A (en) 2016-03-22 2016-03-22 Process information acquisition method and device and electronic equipment

Publications (1)

Publication Number Publication Date
CN105844156A true CN105844156A (en) 2016-08-10

Family

ID=56587943

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610166352.3A Pending CN105844156A (en) 2016-03-22 2016-03-22 Process information acquisition method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN105844156A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106775979A (en) * 2016-12-13 2017-05-31 郑州云海信息技术有限公司 Scheduler call method and system
CN108196956A (en) * 2017-12-28 2018-06-22 郑州云海信息技术有限公司 A kind of NAS service nodes realize the method and system of NAS services
CN108595319A (en) * 2018-03-30 2018-09-28 阿里巴巴集团控股有限公司 Function choosing method and server
CN109992965A (en) * 2017-12-29 2019-07-09 广东欧珀移动通信有限公司 Process handling method and device, electronic equipment, computer readable storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103294565A (en) * 2013-06-24 2013-09-11 贝壳网际(北京)安全技术有限公司 Method, device and equipment for detecting installed application
US20150310211A1 (en) * 2014-04-28 2015-10-29 Baidu Online Network Technology (Beijing) Co., Ltd Method, apparatus and system for detecting malicious process behavior
CN105608375A (en) * 2015-12-17 2016-05-25 北京金山安全软件有限公司 Process information acquisition method and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103294565A (en) * 2013-06-24 2013-09-11 贝壳网际(北京)安全技术有限公司 Method, device and equipment for detecting installed application
US20150310211A1 (en) * 2014-04-28 2015-10-29 Baidu Online Network Technology (Beijing) Co., Ltd Method, apparatus and system for detecting malicious process behavior
CN105608375A (en) * 2015-12-17 2016-05-25 北京金山安全软件有限公司 Process information acquisition method and device

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106775979A (en) * 2016-12-13 2017-05-31 郑州云海信息技术有限公司 Scheduler call method and system
CN108196956A (en) * 2017-12-28 2018-06-22 郑州云海信息技术有限公司 A kind of NAS service nodes realize the method and system of NAS services
CN109992965A (en) * 2017-12-29 2019-07-09 广东欧珀移动通信有限公司 Process handling method and device, electronic equipment, computer readable storage medium
CN109992965B (en) * 2017-12-29 2021-08-17 Oppo广东移动通信有限公司 Process processing method and device, electronic equipment and computer readable storage medium
CN108595319A (en) * 2018-03-30 2018-09-28 阿里巴巴集团控股有限公司 Function choosing method and server
WO2019184597A1 (en) * 2018-03-30 2019-10-03 阿里巴巴集团控股有限公司 Function selection method and server
CN108595319B (en) * 2018-03-30 2020-08-04 阿里巴巴集团控股有限公司 Function selection method and server

Similar Documents

Publication Publication Date Title
CN105117544B (en) Android platform App methods of risk assessment and device based on mobile cloud computing
CN107341401B (en) A kind of malicious application monitoring method and equipment based on machine learning
CN105844156A (en) Process information acquisition method and device and electronic equipment
CN105446811B (en) Application process is associated with starting method and association starter
CN109831419A (en) The determination method and device of shell program authority
KR102534334B1 (en) Detection of software attacks on processes in computing devices
CN108875364B (en) Threat determination method and device for unknown file, electronic device and storage medium
CN105956468B (en) A kind of Android malicious application detection method and system based on file access dynamic monitoring
CN105404819A (en) Data access control method and apparatus and terminal
CN105205413B (en) A kind of guard method of data and device
CN109460656A (en) Application program launching control method and terminal
CN103491532A (en) Cooperative privacy protection method and system based on Android platform
CN106203092A (en) Method and device for intercepting shutdown of malicious program and electronic equipment
Teufl et al. Android market analysis with activation patterns
CN103870480A (en) Dynamic data masking method and database system
CN111177700A (en) Method and device for controlling row-level authority
CN111209061B (en) User information filling method, device, computer equipment and storage medium
CN104268462A (en) Sub-zone protecting method and device of Android system
CN111784468A (en) Account association method and device and electronic equipment
Da et al. Detection of Android malware security on system calls
CN105700942B (en) Application process is associated with starting method and association starter
CN109784051A (en) Protecting information safety method, device and equipment
CN107085516A (en) A kind of method and device for changing configuration
CN109918552A (en) Malice group tells tendency personal identification method, server and computer readable storage medium
CN107368738B (en) Root prevention method and Root prevention device for intelligent equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20181214

Address after: Room 105-53811, No. 6 Baohua Road, Hengqin New District, Zhuhai City, Guangdong Province

Applicant after: Zhuhai Leopard Technology Co.,Ltd.

Address before: 100085 East District, Second Floor, 33 Xiaoying West Road, Haidian District, Beijing

Applicant before: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd.

TA01 Transfer of patent application right
RJ01 Rejection of invention patent application after publication

Application publication date: 20160810

RJ01 Rejection of invention patent application after publication