CN108776633B - Method for monitoring process operation, terminal equipment and computer readable storage medium - Google Patents
Method for monitoring process operation, terminal equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN108776633B CN108776633B CN201810496141.5A CN201810496141A CN108776633B CN 108776633 B CN108776633 B CN 108776633B CN 201810496141 A CN201810496141 A CN 201810496141A CN 108776633 B CN108776633 B CN 108776633B
- Authority
- CN
- China
- Prior art keywords
- target
- sub
- subprocess
- instruction
- monitoring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3089—Monitoring arrangements determined by the means or processing involved in sensing the monitored data, e.g. interfaces, connectors, sensors, probes, agents
- G06F11/3093—Configuration details thereof, e.g. installation, enabling, spatial arrangement of the probes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5005—Allocation of resources, e.g. of the central processing unit [CPU] to service a request
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Quality & Reliability (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention is applicable to the technical field of resource management, and provides a method for monitoring process operation, a terminal device and a computer readable storage medium, wherein, the method for monitoring the process running comprises the steps of acquiring the sub-process identification created by the target process, wherein, the subprocess identification is used for marking a target subprocess for carrying out interruption monitoring on the target process, a monitoring thread is distributed to the target subprocess according to the subprocess identification, such that upon detecting that the target sub-process is prohibited, a prohibit instruction is generated for prohibiting configuration of the system resource to the target process, according to the prohibition instruction, forbidding the system resource allocation to the target process, realizing that the target sub-process monitors the target thread, the target sub-process is monitored by the monitoring thread to form step-by-step monitoring among the target process, the target sub-process and the monitoring thread, and the reliability of monitoring process operation is improved.
Description
Technical Field
The invention belongs to the technical field of resource management, and particularly relates to a method for monitoring process operation, a terminal device and a computer readable storage medium.
Background
With the increasing labor cost, many industries adopt intelligent terminals or multi-node clusters formed by the intelligent terminals and servers to work cooperatively so as to replace labor and further reduce labor cost.
In the task processing process, a system memory executes a plurality of processes, and some processes load sensitive information related to a user, such as provincial certificate numbers, mobile phone numbers, bank accounts and the like.
In the prior art, in order to prevent data of a process execution process from being illegally read, a target process is monitored by monitoring the target process, for example, creating a sub-process. However, for the terminal node or the server in the system, after the hacker acquires the authority of the terminal node or the server, the monitoring of the subprocess on the target process can be shielded by terminating or disabling the subprocess. Therefore, the existing process monitoring scheme has the problem of low reliability.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method for monitoring process running, a terminal device, and a computer-readable storage medium, so as to improve reliability of monitoring process running.
A first aspect of an embodiment of the present invention provides a method for monitoring process operation, including:
acquiring a sub-process identifier created by a target process; the subprocess identification is used for marking a target subprocess, and the target subprocess is used for carrying out interrupt monitoring on the target process;
allocating a monitoring thread for the target subprocess according to the subprocess identifier, wherein the monitoring thread is used for generating a prohibition instruction for prohibiting the configuration of system resources for the target subprocess when the target subprocess is detected to be prohibited;
and if the prohibition instruction is detected, prohibiting the system resource from being configured to the target process.
A second aspect of the embodiments of the present invention provides a terminal device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the following steps when executing the computer program:
acquiring a sub-process identifier created by a target process; the subprocess identification is used for marking a target subprocess, and the target subprocess is used for carrying out interrupt monitoring on the target process;
allocating a monitoring thread for the target subprocess according to the subprocess identifier, wherein the monitoring thread is used for generating a prohibition instruction for prohibiting the configuration of system resources for the target subprocess when the target subprocess is detected to be prohibited;
and if the prohibition instruction is detected, prohibiting the system resource from being configured to the target process.
A third aspect of embodiments of the present invention provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements the steps of:
acquiring a sub-process identifier created by a target process; the subprocess identification is used for marking a target subprocess, and the target subprocess is used for carrying out interrupt monitoring on the target process;
allocating a monitoring thread for the target subprocess according to the subprocess identifier, wherein the monitoring thread is used for generating a prohibition instruction for prohibiting the configuration of system resources for the target subprocess when the target subprocess is detected to be prohibited;
and if the prohibition instruction is detected, prohibiting the system resource from being configured to the target process.
The method for monitoring the process running, the terminal device and the computer readable storage medium provided by the embodiment of the invention have the following beneficial effects:
the method and the device for monitoring the target process have the advantages that the subprocess identification created by the target process is obtained, the subprocess identification is used for marking the target subprocess for monitoring the interruption of the target process, the monitoring thread is allocated to the target subprocess according to the subprocess identification, so that a forbidding instruction for forbidding the system resource allocation to the target process is generated when the target subprocess is detected to be forbidden, the system resource allocation to the target process is forbidden according to the forbidding instruction, the target subprocess is monitored by the monitoring thread while the target subprocess monitors the target thread, the target subprocess and the monitoring thread step by step, and the reliability of monitoring the process operation is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a flowchart illustrating an implementation of a method for monitoring process operation according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating an implementation of a method for monitoring process operation according to another embodiment of the present invention;
fig. 3 is a flowchart illustrating an implementation details of a method S22 for monitoring the running of a process according to another embodiment of the present invention;
fig. 4 is a flowchart illustrating an implementation details of a method S13 for monitoring process running according to another embodiment of the present invention;
fig. 5 is a block diagram of a terminal device according to another embodiment of the present invention;
fig. 6 is a schematic diagram of a terminal device according to another embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
According to the embodiment of the invention, the sub-process identification created by the target process is obtained, the sub-process identification is used for marking the target sub-process for carrying out interruption monitoring on the target process, and the monitoring thread is allocated to the target sub-process according to the sub-process identification, so that when the target sub-process is detected to be forbidden, a forbidden instruction for forbidding the system resource allocation to the target process is generated, the system resource allocation to the target process is further forbidden, the target sub-process is formed for monitoring the target thread, meanwhile, the target sub-process is monitored by the monitoring thread, the double monitoring of the process is realized, and the problem of low reliability of the existing process monitoring scheme is solved.
In this embodiment of the present invention, the main execution body of the process is a terminal device or a server, where the terminal device may include but is not limited to: mobile terminals such as smart phones, notebook computers, tablet computers, and the like. Fig. 1 shows a flowchart of an implementation of a method for monitoring process operation according to a first embodiment of the present invention, which is detailed as follows:
s11: and acquiring the identification of the sub-process created by the target process.
In step S11, the sub-process identifier is used to mark the target sub-process, and the target sub-process is used to monitor the target process for interrupts.
In this embodiment, the target sub-process is created by the target process, and when the target process creates the target sub-process, a sub-process identifier for marking the target sub-process is also generated. In practice, when executing a target process, a target sub-process is created by calling a fork function fork (), and the target process is monitored by the target sub-process.
It should be noted that, the target sub-process monitors the target process, specifically, monitors whether the target process has an execution interrupt, and generates a termination instruction for terminating the target process when the target sub-process monitors that the target process has an execution interrupt during the execution process, where the termination instruction may be a non-negligible signal, such as a sigtop signal and a SIGKILL signal.
It is understood that, during the execution of the target process, a plurality of sub-processes may be created, where the target sub-process is the sub-process that is created with the highest priority among all the sub-processes, that is, when the target process is executed, the target sub-process is created and executed first, and then the other sub-processes are created and executed.
S12: and allocating a monitoring thread for the target subprocess according to the subprocess identifier, wherein the monitoring thread is used for generating a forbidding instruction for forbidding the configuration of system resources for the target subprocess when the target subprocess is detected to be forbidden.
In step S12, the supervisory thread is a partial thread of all threads for executing the target sub-process. In the process of executing the target sub-process, corresponding system resources need to be configured for the target sub-process according to the execution progress of the target sub-process, wherein the system resources include: running threads, running memory, etc. therefore, when the target process is in the process of executing, the system resources are disabled, and the target process cannot be executed.
In this embodiment, when the monitoring thread is allocated to the target sub-process, the monitoring thread is determined from all the callable threads by acquiring all the callable threads currently and according to the sub-process identifier.
It should be noted that, in the process of executing the target process, the target sub-process may be executed simultaneously through multiple threads, and the monitor process is one of the execution paths of the target sub-process. When judging whether the target subprocess is forbidden, the monitoring thread determines whether the target subprocess is forbidden by detecting whether system resources used for executing the target subprocess are occupied, specifically, if the target subprocess is executed, and when detecting that the system resources used for executing the target subprocess are occupied, the monitoring thread can determine that the target subprocess is not forbidden; if the target sub-process is executed, and when it is detected that system resources for executing the target sub-process are not occupied, it may be determined that the target sub-process is disabled.
It can be understood that, in the process that the target sub-process is executed, when it is detected that the target sub-process is prohibited, it may be determined that the target sub-process cannot monitor the execution process of the target process, and by generating a prohibition instruction for prohibiting the configuration of the system resource to the target process, the target process may be terminated to be executed due to failing to call the system resource in the process that the target process is executed.
S13: and if the prohibition instruction is detected, prohibiting the system resource from being configured to the target process.
In step S13, the prohibiting the system resource from being configured to the target process may specifically include: and forbidding the configuration of the running memory and/or the running thread to the target process.
In this embodiment, the prohibition instruction is generated by the monitoring thread, when the monitoring thread detects that the target sub-process is prohibited, it may be determined that the target sub-process cannot monitor the target process, and by generating the prohibition instruction, the target process is prohibited from being configured with system resources according to the prohibition instruction, so as to terminate execution of the target process, thereby avoiding a phenomenon of information leakage caused by interruption of the target sub-process and/or the target process during execution.
It can be seen from the above that, in the method for monitoring process operation provided in the embodiment of the present invention, by obtaining a sub-process identifier created by a target process, where the sub-process identifier is used to mark a target sub-process for monitoring interruption of the target process, and allocating a monitoring thread to the target sub-process according to the sub-process identifier, when it is detected that the target sub-process is prohibited, a prohibition instruction for prohibiting system resource configuration to the target process is generated, and according to the prohibition instruction, system resource configuration to the target process is prohibited, so that while the target sub-process monitors the target thread, the target sub-process is monitored by the monitoring thread, so as to form step-by-step monitoring among the target process, the target sub-process, and the monitoring thread, and improve reliability of monitoring process operation.
Fig. 2 is a flowchart illustrating a specific implementation of a method for monitoring process operation according to a second embodiment of the present invention. Referring to fig. 2, with respect to the embodiment described in fig. 1, the method for monitoring the process operation provided in this embodiment further includes S21 and S22, which are detailed as follows:
further, as another embodiment of the present invention, before acquiring the sub-process identifier created by the target process, the method further includes:
s21: and if a preset instruction for executing the target process is detected, sending a control instruction for creating the sub-process to the target process so that the target process creates the target sub-process according to the control instruction.
S22: and starting the target sub-process to terminate the target process when an interrupt instruction for interrupting the target process is detected.
In practice, when a server is invaded by a hacker and the hacker acquires the right, a debugger is attached to a process of a certain node and the node is dynamically debugged to check the process execution process on the node, so that encrypted information on the node, such as a transaction key, a random encryption rule and the like, is acquired.
Because the execution of the target process needs to be forcibly interrupted in the dynamic modulation process, in order to avoid information leakage caused by dynamic debugging of the target process executed on the node, when the target process is executed, the target process is interrupted and monitored by creating the target sub-process and starting the target sub-process, and then when the interruption of the target process is detected, the risk of information leakage of the target process can be determined, and when an interruption instruction for interrupting the target process is detected, the target process is terminated, so that the information leakage of the target process is avoided.
It should be noted that the execution cycle of the target sub-process is synchronized with the execution cycle of the target process, and when the target process finishes executing, the target sub-process also finishes.
Fig. 3 is a flowchart illustrating a specific implementation of a method S22 for monitoring the running of a process according to another embodiment of the present invention. Referring to fig. 3, with respect to the embodiment described in fig. 2, S22 in the method for monitoring the process operation provided in this embodiment includes S221, S222, and S223, which are detailed as follows:
s221: and if the target subprocess is detected to be completely established, starting the target subprocess.
S222: and if the target sub-process detects that a breakpoint is inserted in the execution process of the target process, analyzing the breakpoint to obtain a breakpoint instruction.
S223: and if the breakpoint instruction is an INT3 breakpoint instruction, generating a termination instruction by the target sub-process to terminate the target process.
In this embodiment, before the target sub-process is created, whether the target sub-process is created can be determined by pre-formulating the identifier of the target sub-process, acquiring the identifier sets of all processes in the current task list, and then identifying whether the identifier set has the identifier of the pre-formulated target sub-process.
In practice, after a hacker invades a terminal node or a server in the system, a debugger is attached to the terminal node or the server in the system, that is, a preset script for stealing user information is configured for the terminal node or the server, wherein an execution breakpoint and/or a data access breakpoint are configured in the preset script, the progress of a target process can be interrupted in the process that the target process is executed by calling the execution breakpoint and/or the data access breakpoint, and information data is stolen by acquiring information generated by the target process in an operating memory.
It should be noted that, no matter whether the execution breakpoint is called or the data access breakpoint is called to implement interruption, an INT3 breakpoint instruction is generated, so that by analyzing the breakpoint and determining whether the breakpoint instruction is the INT3 breakpoint instruction, it can be determined whether a debugger is attached to a terminal or a server where the target process is located, that is, whether the terminal or the server has been hacked, and there is a risk of information leakage.
The execution process of the target process is monitored by starting the target sub-process, when a breakpoint inserted into the execution process of the target process is detected, the breakpoint is analyzed to obtain a breakpoint instruction, and whether the breakpoint instruction is an INT3 breakpoint instruction or not is judged, so that whether the breakpoint can cause interruption of the target process or not can be determined, whether a terminal or a server is invaded by a hacker or not is determined, and the risk of information leakage exists.
In this embodiment, the target sub-process is created by controlling the target process to perform interrupt monitoring on the execution process of the target process, and although the target process can be terminated by generating an interrupt control instruction when the target process is interrupted, thereby avoiding information leakage, when the target sub-process is prohibited from being executed after being created, the execution process of the target thread cannot be monitored, and there is still a risk of information leakage. In order to solve the problem of information leakage caused when the target sub-process is created and execution of the target sub-process is prohibited, a prohibition instruction may be generated to terminate the target process when it is detected that the target sub-process is prohibited, by allocating a monitoring thread for monitoring the target sub-process to the target sub-process.
Fig. 4 is a flowchart illustrating a specific implementation of a method S13 for monitoring the running of a process according to another embodiment of the present invention. Referring to fig. 4, with respect to the embodiment shown in fig. 2, in the method for monitoring the running of a process provided by this embodiment, the step S13 includes: s131 to S133 are specifically described as follows:
s131: and if the preset operation for initializing the target process is detected, acquiring all current callable threads.
S132: and determining the thread capable of executing the sub-process from all the current callable threads according to the sub-process identification so as to obtain a target thread queue.
S133: and selecting any thread from the target thread queue as the monitoring thread.
In this embodiment, the monitor thread is one of the execution paths of the target process, and if the monitor thread detects that the target sub-process is prohibited from being executed, a prohibition instruction for prohibiting the configuration of the system resource to the target process is generated.
It should be noted that, in the process of executing the target process, the target process may perform data processing by creating a plurality of sub-processes and allocating execution threads to the sub-processes, where the sub-processes may be executed simultaneously through a plurality of threads, and the monitoring process is used as one of the execution paths of the target sub-process, and when the target sub-process is prohibited, the monitoring thread may know that system resources for executing the sub-process are not occupied, and may further determine whether the sub-process is prohibited.
In practical application, the target sub-process may be a target sub-process in an IO intensive task, or a target sub-process in an IO intensive task, and the number of threads executing the target sub-process may be determined by the number of cores of the processor and a blocking coefficient of the task, and may be specifically calculated by the following formula.
N=Ncpu/(1-W/C);
Wherein, N is the number of threads, and Ncpu is the core number of the processor to be processed, which can be obtained by directly querying the running data; W/C is the ratio of the waiting time to the calculation time, namely the blocking coefficient, and W/C is more than or equal to 0 and less than 1, and 1-W/C is less than or equal to 1.
It should be noted that the blocking coefficient may be determined according to the current execution environment by calling a performance analysis tool. For example, the number W of threads executing a process and the number C-W of threads that can be currently called are queried by calling a java.
For example, if the number W of threads executing a process is 3 and the number C-W of threads currently available for invocation is 3, the blocking coefficient W/C is determined to be 0.5.
In the embodiment, if the target sub-process is a sub-process in the intensive task, the blocking coefficient W/C is equal to 0, and if the target sub-process is a sub-process in the IO intensive task, the blocking coefficient W/C is greater than 0.
It should be noted that the prohibition instruction is used to prohibit configuration of the system resource to the target process, and when the target process is prohibited from configuring the system resource, the target process cannot be executed.
In this embodiment, a sub-process identifier created by a target process is obtained, where the sub-process identifier is used to mark a target sub-process that performs interrupt monitoring on the target process, and a monitoring thread is allocated to the target sub-process according to the sub-process identifier, so that when it is detected that the target sub-process is prohibited, a prohibition instruction for prohibiting system resource configuration to the target process is generated, and according to the prohibition instruction, system resource configuration to the target process is prohibited, so that the target sub-process is monitored by the monitoring thread while the target sub-process monitors the target thread, so as to form step-by-step monitoring among the target process, the target sub-process, and the monitoring thread, and improve reliability of monitoring process operation.
When a preset instruction for executing the target process is detected, a control instruction for creating the sub-process is sent to the target process, so that the target process creates the target sub-process according to the control instruction, and the target sub-process is started, so that the target process is terminated when an interrupt instruction for interrupting the target process is detected, and further, the phenomenon of information leakage in the process of executing the target process is avoided.
Fig. 5 is a block diagram illustrating a terminal device according to an embodiment of the present invention, where the terminal device includes units for executing steps in the embodiment corresponding to fig. 2. Please refer to fig. 2 and fig. 2 for the corresponding description of the embodiment. For convenience of explanation, only the portions related to the present embodiment are shown.
Referring to fig. 5, the terminal device 30 includes: an acquisition unit 31, an allocation unit 32 and an execution unit 33. Specifically, the method comprises the following steps:
an obtaining unit 31, configured to obtain a sub-process identifier created by the target process. The subprocess identification is used for marking a target subprocess, and the target subprocess is used for carrying out interrupt monitoring on the target process.
An allocating unit 32, configured to allocate a monitoring thread to the target sub-process according to the sub-process identifier, where the monitoring thread is configured to generate a prohibition instruction for prohibiting configuration of system resources to the target process when it is detected that the target sub-process is prohibited.
And the execution unit 33 is configured to prohibit configuration of system resources to the target process if the prohibition instruction is detected.
As a possible implementation manner of this embodiment, the terminal device further includes: a sending unit 301 and an initiating unit 302.
A sending unit 301, configured to send a control instruction for creating a sub-process to a target process if a preset instruction for executing the target process is detected, so that the target process creates the target sub-process according to the control instruction.
An initiating unit 302, configured to initiate the target sub-process, so as to terminate the target process when an interrupt instruction for interrupting the target process is detected.
As a possible implementation manner of this embodiment, the starting unit 302 is specifically configured to, if it is detected that the creation of the target sub-process is completed, start the target sub-process; if the target sub-process detects that a breakpoint is inserted in the execution process of the target process, analyzing the breakpoint to obtain a breakpoint instruction; and if the breakpoint instruction is an INT3 breakpoint instruction, generating a termination instruction to terminate the target process.
As a possible implementation manner of this embodiment, the allocating unit 32 is specifically configured to, if a preset operation for initializing the target process is detected, obtain all current callable threads; determining threads capable of executing the sub-process from all the current callable threads according to the sub-process identification so as to obtain a target thread queue; and selecting any thread from the target thread queue as the monitoring thread.
In this embodiment, a sub-process identifier created by a target process is obtained, where the sub-process identifier is used to mark a target sub-process that performs interrupt monitoring on the target process, and a monitoring thread is allocated to the target sub-process according to the sub-process identifier, so that when it is detected that the target sub-process is prohibited, a prohibition instruction for prohibiting system resource configuration to the target process is generated, and according to the prohibition instruction, system resource configuration to the target process is prohibited, so that the target sub-process is monitored by the monitoring thread while the target sub-process monitors the target thread, so as to form step-by-step monitoring among the target process, the target sub-process, and the monitoring thread, and improve reliability of monitoring process operation.
When a preset instruction for executing the target process is detected, a control instruction for creating the sub-process is sent to the target process, so that the target process creates the target sub-process according to the control instruction, and the target sub-process is started, so that the target process is terminated when an interrupt instruction for interrupting the target process is detected, and further, the phenomenon of information leakage in the process of executing the target process is avoided.
Fig. 6 is a schematic diagram of a terminal device according to another embodiment of the present invention. As shown in fig. 6, the terminal device 6 of this embodiment includes: a processor 60, a memory 61 and a computer program 62 stored in said memory 61 and executable on said processor 60, such as a program monitoring the running of a process. The processor 60, when executing the computer program 62, implements the steps in the various method embodiments described above for monitoring the operation of processes, such as the steps shown in fig. 2. Alternatively, the processor 60, when executing the computer program 62, implements the functions of the units in the above-described device embodiments, such as the functions of the modules 61 to 65 shown in fig. 6.
Illustratively, the computer program 62 may be divided into one or more units, which are stored in the memory 61 and executed by the processor 60 to accomplish the present invention. The one or more units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution of the computer program 62 in the terminal device 6. For example, the computer program 62 may be divided into a sending unit, an initiating unit, an obtaining unit, an assigning unit, and an executing unit, each unit having the specific functions as described above.
The terminal device 6 may be a desktop computer, a notebook, a palm computer, a cloud server, or other computing devices. The terminal device may include, but is not limited to, a processor 60, a memory 61. Those skilled in the art will appreciate that fig. 6 is merely an example of a terminal device 6 and does not constitute a limitation of terminal device 6 and may include more or less components than those shown, or some components in combination, or different components, for example, the terminal device may also include input output devices, network access devices, buses, etc.
The Processor 60 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 61 may be an internal storage unit of the terminal device 6, such as a hard disk or a memory of the terminal device 6. The memory 61 may also be an external storage device of the terminal device 6, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the terminal device 6. Further, the memory 61 may also include both an internal storage unit and an external storage device of the terminal device 6. The memory 61 is used for storing the computer program and other programs and data required by the terminal device. The memory 61 may also be used to temporarily store data that has been output or is to be output.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.
Claims (10)
1. A method for monitoring the operation of a process, comprising:
acquiring a sub-process identifier created by a target process; the subprocess identification is used for marking a target subprocess, and the target subprocess is used for carrying out interrupt monitoring on the target process;
allocating a monitoring thread for the target subprocess according to the subprocess identifier, wherein the monitoring thread is used for generating a prohibition instruction for prohibiting the configuration of system resources for the target subprocess when the target subprocess is detected to be prohibited;
if the prohibition instruction is detected, prohibiting the system resource from being configured to the target process; and when the target process is forbidden to configure the system resources, the target process cannot be executed.
2. The method of claim 1, wherein before obtaining the identification of the child process created by the target process, the method comprises:
and if a preset instruction for executing the target process is detected, sending a control instruction for creating the sub-process to the target process so that the target process creates the target sub-process according to the control instruction.
3. The method of claim 2, further comprising:
and starting the target sub-process to terminate the target process when an interrupt instruction for interrupting the target process is detected.
4. The method of claim 3, wherein the initiating the target sub-process comprises:
if the target subprocess is detected to be completely established, starting the target subprocess;
if the target sub-process detects that a breakpoint is inserted in the execution process of the target process, analyzing the breakpoint to obtain a breakpoint instruction;
and if the breakpoint instruction is an INT3 breakpoint instruction, generating a termination instruction by the target sub-process to terminate the target process.
5. The method of claim 1, wherein said assigning a supervisory thread to the target sub-process based on the sub-process identification comprises:
if the preset operation for initializing the target process is detected, acquiring all current callable threads;
determining threads capable of executing the sub-process from all the current callable threads according to the sub-process identification so as to obtain a target thread queue;
and selecting any thread from the target thread queue as the monitoring thread.
6. A terminal device comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, the processor implementing the following steps when executing the computer program:
acquiring a sub-process identifier created by a target process; the subprocess identification is used for marking a target subprocess, and the target subprocess is used for carrying out interrupt monitoring on the target process;
allocating a monitoring thread for the target subprocess according to the subprocess identifier, wherein the monitoring thread is used for generating a prohibition instruction for prohibiting the configuration of system resources for the target subprocess when the target subprocess is detected to be prohibited;
if the prohibition instruction is detected, prohibiting the system resource from being configured to the target process; and when the target process is forbidden to configure the system resources, the target process cannot be executed.
7. The terminal device according to claim 6, wherein before the obtaining the sub-process identifier created by the target process, the method includes:
and if a preset instruction for executing the target process is detected, sending a control instruction for creating the sub-process to the target process so that the target process creates the target sub-process according to the control instruction.
8. The terminal device according to claim 7, wherein the processor, when executing the computer program, further performs the steps of:
and starting the target sub-process to terminate the target process when an interrupt instruction for interrupting the target process is detected.
9. The terminal device of claim 8, wherein the initiating the target sub-process comprises:
if the target subprocess is detected to be completely established, starting the target subprocess;
if the target sub-process detects that a breakpoint is inserted in the execution process of the target process, analyzing the breakpoint to obtain a breakpoint instruction;
and if the breakpoint instruction is an INT3 breakpoint instruction, generating a termination instruction to terminate the target process.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 5.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810496141.5A CN108776633B (en) | 2018-05-22 | 2018-05-22 | Method for monitoring process operation, terminal equipment and computer readable storage medium |
| PCT/CN2018/097120 WO2019223095A1 (en) | 2018-05-22 | 2018-07-25 | Process operation monitoring method, terminal device and computer-readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810496141.5A CN108776633B (en) | 2018-05-22 | 2018-05-22 | Method for monitoring process operation, terminal equipment and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108776633A CN108776633A (en) | 2018-11-09 |
| CN108776633B true CN108776633B (en) | 2021-07-02 |
Family
ID=64027515
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810496141.5A Active CN108776633B (en) | 2018-05-22 | 2018-05-22 | Method for monitoring process operation, terminal equipment and computer readable storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN108776633B (en) |
| WO (1) | WO2019223095A1 (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111198723B (en) * | 2018-11-19 | 2023-03-07 | 深圳市优必选科技有限公司 | Process injection method, terminal equipment and computer readable storage medium |
| CN110941825B (en) * | 2019-12-13 | 2022-05-27 | 支付宝(杭州)信息技术有限公司 | Application monitoring method and device |
| CN111381965B (en) * | 2020-03-03 | 2023-01-31 | 百度在线网络技术(北京)有限公司 | Method and apparatus for processing requests |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102436404A (en) * | 2011-08-24 | 2012-05-02 | 苏州阔地网络科技有限公司 | Daemon implementing method |
| CN103246589A (en) * | 2012-02-03 | 2013-08-14 | 京信通信***(中国)有限公司 | Multithread monitoring method and device |
| CN103383689A (en) * | 2012-05-03 | 2013-11-06 | 阿里巴巴集团控股有限公司 | Service process fault detection method, device and service node |
| CN103440189A (en) * | 2013-08-13 | 2013-12-11 | 江苏华大天益电力科技有限公司 | Software deadlock prevention method based on forced process running control |
| CN104156298A (en) * | 2014-08-19 | 2014-11-19 | 腾讯科技(深圳)有限公司 | Application monitoring method and device |
| CN104932965A (en) * | 2014-03-18 | 2015-09-23 | 北京奇虎科技有限公司 | Object real-time monitoring method and device |
| CN106330523A (en) * | 2015-07-03 | 2017-01-11 | ***通信集团广西有限公司 | Cluster server disaster recovery system and method, and server node |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060136916A1 (en) * | 2004-12-17 | 2006-06-22 | Rowland John R | Method and apparatus for transaction performance and availability management based on program component monitor plugins and transaction performance monitors |
| CN100543683C (en) * | 2006-12-26 | 2009-09-23 | 华为技术有限公司 | The method and system that process is monitored |
| JP2017091077A (en) * | 2015-11-06 | 2017-05-25 | 富士通株式会社 | Pseudo-fault generation program, generation method, and generator |
| CN105574406A (en) * | 2015-12-23 | 2016-05-11 | 北京奇虎科技有限公司 | Progress monitoring method and device |
-
2018
- 2018-05-22 CN CN201810496141.5A patent/CN108776633B/en active Active
- 2018-07-25 WO PCT/CN2018/097120 patent/WO2019223095A1/en active Application Filing
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102436404A (en) * | 2011-08-24 | 2012-05-02 | 苏州阔地网络科技有限公司 | Daemon implementing method |
| CN103246589A (en) * | 2012-02-03 | 2013-08-14 | 京信通信***(中国)有限公司 | Multithread monitoring method and device |
| CN103383689A (en) * | 2012-05-03 | 2013-11-06 | 阿里巴巴集团控股有限公司 | Service process fault detection method, device and service node |
| CN103440189A (en) * | 2013-08-13 | 2013-12-11 | 江苏华大天益电力科技有限公司 | Software deadlock prevention method based on forced process running control |
| CN104932965A (en) * | 2014-03-18 | 2015-09-23 | 北京奇虎科技有限公司 | Object real-time monitoring method and device |
| CN104156298A (en) * | 2014-08-19 | 2014-11-19 | 腾讯科技(深圳)有限公司 | Application monitoring method and device |
| CN106330523A (en) * | 2015-07-03 | 2017-01-11 | ***通信集团广西有限公司 | Cluster server disaster recovery system and method, and server node |
Non-Patent Citations (1)
| Title |
|---|
| 《提高可移动存储设备管理***安全运行的方案》;南理勇;《微型机与应用》;20150716;第10卷;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2019223095A1 (en) | 2019-11-28 |
| CN108776633A (en) | 2018-11-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11605087B2 (en) | Method and apparatus for identifying identity information | |
| JP5006366B2 (en) | System that provides transitions between device operating modes | |
| KR100645983B1 (en) | Module for detecting an illegal process and method thereof | |
| US9104480B2 (en) | Monitoring and managing memory thresholds for application request threads | |
| CN108776633B (en) | Method for monitoring process operation, terminal equipment and computer readable storage medium | |
| CN100492300C (en) | System and method for executing a process on a microprocessor-enabled device | |
| JP5159896B2 (en) | DRM client collision prevention system and method through process separation execution | |
| CN113282436A (en) | Event processing method, device, equipment and storage medium | |
| US11032159B2 (en) | Apparatus for preformance analysis of virtual network functions in network functional virtualization platform and method thereof | |
| CN114239026A (en) | Information desensitization conversion processing method, device, computer equipment and storage medium | |
| CN106682494B (en) | Information access method, device and equipment | |
| CN112463266A (en) | Execution policy generation method and device, electronic equipment and storage medium | |
| WO2021139113A1 (en) | Method and apparatus for signing transaction data, computer device, and storage medium | |
| CN111913743B (en) | Data processing method and device | |
| US9348667B2 (en) | Apparatus for managing application program and method therefor | |
| CN115454576B (en) | Virtual machine process management method and system and electronic equipment | |
| US7784034B1 (en) | System, method and computer program product for hooking a COM interface | |
| US9916412B2 (en) | Automatic generation of test layouts for testing a design rule checking tool | |
| CN112673354B (en) | System state detection method, system state device and terminal equipment | |
| CN104572036B (en) | Event processing method and device | |
| US20200242255A1 (en) | Systems and methods for monitoring attacks to devices | |
| CN109582464B (en) | Method and device for managing multiple virtualization platforms by cloud platform | |
| CN111352710A (en) | Process management method and device, computing equipment and storage medium | |
| CN108292339B (en) | System management mode privilege architecture | |
| CN116010112B (en) | Method and device for calling hook function, computer equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1257008 Country of ref document: HK |
|
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |