[go: up one dir, main page]

WO2015074526A1 - Method and apparatus for injecting java by tecode into target process - Google Patents

Method and apparatus for injecting java by tecode into target process Download PDF

Info

Publication number
WO2015074526A1
WO2015074526A1 PCT/CN2014/091287 CN2014091287W WO2015074526A1 WO 2015074526 A1 WO2015074526 A1 WO 2015074526A1 CN 2014091287 W CN2014091287 W CN 2014091287W WO 2015074526 A1 WO2015074526 A1 WO 2015074526A1
Authority
WO
WIPO (PCT)
Prior art keywords
function
java bytecode
java
entrypoint
virtual machine
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2014/091287
Other languages
French (fr)
Inventor
Jiahui LIANG
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Publication of WO2015074526A1 publication Critical patent/WO2015074526A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Prevention of errors by analysis, debugging or testing of software
    • G06F11/362Debugging of software
    • G06F11/3644Debugging of software by instrumenting at runtime
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/448Execution paradigms, e.g. implementations of programming paradigms
    • G06F9/4482Procedural
    • G06F9/4484Executing subprograms
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45504Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44521Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading

Definitions

  • the present disclosure relates to computer process injection technologies, and in particular, to a method for injecting Java bytecode into a target process.
  • An injection technology in computer programming refers to an injection of a binary file, for example, a . so file in Linux and a . dll file in Windows, into a target process, to implement function extension of the target process.
  • a virtual machine technology is extensively applied. However, it is difficult to inject bytecode that needs to be run by a virtual machine into a target process with the forgoing injection method.
  • a method of injecting Java bytecode to a target process is performed at a device (e.g., device 800, FIG. 8) with one or more processors and memory.
  • the method includes: .
  • a computing device e.g., device 800 (FIG. 8) or a component thereof (e.g., injection module 828, FIG. 8)
  • a computing device includes one or more processors and memory storing one or more programs for execution by the one or more processors, the one or more programs include instructions for performing, or controlling performance of, the operations of any of the methods described herein.
  • a non-transitory computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which, when executed by a computing device (e.g., device 800 (FIG. 8) or a component thereof (e.g., injection module 828, FIG.
  • a computing device e.g., device 800 (FIG. 8) or a component thereof (e.g., injection module 828, FIG. 8) ) includes means for performing, or controlling performance of, the operations of any of the methods described herein.
  • FIG. 1 is a structural block diagram of a computer on which a virtual machine runs in accordance with some embodiments.
  • FIG. 2 is a flowchart of a method for injecting Java bytecode into a target process in accordance with some embodiments.
  • FIG. 3 is a structural block diagram of an Android device in accordance with some embodiments.
  • FIG. 4 is a flowchart of a method for injecting Java bytecode into a target process in accordance with some embodiments.
  • FIG. 5 is a flow chart of a method for injecting Java bytecode into a target process in accordance with some embodiments.
  • FIG. 6 is a structural block diagram of an apparatus for injecting Java bytecode into a target process in accordance with some embodiments.
  • FIG. 7 is a structural block diagram of an apparatus for injecting Java bytecode into a target process in accordance with some embodiments.
  • FIG. 8 is a block diagram of a device for injecting Java bytecode into a target process in accordance with some embodiments.
  • FIG. 1 is a structural block diagram of a computer on which a virtual machine runs. It may be understood that, the computer herein includes various computing devices with architecture comprising a memory and at least one processor, such as a personal computer, a server, a smart phone, and a tablet. As shown in FIG. 1, a computer 100 includes: a memory 102, one or more processors 104, and other hardware 106. It may be understood that, a structure shown in FIG. 1 is only schematic, and does not limit a structure of the computer 100. For example, the computer 100 may further include components more than or fewer than those shown in FIG. 1, or has a configuration different from that shown in FIG. 1.
  • the memory 102 may be configured to store one or more software programs and modules, and the processor (s) 104 execute various functional applications and data processing by running the software programs and modules that are stored in the memory 102.
  • the memory 102 may include a high-speed random memory, and may also include a nonvolatile memory, for example, one or more magnetic storage devices, flash memories, or other nonvolatile solid-state memories.
  • the memory 102 may further include memories that are remotely located relative to the processors 104, and these remote memories may be connected to a vulnerability detection server through a network.
  • An instance of the foregoing network includes but is not limited to the Internet, an enterprise intranet, a local area network, a mobile communications network, and a combination thereof.
  • the other hardware 106 may include a display, a keyboard, a network card, and an audio circuit, which are generally configured to provide an input/output function or a function of exchanging data with other devices.
  • the foregoing software programs and modules stored in the memory 102 may include: an operating system kernel 122, a Java virtual machine (JVM) 124, a Java class library 126, and one or more Java application programs 128.
  • the operating system kernel 122 directly controls various pieces of hardware, and specifically may be Windows operating system or a Linux kernel.
  • the JVM 124 runs on the system kernel 122, is essentially a virtual computer, and is implemented by simulating various computer functions on the operating system kernel 122.
  • the JVM 124 generally includes a bytecode instruction set, a group of registers, a stack, a garbage collection heap, and a storage method domain.
  • the JVM 124 shields information relevant to a specific operating system platform, so that a Java program can run, by only generating a target code (bytecode) that runs on a JVM, on various platforms without being modified.
  • bytecode target code
  • the JVM 124 eventually interprets the bytecode as a machine instruction on a specific platform and then executes the instruction.
  • the Java class library 126 is a public class library provided to facilitate programming. Various interfaces may be provided in the Java class library 126 to provide various functions, and these interfaces may be used by an application program layer.
  • the Java application program 128 is an application program which is implemented based on various interfaces of the Java class library and has various functions.
  • the foregoing software programs and modules stored in the memory 102 may further include: a local binary shared library 130 and a Java native interface (JNI) 132.
  • the local binary shared library 130 for example, may be a . dll file in the Windows system and a . so file in the Linux system.
  • the JNI 132 is configured to provide a standard interface during implementation of different JVMs, so that a Java application may use the local binary shared library 130, thereby extending the functions of the original JVM 124.
  • a method for injecting Java bytecode into a target process includes the following steps, as shown in FIG. 2:
  • Step S101 Modify a register of the target process by using a system call provided by a host operating system, to load a binary shared library.
  • program code runs in two modes. One is a user mode, and the other is a kernel mode.
  • An application program on an application layer runs in the user mode, and a device driver and a file system run in the kernel mode.
  • a program that runs in the user mode is strictly managed, so that it does not damage a system-level application.
  • a program that runs in the kernel mode may have full access to the computer.
  • the system call is a way that program code running in the kernel mode provides a service for program code running in the user mode.
  • a basic process in which an operating system implements the system call is that: the application program calls a library function (API) ; the API stores the system call number of the system call into an EAX, and then makes the system enter a kernel state by using an interruption call; an interruption processing function in the kernel calls a corresponding kernel function (the system call) according to the system call number of the system call; the system call completes a corresponding function, stores a return value into the EAX, and returns the EAX to the interruption processing function; the interruption processing function returns to the API; and the API returns the EAX to the application program.
  • API library function
  • a process in which the application program calls the system call includes: the system call number is stored into the EAX; a function parameter is stored into another general register; and the interruption for the call No. 0x80 (int 0x80) is triggered.
  • a register of the target process may be modified by using a ptrace function, to call a dlopen function.
  • the dlopen function is used to load the binary shared library.
  • the specific command possibly varies, but its principle and process are similar.
  • the binary shared library may be the binary shared library 130 shown in FIG. 1, and includes an automatic start function.
  • the automatic start function is implemented by using global variables. For example, in c/c++ language, when a certain binary shared library (adynamic link library) is loaded by dlopen, the global variables need to be automatically initialized. At this time, any function call during initialization may be used as the entrypoint function, and this entrypoint function can complete all needed events.
  • Step S102 Load into a virtual machine a file including the Java bytecode having a specified path in the binary shared library, and call the entrypoint function in the Java bytecode.
  • step S102 is performed, to load the file including the Java bytecode having the specified path into the virtual machine, and the entrypoint function included in the loaded Java bytecode may be called by using a Java native interface (e.g., JNI 132) .
  • a Java native interface e.g., JNI 132
  • Step S103 Instructions in the Java bytecode are executed by the virtual machine, and these instructions in the Java bytecode may use various interfaces in the Java class library, so as to implement various functions that are based on the Java class library, that is, perform step S103.
  • Java bytecode of a class library which relies on a virtual machine and runs on the virtual machine, can be injected into a target process, thereby extending functions of the target process.
  • another method for injecting Java bytecode into a target process which is similar to the method described with FIG. 1 is provided.
  • a difference lies in that the method in this embodiment is applied to a device that runs the Android operating system.
  • FIG. 3 is a schematic architectural diagram of an Android device 200.
  • an Android device 200 includes: a memory 102, a processor 104, and other hardware 106.
  • This Android device can be implemented by the device 100 shown in FIG. 1, and reference may be made to the foregoing description.
  • the Linux kernel 222 directly controls various pieces of hardware.
  • the DVM 224 runs on the system kernel 222.
  • a JVM 124 is a stack machine, while the DVM 224 is a register machine.
  • the Android framework 226 is a public class library provided to facilitate programming. Various interfaces, for example, a communication management interface, a location interface, and an installation package management interface, may be provided in the Android framework 226 to provide various functions, and these interfaces may be used by an application program layer.
  • the Android application program 228 is an application program which is implemented based on various interfaces of an Android class library and has various functions.
  • the foregoing software programs and modules stored in memory 102 may further include: a local binary shared library 130 and a JNI 132.
  • the local binary shared library 130 for example, may be a . so file in the Linux system.
  • the JNI 132 is configured to provide a standard interface during implementation of different JVMs, so that a Java application may use the local binary shared library 130, thereby extending the functions of the original DVM 224.
  • the method in this embodiment includes the following steps:
  • Step S201 Modify a register of the target process by using a system call provided by the Linux system, to load a binary shared library.
  • a register of the target process is modified by using a ptrace function, to call a dlopen function, and the binary shared library is loaded by using the dlopen function.
  • the loaded binary shared library may include an automatic start function.
  • the automatic start function is implemented by using global variables. For example, in c/c++ language, when a certain binary shared library (a dynamic link library) is loaded by dlopen, the global variables need to be automatically initialized. At this time, any function call during initialization may be used as an entrypoint function, and the entrypoint function can complete all needed events, for example, perform step S202.
  • Step S202 The binary shared library loads a file including the Java bytecode in a specified path into the DVM 224, and calls the entrypoint function in the Java bytecode by using the JNI 132.
  • step S202 is performed, to load a . dex file in the specified path into the DVM 224, and the entrypoint function in the loaded . dex file may be called by using the JNI 132.
  • Step S203 Instructions in the . dex file are executed by the DVM 224, and these instructions in the . dex file may use various interfaces provided by the Android framework 226, so as to implement various functions that are based on the Android framework 226.
  • the foregoing . dex file is a compression format that is specially designed for the DVM, and is applicable to a system whose memory and processor are limited in speed.
  • a code that is executed by relying on an Android framework interface can be injected into a target process.
  • various functions in the Android system can be implemented in the target process, thereby greatly extending functions of the target process.
  • FIG. 5 is a flowchart of a process 500 for injecting Java bytecode to a target process.
  • the process is performed by a computing device (e.g., device 800 in FIG. 8) having one or more processors and memory.
  • the device during execution of the target process of the application program, detects (502) a call to load a predetermined code injection function.
  • the predetermined code injection function is a function that is included in the program code of the application program which can be utilized to call the Java bytecode located at a particular location. Since the Java bytecode may be configured to accomplish any tasks, the functions of the application program can be extended by writing the desired tasks into the Java bytecode at any time after the development of the application program.
  • the predetermined code injection function specifies (504) a path for a file containing the Java bytecode in a local binary shared library.
  • the predetermined code injection function specifies (506) a path for downloading a file containing the Java bytecode from a remote server.
  • the path for the file can be dependent on one or more variable values at the time the code injection function is called during the target process, such that different Java bytecode files may be loaded for different execution conditions currently present for the target process.
  • the device in response to the detected call to load the predetermined code injection function, loads (508) Java bytecode referenced by the code injection function into a virtual machine.
  • loading the Java bytecode referenced by the code injection function into the virtual machine further includes (510) : storing a system call number of the code injection function into a register of the target process; generating a system interrupt to enter a kernel mode; and loading the Java bytecode into the virtual machine while in the kernel mode. After the execution of the Java bytecode, the process returns to the interruption point, and the target process is resumed based on the system call number stored in the register.
  • the device calls (512) an entrypoint function in the Java bytecode, wherein the entrypoint function is configured to perform one or more extended tasks for the application program.
  • calling the entrypoint function in the Java bytecode further includes (514) : identifying at least one global variable in the loaded Java bytecode in accordance with the pre-stored Java native interface; and initializing the at least one global variable, including calling the entrypoint function to initialize the at least one global variable.
  • the device executes (516) the entrypoint function in the virtual machine to accomplish the one or more extended tasks of the application program. In some embodiments, executing the entrypoint function further initializes the at least one global variable.
  • the apparatus includes: a local injection module 31 and Java bytecode loading module 32.
  • the local injection module 31 is configured to modify a register of the target process by using a system call provided by a host operating system, to load a binary shared library.
  • the Java bytecode loading module 32 is stored in the binary shared library, and is automatically executed as the binary shared library is loaded.
  • the Java bytecode loading module 32 is configured to load a file including the Java bytecode in a specified path into a virtual machine, and calls an entrypoint function in the file including the Java bytecode.
  • the Java bytecode includes a specific logic code, to implement a specific function.
  • an apparatus for injecting Java bytecode into a target process is shown in FIG. 7.
  • the apparatus includes: a local injection module 41 and a . dex file loading module 42.
  • the local injection module 41 is configured to modify a register of the target process by using a system call provided by the Linux system, to load a binary shared library. For example, a register of the target process is modified by using a ptrace function, to call a dlopen function, and the binary shared library is loaded by using the dlopen function.
  • the . dex file loading module 42 is stored in the binary shared library, and is automatically executed as the binary shared library is loaded.
  • a . dex file in a specified path is loaded into a DVM 224, and an entrypoint function in the loaded . dex file may be called by using a JNI 132.
  • instructions in the . dex file are executed, and these instructions in the . dex file may use various interfaces provided by an Android framework 226, so as to implement various functions that are based on the Android framework 226.
  • a code that is executed by relying on an Android framework interface can be injected into a target process.
  • various functions in the Android system can be implemented in the target process, thereby greatly extending functions of the target process.
  • a Java virtual machine is executed on a device 800, and the Java virtual machine facilitates the execution of Java bytecode on the device 800.
  • device 800 include, but are not limited to, a handheld computer, a wearable computing device, a personal digital assistant (PDA) , a tablet computer, a laptop computer, a desktop computer, a cellular telephone, a smart phone, an enhanced general packet radio service (EGPRS) mobile phone, a media player, a navigation device, a game console, a television, a remote control, or a combination of any two or more of these data processing devices or other data processing devices.
  • PDA personal digital assistant
  • ESG enhanced general packet radio service
  • the device also includes an injection module 828, the injection module 828 injects Java bytecode to a target process executed in the Java virtual machine.
  • FIG. 8 is a block diagram illustrating a representative device 800 in accordance with some embodiments.
  • Device 800 typically, includes one or more processing units (CPUs) 802, one or more network interfaces 804, memory 806, and one or more communication buses 808 for interconnecting these components (sometimes called a chipset) .
  • Device 800 also includes a user interface 810.
  • User interface 810 includes one or more output devices 812 that enable presentation of media content, including one or more speakers and/or one or more visual displays.
  • User interface 810 also includes one or more input devices 814, including user interface components that facilitate user input such as a keyboard, a mouse, a voice-command input unit or microphone, a touch screen display, a touch-sensitive input pad, a gesture capturing camera, or other input buttons or controls.
  • Memory 806 includes high-speed random access memory, such as DRAM, SRAM, DDR RAM, or other random access solid state memory devices; and, optionally, includes non-volatile memory, such as one or more magnetic disk storage devices, one or more optical disk storage devices, one or more flash memory devices, or one or more other non-volatile solid state storage devices.
  • Memory 806, optionally, includes one or more storage devices remotely located from one or more processing units 802. Memory 806, or alternatively the non-volatile memory within memory 806, includes a non-transitory computer readable storage medium.
  • memory 806, or the non-transitory computer readable storage medium of memory 806, stores the following programs, modules, and data structures, or a subset or superset thereof:
  • o operating system 816 including procedures for handling various basic system services and for performing hardware dependent tasks
  • o network communication module 818 for connecting device 800 to other computing devices (e.g., a server) connected to one or more networks 110 via one or more network interfaces 804 (wired or wireless) ;
  • o presentation module 820 for enabling presentation of information (e.g., a user interface for application (s) 826, widgets, websites and webpages thereof, and/or games, audio and/or video content, text, etc. ) at device 800 via one or more output devices 812 (e.g., displays, speakers, etc. ) associated with user interface 810;
  • information e.g., a user interface for application (s) 826, widgets, websites and webpages thereof, and/or games, audio and/or video content, text, etc.
  • output devices 812 e.g., displays, speakers, etc.
  • o input processing module 822 for detecting one or more user inputs or interactions from one of the one or more input devices 814 and interpreting the detected input or interaction;
  • Java virtual machine 824 for loading Java bytecode, converts the loaded Java bytecode to machine instructions, and executes the machine instructions;
  • one or more applications 826 for execution by device 800 e.g., games, application marketplaces, payment platforms, and/or other web or non-web based applications
  • device 800 e.g., games, application marketplaces, payment platforms, and/or other web or non-web based applications
  • o injection module 828 which provides data processing and functionalities for the injecting Java bytecode to a target process of an application program
  • o library data 860 including one or more of, but not limited to:
  • Java native interface library 864 storing Java native interfaces for injecting Javabyte code for various functions into a target process
  • Java class library 866 storing Java class library files for various basic functions.
  • Each of the above identified elements may be stored in one or more of the previously mentioned memory devices, and corresponds to a set of instructions for performing a function described above.
  • the above identified modules or programs i.e., sets of instructions
  • memory 806, optionally, stores a subset of the modules and data structures identified above.
  • memory 806, optionally, stores additional modules and data structures not described above.
  • stages that are not order dependent may be reordered and other stages may be combined or broken out. While some reordering or other groupings are specifically mentioned, others will be obvious to those of ordinary skill in the art and so do not present an exhaustive list of alternatives. Moreover, it should be recognized that the stages could be implemented in hardware, firmware, software or any combination thereof.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Stored Programmes (AREA)
  • Devices For Executing Special Programs (AREA)

Abstract

Method and System for injecting Java bytecode into a target process of an application program are disclosed. The method includes: at a device having one or more processors and memory: during execution of the target process of the application program, detecting a call to load a predetermined code injection function; in response to the detected call to load the predetermined code injection function, loading Java bytecode referenced by the code injection function into a virtual machine; in accordance with a pre-stored Java native interface corresponding to the loaded Java bytecode, calling an entrypoint function in the Java bytecode, wherein the entrypoint function is configured to perform one or more extended tasks for the application program; and executing the entrypoint function in the virtual machine to accomplish the one or more extended tasks of the application program.

Description

METHOD AND APPARATUS FOR INJECTING JAVA BYTECODE INTO A TARGET PROCESS
PRIORITY CLAIM AND RELATED APPLICATION
This application claims priority to Chinese Patent Application No. 201310591379.3, entitled “Method and Apparatus for Injecting Java Bytecode into a Target Process” filed on November 21, 2013, which is incorporated by reference in its entirety.
FIELD OF THE TECHNOLOGY
The present disclosure relates to computer process injection technologies, and in particular, to a method for injecting Java bytecode into a target process.
BACKGROUND
An injection technology in computer programming refers to an injection of a binary file, for example, a . so file in Linux and a . dll file in Windows, into a target process, to implement function extension of the target process. On the other hand, with development of computer technologies, a virtual machine technology is extensively applied. However, it is difficult to inject bytecode that needs to be run by a virtual machine into a target process with the forgoing injection method.
SUMMARY
In some embodiments, a method of injecting Java bytecode to a target process is performed at a device (e.g., device 800, FIG. 8) with one or more processors and memory. The method includes: .
In some embodiments, a computing device (e.g., device 800 (FIG. 8) or a component thereof (e.g., injection module 828, FIG. 8) ) includes one or more processors and memory storing one or more programs for execution by the one or more processors, the one or more programs include instructions for performing, or controlling performance of, the operations of any of the methods described herein. In some embodiments, a non-transitory computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which, when executed by a computing device (e.g., device 800 (FIG. 8) or a component thereof (e.g., injection module 828, FIG. 8) ) with one or more processors, cause the computing device to perform, or control performance of, the operations of any of the methods described herein. In some  embodiments, a computing device (e.g., device 800 (FIG. 8) or a component thereof (e.g., injection module 828, FIG. 8) ) includes means for performing, or controlling performance of, the operations of any of the methods described herein.
Various advantages of the present application are apparent in light of the descriptions below.
BRIEF DESCRIPTION OF THE DRAWINGS
The aforementioned features and advantages of the invention as well as additional features and advantages thereof will be more clearly understood hereinafter as a result of a detailed description of preferred embodiments when taken in conjunction with the drawings.
FIG. 1 is a structural block diagram of a computer on which a virtual machine runs in accordance with some embodiments.
FIG. 2 is a flowchart of a method for injecting Java bytecode into a target process in accordance with some embodiments.
FIG. 3 is a structural block diagram of an Android device in accordance with some embodiments.
FIG. 4 is a flowchart of a method for injecting Java bytecode into a target process in accordance with some embodiments.
FIG. 5 is a flow chart of a method for injecting Java bytecode into a target process in accordance with some embodiments.
FIG. 6 is a structural block diagram of an apparatus for injecting Java bytecode into a target process in accordance with some embodiments.
FIG. 7 is a structural block diagram of an apparatus for injecting Java bytecode into a target process in accordance with some embodiments.
FIG. 8 is a block diagram of a device for injecting Java bytecode into a target process in accordance with some embodiments.
Like reference numerals refer to corresponding parts throughout the several views of the drawings.
DESCRIPTION OF EMBODIMENTS
Reference will now be made in detail to embodiments, examples of which are illustrated in the accompanying drawings. In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of the subject matter presented herein. But it will be apparent to one skilled in the art that the subject matter may be practiced without these specific details. In other instances, well-known methods, procedures, components, and circuits have not been described in detail so as not to unnecessarily obscure aspects of the embodiments.
To further describe technical means adopted by the present technology to achieve a predetermined objective and effects, the following describes in detail specific implementation manners, structures, characteristics, and effects of the present invention with reference to accompanying drawings and exemplary embodiments.
FIG. 1 is a structural block diagram of a computer on which a virtual machine runs. It may be understood that, the computer herein includes various computing devices with architecture comprising a memory and at least one processor, such as a personal computer, a server, a smart phone, and a tablet. As shown in FIG. 1, a computer 100 includes: a memory 102, one or more processors 104, and other hardware 106. It may be understood that, a structure shown in FIG. 1 is only schematic, and does not limit a structure of the computer 100. For example, the computer 100 may further include components more than or fewer than those shown in FIG. 1, or has a configuration different from that shown in FIG. 1.
The memory 102 may be configured to store one or more software programs and modules, and the processor (s) 104 execute various functional applications and data processing by running the software programs and modules that are stored in the memory 102. The memory 102 may include a high-speed random memory, and may also include a nonvolatile memory, for example, one or more magnetic storage devices, flash memories, or other nonvolatile solid-state memories. In some instances, the memory 102 may further include memories that are remotely located relative to the processors 104, and these remote memories may be connected to a vulnerability detection server through a network. An instance of the foregoing network includes but is not limited to the Internet, an enterprise intranet, a local area network, a mobile communications network, and a combination thereof.
The other hardware 106, for example, may include a display, a keyboard, a network card, and an audio circuit, which are generally configured to provide an input/output function or a function of exchanging data with other devices.
The foregoing software programs and modules stored in the memory 102, for example, may include: an operating system kernel 122, a Java virtual machine (JVM) 124, a Java class library 126, and one or more Java application programs 128. The operating system kernel 122 directly controls various pieces of hardware, and specifically may be Windows operating system or a Linux kernel. The JVM 124 runs on the system kernel 122, is essentially a virtual computer, and is implemented by simulating various computer functions on the operating system kernel 122. The JVM 124 generally includes a bytecode instruction set, a group of registers, a stack, a garbage collection heap, and a storage method domain. The JVM 124 shields information relevant to a specific operating system platform, so that a Java program can run, by only generating a target code (bytecode) that runs on a JVM, on various platforms without being modified. When executing the bytecode, in fact, the JVM 124 eventually interprets the bytecode as a machine instruction on a specific platform and then executes the instruction. The Java class library 126 is a public class library provided to facilitate programming. Various interfaces may be provided in the Java class library 126 to provide various functions, and these interfaces may be used by an application program layer. The Java application program 128 is an application program which is implemented based on various interfaces of the Java class library and has various functions.
Further, the foregoing software programs and modules stored in the memory 102 may further include: a local binary shared library 130 and a Java native interface (JNI) 132. The local binary shared library 130, for example, may be a . dll file in the Windows system and a . so file in the Linux system. The JNI 132 is configured to provide a standard interface during implementation of different JVMs, so that a Java application may use the local binary shared library 130, thereby extending the functions of the original JVM 124.
In some embodiments, a method for injecting Java bytecode into a target process includes the following steps, as shown in FIG. 2:
Step S101: Modify a register of the target process by using a system call provided by a host operating system, to load a binary shared library.
In a computer system, program code runs in two modes. One is a user mode, and the other is a kernel mode. An application program on an application layer runs in the user mode, and a device driver and a file system run in the kernel mode. A program that runs in the user mode is strictly managed, so that it does not damage a system-level application. However, a program that runs in the kernel mode may have full access to the computer. The system call is a way that program code running in the kernel mode provides a service for program code running in the user mode.
Using the Linux system as an example, its system call is implemented by using int 80h, and entrypoint functions are differentiated by using the system call. A basic process in which an operating system implements the system call is that: the application program calls a library function (API) ; the API stores the system call number of the system call into an EAX, and then makes the system enter a kernel state by using an interruption call; an interruption processing function in the kernel calls a corresponding kernel function (the system call) according to the system call number of the system call; the system call completes a corresponding function, stores a return value into the EAX, and returns the EAX to the interruption processing function; the interruption processing function returns to the API; and the API returns the EAX to the application program.
A process in which the application program calls the system call includes: the system call number is stored into the EAX; a function parameter is stored into another general register; and the interruption for the call No. 0x80 (int 0x80) is triggered.
Specifically, in the Linux system, a register of the target process may be modified by using a ptrace function, to call a dlopen function. However, the dlopen function is used to load the binary shared library. In other operating systems, the specific command possibly varies, but its principle and process are similar.
The binary shared library, for example, may be the binary shared library 130 shown in FIG. 1, and includes an automatic start function. In an instance, the automatic start function is implemented by using global variables. For example, in c/c++ language, when a certain binary shared library (adynamic link library) is loaded by dlopen, the global variables need to be automatically initialized. At this time, any function call during initialization may be used as the entrypoint function, and this entrypoint function can complete all needed events.
Step S102: Load into a virtual machine a file including the Java bytecode having a specified path in the binary shared library, and call the entrypoint function in the Java bytecode.
As described above, after the binary shared library is loaded, the automatic start function inside the library is enabled. After the automatic start function is enabled, step S102 is performed, to load the file including the Java bytecode having the specified path into the virtual machine, and the entrypoint function included in the loaded Java bytecode may be called by using a Java native interface (e.g., JNI 132) .
Step S103: Instructions in the Java bytecode are executed by the virtual machine, and these instructions in the Java bytecode may use various interfaces in the Java class library, so as to implement various functions that are based on the Java class library, that is, perform step S103. 
According to the method described herein, Java bytecode of a class library, which relies on a virtual machine and runs on the virtual machine, can be injected into a target process, thereby extending functions of the target process.
In some embodiments, another method for injecting Java bytecode into a target process, which is similar to the method described with FIG. 1 is provided. A difference lies in that the method in this embodiment is applied to a device that runs the Android operating system.
FIG. 3 is a schematic architectural diagram of an Android device 200. As shown in FIG. 3, an Android device 200 includes: a memory 102, a processor 104, and other hardware 106. This Android device can be implemented by the device 100 shown in FIG. 1, and reference may be made to the foregoing description.
A software program and module in the memory 102 in FIG. 3, for example, may include: a Linux kernel 222, a Delvik virtual machine (DVM) 224, an Android framework 226, and an Android application program 228. The Linux kernel 222 directly controls various pieces of hardware. The DVM 224 runs on the system kernel 222. A JVM 124 is a stack machine, while the DVM 224 is a register machine.
The Android framework 226 is a public class library provided to facilitate programming. Various interfaces, for example, a communication management interface, a location interface, and an installation package management interface, may be provided in the Android framework 226 to provide various functions, and these interfaces may be used by an application program layer. The Android application program 228 is an application program which is implemented based on various interfaces of an Android class library and has various functions.
Further, the foregoing software programs and modules stored in memory 102 may further include: a local binary shared library 130 and a JNI 132. The local binary shared library 130, for example, may be a . so file in the Linux system. The JNI 132 is configured to provide a standard interface during implementation of different JVMs, so that a Java application may use the local binary shared library 130, thereby extending the functions of the original DVM 224.
Referring to FIG. 4, the method in this embodiment includes the following steps:
Step S201: Modify a register of the target process by using a system call provided by the Linux system, to load a binary shared library.
For example, a register of the target process is modified by using a ptrace function, to call a dlopen function, and the binary shared library is loaded by using the dlopen function.
The loaded binary shared library may include an automatic start function. In an instance, the automatic start function is implemented by using global variables. For example, in c/c++ language, when a certain binary shared library (a dynamic link library) is loaded by dlopen, the global variables need to be automatically initialized. At this time, any function call during initialization may be used as an entrypoint function, and the entrypoint function can complete all needed events, for example, perform step S202.
Step S202: The binary shared library loads a file including the Java bytecode in a specified path into the DVM 224, and calls the entrypoint function in the Java bytecode by using the JNI 132.
As described above, after the binary shared library is loaded, the automatic start function inside it is enabled. After the automatic start function is enabled, step S202 is performed, to load a . dex file in the specified path into the DVM 224, and the entrypoint function in the loaded . dex file may be called by using the JNI 132.
Step S203: Instructions in the . dex file are executed by the DVM 224, and these instructions in the . dex file may use various interfaces provided by the Android framework 226, so as to implement various functions that are based on the Android framework 226. The foregoing . dex file is a compression format that is specially designed for the DVM, and is applicable to a system whose memory and processor are limited in speed.
According to the method provided by this embodiment, a code that is executed by relying on an Android framework interface can be injected into a target process. In this way, various functions in the Android system can be implemented in the target process, thereby greatly extending functions of the target process.
FIG. 5 is a flowchart of a process 500 for injecting Java bytecode to a target process. In some embodiments, the process is performed by a computing device (e.g., device 800 in FIG. 8) having one or more processors and memory.
In some embodiments, the device, during execution of the target process of the application program, detects (502) a call to load a predetermined code injection function. The predetermined code injection function is a function that is included in the program code of the application program which can be utilized to call the Java bytecode located at a particular location. Since the Java bytecode may be configured to accomplish any tasks, the functions of the application program can be extended by writing the desired tasks into the Java bytecode at any time after the development of the application program. In some embodiments, the predetermined code injection  function specifies (504) a path for a file containing the Java bytecode in a local binary shared library. In some embodiments, the predetermined code injection function specifies (506) a path for downloading a file containing the Java bytecode from a remote server. In some embodiments, the path for the file can be dependent on one or more variable values at the time the code injection function is called during the target process, such that different Java bytecode files may be loaded for different execution conditions currently present for the target process.
In some embodiments, in response to the detected call to load the predetermined code injection function, the device loads (508) Java bytecode referenced by the code injection function into a virtual machine. In some embodiments, loading the Java bytecode referenced by the code injection function into the virtual machine further includes (510) : storing a system call number of the code injection function into a register of the target process; generating a system interrupt to enter a kernel mode; and loading the Java bytecode into the virtual machine while in the kernel mode. After the execution of the Java bytecode, the process returns to the interruption point, and the target process is resumed based on the system call number stored in the register.
In some embodiments, in accordance with a pre-stored Java native interface corresponding to the loaded Java bytecode, the device calls (512) an entrypoint function in the Java bytecode, wherein the entrypoint function is configured to perform one or more extended tasks for the application program. In some embodiments, in accordance with the pre-stored Java native interface corresponding to the loaded Java bytecode, calling the entrypoint function in the Java bytecode further includes (514) : identifying at least one global variable in the loaded Java bytecode in accordance with the pre-stored Java native interface; and initializing the at least one global variable, including calling the entrypoint function to initialize the at least one global variable.
In some embodiments, after the entrypoint function is called, the device executes (516) the entrypoint function in the virtual machine to accomplish the one or more extended tasks of the application program. In some embodiments, executing the entrypoint function further initializes the at least one global variable.
Other aspects of the method are described with respect to FIGS. 1-5.
In some embodiments, an apparatus for injecting Java bytecode into a target process in shown in FIG. 6. The apparatus includes: a local injection module 31 and Java bytecode loading module 32.
The local injection module 31 is configured to modify a register of the target process by using a system call provided by a host operating system, to load a binary shared library.
The Java bytecode loading module 32 is stored in the binary shared library, and is automatically executed as the binary shared library is loaded. The Java bytecode loading module 32 is configured to load a file including the Java bytecode in a specified path into a virtual machine, and calls an entrypoint function in the file including the Java bytecode. The Java bytecode includes a specific logic code, to implement a specific function.
For other details about the apparatus in this embodiment, reference may be further made to other parts of the present disclosure.
In some embodiments, an apparatus for injecting Java bytecode into a target process is shown in FIG. 7. The apparatus includes: a local injection module 41 and a . dex file loading module 42.
The local injection module 41 is configured to modify a register of the target process by using a system call provided by the Linux system, to load a binary shared library. For example, a register of the target process is modified by using a ptrace function, to call a dlopen function, and the binary shared library is loaded by using the dlopen function.
The . dex file loading module 42 is stored in the binary shared library, and is automatically executed as the binary shared library is loaded. A . dex file in a specified path is loaded into a DVM 224, and an entrypoint function in the loaded . dex file may be called by using a JNI 132. Thereby, instructions in the . dex file are executed, and these instructions in the . dex file may use various interfaces provided by an Android framework 226, so as to implement various functions that are based on the Android framework 226.
For other details about the apparatus in this embodiment, reference may be further made to other parts of the present disclosure.
According to the method provided by this embodiment, a code that is executed by relying on an Android framework interface can be injected into a target process. In this way, various functions in the Android system can be implemented in the target process, thereby greatly extending functions of the target process.
In accordance with some embodiments, a Java virtual machine is executed on a device 800, and the Java virtual machine facilitates the execution of Java bytecode on the device 800. Examples of device 800 include, but are not limited to, a handheld computer, a wearable computing device, a personal digital assistant (PDA) , a tablet computer, a laptop computer, a desktop computer, a cellular telephone, a smart phone, an enhanced general packet radio service (EGPRS) mobile phone,  a media player, a navigation device, a game console, a television, a remote control, or a combination of any two or more of these data processing devices or other data processing devices. The device also includes an injection module 828, the injection module 828 injects Java bytecode to a target process executed in the Java virtual machine.
FIG. 8 is a block diagram illustrating a representative device 800 in accordance with some embodiments. Device 800, typically, includes one or more processing units (CPUs) 802, one or more network interfaces 804, memory 806, and one or more communication buses 808 for interconnecting these components (sometimes called a chipset) . Device 800 also includes a user interface 810. User interface 810 includes one or more output devices 812 that enable presentation of media content, including one or more speakers and/or one or more visual displays. User interface 810 also includes one or more input devices 814, including user interface components that facilitate user input such as a keyboard, a mouse, a voice-command input unit or microphone, a touch screen display, a touch-sensitive input pad, a gesture capturing camera, or other input buttons or controls. Furthermore, some devices 800 use a microphone and voice recognition or a camera and gesture recognition to supplement or replace the keyboard. Memory 806 includes high-speed random access memory, such as DRAM, SRAM, DDR RAM, or other random access solid state memory devices; and, optionally, includes non-volatile memory, such as one or more magnetic disk storage devices, one or more optical disk storage devices, one or more flash memory devices, or one or more other non-volatile solid state storage devices. Memory 806, optionally, includes one or more storage devices remotely located from one or more processing units 802. Memory 806, or alternatively the non-volatile memory within memory 806, includes a non-transitory computer readable storage medium.
In some implementations, memory 806, or the non-transitory computer readable storage medium of memory 806, stores the following programs, modules, and data structures, or a subset or superset thereof:
o operating system 816 including procedures for handling various basic system services and for performing hardware dependent tasks;
network communication module 818 for connecting device 800 to other computing devices (e.g., a server) connected to one or more networks 110 via one or more network interfaces 804 (wired or wireless) ;
o presentation module 820 for enabling presentation of information (e.g., a user interface for application (s) 826, widgets, websites and webpages thereof, and/or games, audio  and/or video content, text, etc. ) at device 800 via one or more output devices 812 (e.g., displays, speakers, etc. ) associated with user interface 810;
input processing module 822 for detecting one or more user inputs or interactions from one of the one or more input devices 814 and interpreting the detected input or interaction;
o Java virtual machine 824 for loading Java bytecode, converts the loaded Java bytecode to machine instructions, and executes the machine instructions;
o one or more applications 826 for execution by device 800 (e.g., games, application marketplaces, payment platforms, and/or other web or non-web based applications) ;
o injection module 828, which provides data processing and functionalities for the injecting Java bytecode to a target process of an application program; and
o library data 860, including one or more of, but not limited to:
· local binary shared library 862 storing bytecode files for implementing various extended functions;
· Java native interface library 864 storing Java native interfaces for injecting Javabyte code for various functions into a target process; and
· Java class library 866 storing Java class library files for various basic functions.
Each of the above identified elements may be stored in one or more of the previously mentioned memory devices, and corresponds to a set of instructions for performing a function described above. The above identified modules or programs (i.e., sets of instructions) need not be implemented as separate software programs, procedures, modules or data structures, and thus various subsets of these modules may be combined or otherwise re-arranged in various implementations. In some implementations, memory 806, optionally, stores a subset of the modules and data structures identified above. Furthermore, memory 806, optionally, stores additional modules and data structures not described above.
While particular embodiments are described above, it will be understood it is not intended to limit the invention to these particular embodiments. On the contrary, the invention includes alternatives, modifications and equivalents that are within the spirit and scope of the appended claims. Numerous specific details are set forth in order to provide a thorough understanding of the subject matter presented herein. But it will be apparent to one of ordinary skill  in the art that the subject matter may be practiced without these specific details. In other instances, well-known methods, procedures, components, and circuits have not been described in detail so as not to unnecessarily obscure aspects of the embodiments.
Although some of the various drawings illustrate a number of logical stages in a particular order, stages that are not order dependent may be reordered and other stages may be combined or broken out. While some reordering or other groupings are specifically mentioned, others will be obvious to those of ordinary skill in the art and so do not present an exhaustive list of alternatives. Moreover, it should be recognized that the stages could be implemented in hardware, firmware, software or any combination thereof.
The foregoing description, for purpose of explanation, has been described with reference to specific embodiments. However, the illustrative discussions above are not intended to be exhaustive or to limit the invention to the precise forms disclosed. Many modifications and variations are possible in view of the above teachings. The embodiments were chosen and described in order to best explain the principles of the invention and its practical applications, to thereby enable others skilled in the art to best utilize the invention and various embodiments with various modifications as are suited to the particular use contemplated.

Claims (20)

  1. A method of injecting Java bytecode into a target process of an application program, the method comprising:
    at a device having one or more processors and memory:
    during execution of the target process of the application program, detecting a call to load a predetermined code injection function;
    in response to the detected call to load the predetermined code injection function, loading Java bytecode referenced by the code injection function into a virtual machine;
    in accordance with a pre-stored Java native interface corresponding to the loaded Java bytecode, calling an entrypoint function in the Java bytecode, wherein the entrypoint function is configured to perform one or more extended tasks for the application program; and
    executing the entrypoint function in the virtual machine to accomplish the one or more extended tasks of the application program.
  2. The method of claim 1, wherein the predetermined code injection function specifies a path for a file containing the Java bytecode in a local binary shared library.
  3. The method of claim 1, wherein the predetermined code injection function specifies a path for downloading a file containing the Java bytecode from a remote server.
  4. The method of claim 1, wherein loading the Java bytecode referenced by the code injection function into the virtual machine further comprises:
    storing a system call number of the code injection function into a register of the target process;
    generating a system interrupt to enter a kernel mode; and
    loading the Java byte code into the virtual machine while in the kernel mode.
  5. The method of claim 1, wherein in accordance with the pre-stored Java native interface corresponding to the loaded Java bytecode, calling the entrypoint function in the Java bytecode further comprises:
    identifying at least one global variable in the loaded Java bytecode in accordance with the pre-stored Java native interface; and
    initializing the at least one global variable, including calling the entrypoint function to initialize the at least one global variable.
  6. The method of claim 5, wherein executing the entrypoint function further initializes the at least one global variable.
  7. The method of claim 1, wherein the virtual machine is a Velvik virtual machine and the device is an Android device.
  8. A device, comprising:
    one or more processors; and
    memory having instructions stored thereon, the instructions, when executed by the one or more processors, cause the processors to perform operations comprising:
    during execution of a target process of an application program, detecting a call to load a predetermined code injection function;
    in response to the detected call to load the predetermined code injection function, loading Java bytecode referenced by the code injection function into a virtual machine;
    in accordance with a pre-stored Java native interface corresponding to the loaded Java bytecode, calling an entrypoint function in the Java bytecode, wherein the entrypoint function is configured to perform one or more extended tasks for the application program; and
    executing the entrypoint function in the virtual machine to accomplish the one or more extended tasks of the application program.
  9. The device of claim 8, wherein the predetermined code injection function specifies a path for a file containing the Java bytecode in a local binary shared library.
  10. The device of claim 8, wherein the predetermined code injection function specifies a path for downloading a file containing the Java bytecode from a remote server.
  11. The device of claim 8, wherein loading the Java bytecode referenced by the code injection function into the virtual machine further comprises:
    storing a system call number of the code injection function into a register of the target process;
    generating a system interrupt to enter a kernel mode; and
    loading the Java byte code into the virtual machine while in the kernel mode.
  12. The device of claim 8, wherein in accordance with the pre-stored Java native interface corresponding to the loaded Java bytecode, calling the entrypoint function in the Java bytecode further comprises:
    identifying at least one global variable in the loaded Java bytecode in accordance with the pre-stored Java native interface; and
    initializing the at least one global variable, including calling the entrypoint function to initialize the at least one global variable.
  13. The device of claim 12, wherein executing the entrypoint function further initializes the at least one global variable.
  14. The device of claim 8, wherein the virtual machine is a Velvik virtual machine and the device is an Android device.
  15. A non-transitory computer-readable medium having instructions stored thereon, the instructions, when executed by one or more processors, cause the processors to perform operations comprising:
    during execution of a target process of an application program, detecting a call to load a predetermined code injection function;
    in response to the detected call to load the predetermined code injection function, loading Java bytecode referenced by the code injection function into a virtual machine;
    in accordance with a pre-stored Java native interface corresponding to the loaded Java bytecode, calling an entrypoint function in the Java bytecode, wherein the entrypoint function is configured to perform one or more extended tasks for the application program; and
    executing the entrypoint function in the virtual machine to accomplish the one or more extended tasks of the application program.
  16. The computer-readable medium of claim 15, wherein the predetermined code injection function specifies a path for a file containing the Java bytecode in a local binary shared library.
  17. The computer-readable medium of claim 15, wherein the predetermined code injection function specifies a path for downloading a file containing the Java bytecode from a remote server.
  18. The computer-readable medium of claim 15, wherein loading the Java bytecode referenced by the code injection function into the virtual machine further comprises:
    storing a system call number of the code injection function into a register of the target process;
    generating a system interrupt to enter a kernel mode; and
    loading the Java byte code into the virtual machine while in the kernel mode.
  19. The computer-readable medium of claim 15, wherein in accordance with the pre-stored Java native interface corresponding to the loaded Java bytecode, calling the entrypoint function in the Java bytecode further comprises:
    identifying at least one global variable in the loaded Java bytecode in accordance with the pre-stored Java native interface; and
    initializing the at least one global variable, including calling the entrypoint function to initialize the at least one global variable.
  20. The computer-readable medium of claim 19, wherein executing the entrypoint function further initializes the at least one global variable.
PCT/CN2014/091287 2013-11-21 2014-11-17 Method and apparatus for injecting java by tecode into target process Ceased WO2015074526A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310591379.3 2013-11-21
CN201310591379.3A CN104657258B (en) 2013-11-21 2013-11-21 A kind of method and device from Java bytecode to target process that injecting

Publications (1)

Publication Number Publication Date
WO2015074526A1 true WO2015074526A1 (en) 2015-05-28

Family

ID=53178932

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/091287 Ceased WO2015074526A1 (en) 2013-11-21 2014-11-17 Method and apparatus for injecting java by tecode into target process

Country Status (2)

Country Link
CN (1) CN104657258B (en)
WO (1) WO2015074526A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109086200A (en) * 2018-07-13 2018-12-25 南京大学 A kind of validity test frame based on the modification of Android virtual machine
CN110457345A (en) * 2019-07-05 2019-11-15 平安证券股份有限公司 Database read method, device and computer readable storage medium
CN111381978A (en) * 2018-12-29 2020-07-07 深圳Tcl数字技术有限公司 A method for accessing an application program, a storage medium and a smart TV
CN113448690A (en) * 2021-08-27 2021-09-28 阿里云计算有限公司 Monitoring method and device
CN115904611A (en) * 2022-10-20 2023-04-04 支付宝(杭州)信息技术有限公司 A Java bytecode injection method, device, electronic equipment and storage medium

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106909498B (en) * 2015-12-22 2020-12-22 创新先进技术有限公司 A method and system for injecting faults in Java programs
CN114153521B (en) 2019-03-25 2024-10-29 华为技术有限公司 Class loading method and device
CN110032394B (en) * 2019-04-12 2022-05-31 深圳市腾讯信息技术有限公司 Analysis method and device for passive code file and storage medium
CN116257212A (en) * 2021-12-10 2023-06-13 北京字节跳动网络技术有限公司 A method, device and equipment for implementing dependency injection based on Hilt

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7757215B1 (en) * 2006-04-11 2010-07-13 Oracle America, Inc. Dynamic fault injection during code-testing using a dynamic tracing framework
US8095910B2 (en) * 2007-04-10 2012-01-10 Microsoft Corporation Interruptible client-side scripts
US8161470B2 (en) * 2007-08-31 2012-04-17 International Business Machines Corporation Systems, methods, and computer products for automated injection of java bytecode instructions for java load time optimization via runtime checking with upcasts
US20130007720A1 (en) * 2011-06-30 2013-01-03 International Business Machines Corporation Dynamic Isolated Debugging via Class Instrumentation

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8151277B2 (en) * 2007-05-15 2012-04-03 Dynatrace Software Gmbh Method and system for dynamic remote injection of in-process agents into virtual machine based applications
US8234631B2 (en) * 2007-08-14 2012-07-31 Dynatrace Software Gmbh Method and system for tracing individual transactions at the granularity level of method calls throughout distributed heterogeneous applications without source code modifications
CN101984409B (en) * 2010-11-10 2013-03-13 南京南瑞继保电气有限公司 Method for injecting test codes for Linux system
CN102736905B (en) * 2011-04-12 2015-04-15 深圳市金蝶中间件有限公司 Method for dynamically replacing field in classes

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7757215B1 (en) * 2006-04-11 2010-07-13 Oracle America, Inc. Dynamic fault injection during code-testing using a dynamic tracing framework
US8095910B2 (en) * 2007-04-10 2012-01-10 Microsoft Corporation Interruptible client-side scripts
US8161470B2 (en) * 2007-08-31 2012-04-17 International Business Machines Corporation Systems, methods, and computer products for automated injection of java bytecode instructions for java load time optimization via runtime checking with upcasts
US20130007720A1 (en) * 2011-06-30 2013-01-03 International Business Machines Corporation Dynamic Isolated Debugging via Class Instrumentation

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109086200A (en) * 2018-07-13 2018-12-25 南京大学 A kind of validity test frame based on the modification of Android virtual machine
CN109086200B (en) * 2018-07-13 2020-04-14 南京大学 An Effective Testing Framework Based on Android Virtual Machine Modification
CN111381978A (en) * 2018-12-29 2020-07-07 深圳Tcl数字技术有限公司 A method for accessing an application program, a storage medium and a smart TV
CN111381978B (en) * 2018-12-29 2024-03-12 深圳Tcl数字技术有限公司 A method, storage medium and smart TV for accessing applications
CN110457345A (en) * 2019-07-05 2019-11-15 平安证券股份有限公司 Database read method, device and computer readable storage medium
CN110457345B (en) * 2019-07-05 2023-11-03 平安证券股份有限公司 Database reading method, device and computer readable storage medium
CN113448690A (en) * 2021-08-27 2021-09-28 阿里云计算有限公司 Monitoring method and device
CN115904611A (en) * 2022-10-20 2023-04-04 支付宝(杭州)信息技术有限公司 A Java bytecode injection method, device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN104657258B (en) 2018-10-30
CN104657258A (en) 2015-05-27

Similar Documents

Publication Publication Date Title
WO2015074526A1 (en) Method and apparatus for injecting java by tecode into target process
KR101790190B1 (en) Application scenario identification method, power consumption management method, apparatus, and terminal device
US9645804B2 (en) Extracting source code
US10846101B2 (en) Method and system for starting up application
CN108984225B (en) Method and device for quickly starting hosted application
US10747510B1 (en) Application runtime modification
CN106528210A (en) Application program running method and device
US20150363320A1 (en) Write back caching of boot disk in a uefi environment
US12182590B1 (en) Target process injection prior to execution of marker libraries
US10705858B2 (en) Automatic import of third party analytics
WO2024138588A1 (en) Dual-system secure mobile phone resetting method and apparatus, terminal, and storage medium
CN108304248A (en) A kind of mobile device of multisystem virtualization
CN109857561B (en) Memory management method and computing device
US20130110798A1 (en) Intercepting and processing database commands
CN107168719A (en) Application program running method and device, terminal and computer readable storage medium
CN113282363A (en) Method and device for optimizing hybrid APP
KR102663196B1 (en) User terminal device, server, control method of user terminal device and control method of server
US9507649B2 (en) Web browser for spoofing supported features
US11669614B2 (en) Electronic device and control method therefor
US8788785B1 (en) Systems and methods for preventing heap-spray attacks
CN116594698A (en) System control method, device and readable storage medium
US9043871B2 (en) Method for operating invisible system services on android platform
CN108268298A (en) Desktop icon generation method and device, storage medium and electronic equipment
CN103150210A (en) Electronic device and operating system switching method thereof
CN108228307A (en) Application display method and device, storage medium and electronic equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14864306

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205N DATED 28.07.2016)

122 Ep: pct application non-entry in european phase

Ref document number: 14864306

Country of ref document: EP

Kind code of ref document: A1