| 发明名称 | Monitoring device and monitoring method | ||
| 摘要 | A monitoring unit in a monitoring system determines whether or not a program to be executed is a program to be monitored. If it is determined that the program to be executed is a program to be monitored, the monitoring unit in the monitoring system adds, in order, before an instruction string included in a function called by the program to be monitored, an instruction string satisfying a predetermined condition, and a condition branch instruction, which is an instruction starting a predetermined control process when the predetermined condition is satisfied. | ||
| 申请公布号 | US9600665(B2) | 申请公布日期 | 2017.03.21 |
| 申请号 | US201314653078 | 申请日期 | 2013.12.20 |
| 申请人 | NIPPON TELEGRAPH AND TELEPHONE CORPORATION | 发明人 | Akiyama Mitsuaki;Hariu Takeo |
| 分类号 | G06F21/55;G06F21/54;G06F21/56;G06F21/14;G06F11/34 | 主分类号 | G06F21/55 |
| 代理机构 | Oblon, McClelland, Maier & Neustadt, L.L.P. | 代理人 | Oblon, McClelland, Maier & Neustadt, L.L.P. |
| 主权项 | 1. A monitoring device, comprising: circuitry configured to: determine whether or not a program to be executed is a program to be monitored; when the circuitry determines the program as the program to be monitored, the circuitry is further configured to dynamically generate a first instruction string satisfying a condition of executing a condition branch instruction each time a dynamic link library (DLL) implemented with an application program interface (API) to be hooked is loaded into a memory, the API being called by the program to be monitored, wherein the condition branch instruction is an instruction starting a process for monitoring behavior of the program to be monitored; add the first instruction string and the condition branch instruction in order, followed by an instruction string included in the API to be hooked; disable the program's ability to recognize that the program being monitored; and monitor the program being executed without the monitoring being obstructed. | ||
| 地址 | Chiyoda-ku JP | ||