Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for preventing information hooking in Window operating system

An operating system and message technology, applied in the computer field, can solve problems such as inability to filter system-level message hooks, complicated IAT table modification process, etc., to achieve the effect of expanding the scope of filtering, reducing the impact, and simplifying the modification process

Inactive Publication Date: 2012-10-10
XIDIAN UNIV
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the disadvantage of this method is that the executable file image needs to be modified to modify the IAT table, and the corresponding IAT table needs to be modified for each process that needs to be protected, which makes the modification process of the IAT table more cumbersome during the anti-hooking process. , and the method cannot filter system-level message hooks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for preventing information hooking in Window operating system
  • Method for preventing information hooking in Window operating system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0019] Attached below figure 1 The present invention is described further:

[0020] Step 1, set initial information

[0021] On the initial interface of the computer screen, all running processes in the system are listed according to the process name and process number, and the user sets the protected process through the process number corresponding to the process name.

[0022] Step 2, read the hook function address

[0023] The CPU segment register of the central processing unit points to the TEB structure of a thread. The offset of the TEB structure is 0x204 to store the base address of the thread system service descriptor shadow SSDTShadow table. This table records the addresses of all exported functions of the Win32k.sys driver , and the hook function SetWindowsHookEx we want to filter is also located in the Win32k.sys driver.

[0024] The address of SetWindowsHookEx is located at offset 549 in the system service descriptor shadow SSDTShadow table, so the original func...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for preventing information hooking in a Window operating system. The method is characterized in that by modifying a system service description shadow table in a core in the Windows operating system, the system function is replaced, the system call is filtered, so the malicious software is prevented from intercepting the information through the information hooking operation, and the running safety in the Windows operating system is improved.

Description

technical field [0001] The invention belongs to the field of computers, and further relates to a method for preventing message hooking in a Windows operating system. The invention modifies the kernel system service description shadow table in the Windows operating environment of the computer, replaces the system function and filters the system call, prevents malicious software from intercepting the message through the message hook operation, and improves the efficiency of the process running in the Windows operating environment. safety. Background technique [0002] Message hooking is a Windows message processing method. The application program can monitor the messages of the specified window through the hook function, and the monitored window can be created by other processes. When the message arrives, the hook function can process it before the target window processes it. Message hooking methods allow applications to intercept and process Window messages or system-specif...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/22
Inventor 董超杨超张坤周洪丞张明月孙佳佳尹广学
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com