Method and device for executing registry operation

A registry and execution logic technology, applied in program control devices, computer security devices, program control design, etc., can solve problems such as incompatibility of security software, weak resistance to driver-level malicious programs, and lack of operating system kernel state capabilities. Achieving the effect of avoiding the potential possibility of incompatibility and enhancing the confrontation ability

Active Publication Date: 2015-08-19
三六零数字安全科技集团有限公司
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0015] Although traditional security software vendors are aware of the possibility of various registry operations being hijacked, most of the existing solutions only consider the hijacking risk of the user state of the operating system, and the attack and defense of the kernel state of the operating system often show a more obvious Lack of capability, weak against driver-level malicious programs (Rootkit)
[0016] Therefore, a technical problem that needs to be urgently solved by those skilled in the art is: to propose an execution mechanism for registry operations to enhance the ability to resist attacks and defenses against driver-level malicious programs, and to avoid interference between security software due to registry operation interference. potential for incompatibility

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for executing registry operation
  • Method and device for executing registry operation
  • Method and device for executing registry operation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0084] In order to make the above objects, features and advantages of the present invention more comprehensible, the present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0085] One of the core concepts of the embodiments of the present invention is to build a trusted environment for registry operations based on the entire life cycle of registry behaviors, and implement a set of registry operation call libraries in the user mode interface of the operating system. Inspect the request from the user state, simulate the behavior of the kernel execution layer, detect / recover the object resolution hook, block the kernel registry callback mechanism, etc., so that the third-party driver can be penetrated (or called bypass, bypass) , so as to ensure the authenticity and credibility of the registry operation request environment. Moreover, the kernel synchronous call returns the user mode handle information a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A method and device for executing a registry operation. The method comprises: acquiring a registry operation request, where the request comprises a caller input parameter (201); configuring on the basis of the caller input parameter a registry kernel execution logic, where the kernel execution logic comprises a tampering point check and repair logic and a registry function calling logic (202); executing the tampering point check and repair logic, specifically, checking a preconfigured kernel execution flow tempered point, and, when the original value of the kernel execution flow tampering point is modified, restoring the original value of the kernel execution flow tampering point (203); and employing the registry function calling logic for calling a corresponding registry function (204). The present solution improves the resistive capability against driver-level malicious programs, and prevents the potential possibility of incompatibility between security software caused by interference from registry operation.

Description

technical field [0001] The invention relates to the technical field of operating system penetration, in particular to a registry operation execution method and a registry operation execution device. Background technique [0002] When faced with complex problems, people tend to use the method of divide and conquer to divide and narrow the scope of the problem. This is also the case in the design of the operating system. This approach brings advantages such as portability and scalability. However, due to the security flaws in the design theory (for example, the lack of an integrity verification mechanism, etc.), another aspect of high scalability also means that there are a large number of possibilities for the system to be tampered with. For example, when security software operates (creates, opens, enumerates, reads and writes, deletes, etc.) the registry key values ​​of itself, the system, or malicious programs, it often hopes that the access process is authentic and credib...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F9/44G06F21/55
CPCG06F21/568G06F9/44505
Inventor 王宇郑文彬潘剑锋
Owner 三六零数字安全科技集团有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap