System and method for killing protected malicious computer process

A protected computer technology, applied in the system field of malicious computer processes, can solve problems such as inability to kill processes, and achieve the effect of preventing attacks and data security

Active Publication Date: 2013-03-20
BLUEDON INFORMATION SECURITY TECH CO LTD
View PDF2 Cites 29 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

But the ntsd.exe system debugging tool still cannot kill the process protected by the kernel driver

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System and method for killing protected malicious computer process
  • System and method for killing protected malicious computer process

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0026] The present invention provides a system for killing protected malicious computer processes. The system is realized by two modules of Win32 application program and driver program. The functional structure diagram of the two modules is as follows: figure 1 shown.

[0027] The Win32 application module mainly includes 5 functions, and each function completes the following work respectively:

[0028] Send a WM_CLOSE message to the process window: Send a WM_CLOSE...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a system and a method for killing a protected malicious computer process. The system is realized by the two modules of a Win32 application program and a driving program. A Win32 application program module mainly comprises the functions of sending WM_CLOSE information to a progress window, injecting a code and calling an Exit Process function, calling a Terminate Process function, communicating with a core driving program, running logs and reporting. A core driving program module comprises the functions of communicating with the Win32 application program, calling an Nt Terminate Process function, calling a Psp Terminate Process function and resetting a RAM page of a process code. Meanwhile, the invention also discloses the method for killing the protected malicious computer process. A combined technology of the core driving program and the Win32 application program is adopted and various process-killing methods are tried, so that various malicious processes are basically killed, the attack of the malicious processes to a computer is avoided and the data safety is ensured.

Description

technical field [0001] The invention relates to the technical field of computer security, in particular to a system and method for killing protected malicious computer processes. Background technique [0002] Along with the increasingly public disclosure of the technical details of the Windows system kernel, more and more Trojan horse virus programs have also begun to use the kernel driver to protect their own processes. This type of process cannot be killed by using the task manager at the win32 application layer. Malicious processes protected by kernel drivers can only be killed by kernel driver technology. [0003] In the Windows system after Windows XP, several system tools are provided to manage the processes in the system. The common ones are task manager, taskkill.exe, net.exe, etc. After logging in to the system as an administrator, you can use these Tools are used to manage the processes of the system, such as performing "end task" operations on various processes,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
Inventor 柯宗贵杨育斌黄文森
Owner BLUEDON INFORMATION SECURITY TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap