A method and device for intercepting system calls

A technology for intercepting systems and operating systems, applied in the Internet field, can solve problems such as the difficulty of protecting Windows computers, hidden dangers of computer system safety, monitoring, etc., and achieve the effect of solving hidden safety problems, avoiding blue screens, and improving safety performance

Active Publication Date: 2016-11-16
三六零数字安全科技集团有限公司
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The purpose of Microsoft's design of Patch Guard is to ensure that the Windows kernel will not be attacked by malicious code, but it also prevents third-party active defense software from monitoring the behavior of Windows, so this function makes it difficult to protect the security of Windows computers , has brought great security risks to the user's computer system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for intercepting system calls
  • A method and device for intercepting system calls
  • A method and device for intercepting system calls

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0060] Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

[0061] refer to figure 1 , shows a flowchart of a method for intercepting a system call in the first embodiment of the present invention.

[0062] In the embodiment of the present invention, the method for intercepting a system call is applied to a CPU supporting hardware virtualization. The method of the present invention utilizes the hardware virtualization of CPU (Central Processing Unit, central processing unit) (such as Intel...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a system call interception method and a system call interception device. The method comprises the following steps of receiving Patch operation over a native operating system, and generating a true value corresponding to the Patch operation in a native special register; responding to a detection request initiated to the native special register by the native operating system, and returning a virtual value in a virtual register to the native operating system to intercept the true value to be returned by the native special register; intercepting a system call by using the native operating system subjected to the Patch operation. According to the method and the device, the problem that third-party proactive defense software cannot monitor the behaviors of Windows to cause potential safety hazards to a user computer system due to the fact that the third-party proactive defense software cannot perform the Patch operation on the operating system is solved.

Description

technical field [0001] The invention relates to the field of the Internet, in particular to a method and device for intercepting system calls. Background technique [0002] With the continuous development of the Internet, more and more malicious programs (such as computer viruses, backdoor programs, Trojan horses, spyware, and adware, etc.) attack the terminal equipment used by users. In order to protect users' computers from malicious programs, many third-party companies have launched active defense software. Active defense is a real-time protection technology based on independent analysis and judgment of program behavior. It does not use signature codes as the basis for judging malicious programs, but starts from the most original definition and directly uses program behavior as the basis for judging malicious programs. The active defense software first intercepts the behavior of malicious programs, and then handles them accordingly. Among them, the interception of progr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57G06F21/56
CPCG06F21/566G06F21/57
Inventor 潘剑锋
Owner 三六零数字安全科技集团有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap