A method, device and electronic equipment for preventing malicious loading of drivers

An electronic device and malicious technology, applied in the field of system security, can solve the problem of not being able to block unknown technical means to load modules, etc.

Active Publication Date: 2019-05-10
ZHUHAI BAOQU TECH CO LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] There is also an interception method for driver module loading in the prior art. Generally speaking, most malicious programs can be intercepted to load driver modules, but some unknown technical means cannot be intercepted to load modules.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method, device and electronic equipment for preventing malicious loading of drivers
  • A method, device and electronic equipment for preventing malicious loading of drivers
  • A method, device and electronic equipment for preventing malicious loading of drivers

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] In order to make the technical solutions and advantages of the present invention clearer, the exemplary embodiments of the present invention will be further described in detail below in conjunction with the accompanying drawings. Obviously, the described embodiments are only part of the embodiments of the present invention, not all implementations. Exhaustive list of examples. And in the case of no conflict, the embodiments in this description and the features in the embodiments can be combined with each other.

[0047] The inventor noticed during the invention process that in the prior art, the NtSetSystemInformation function in the SSDT (System Services Descriptor Table, System Service Descriptor Table) is hooked to implement driver interception. The disadvantage of the prior art is that individual malicious programs use special unknown technology, and does not execute the NtSetSystemInformation driver loading function, so the existing technical solutions cannot inter...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method and an apparatus for preventing malicious loading of a drive and an electronic device, which is used for reinforcing the interception of a malicious program loading the drive. The method comprises the following steps: acquiring a function address list in a call stack of a loading drive operation; determining an address of a first function according to the function address list, wherein the first function is a function collectively called in the loading drive operation; defining an address of a second function which is used for replacing the first function and has same parameters with the first function; acquiring operation information corresponding to the loading drive operation in the second function; and determining whether the loading drive operation is malicious or not according to the operation information, and rejecting the loading of a drive which is determined to be malicious. Since the first function collectively called in the loading drive operation is judged, the problem of incapability of interception caused by the incapability of executing the corresponding drive loading function in the prior art can be avoided.

Description

technical field [0001] The invention relates to the technical field of system security, in particular to a method, device and electronic equipment for preventing malicious loading of drivers. Background technique [0002] With the development of Internet technology, malicious program technologies such as viruses and Trojan horses emerge in an endless stream, and security software also needs to take corresponding blocking countermeasures. [0003] Individual malicious programs use special codes (unknown technology) to load drivers with malicious behaviors, and the drivers are digitally signed, so it is easy to bypass the defense of security software. [0004] In the prior art, there is also a method for intercepting driver module loading. Conventionally, most malicious programs can be intercepted to load driver modules, but some unknown technical means cannot be used to intercept modules loaded. Contents of the invention [0005] Embodiments of the present invention provid...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/51G06F21/56
CPCG06F21/51G06F21/566
Inventor 李文靖
Owner ZHUHAI BAOQU TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap