Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for protecting process and electronic device

A process and target process technology, applied in the field of information security, can solve problems such as the inability to effectively prevent the security protection efficiency of the operating system, and achieve the effect of improving security protection efficiency

Inactive Publication Date: 2016-11-16
ZHUHAI BAOQU TECH CO LTD
View PDF9 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of this, the embodiments of the present invention provide a method, device, and electronic device for protecting a process, which can improve the security protection efficiency of the operating system, so as to solve the problem that the existing method for protecting the process cannot effectively prevent the process from being suspended and cause the operation The problem of low security protection efficiency of the system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for protecting process and electronic device
  • Method and device for protecting process and electronic device
  • Method and device for protecting process and electronic device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0061] figure 1 It is a schematic flow diagram of a method for protecting a process in an embodiment of the present invention, such as figure 1 As shown, the method of this embodiment may include:

[0062] Step 101, when the hook function pre-injected into the kernel layer detects that the suspended process kernel function is called, hook the suspended process kernel function;

[0063] In this embodiment, as an optional embodiment, the suspend process kernel function is the NtSuspendProcess kernel function, which is used to suspend execution of the target process, that is, to suspend processing.

[0064] In this embodiment, the hook (Hook) function of injection is used to monitor the relevant operation (the operation of suspending process) of suspending process kernel function, intercepts this relevant operation, and in the target process corresponding to relevant operation and preset process directory When the process matches, the injected hook function will process the rel...

Embodiment 2

[0103] figure 2 It is a schematic flow diagram of a method for protecting a process in Embodiment 2 of the present invention, such as figure 2 As shown, the method of this embodiment may include:

[0104] Step 201, when the hook function pre-injected into the kernel layer detects that the suspended process kernel function is called, hook the suspended process kernel function;

[0105] Step 202, obtaining the process handle of the target process in the kernel function of the suspended process;

[0106] Step 203, obtain the process path of the target process according to the process handle;

[0107] In this embodiment, the processes from step 201 to step 203 are respectively similar to steps 101 to 103 in the first method embodiment, and will not be repeated here.

[0108] Step 204, if the obtained process path matches any process path in the preset process directory;

[0109] Step 205, notify the suspend process kernel function to perform the operation of suspending the t...

Embodiment 3

[0113] image 3 It is a schematic diagram of the device structure of the third protection process of the embodiment of the present invention, such as image 3 As shown, the device in this embodiment may include: a hook module 31, a process handle acquisition module 32, a process path acquisition module 33, and a process processing module 34, wherein,

[0114] The hook module 31 is used to hook the suspended process kernel function when the hook function injected into the kernel layer in advance monitors that the suspended process kernel function is called;

[0115] In this embodiment, as an optional embodiment, the suspend process kernel function is the NtSuspendProcess kernel function, which is used to suspend execution of the target process, that is, to suspend processing.

[0116] In this embodiment, the hook function can be programmed in any language that can realize the corresponding functions in the subsequent steps of this embodiment. For example, it can be programmed ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses a method and device for protecting process and an electronic device, and relates to the information security technology. The safety protection efficiency of an operation system can be improved. The method includes the steps that when a hook function pre-injected into a kernel layer monitors that a process pausing kernel function is called, the process pausing kernel function is hooked; a process handle of a target process in the process pausing kernel function is obtained, and according to the process handle, the process path of the target process is obtained; if the obtained process path is matched with any process path in a preset process catalogue, operation for calling the process pausing kernel function is intercepted according to the preset processing strategy. The method and device are suitable for protecting the process.

Description

technical field [0001] The invention relates to information security technology, in particular to a process protection method, device and electronic equipment. Background technique [0002] With the gradual disclosure of the technical details of the kernel layer of the Windows system, more and more malicious applications (APP, Application) such as Trojan horse viruses, for their own survival and illegal interests, begin to use kernel layer drivers to protect their own processes. The process of the malicious application program protected by the layer driver can end (kill) the security protection process in the Windows system, for example, the process of antivirus software or firewall software, so that the process of the malicious application program can Malicious attacks on the user's process or system process may cause the computer to run unstable, and may even cause very large economic losses to the user, for example, the disclosure of private information and the theft of m...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/51G06F21/57
CPCG06F21/51G06F21/57
Inventor 李文靖
Owner ZHUHAI BAOQU TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com