Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Duplicating information processing method and device, and electronic equipment

A technology of a processing method and a processing device, which is applied in the field of information security and can solve problems such as low efficiency of operating system security protection

Active Publication Date: 2016-12-07
ZHUHAI BAOQU TECH CO LTD
View PDF6 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In view of this, the embodiments of the present invention provide a processing method, device, and electronic equipment for copying information, which can improve the security protection efficiency of the operating system, so as to solve the problem that in the existing processing method for copying information, it is possible to directly call the kernel handle to copy Object functions are used to control the target application, which leads to the problem of low security protection efficiency of the operating system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Duplicating information processing method and device, and electronic equipment
  • Duplicating information processing method and device, and electronic equipment
  • Duplicating information processing method and device, and electronic equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0055] figure 1 It is a schematic flowchart of a processing method for copying information in Embodiment 1 of the present invention, as shown in figure 1 As shown, the method of this embodiment may include:

[0056] Step 101, when the pre-injected hook function detects that the kernel handle copy object function is called, hook the kernel handle copy object function;

[0057] In this step, as an optional embodiment, the kernel handle duplication object function includes: a kernel NtDuplicateObject function.

[0058] In this embodiment, as an optional embodiment, the hook function is located in the kernel layer of the operating system.

[0059] In the embodiment of the present invention, the injected hook (Hook) function is used to listen to the application layer process, that is, the function call related operation of the application program process located in the application layer, and the related function called by the application layer process and any preset function Whe...

Embodiment 2

[0097] figure 2 It is a schematic structural diagram of a processing device for copying information in Embodiment 2 of the present invention, as shown in figure 2 As shown, the device of this embodiment may include: a hooking module 21, a matching module 22, an application extraction module 23 and a process handle processing module 24, wherein,

[0098] Hook module 21, for when the pre-injected hook function monitors calling kernel handle copy object function, hook described kernel handle copy object function;

[0099] In this embodiment, as an optional embodiment, the kernel handle copy object function is the kernel NtDuplicateObject function.

[0100] In this embodiment, as an optional embodiment, the hook function is located in the kernel layer of the operating system.

[0101] As an optional embodiment, a hook function may be injected when the security application defense driver application is loaded.

[0102] In the embodiment of the present invention, as an optional...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses a duplicating information processing method and device, and electronic equipment, relates to the technology of information safety, and can improve the safety protection efficiency of an operating system. The method comprises the following steps: when the calling of a kernel DuplicateHandle object function is monitored in a pre-injected hook function, hooking the kernel DuplicateHandle object function; monitoring whether the kernel DuplicateHandle object function succeeds in duplicating a target process handle or not, and if the kernel DuplicateHandle object function succeeds in duplicating the target process handle, judging whether the target process handle which succeeds in duplicating is matched with any one protection process handle in a preset protection process handle library or not; if the target process handle which succeeds in duplicating is matched with any one protection process handle in the preset protection process handle library, obtaining the process path information of the target process handle which succeeds in duplicating, and extracting a to-be-verified application program mapped by the process path information; and if the extracted to-be-verified application program is the same with any one to-be-intercepted application program in a preset to-be-intercepted application program library, closing the target process handle which succeeds in duplicating. The duplicating information processing method and device is suitable for monitoring whether the target process handle is illegally duplicated or not.

Description

technical field [0001] The invention relates to information security technology, in particular to a processing method, device and electronic equipment for copying information. Background technique [0002] With the gradual disclosure of the technical details of the kernel layer of the operating system, more and more malicious applications such as Trojan horses have begun to use kernel layer drivers to protect their own processes, and the processes of malicious applications protected by kernel layer drivers can be terminated. (Kill) other processes in the operating system, so that the malicious application process can maliciously attack the user's process or system process according to the intention of the malicious application provider, which may cause the computer to run unstable, and even cause user information Leakage, bring very large economic losses to users. For example, in the operating system, the graphics management process (csrss.exe process) will save the handles...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/52G06F21/57
CPCG06F21/52G06F21/57
Inventor 杨峰
Owner ZHUHAI BAOQU TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products