Duplicating information processing method and device, and electronic equipment
A technology of a processing method and a processing device, which is applied in the field of information security and can solve problems such as low efficiency of operating system security protection
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
Method used
Image
Examples
Embodiment 1
[0055] figure 1 It is a schematic flowchart of a processing method for copying information in Embodiment 1 of the present invention, as shown in figure 1 As shown, the method of this embodiment may include:
[0056] Step 101, when the pre-injected hook function detects that the kernel handle copy object function is called, hook the kernel handle copy object function;
[0057] In this step, as an optional embodiment, the kernel handle duplication object function includes: a kernel NtDuplicateObject function.
[0058] In this embodiment, as an optional embodiment, the hook function is located in the kernel layer of the operating system.
[0059] In the embodiment of the present invention, the injected hook (Hook) function is used to listen to the application layer process, that is, the function call related operation of the application program process located in the application layer, and the related function called by the application layer process and any preset function Whe...
Embodiment 2
[0097] figure 2 It is a schematic structural diagram of a processing device for copying information in Embodiment 2 of the present invention, as shown in figure 2 As shown, the device of this embodiment may include: a hooking module 21, a matching module 22, an application extraction module 23 and a process handle processing module 24, wherein,
[0098] Hook module 21, for when the pre-injected hook function monitors calling kernel handle copy object function, hook described kernel handle copy object function;
[0099] In this embodiment, as an optional embodiment, the kernel handle copy object function is the kernel NtDuplicateObject function.
[0100] In this embodiment, as an optional embodiment, the hook function is located in the kernel layer of the operating system.
[0101] As an optional embodiment, a hook function may be injected when the security application defense driver application is loaded.
[0102] In the embodiment of the present invention, as an optional...
PUM
Abstract
Description
Claims
Application Information
- R&D Engineer
- R&D Manager
- IP Professional
- Industry Leading Data Capabilities
- Powerful AI technology
- Patent DNA Extraction
Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.
© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com