A processing method, device and electronic equipment for copying information
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A processing method and technology of a processing device are applied in the field of information security and can solve the problems of low operating system security protection efficiency and the like
Active Publication Date: 2019-06-07
ZHUHAI BAOQU TECH CO LTD
View PDF6 Cites 0 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
[0004] In view of this, the embodiments of the present invention provide a processing method, device, and electronic equipment for copying information, which can improve the security protection efficiency of the operating system, so as to solve the problem that in the existing processing method for copying information, it is possible to directly call the kernel handle to copy Object functions are used to control the target application, which leads to the problem of low security protection efficiency of the operating system
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0055] figure 1 It is a schematic flowchart of a processing method for copying information in Embodiment 1 of the present invention, as shown in figure 1 As shown, the method of this embodiment may include:
[0056] Step 101, when the pre-injected hook function detects that the kernel handle copy object function is called, hook the kernel handle copy object function;
[0057] In this step, as an optional embodiment, the kernel handle duplication object function includes: a kernel NtDuplicateObject function.
[0058] In this embodiment, as an optional embodiment, the hook function is located in the kernel layer of the operating system.
[0059] In the embodiment of the present invention, the injected hook (Hook) function is used to listen to the application layer process, that is, the function call related operation of the application program process located in the application layer, and the related function called by the application layer process and any preset function Whe...
Embodiment 2
[0097] figure 2 It is a schematic structural diagram of a processing device for copying information in Embodiment 2 of the present invention, as shown in figure 2 As shown, the device of this embodiment may include: a hooking module 21, a matching module 22, an application extraction module 23 and a process handle processing module 24, wherein,
[0098] Hook module 21, for when the pre-injected hook function monitors calling kernel handle copy object function, hook described kernel handle copy object function;
[0099] In this embodiment, as an optional embodiment, the kernel handle copy object function is the kernel NtDuplicateObject function.
[0100] In this embodiment, as an optional embodiment, the hook function is located in the kernel layer of the operating system.
[0101] As an optional embodiment, a hook function may be injected when the security application defense driver application is loaded.
[0102] In the embodiment of the present invention, as an optional...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
PUM
Login to view more
Abstract
The embodiment of the invention discloses a duplicating information processing method and device, and electronic equipment, relates to the technology of information safety, and can improve the safety protection efficiency of an operating system. The method comprises the following steps: when the calling of a kernel DuplicateHandle object function is monitored in a pre-injected hook function, hooking the kernel DuplicateHandle object function; monitoring whether the kernel DuplicateHandle object function succeeds in duplicating a target process handle or not, and if the kernel DuplicateHandle object function succeeds in duplicating the target process handle, judging whether the target process handle which succeeds in duplicating is matched with any one protection process handle in a preset protection process handle library or not; if the target process handle which succeeds in duplicating is matched with any one protection process handle in the preset protection process handle library, obtaining the process path information of the target process handle which succeeds in duplicating, and extracting a to-be-verified application program mapped by the process path information; and if the extracted to-be-verified application program is the same with any one to-be-intercepted application program in a preset to-be-intercepted application program library, closing the target process handle which succeeds in duplicating. The duplicating information processing method and device is suitable for monitoring whether the target process handle is illegally duplicated or not.
Description
technical field [0001] The invention relates to information security technology, in particular to a processing method, device and electronic equipment for copying information. Background technique [0002] With the gradual disclosure of the technical details of the kernel layer of the operating system, more and more malicious applications such as Trojan horses have begun to use kernel layer drivers to protect their own processes, and the processes of malicious applications protected by kernel layer drivers can be terminated. (Kill) other processes in the operating system, so that the malicious application process can maliciously attack the user's process or system process according to the intention of the malicious application provider, which may cause the computer to run unstable, and even cause user information Leakage, bring very large economic losses to users. For example, in the operating system, the graphics management process (csrss.exe process) will save the handles...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.