Method, device and electronic equipment for processing process registration

A process and process information technology, applied in the field of information security, can solve the problem of low operating system security protection efficiency

Active Publication Date: 2019-04-26
ZHUHAI BAOQU TECH CO LTD
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of this, the embodiments of the present invention provide a method, device, and electronic device for processing process registration, which can improve the security protection efficiency of the operating system, so as to solve the problem that in the existing method for processing process registration, the kernel NtUserCallTwoParam function can be called directly To register the process as a login process, the security protection efficiency of the operating system is low

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device and electronic equipment for processing process registration
  • Method, device and electronic equipment for processing process registration
  • Method, device and electronic equipment for processing process registration

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0051] Embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0052] It should be clear that the described embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0053] Step 101, when the pre-injected hook function detects that the kernel driver level user callback two-parameter function is called, hook the kernel driver level user callback two-parameter function;

[0054] In this embodiment, as an optional embodiment, the kernel driver level user callback function with two parameters is the kernel NtUserCallTwoParam function.

[0055] In this embodiment, the injected hook (Hook) function is used to monitor the function call related operations of the application layer process...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses a course register processing method and device and electronic equipment and relates to information security technology. By the adoption of the course register processing method and device and the electronic equipment, safety protection efficiency can be improved. The method comprises the steps of hooking a kernel driver stage user callback two-parameter function when the calling of the function is monitored by a hook function which is injected in advance, obtaining the version information of a current operation system and function index number information introduced by calling of the function, obtaining the course information of calling the kernel driver stage user callback two-parameter function if the version information of the current operation system and the introduced function index number information are matched with an operation system version information / function index number information set mapped by a preset login course, and refusing the calling of the kernel driver stage user callback two-parameter function if an application mapped by the acquired course information is identical with any one application needing to be intercepted in a preset intercept-required application feature library. The method and device are suitable for course register processing.

Description

technical field [0001] The invention relates to information security technology, in particular to a method, device and electronic equipment for processing process registration. Background technique [0002] With the gradual disclosure of the technical details of the kernel layer of the operating system, more and more malicious applications such as Trojan horses have begun to use kernel layer drivers to protect their own processes, and the processes of malicious applications protected by kernel layer drivers can be terminated. (Kill) other processes in the operating system, so that the malicious application process can maliciously attack the user's process or system process according to the intention of the malicious application provider, which may cause the computer to run unstable, and even cause user information leak. For example, in the operating system, the registration login process function (RegisterLogonProcess function) of the application layer is provided, which is...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/51G06F21/55
CPCG06F21/51G06F21/552
Inventor 杨峰
Owner ZHUHAI BAOQU TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap