Method for realizing program killing prevention

A process and byte technology, applied in the field of process anti-killing, to achieve the effect of protecting against illegal shutdown

Inactive Publication Date: 2011-08-17
北京思创银联科技股份有限公司
View PDF3 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At present, the process anti-kill technology based on Windows system generally uses hooks NtOpenProcess and NtTerminateProcess to realize process protection, but the above methods may be bypassed by many evil methods (such as clearing 0, PspTerminateProcess, PspExitThread, etc.)

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for realizing program killing prevention
  • Method for realizing program killing prevention
  • Method for realizing program killing prevention

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] The specific implementation manners of the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. The following examples are used to illustrate the present invention, but are not intended to limit the scope of the present invention.

[0030] figure 1 It is a flowchart of a method for realizing process anti-killing described in the embodiment of the present invention; figure 1 Said, the method for realizing process anti-killing comprises steps:

[0031] S1: Apply for a five-byte global array, the first byte represents the jump (JMP) instruction, such as 0XE9, the last four bytes represent the size of the jump, and the size of the jump is DetourObReferenceObjectByHandle-ObReferenceObjectByHandle- 5; Replace the first five bytes of ObReferenceObjectByHandle with the five-byte global array;

[0032] In this step, as long as it runs to ObReferenceObjectByHandle, it will jump to DetourObReferenceObjectByHa...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for realizing program killing prevention, relating to the technical field of program monitoring. The method comprises the following steps of: 1, applying for a five-byte global array, and substituting the previous five bytes of ObreferenceObjectByHandle with the five-byte global array, wherein the first byte represents a jump (JMP) instruction, and the next four bytes represent size of jump; and 2, realizing program killing prevention according to DetourObreferenceObjectByHandle. By applying the method provided by the invention, since the ObreferenceObjectByHandle is opposite to a comparison bottom layer, the ObreferenceObjectByHandle is called to convert a handle into a File_Object during any illegal program closing and normal program closing and then theprogram is closed. Therefore, the program to be closed can be intercepted by hooking the ObreferenceObjectByHandle, and then whether the program is a normally closed program is judged, so that the program cannot be easily bypassed and can be protected from being illegally closed well.

Description

technical field [0001] The invention relates to the technical field of process monitoring, in particular to a method for realizing process anti-killing. Background technique [0002] Process anti-killing is to protect the user's process from being illegally killed. If the user's process is terminated unexpectedly, it may cause the computer system to run unstable, especially when the computer is invaded by malicious programs such as viruses. If some key processes are killed, it may cause Bring very large economic losses to users. Important processes in the system also need to have self-protection capabilities, so that the situation that the process is killed without the user's knowledge can be avoided. [0003] At present, hackers generally use the task manager or hacker software to close the process to achieve the purpose of destroying the system and stealing system data. For example, when a hacker wants to compromise a system, he will log in and see if there are some know...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00G06F21/54
Inventor 于晓军万雪松赵辰清
Owner 北京思创银联科技股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap