Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Course handling method and device

A processing method and technology of a processing device, applied in the field of computer security, can solve problems such as failure to prevent security software detection, and achieve the effect of maintaining security

Active Publication Date: 2012-12-19
三六零数字安全科技集团有限公司
View PDF5 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] Therefore, a technical problem to be urgently solved by those skilled in the art is to propose a process processing method, which can prevent malicious processes from invading security software by using DLL files and global message hooks, so that malicious processes cannot prevent security software detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Course handling method and device
  • Course handling method and device
  • Course handling method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0036] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0037] When a thread in the process creates or closes a window, it will check whether the thread has a message hook, and the message hook includes a local message hook and a global message hook, wherein the priority of the local message hook is higher than that of the global message hook. That is, if both message hooks exist, the local message hook is called first, and then the global message hook is called; if only one message hook exists, the existing message...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a course handling method and a device. By the method and device, hostile courses can be prevented from invading security software by using dynamic link library (DLL) files and global message hooks, so that the detection of security software cannot be restrained by hostile courses. The method comprises the following steps of: during creation of threads, registering various local message hooks in the system, wherein correspondence is established between the local message hook and the message function in the system; calling the corresponding local message hook through the message function when the message function is called by the thread, wherein the message function includes a window creating function; and calling a callback function of the local message hook to prevent the global message hook from being called and returning to execute the message function.

Description

technical field [0001] The present application relates to computer security technology, in particular to a process processing method and device. Background technique [0002] When a thread in the process creates or closes a window, it will check whether the thread has a message hook, and the message hook includes a local message hook and a global message hook, wherein the priority of the local message hook is higher than that of the global message hook. That is, if both message hooks exist, the local message hook is called first, and then the global message hook is called; if only one message hook exists, the existing message hook is called. [0003] Malicious processes (such as Trojan horse processes) can prevent detection by security software by loading dynamic link library files to avoid detection and killing. Among them, the dynamic link library (Dynamic Link Library, DLL) file, which allows programs to share code and other resources necessary to perform special tasks. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/00G06F9/46
Inventor 谭合力姚彤邵坚磊马贞辉
Owner 三六零数字安全科技集团有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com