Windows process protection method

A process and protected technology, applied in the field of network security, can solve problems such as poor stability, high difficulty, and unusability, and achieve the effect of low difficulty, good stability and compatibility, and good concealment

Inactive Publication Date: 2014-10-29
蓝盾信息安全技术有限公司
View PDF6 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] Due to the need to Patch the system code, the method of using inLine Hook is difficult and poor in stability
If other process protection software also inLine Hook the same function, there will be compatibility issues
In addition, there is also a problem that it cannot be used under 64-bit Windows system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Windows process protection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0014] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0015] Aiming at the problems in the prior art, the method of the present invention adopts the scheme that the dll containing the core function code is injected into the system process through the driver program to run, thereby monitoring the state of the protected process. This solution has good stability and compatibility, and it can also be used normally under 64-bit Windows system. The specific process is as figure 1 shown.

[0016] The scheme of the present ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a Windows process protection method. According to the Windows process protection method, a dll containing a core function code is injected into a system process to be run through a driver, so that the protected process is monitored. Through the injected dll used as a redirector, a system dynamic link library scesrv.dll can be reloaded to the memory space of the system process services.exe, and then the injected dll can be loaded to the memory space of the system process services.exe along with the system dynamic link library scesrv.dll. According to the Windows process protection method, the stability and the compatibility are high, the implementation difficulty is low, and the invisibility is high; due to the fact that no Patch system code exists, the Windows process protection method is also suitable for the 64-bit Windows operating system.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a Windows process protection method. Background technique [0002] Process protection is to prevent malicious programs from destroying the normal operation of the process. Many software, such as the monitoring system and billing system in the computer room, as well as some software that must ensure that its operation will not be forcibly interrupted, otherwise it will cause serious consequences such as data loss and operating system crashes, need to carry out necessary protection for itself , to prevent losses caused by malicious acts or operator misoperations. [0003] To forcibly close a process, the usual method is to call the OpenProcess function at the application layer to open the process, and then call the TerminateProcess function to forcibly close the process after opening the process. Therefore, the method of process protection is to prevent one of these two ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/51
CPCG06F21/54
Inventor 柯宗贵杨育斌梁永秋
Owner 蓝盾信息安全技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap