Method and device for protecting safety protection application program files and electronic equipment

An application program and security protection technology, which is applied in the field of information security, can solve the problem that the method of security protection application program files cannot be safely protected.

Active Publication Date: 2016-08-24
ZHUHAI BAOQU TECH CO LTD
View PDF6 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of this, the embodiments of the present invention provide a method, device, and electronic device for protecting security protection application files, which can improve the security of security protection application files during the initialization process of the operating system, so as to solve the problem of existing protection security protection Application file methods cannot be secured during OS initialization

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for protecting safety protection application program files and electronic equipment
  • Method and device for protecting safety protection application program files and electronic equipment
  • Method and device for protecting safety protection application program files and electronic equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0066] figure 1 It is a schematic flow diagram of a method for protecting a security application file according to an embodiment of the present invention, such as figure 1 As shown, the method of this embodiment may include:

[0067] Step 101, when the pre-injected hook function detects that the key value setting kernel function is called, hook the key value setting kernel function;

[0068] In this embodiment, through statistical analysis and mining, in the process of operating system initialization, if a certain application program deletes or uninstalls the security protection application program file, it is by calling the mobile operation kernel function of the application layer, that is, the MoveFileEx kernel function, MoveFileEx The kernel function calls the key-value setting kernel function to realize. Among them, the MoveFileEx kernel function includes multiple moving operation parameters, for example, the registry path handle parameter (filepath) where the file to be...

Embodiment 2

[0100] figure 2 It is a schematic flowchart of a method for protecting a security protection application program file in Embodiment 2 of the present invention, as figure 2 As shown, the method of this embodiment may include:

[0101] Step 201, when the pre-injected hook function detects that the key value setting kernel function is called, hook the key value setting kernel function;

[0102] Step 202, obtain the registry path according to the registry path handle parameter in the key setting kernel function, and extract the key name parameter in the key setting kernel function;

[0103] Step 203, if the registry path is a preset session management registry path, and the extracted key name parameter is a preset renaming operation key value, extract the key value and set the file path to be deleted in the kernel function parameter;

[0104] In this embodiment, the processes from step 201 to step 203 are respectively similar to steps 101 to 103 in the first method embodiment...

Embodiment 3

[0115] image 3 It is a schematic structural diagram of a device for protecting security protection application program files in Embodiment 3 of the present invention, as shown in image 3 As shown, the device of this embodiment may include: a hook monitoring module 31, a key name extraction module 32, a file path acquisition module 33 and a file processing module 34, wherein,

[0116] The hook monitoring module 31 is used to hook the key value setting kernel function when the pre-injected hook function monitors that the key value setting kernel function is called;

[0117] Key value name extracting module 32, for setting the registry path handle parameter in the kernel function according to the key value to obtain the registry path, extracting the key value name parameter in the kernel function for extracting the key value;

[0118] File path acquisition module 33, if the registry path is a preset session management registry path, and the extracted key value name parameter i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses a method and device for protecting safety protection application program files and electronic equipment and relates to an information safety technology. The method comprises the following steps: when monitoring that a key value setting kernel function is called by a pre-injected hook function, hooking the function; acquiring a registry path according to registry path handle parameters in the key value setting kernel function, and extracting key value name parameters in the key value setting kernel function; if the registry path is a conversation management registry path and the extracted key value name parameters are renaming operation key values, extracting parameters of file paths to be deleted in the key value setting kernel function; and if the extracted parameters of file paths to be deleted in the key value setting kernel function are the same as any safety protection application program file catalogue in a pre-set safety protection application program file catalogue library, rejecting the operation of writing a registry of the key value setting kernel function. The method is applicable to protection of the safety protection application program files.

Description

technical field [0001] The invention relates to information security technology, in particular to a method, device and electronic equipment for protecting security protection application program files. Background technique [0002] With the continuous development of computer communication and Internet technology, the application of electronic equipment is becoming more and more common. For example, smart mobile phones, personal digital assistants, handheld computers, and notebook computers have been more and more widely used. There are more and more programs (APP, Application), which makes the operating system more and more likely to be attacked by some application programs. In order to ensure the safety of the operating system, in the Windows operating system, there are generally installed security protection applications that use the kernel driver layer to protect the files in the various application programs of the operating system. Blocking the access of some applicatio...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 李文靖
Owner ZHUHAI BAOQU TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap