Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Anti-Keylogging Method Based on Windows

A key recording and key press technology, applied in the protection of internal/peripheral computer components, etc., can solve the problem that key information cannot be prevented from being stolen.

Active Publication Date: 2021-07-16
BEIJING INST OF COMP TECH & APPL
View PDF1 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] For user-mode keyloggers, you can also use the Windows message hook function to defend, mainly calling the WH_DEBUG type hook function, because the Windows operating system always executes the WH_DEBUG type hook function first, and this hook function can directly determine whether to continue Execute the hook function of the keyboard (keylogging in user mode exists in the form of a keyboard hook function), so the way to prevent keylogging in user mode is to directly submit the key information to the user process in the hook function of WH_DEBUG type, and block the keyboard hook The operation of the function, but if the keylogger in the kernel mode, this method cannot prevent the key information from being stolen

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0015] In order to make the purpose, content, and advantages of the present invention clearer, the specific implementation manners of the present invention will be further described in detail below in conjunction with examples.

[0016] Aiming at the keylogger in the kernel state, it is mainly defended by setting the keyboard interrupt processing function. The new interrupt processing function reads the key information, and directly passes it to the user process after the key information is transcoded, which is related to the keyboard driver. , All steps of the keyboard device stack and system service description table are omitted, so the anti-keylogging effect is the best, because the interrupt processing is the closest to the underlying hardware to obtain key information, so the protection in other parts of the kernel cannot prevent Hook interrupts Handle function-type keyloggers. However, this method requires a new keyboard interrupt processing function to implement all the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a Windows-based anti-keylogging method, which includes: for the kernel state, before the Windows normal key interruption, an interruption is added, after receiving the user key information, the interruption is performed, and whether the key information has been checked The button information conversion is judged, and the button information is the original button information, the button information conversion is performed, and the converted information is resent to the IO port, and the converted button information is the converted button information, and the windows normal button interrupt is executed; for In the user state, reverse conversion is performed according to the key mapping relationship, and then the key information is directly submitted to the user process.

Description

technical field [0001] The invention relates to the technical field of computer security, in particular to a method for preventing keyloggers based on Windows. Background technique [0002] Hook (hook) technology is mostly used in the existing Windows system keylogging technology, and the keylogging technology is divided into two categories from the position where the hook function is called to run, which are respectively user state Hook and kernel state Hook. Because in the Windows user mode, keyboard keys are transmitted in the form of Windows messages, so the user mode Hook mainly implements keylogging through the Windows message hook function. The kernel-mode Hook is more flexible than the user-mode Hook. It takes multiple layers of calls from the keyboard interrupt generated by the key until the kernel mode completes the IRP (IO request packet) and returns to the user mode. Keyloggers can be implemented in multiple places on this path. , mainly including the following ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/83
CPCG06F21/83
Inventor 孙宇陈志浩高景生张岩宋鹏飞
Owner BEIJING INST OF COMP TECH & APPL
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com