CN102214134A - System and method for terminating computer process - Google Patents
System and method for terminating computer process Download PDFInfo
- Publication number
- CN102214134A CN102214134A CN201010150156XA CN201010150156A CN102214134A CN 102214134 A CN102214134 A CN 102214134A CN 201010150156X A CN201010150156X A CN 201010150156XA CN 201010150156 A CN201010150156 A CN 201010150156A CN 102214134 A CN102214134 A CN 102214134A
- Authority
- CN
- China
- Prior art keywords
- termination
- module
- security
- program process
- program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention provides a system and method for terminating a computer process. The system comprises an application level process termination module, a security detection module and a kernel level process termination module, wherein, the application level process termination module is used for executing a termination operation with an application level mode on the program process to be terminated; the security detection module is used for carrying out security detection on the program process which fails to be terminated by the application level process termination module; and the kernel level process termination module is used for judging whether to execute a forced termination operation with a kernel level mode on the program process which fails to be terminated according to the security detection result of the security detection module. By utilizing the system and the method provided by the invention, a computer system can safely and steadily run.
Description
Technical field
The present invention relates to field of computer technology, relate in particular to a kind of computer processes termination system and method.
Background technology
The Intel X 86 processor of widespread use at present is by the Permission Levels control that conducts interviews, and its Permission Levels specifically are divided into level Four: Ring0, Ring1, Ring2 and Ring3.Wherein, the Ring0 level has the highest access rights, and the Ring3 level has minimum access rights.For example operating system such as Windows is only used two ranks, be Ring0 and Ring3, Ring0 level deposit operation system data, be operated in other kernel level program of Ring0 level and have the authority same, can visit all other data of level, carry out all other instructions of level with operating system, and general application layer program can only be operated in the Ring3 rank, be subjected to the restriction of operating system, can only visit other data of Ring3 level, carry out other instruction of Ring3 level.
There are application layer procedure termination system and kernel level procedure termination system in present procedure termination system.Application layer procedure termination system can stop being operated in the process of the application layer program of Ring3, can't stop being operated in the process of the kernel level program of Ring0 level.Kernel level procedure termination system can stop any other programs of level such as kernel level program, if but the process that should not be moved to end in the operating system that is through with will cause the whole operation systemic breakdown.
Because all system resource can be visited and control to the kernel level program run under the Ring0 environment that operating system is trusted, rogue program majorities such as virus and wooden horse all belong to the kernel level program at present, have very strong destructiveness and disguised.
Finish the rogue program process and can play the certain protection effect computing machine; but; because most rogue programs are kernel level programs; therefore adopt application layer procedure termination system can't finish the rogue program process; if adopt kernel level procedure termination system; easy non-rogue program processes such as operating system process again because the user is through with, and cause systemic breakdown, be unfavorable for the stable operation of operating system.
Summary of the invention
In view of this, the invention provides a kind of computer processes termination system and method, can move with security and stability to guarantee computer system.
A kind of computer processes termination system, this system comprises application layer procedure termination module, safety detection module and kernel level procedure termination module;
Described application layer procedure termination module, the program process that is used to treat termination is carried out application layer pattern terminating operation;
Described safety detection module is used for that the program process of using progressive journey termination module termination failure is carried out security and detects;
Described kernel level procedure termination module is used for the security testing result according to safety detection module, judges whether the program process of this termination failure is carried out the operation of kernel level pattern forced termination.
A kind of computer processes terminating method, this method comprises:
The program process that utilizes application layer procedure termination system to treat termination is carried out application layer pattern terminating operation, when terminating operation is failed, this program process to be stopped is carried out security to be detected, according to the security testing result, utilize kernel level procedure termination module that this program process is carried out the operation of kernel level pattern forced termination.
As seen from the above technical solution, the present invention at first utilizes application layer procedure termination module terminator process, carrying out security for the program process that stops failure detects, utilize kernel level procedure termination module to stop unsafe process according to the security testing result then, be operated on the one hand the rogue program of kernel level for viral wooden horse etc., when application layer procedure termination module can't stop this rogue program, can detect by security and learn that it is a rogue program, thereby utilize kernel level to stop module and stop this rogue program, guaranteed the security of computer system, in addition, program process for application layer, owing to adopt application layer procedure termination module to stop, therefore need not start kernel level procedure termination module, utilize kernel level procedure termination module to make mistakes and the problems such as systemic breakdown that cause thereby reduced, improved the stability of computer system.
Need to prove in addition, because most of rogue program all is operated in kernel level, therefore at first utilize application layer procedure termination module to finish program process to be stopped, if can't stop this program process, then also this program of decidable is that the probability of rogue program is bigger, therefore at first utilize application layer procedure termination module terminator process role to be not only the program process that finishes application layer, it has also played the effect that terminator carries out the security detection for the treatment of, utilize safety detection module that program is carried out security on this basis again and detect, also can improve the accuracy of security testing result.
In a word, the computer processes termination system that the present invention relates to provides a kind of safe and reliable kernel level procedure termination module, and system process is reached control fully, the dangerous process of forced termination kernel level effectively can guarantee simultaneously the stability of operating system again to greatest extent.
Description of drawings
Fig. 1 is a computer processes termination system structural drawing provided by the invention.
Fig. 2 is the preferred embodiment structural drawing of computer processes termination system provided by the invention.
Fig. 3 is the process flow diagram of computer processes terminating method provided by the invention.
Embodiment
The invention provides a kind of safe and reliable computer processes termination system, the preferential application layer pattern that adopts stops process when the process of termination, if run into the kernel level process that the application layer pattern can't stop, confirm through process security detection and user interactions, can adopt kernel level pattern forced termination process, reach the purpose of the dangerous process of effective termination kernel level, the while is the stability of the operation of assurance system to greatest extent again.To describe the device embodiment and the method embodiment of this technical scheme below in detail.
Fig. 1 is a computer processes termination system structural drawing provided by the invention.
As shown in Figure 1, this system comprises application layer procedure termination module 101, safety detection module 102 and kernel level procedure termination module 103.
Application layer procedure termination module 101, the program process that is used to treat termination is carried out application layer pattern terminating operation.
Kernel level procedure termination module 103 is used for the security testing result according to safety detection module 102, judges whether the program process of this termination failure is carried out the operation of kernel level pattern forced termination.
This system can further include user interactive module, be used to receive the order that the user selectes program process to be stopped, send the indication that this program process executive termination to be stopped is operated to application layer procedure termination module, and output or show the testing result of safety detection module, receive the whether order of this program process of forced termination of user.
Correspondingly, described kernel level procedure termination module is used for the security testing result according to safety detection module, and the order of user interactive module reception, judges whether the program process of this termination failure is carried out the operation of kernel level pattern forced termination.
This system can further include the Process Details configuration file, is used for the level of security of storage process title and process descriptor, process and the corresponding relation of suggestion operations.
Correspondingly, described safety detection module is used for according to program process title to be stopped, according to the corresponding relation in the Process Details configuration file, lookup process descriptor, and judge the level of security of the program process that this is to be stopped, and to the suggestion operations of this program process to be stopped.
Particularly, the level of security in the described Process Details configuration file comprises critical processes, security procedure and suspicious process, and corresponding suggestion operations is respectively can not stop critical processes, suggestion does not stop security procedure and suggestion stops suspicious process.
Correspondingly, described kernel level procedure termination module, in the security testing result of safety detection module is that this program process to be stopped is when being the critical processes of operating system, kernel level procedure termination module is judged not to this program process executive termination to be stopped operation, in the security testing result of safety detection module is that this program process to be stopped is not when being the critical processes of operating system, if the order that user interactive module receives is to stop this program process then this program process is carried out the operation of kernel level pattern forced termination, if the order that user interactive module receives is not stop this program process then this program process is not carried out the operation of kernel level pattern forced termination.
This system can further include process and enumerates module, is used for forming process list according to the current process status of moving, and upgrades process list according to the procedure termination situation.
Fig. 2 is the preferred embodiment structural drawing of computer processes termination system provided by the invention.
As shown in Figure 2, in the preferred embodiment, this computer processes termination system comprises that process enumerates module 201, application layer procedure termination module 202, safety detection module 203, Process Details configuration file stores module 204, user interactive module 205 and kernel level procedure termination module 206.
Process is enumerated module 201, is used to enumerate the current process of moving, and forms process list, and upgrades process list according to the procedure termination situation.The user can enumerate the selected process that stops of needing in the process list that module 201 forms in process.
Application layer procedure termination module 202, be used for the process that the selected needs of user stop is carried out application layer pattern terminating operation, if stop failure, then the process of 203 pairs of this termination failures of safety detection module is carried out the security detection, specifically according to the configuration file of storage in the Process Details configuration file stores module 204 and the descriptor that should stop this process of process name lookup of failure, detect the level of security of this process, and according to the relevant information of testing result by user interactive module 205 these processes of output, the suggestion user carries out corresponding operation, for example, if testing result is a critical processes, then do not allow to be terminated by user interactive module 205 these processes of prompting user, if testing result is a security procedure, then do not stop this process by user interactive module 205 prompting user suggestions, if testing result is a suspicious process, then advise stopping this process by user interactive module 205 prompting users.Kernel level procedure termination module 206 is carried out corresponding operation according to the testing result of safety detection module 203 and the user instruction of user interactive module 205 receptions, for example, when the testing result of safety detection module 203 is critical processes, what kind of the user command no matter user interactive module 205 receives is, kernel level procedure termination module 206 does not stop this critical processes, when the testing result of safety detection module 203 is security procedure or suspicious process, carry out corresponding operation according to the user command that user interactive module 205 receives.
Fig. 3 is the process flow diagram of computer processes terminating method provided by the invention.
As shown in Figure 3, this flow process comprises:
In this step,, then point out the user to advise not stopping this process,, then point out the user to advise stopping this process if safety detection result is a suspicious process for this process if safety detection result is a security procedure for this process.
As seen, procedure termination of the present invention system comprises kernel level procedure termination mode, can reach the control fully to process, effectively stops the kernel level process harmful to system.
Before carrying out kernel level procedure termination module forced termination process; procedure termination of the present invention system preferentially adopts application layer procedure termination module to stop process; and the system core process of protection kernel level is not terminated; final whether select the forced termination of executive process by the user again; when effectively stopping the dangerous process of kernel level, can guarantee system stable operation to greatest extent.
After adopting the failure of application layer procedure termination module termination process, carry out the process security again and detect, in view of the above user's operation is pointed out, avoid the blindness of user's selection operation.Has higher execution efficient owing to not needing to carry out the security detection when simultaneously, stopping the application layer process.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being made, is equal to replacement, improvement etc., all should be included within the scope of protection of the invention.
Claims (10)
1. a computer processes termination system is characterized in that, this system comprises application layer procedure termination module, safety detection module and kernel level procedure termination module;
Described application layer procedure termination module, the program process that is used to treat termination is carried out application layer pattern terminating operation;
Described safety detection module is used for that the program process of using progressive journey termination module termination failure is carried out security and detects;
Described kernel level procedure termination module is used for the security testing result according to safety detection module, judges whether the program process of this termination failure is carried out the operation of kernel level pattern forced termination.
2. system according to claim 1 is characterized in that this system further comprises user interactive module;
Described user interactive module, receive the order that the user selectes program process to be stopped, send the indication that this program process executive termination to be stopped is operated to application layer procedure termination module, and output or show the testing result of safety detection module, receive the whether order of this program process of forced termination of user;
Described kernel level procedure termination module is used for the security testing result according to safety detection module, and the order of user interactive module reception, judges whether the program process of this termination failure is carried out the operation of kernel level pattern forced termination.
3. system according to claim 1 and 2 is characterized in that this system further comprises the Process Details configuration file;
Described Process Details configuration file is used for the level of security of storage process title and process descriptor, process and the corresponding relation of suggestion operations;
Described safety detection module, be used for according to program process title to be stopped, according to the corresponding relation in the Process Details configuration file, the lookup process descriptor, and judge the level of security of the program process that this is to be stopped, and to the suggestion operations of this program process to be stopped.
4. system according to claim 3 is characterized in that,
Level of security in the described Process Details configuration file comprises critical processes, security procedure and suspicious process, and corresponding suggestion operations is respectively can not stop critical processes, suggestion does not stop security procedure and suggestion stops suspicious process.
5. system according to claim 4 is characterized in that,
Described kernel level procedure termination module, in the security testing result of safety detection module is that this program process to be stopped is when being the critical processes of operating system, kernel level procedure termination module is judged not to this program process executive termination to be stopped operation, in the security testing result of safety detection module is that this program process to be stopped is not when being the critical processes of operating system, if the order that user interactive module receives is to stop this program process then this program process is carried out the operation of kernel level pattern forced termination, if the order that user interactive module receives is not stop this program process then this program process is not carried out the operation of kernel level pattern forced termination.
6. system according to claim 1 and 2 is characterized in that, this system comprises that further process enumerates module;
Described process is enumerated module, forms process list according to the current process status of moving, and upgrades process list according to the procedure termination situation.
7. a computer processes terminating method is characterized in that, this method comprises:
The program process that utilizes application layer procedure termination system to treat termination is carried out application layer pattern terminating operation, when terminating operation is failed, this program process to be stopped is carried out security to be detected, according to the security testing result, utilize kernel level procedure termination module that this program process is carried out the operation of kernel level pattern forced termination.
8. method according to claim 1 is characterized in that, describedly this program process to be stopped is carried out security detects and to comprise:
The title of the program process that detection is to be stopped according to the corresponding relation of title, descriptor and the level of security of default program process, is judged the level of security of program process to be stopped.
9. method according to claim 8 is characterized in that described level of security comprises critical processes, security procedure and suspicious process, and is described according to the security testing result, utilizes kernel level procedure termination module that this program process executive termination operation is comprised:
Detect program process to be stopped when being critical processes, judge not stop this critical processes;
Detect program process to be stopped when being security procedure or suspicious process,, then utilize kernel level procedure termination module that this program process is carried out the operation of kernel level pattern forced termination if the user command indication stops this program process.
10. according to Claim 8 or 9 described methods, it is characterized in that this method further comprises:
Downloaded stored has the configuration file of the corresponding relation of the title of program process and process descriptor, level of security and suggestion operations.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010150156.XA CN102214134B (en) | 2010-04-12 | 2010-04-12 | A kind of computer processes termination system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010150156.XA CN102214134B (en) | 2010-04-12 | 2010-04-12 | A kind of computer processes termination system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102214134A true CN102214134A (en) | 2011-10-12 |
| CN102214134B CN102214134B (en) | 2015-08-12 |
Family
ID=44745454
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010150156.XA Active CN102214134B (en) | 2010-04-12 | 2010-04-12 | A kind of computer processes termination system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102214134B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102982283A (en) * | 2012-11-27 | 2013-03-20 | 蓝盾信息安全技术股份有限公司 | System and method for killing protected malicious computer process |
| CN103581152A (en) * | 2012-08-08 | 2014-02-12 | 腾讯科技(深圳)有限公司 | Scanning rule updating method and device |
| WO2017054581A1 (en) * | 2015-09-30 | 2017-04-06 | 北京金山安全软件有限公司 | Application program stopping failure detection method, system and apparatus |
| CN106815523A (en) * | 2015-11-27 | 2017-06-09 | 北京金山安全软件有限公司 | Malicious software defense method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040123137A1 (en) * | 2002-12-12 | 2004-06-24 | Yodaiken Victor J. | Systems and methods for detecting a security breach in a computer system |
| CN101226570A (en) * | 2007-09-05 | 2008-07-23 | 江启煜 | Method for monitoring and eliminating generalized unknown virus |
| JP2008546077A (en) * | 2005-05-26 | 2008-12-18 | ユナイテッド パーセル サービス オブ アメリカ インコーポレイテッド | Software process monitor |
-
2010
- 2010-04-12 CN CN201010150156.XA patent/CN102214134B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040123137A1 (en) * | 2002-12-12 | 2004-06-24 | Yodaiken Victor J. | Systems and methods for detecting a security breach in a computer system |
| JP2008546077A (en) * | 2005-05-26 | 2008-12-18 | ユナイテッド パーセル サービス オブ アメリカ インコーポレイテッド | Software process monitor |
| CN101226570A (en) * | 2007-09-05 | 2008-07-23 | 江启煜 | Method for monitoring and eliminating generalized unknown virus |
Non-Patent Citations (1)
| Title |
|---|
| 杨玉兰: "《从系统进程的角度防治病毒》", 《计算机安全》, no. 7, 31 July 2006 (2006-07-31) * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103581152A (en) * | 2012-08-08 | 2014-02-12 | 腾讯科技(深圳)有限公司 | Scanning rule updating method and device |
| WO2014023166A1 (en) * | 2012-08-08 | 2014-02-13 | Tencent Technology (Shenzhen) Company Limited | Systems and methods for updating scanning rules |
| US9342686B2 (en) | 2012-08-08 | 2016-05-17 | Tencent Technology (Shenzhen) Company Limited | Systems and methods for updating scanning rules |
| CN102982283A (en) * | 2012-11-27 | 2013-03-20 | 蓝盾信息安全技术股份有限公司 | System and method for killing protected malicious computer process |
| CN102982283B (en) * | 2012-11-27 | 2015-07-22 | 蓝盾信息安全技术股份有限公司 | System and method for killing protected malicious computer process |
| WO2017054581A1 (en) * | 2015-09-30 | 2017-04-06 | 北京金山安全软件有限公司 | Application program stopping failure detection method, system and apparatus |
| CN106815523A (en) * | 2015-11-27 | 2017-06-09 | 北京金山安全软件有限公司 | Malicious software defense method and device |
| CN106815523B (en) * | 2015-11-27 | 2019-10-15 | 珠海豹趣科技有限公司 | A kind of malware defence method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102214134B (en) | 2015-08-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9449157B2 (en) | Mechanisms to secure data on hard reset of device | |
| US20130287273A1 (en) | Anti-misoperation system and method using same | |
| CN104754043B (en) | A kind of terminal staging method and device | |
| US11205512B2 (en) | Usage control method and system for medical detection device, and medical detection device | |
| KR20140123545A (en) | Exception handling in a data processing apparatus having a secure domain and a less secure domain | |
| KR20150063417A (en) | A data processing apparatus and method for protecting secure data and program code from non-secure access when switching between secure and less secure domains | |
| CN102214134A (en) | System and method for terminating computer process | |
| CN104461594A (en) | Updating method and device of embedded operating system | |
| AU2013370768B2 (en) | Method and apparatus for controlling invoking of hardware instruction | |
| US20150019800A1 (en) | Firmware Package to Modify Active Firmware | |
| US20100192137A1 (en) | Method and system to improve code in virtual machines | |
| RU2606565C2 (en) | Firmware agent | |
| CN106250728A (en) | For protecting equipment and the method for ios software module | |
| JP5975923B2 (en) | Vehicle control device | |
| RU2009105127A (en) | CHANGES IN THE CONDITION OF THE ENVIRONMENT FOR CHANGE OF FUNCTIONAL CAPABILITIES | |
| US20140172924A1 (en) | Crash recovery for attended operating system installations | |
| CN106127054B (en) | A kind of system-level safety protecting method towards smart machine control instruction | |
| KR101375656B1 (en) | Program protection apparatus and program protection method | |
| EP3018608A1 (en) | Method and system for detecting execution of a malicious code in a web-based operating system | |
| CN114510751A (en) | Hardware replacement prevention device and method based on processor security kernel | |
| WO2016184180A1 (en) | Method and apparatus for safe startup of system | |
| CN107545169B (en) | Application program authentication management method and device and electronic equipment | |
| CN112231710B (en) | QNX BSP starting verification method and starting verification module | |
| US9027133B2 (en) | Method and system for performing security monitoring on file downloading | |
| US9690942B2 (en) | SIO device with SPI bus gateway controller for write protection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |