CN104462953A - Information processing method and electronic equipment - Google Patents
Information processing method and electronic equipment Download PDFInfo
- Publication number
- CN104462953A CN104462953A CN201310421146.9A CN201310421146A CN104462953A CN 104462953 A CN104462953 A CN 104462953A CN 201310421146 A CN201310421146 A CN 201310421146A CN 104462953 A CN104462953 A CN 104462953A
- Authority
- CN
- China
- Prior art keywords
- operating system
- basic input
- application program
- bios
- output system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Abstract
The invention discloses an information processing method and electronic equipment. The method is applied to electronic equipment comprising a BIOS (basic input and output system), an OS (operation system) and an application program based on the OS. The method includes when the OS is in the operation state, acquiring a security event used for analyzing the OS and the application program securely; generating an SMI (system management interrupt) according to the security event; responding to the SMI, and loading the interrupt processing program firmware contained by the BIOS to an SMRAM; executing the interrupt processing program firmware in the SMRAM, and performing security analysis on the OS and the application program through the BIOS. According to the technical scheme, the security analysis is performed on the OS and the application program through the BIOS, the technical problem that the accuracy is low during application program security detection according to the electronic equipment in the prior art is solved, and the operation system and the application program can be protected.
Description
Technical field
The present invention relates to electronic technology field, the method for particularly a kind of information processing and electronic equipment.
Background technology
Along with the development of science and technology, from strength to strength, the application software that can install also gets more and more the function of electronic equipment.Mounted application software is present in hard disk and registry entry, easily lacks and is maliciously tampered, and in order to ensure the normal operation of each application software, needing electronic equipment to detect and repairing destroyed application software.
In prior art, electronic equipment is by operating system OS(Operating System) file of real-time guard application software, file and registry entry be not tampered, meanwhile, detect and repair the application software be destroyed.
But present inventor is in the process realizing technical scheme in the embodiment of the present application, in finding that prior art is deposited, because the rogue programs such as virus, wooden horse easily run on operating system OS, hinder the detection of operating system OS application programs security, cause the security Detection accuracy of electronic equipment application programs low, even destroyed application program cannot be detected, more destroyed application program cannot be repaired.In visible prior art there is the low technical matters of accuracy rate when application programs security detects in electronic equipment.
Summary of the invention
The embodiment of the present invention provides a kind of information processing method and electronic equipment, for solving the electronic equipment technical matters that accuracy rate is low when application programs security detects in prior art, improves the accuracy rate that applications security detects.
The embodiment of the present application provides a kind of information processing method, is applied in electronic equipment, and described electronic equipment comprises basic input-output system BIOS, operating system OS and the application program based on described operating system OS, and described method comprises:
When described operating system OS is in running order, obtain security incident, wherein, described security incident is used to indicate carries out safety analysis to described operating system OS and described application program;
According to described security incident, produce system management interrupt SMI;
Respond described system management interrupt SMI, the interrupt handling routine firmware loads comprised by described basic input-output system BIOS is in SMRAM;
In described SMRAM, perform described interrupt handling routine firmware, by described basic input-output system BIOS, safety analysis is carried out to described operating system OS and described application program, realize the protection to described operating system OS and described application program.
Optionally, described interrupt handling routine firmware is specially:
Be set in advance in the firmware in described basic input system BIOS, when described interrupt handling routine firmware performs, described basic input-output system BIOS can carry out safety analysis to described operating system OS and based on the application program of described operating system OS.
Optionally, before the described interrupt handling routine firmware loads comprised by described basic input-output system BIOS is in SMRAM, described method also comprises:
The firmware controlling to have in described basic input-output system BIOS Part I function is in running order, makes described interrupt handling routine firmware can by the Part I gain-of-function of described basic input-output system BIOS for carrying out the first data of safety analysis to described operating system OS and described application program.
Optionally, describedly by described basic input-output system BIOS, safety analysis is carried out to described operating system OS and described application program, specifically comprises:
Described interrupt handling routine firmware reads described first data by described basic input-output system BIOS;
Based on described first data, detect described operating system OS and whether described application program is destroyed;
When described operating system OS and/or described application program are destroyed, read described operating system OS and/or backup file corresponding to described application program by described basic input-output system BIOS;
Described operating system OS and/or described application program is repaired based on described backup file.
Optionally, described acquisition security incident, specifically comprises:
Obtain the key scan code for keyboard by the keyboard controller of described electronic equipment, and described key scan code is sent to described basic input-output system BIOS;
Described according to described security incident, produce system management interrupt SMI and comprise:
Judge whether described key scan code meets preset security strategy by described basic input-output system BIOS;
When described key scan code symbol closes described preset security strategy, produce described system management interrupt SMI.
The embodiment of the present application also provides a kind of electronic equipment, and this electronic equipment comprises basic input-output system BIOS, operating system OS and the application program based on described operating system OS, and described electronic equipment also comprises:
Acquiring unit, for when described operating system OS is in running order, obtain security incident, wherein, described security incident is used to indicate carries out safety analysis to described operating system OS and described application program;
Generation unit, for according to described security incident, produces system management interrupt SMI;
Loading unit, for responding described system management interrupt SMI, the interrupt handling routine firmware loads comprised by described basic input-output system BIOS is in SMRAM;
Safety analysis unit; for performing described interrupt handling routine firmware in described SMRAM; by described basic input-output system BIOS, safety analysis is carried out to described operating system OS and described application program, realize the protection to described operating system OS and described application program.
Optionally, described loading unit specifically for:
By described interrupt handling routine firmware loads in SMRAM, wherein, described interrupt handling routine is admittedly for being set in advance in the firmware in described basic input system BIOS, and when described interrupt handling routine firmware performs, described basic input-output system BIOS can carry out safety analysis to described operating system OS and based on the application program of described operating system OS.
Optionally, described electronic equipment also comprises:
Control module, for before the described interrupt handling routine firmware loads comprised by described basic input-output system BIOS is in SMRAM, the firmware controlling to have in described basic input-output system BIOS Part I function is in running order, makes described interrupt handling routine firmware can by the Part I gain-of-function of described basic input-output system BIOS for carrying out the first data of safety analysis to described operating system OS and described application program.
Optionally, described safety analysis unit, specifically for:
Described interrupt handling routine firmware reads described first data by described basic input-output system BIOS; Based on described first data, detect described operating system OS and whether described application program is destroyed; When described operating system OS and/or described application program are destroyed, read described operating system OS and/or backup file corresponding to described application program by described basic input-output system BIOS; Described operating system OS and/or described application program is repaired based on described backup file.
Optionally, described acquiring unit, specifically for:
Obtain the key scan code for keyboard by the keyboard controller of described electronic equipment, and described key scan code is sent to described basic input-output system BIOS;
Described generation unit is specifically for judging by described basic input-output system BIOS whether described key scan code meets preset security strategy; When described key scan code symbol closes described preset security strategy, produce described system management interrupt SMI.
Above-mentioned one or more technical scheme in the embodiment of the present application, at least has one or more technique effects following:
1, by when operating system OS works, obtaining is used to indicate operating system OS and the security incident carrying out safety analysis based on the application program of operating system OS, and produce system management interrupt SMI based on security incident, and then the interrupt handling routine firmware that loading basic input-output system BIOS comprises is in SMRAM, carries out safety analysis by basic input-output system BIOS to operating system OS and application program.Due to the operation of basic input-output system BIOS and operating system OS completely isolated; therefore do not encroach on by the Malware in operating system OS; solve the electronic equipment technical matters that accuracy rate is low when application programs security detects in prior art; and then improve the accuracy rate of applications security detection, realize the protection to operating system OS and application program.
2, because the application is when carrying out safety analysis by basic input-output system BIOS to operating system OS and application program, the firmware controlling to have in basic input-output system BIOS Part I function is in running order, i.e. invoke section basic input-output system BIOS, instead of basic input-output system BIOS is all run, therefore, it is possible to the effective operating load reducing electronic equipment, promote the speed that electronic equipments safety is analyzed.
3, the application is when obtaining the security incident that triggering secure is analyzed, the key scan code for keyboard is obtained by keyboard controller, and key scan code is sent to basic input-output system BIOS, basic input-output system BIOS judges the security incident meeting security strategy, thus produces system management interrupt SMI.The security incident obtained due to electronic equipment is produced by keyboard, when user knocks keyboard, can triggering secure analysis in real time thus realization to the protection of operating system OS and application program; And security incident is produced by keyboard, Malware cannot be distorted, and further ensures the validity that electronic equipment is analyzed operating system OS and application security.
4, when operating system OS and/or application program are destroyed, by basic input-output system BIOS read operation system OS and/or backup file corresponding to application program, and operating system OS and/or application program is repaired based on the backup file read.Because the interrupt handling routine firmware of basic input-output system BIOS cannot by virus and Trojan discovery; can guarantee can repair successfully at every turn; and be isolate because system management interrupt SMI is operated in the system protection pattern that System Management Mode SMM and viral wooden horse run; can guarantee that repair mechanism is safe and reliable, improve the success ratio of repairing operating system OS and/or application program.
Accompanying drawing explanation
The schematic flow sheet of a kind of information processing method that Fig. 1 provides for the embodiment of the present application one;
The block diagram of a kind of electronic equipment that Fig. 2 provides for the embodiment of the present application two.
Embodiment
In the technical scheme that the embodiment of the present application provides, by being used to indicate operating system OS and the security incident triggering generation system management interrupt SMI carrying out safety analysis based on the application program of operating system OS, and by interrupt handling routine firmware loads in SMRAM, in SMRAM, by basic input-output system BIOS, safety analysis is carried out to operating system OS and application program.Due to the operation of basic input-output system BIOS and operating system OS completely isolated, do not encroach on by the Malware in operating system OS, thus the electronic equipment technical matters that accuracy rate is low when application programs security detects in solution prior art, and then improve the accuracy rate of applications security detection.
Below in conjunction with accompanying drawing, the main of the embodiment of the present application technical scheme is realized principle, embodiment and be explained in detail the beneficial effect that should be able to reach.
Embodiment one
Please refer to Fig. 1, the embodiment of the present application provides a kind of information processing method, is applied in electronic equipment, and described electronic equipment comprises basic input-output system BIOS, operating system OS and the application program based on described operating system OS, and described method comprises:
S101: when described operating system OS is in running order, obtain security incident, wherein, described security incident is used to indicate carries out safety analysis to described operating system OS and described application program;
S102: according to described security incident, produces system management interrupt SMI;
S103: respond described system management interrupt SMI, the interrupt handling routine firmware loads comprised by described basic input-output system BIOS is in SMRAM;
S104: perform described interrupt handling routine firmware in described SMRAM, carries out safety analysis by described basic input-output system BIOS to described operating system OS and described application program, realizes the protection to described operating system OS and described application program.
In specific implementation process, electronic equipment comprises basic input-output system BIOS, operating system OS and the application program based on described operating system OS, wherein operating system OS comprises system program and system software, and is nonsystematic program and third-party application software based on the application program of described operating system OS.In the hard disk that the third-party application software that electronic equipment is installed is present in electronic equipment usually and registry entry.When third-party application software installation file is in a hard disk complete, when the registry entry of third-party application software is not tampered, third-party application software can run normally on operating system OS, in order to ensure the normal operation of third-party application software and system software, performs S101.
S101: when described operating system OS is in running order, obtain security incident, wherein, described security incident is used to indicate carries out safety analysis to described operating system OS and described application program.Concrete, when operating system OS is in running order, security incident can be the key-press event on electronic equipment keyboard, also can be the specific button event on electronic equipment except keyboard.Preferably, in order to reduce the production cost of electronic equipment, using the key-press event of keyboard as security incident, now, obtaining security incident can by the key scan code of the keyboard controller acquisition of electronic equipment for keyboard, and described key scan code is sent to described basic input-output system BIOS, and continue to perform S102.
S102: according to described security incident, produces system management interrupt SMI.Concrete, system management interrupt SMI(System Management Interrupt) can the processor of trigger electronics enter System Management Mode SMM(System Management Mode), completely isolated with operation operating system OS pattern, processor is switched in an address space and Installed System Memory SMRAM be separated and runs.
In specific implementation process, produce after system management interrupt SMI can do judgement further by basic input-output system BIOS to security incident according to security incident and produce.Concrete, after the key scan code on keyboard is sent to basic input-output system BIOS by the keyboard controller of electronic equipment, basic input-output system BIOS judges whether the key scan code received meets preset security strategy, if meet preset security strategy, produces system management interrupt SMI; Otherwise the key scan code received does not meet preset security strategy and does not then produce system management interrupt SMI.Wherein, the security strategy preset can be set as required by designer, can be set to have specific button to press as F7 in key scan code; Can be set to the time interval that one or two button be pressed of taking up an official post of keyboard in key scan code does not exceed preset duration as being no more than 0.5 second yet; The combination that can also be set to specified button in key scan code is pressed, as: " ctrl "+" A ", " F
n"+" B " combination button such as+" C ", " B "+" C "+" D " is pressed.Such as: suppose that the security strategy preset in electronic equipment is the time interval that in key scan code, wantonly one or two button is pressed be no more than 0.5 second, so basic input-output system BIOS then can detect the time interval whether having two buttons to be pressed in the key scan code received and not exceed 0.5 second, if user is when knocking keyboard with the speed pressing 4 keyboards per second, the key scan code got is sent to basic input-output system BIOS by keyboard controller, so basic input-output system BIOS is less than 0.5 second in 0.25 second by detect in keyboard scancode between the time that two buttons are pressed, judge that this key scan code symbol closes security strategy, produce system management interrupt SMI so accordingly.
After S102 produces system management interrupt SMI, and then perform S103: respond described system management interrupt SMI, the interrupt handling routine firmware loads comprised by described basic input-output system BIOS is in SMRAM.Concrete, this interrupt handling routine firmware is be set in advance in the firmware in described basic input system BIOS, and when interrupt handling routine firmware performs, described basic input-output system BIOS can carry out safety analysis to operating system OS and based on the application program of operating system OS.
In order to reduce the operating load of electronics processors, improve the safety analysis speed of electronic equipment to operating system OS and the 3rd application software, the embodiment of the present application to perform while S103 or before to control to have in basic input-output system BIOS the firmware of Part I function in running order, make described interrupt handling routine firmware can by the Part I gain-of-function of described basic input-output system BIOS for carrying out the first data of safety analysis to described operating system OS and described application program.Concrete, the Part I function of input-output system BIOS is the function of input-output system BIOS reading writing harddisk and registry entry, the interrupt handling routine firmware pre-set can obtain fixed disk file required for safety analysis and registry entry by calling in basic input-output system BIOS the firmware with Part I function, namely reads the first data.
After executing and being S103, continue to perform S104: in described SMRAM, perform described interrupt handling routine firmware, carry out safety analysis by described basic input-output system BIOS to described operating system OS and described application program.
In specific implementation process, when electronic equipment carries out safety analysis by basic input-output system BIOS to described operating system OS and application program, specifically perform following steps:
The first step: interrupt handling routine firmware reads described first data by described basic input-output system BIOS, when namely performing interrupt handling routine firmware, call in basic input-output system BIOS the firmware with Part I function, read the first data: the fixed disk file required for safety analysis and registry entry, perform second step subsequently.
Second step: based on described first data, detects described operating system OS and whether described application program is destroyed.Concrete, whether detection operating system OS and the application program based on operating system OS are destroyed and mainly check whether fixed disk file lacks and whether registry entry is tampered.Now, basic input-output system BIOS inspection be not only fixed disk file and the registry entry of third-party application software, also detect fixed disk file and the registry entry of operating system OS simultaneously.Because some virus and wooden horse singly can not destroy third-party application software, also system software can be destroyed, cause some afunction or the fluctuation of service of operating system OS, so the application also carries out safety analysis by basic input-output system BIOS to operating system OS, ensure the security of operating system OS.When basic input-output system BIOS detects that the fixed disk file that operating system OS is corresponding does not lack, registry entry is not tampered, determination operation system OS is not destroyed, otherwise then determination operation system OS is destroyed; Same, when basic input-output system BIOS detects that the fixed disk file that third-party application software is corresponding does not lack, registry entry is not tampered, determine that third-party application software is not destroyed, otherwise then determine that third-party application software is destroyed.
3rd step: when described operating system OS and/or described application program are destroyed, reads described operating system OS and/or backup file corresponding to described application program by described basic input-output system BIOS.Concrete, utilize basic input-output system BIOS to the literacy of hard disk, read operating system OS in electronic equipment and/or backup file corresponding to third-party application software, in this backup file, comprise the complete file of operating system OS and/or third-party application software and the original value of registry entry and correct registration entry value.
4th step: repair described operating system OS and/or described application program based on described backup file.Concrete, when the fixed disk file disappearance of operating system OS and/or third-party application software, then from backup file, obtain the fixed disk file of disappearance, and correspondingly write position corresponding to hard disk; When the registry entry of operating system OS and/or third-party application software is tampered, from backup file, then read the original value of corresponding registry entry, the registry entry be tampered is rewritten as original value, thus repairs destroyed operating system OS and/or third-party application software.
In specific implementation process, because the reparation of basic input-output system BIOS to operating system OS and third-party application software is sightless to operating system OS and user, so electronic equipment is when going out operating system OS and/or third-party application software is destroyed by Malware by basic input-output system BIOS safety analysis, can also while repairing or electronic equipment power-on self-test time send chimes of doom notice consumer electronic devices and receive the attack of Malware, in time virus and wooden horse killing are carried out to electronic equipment to make user, thus protect the security of operating system OS and third-party application software further.
In the above-described embodiments, by when operating system OS works, obtaining is used to indicate operating system OS and the security incident carrying out safety analysis based on the application program of operating system OS, and produce system management interrupt SMI based on security incident, and then the interrupt handling routine firmware that loading basic input-output system BIOS comprises is in SMRAM, carries out safety analysis by basic input-output system BIOS to operating system OS and application program.Due to the operation of basic input-output system BIOS and operating system OS completely isolated; therefore do not encroach on by the Malware in operating system OS; solve the electronic equipment technical matters that accuracy rate is low when application programs security detects in prior art; and then improve the accuracy rate of applications security detection, realize the protection to operating system OS and application program.
Further, above-described embodiment is when obtaining the security incident that triggering secure is analyzed, the key scan code for keyboard is obtained by keyboard controller, and key scan code is sent to basic input-output system BIOS, basic input-output system BIOS judges the security incident meeting security strategy, thus produces system management interrupt SMI.The security incident obtained due to electronic equipment is produced by keyboard, when user knocks keyboard, can triggering secure analysis in real time thus realization to the protection of operating system OS and application program; And security incident is produced by keyboard, Malware cannot be distorted, and further ensures the validity that electronic equipment is analyzed operating system OS and application security.
And, above-described embodiment is when operating system OS and/or application program are destroyed, by basic input-output system BIOS read operation system OS and/or backup file corresponding to application program, and repair operating system OS and/or application program based on the backup file read.Because the interrupt handling routine firmware of basic input-output system BIOS cannot by virus and Trojan discovery; can guarantee can repair successfully at every turn; and be isolate because system management interrupt SMI is operated in the system protection pattern that System Management Mode SMM and viral wooden horse run; can guarantee that repair mechanism is safe and reliable, improve the success ratio of repairing operating system OS and/or application program.
Embodiment two
Please refer to Fig. 2, the embodiment of the present application provides a kind of electronic equipment, and this electronic equipment comprises basic input-output system BIOS, operating system OS and the application program based on described operating system OS, and described electronic equipment also comprises:
Acquiring unit 201, for when described operating system OS is in running order, obtain security incident, wherein, described security incident is used to indicate carries out safety analysis to described operating system OS and described application program;
Generation unit 202, for according to described security incident, produces system management interrupt SMI;
Loading unit 203, for responding described system management interrupt SMI, the interrupt handling routine firmware loads comprised by described basic input-output system BIOS is in SMRAM;
Safety analysis unit 204; for performing described interrupt handling routine firmware in described SMRAM; by described basic input-output system BIOS, safety analysis is carried out to described operating system OS and described application program, realize the protection to described operating system OS and described application program.
In specific implementation process, described loading unit 203 specifically for:
By described interrupt handling routine firmware loads in SMRAM, wherein, described interrupt handling routine is admittedly for being set in advance in the firmware in described basic input system BIOS, and when described interrupt handling routine firmware performs, described basic input-output system BIOS can carry out safety analysis to described operating system OS and based on the application program of described operating system OS.
In order to obtain first data of described operating system OS and described application program being carried out to safety analysis, described electronic equipment also provides:
Control module 205, for before the described interrupt handling routine firmware loads comprised by described basic input-output system BIOS is in SMRAM, the firmware controlling to have in described basic input-output system BIOS Part I function is in running order, makes described interrupt handling routine firmware can by the Part I gain-of-function of described basic input-output system BIOS for carrying out the first data of safety analysis to described operating system OS and described application program.
In specific implementation process, in order to repair destroyed described operating system OS and/or described application program, described safety analysis unit 204, specifically for:
Described interrupt handling routine firmware reads described first data by described basic input-output system BIOS; Based on described first data, detect described operating system OS and whether described application program is destroyed; When described operating system OS and/or described application program are destroyed, read described operating system OS and/or backup file corresponding to described application program by described basic input-output system BIOS; Described operating system OS and/or described application program is repaired based on described backup file.
In order to obtain triggering system management interrupt SMI, described acquiring unit 201, specifically for:
Obtain the key scan code for keyboard by the keyboard controller of described electronic equipment, and described key scan code is sent to described basic input-output system BIOS;
Described generation unit 202 is specifically for judging by described basic input-output system BIOS whether described key scan code meets preset security strategy; When described key scan code symbol closes described preset security strategy, produce described system management interrupt SMI.
Due to the virtual bench that the electronic equipment in the present embodiment is corresponding with method, so its concrete course of work has just no longer been specifically described.
By the one or more technical schemes in the embodiment of the present application, following one or more technique effect can be realized:
1, in the embodiment of the present application, by when operating system OS works, obtaining is used to indicate operating system OS and the security incident carrying out safety analysis based on the application program of operating system OS, and produce system management interrupt SMI based on security incident, and then the interrupt handling routine firmware that loading basic input-output system BIOS comprises is in SMRAM, carries out safety analysis by basic input-output system BIOS to operating system OS and application program.Due to the operation of basic input-output system BIOS and operating system OS completely isolated; therefore do not encroach on by the Malware in operating system OS; solve the electronic equipment technical matters that accuracy rate is low when application programs security detects in prior art; and then improve the accuracy rate of applications security detection, realize the protection to operating system OS and application program.
2, in the embodiment of the present application, due to when carrying out safety analysis by basic input-output system BIOS to operating system OS and application program, the firmware controlling to have in basic input-output system BIOS Part I function is in running order, i.e. invoke section basic input-output system BIOS, instead of basic input-output system BIOS is all run, therefore, it is possible to the effective operating load reducing electronic equipment, promote the speed that electronic equipments safety is analyzed.
3, in the embodiment of the present application, when obtaining the security incident that triggering secure is analyzed, the key scan code for keyboard is obtained by keyboard controller, and key scan code is sent to basic input-output system BIOS, basic input-output system BIOS judges the security incident meeting security strategy, thus produces system management interrupt SMI.The security incident obtained due to electronic equipment is produced by keyboard, when user knocks keyboard, can triggering secure analysis in real time thus realization to the protection of operating system OS and application program; And security incident is produced by keyboard, Malware cannot be distorted, and further ensures the validity that electronic equipment is analyzed operating system OS and application security.
4, in the embodiment of the present application, when operating system OS and/or application program are destroyed, by basic input-output system BIOS read operation system OS and/or backup file corresponding to application program, and repair operating system OS and/or application program based on the backup file read.Because the interrupt handling routine firmware of basic input-output system BIOS cannot by virus and Trojan discovery; can guarantee can repair successfully at every turn; and be isolate because system management interrupt SMI is operated in the system protection pattern that System Management Mode SMM and viral wooden horse run; can guarantee that repair mechanism is safe and reliable, improve the success ratio of repairing operating system OS and/or application program.
Those skilled in the art should understand, embodiments of the invention can be provided as method, system or computer program.Therefore, the present invention can adopt the form of complete hardware embodiment, completely software implementation or the embodiment in conjunction with software and hardware aspect.And the present invention can adopt in one or more form wherein including the upper computer program implemented of computer-usable storage medium (including but not limited to magnetic disk memory, CD-ROM, optical memory etc.) of computer usable program code.
The present invention describes with reference to according to the process flow diagram of the method for the embodiment of the present invention, equipment (system) and computer program and/or block scheme.Should understand can by the combination of the flow process in each flow process in computer program instructions realization flow figure and/or block scheme and/or square frame and process flow diagram and/or block scheme and/or square frame.These computer program instructions can being provided to the processor of multi-purpose computer, special purpose computer, Embedded Processor or other programmable data processing device to produce a machine, making the instruction performed by the processor of computing machine or other programmable data processing device produce device for realizing the function of specifying in process flow diagram flow process or multiple flow process and/or block scheme square frame or multiple square frame.
These computer program instructions also can be stored in can in the computer-readable memory that works in a specific way of vectoring computer or other programmable data processing device, the instruction making to be stored in this computer-readable memory produces the manufacture comprising command device, and this command device realizes the function of specifying in process flow diagram flow process or multiple flow process and/or block scheme square frame or multiple square frame.
These computer program instructions also can be loaded in computing machine or other programmable data processing device, make on computing machine or other programmable devices, to perform sequence of operations step to produce computer implemented process, thus the instruction performed on computing machine or other programmable devices is provided for the step realizing the function of specifying in process flow diagram flow process or multiple flow process and/or block scheme square frame or multiple square frame.
Obviously, those skilled in the art can carry out various change and modification to the present invention and not depart from the spirit and scope of the present invention.Like this, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.
Claims (10)
1. an information processing method, is applied in electronic equipment, and described electronic equipment comprises basic input-output system BIOS, operating system OS and the application program based on described operating system OS, and described method comprises:
When described operating system OS is in running order, obtain security incident, wherein, described security incident is used to indicate carries out safety analysis to described operating system OS and described application program;
According to described security incident, produce system management interrupt SMI;
Respond described system management interrupt SMI, the interrupt handling routine firmware loads comprised by described basic input-output system BIOS is in SMRAM;
In described SMRAM, perform described interrupt handling routine firmware, by described basic input-output system BIOS, safety analysis is carried out to described operating system OS and described application program, realize the protection to described operating system OS and described application program.
2. the method for claim 1, is characterized in that, described interrupt handling routine firmware is specially:
Be set in advance in the firmware in described basic input system BIOS, when described interrupt handling routine firmware performs, described basic input-output system BIOS can carry out safety analysis to described operating system OS and based on the application program of described operating system OS.
3. the method for claim 1, is characterized in that, before the described interrupt handling routine firmware loads comprised by described basic input-output system BIOS is in SMRAM, described method also comprises:
The firmware controlling to have in described basic input-output system BIOS Part I function is in running order, makes described interrupt handling routine firmware can by the Part I gain-of-function of described basic input-output system BIOS for carrying out the first data of safety analysis to described operating system OS and described application program.
4. method as claimed in claim 3, is characterized in that, describedly carries out safety analysis by described basic input-output system BIOS to described operating system OS and described application program, specifically comprises:
Described interrupt handling routine firmware reads described first data by described basic input-output system BIOS;
Based on described first data, detect described operating system OS and whether described application program is destroyed;
When described operating system OS and/or described application program are destroyed, read described operating system OS and/or backup file corresponding to described application program by described basic input-output system BIOS;
Described operating system OS and/or described application program is repaired based on described backup file.
5. the method as described in claim arbitrary in Claims 1 to 4, is characterized in that, described acquisition security incident, specifically comprises:
Obtain the key scan code for keyboard by the keyboard controller of described electronic equipment, and described key scan code is sent to described basic input-output system BIOS;
Described according to described security incident, produce system management interrupt SMI and comprise:
Judge whether described key scan code meets preset security strategy by described basic input-output system BIOS;
When described key scan code symbol closes described preset security strategy, produce described system management interrupt SMI.
6. an electronic equipment, this electronic equipment comprises basic input-output system BIOS, operating system OS and the application program based on described operating system OS, and described electronic equipment also comprises:
Acquiring unit, for when described operating system OS is in running order, obtain security incident, wherein, described security incident is used to indicate carries out safety analysis to described operating system OS and described application program;
Generation unit, for according to described security incident, produces system management interrupt SMI;
Loading unit, for responding described system management interrupt SMI, the interrupt handling routine firmware loads comprised by described basic input-output system BIOS is in SMRAM;
Safety analysis unit; for performing described interrupt handling routine firmware in described SMRAM; by described basic input-output system BIOS, safety analysis is carried out to described operating system OS and described application program, realize the protection to described operating system OS and described application program.
7. electronic equipment as claimed in claim 6, is characterized in that, described loading unit specifically for:
By described interrupt handling routine firmware loads in SMRAM, wherein, described interrupt handling routine is admittedly for being set in advance in the firmware in described basic input system BIOS, and when described interrupt handling routine firmware performs, described basic input-output system BIOS can carry out safety analysis to described operating system OS and based on the application program of described operating system OS.
8. electronic equipment as claimed in claim 6, it is characterized in that, described electronic equipment also comprises:
Control module, for before the described interrupt handling routine firmware loads comprised by described basic input-output system BIOS is in SMRAM, the firmware controlling to have in described basic input-output system BIOS Part I function is in running order, makes described interrupt handling routine firmware can by the Part I gain-of-function of described basic input-output system BIOS for carrying out the first data of safety analysis to described operating system OS and described application program.
9. electronic equipment as claimed in claim 8, is characterized in that, described safety analysis unit, specifically for:
Described interrupt handling routine firmware reads described first data by described basic input-output system BIOS; Based on described first data, detect described operating system OS and whether described application program is destroyed; When described operating system OS and/or described application program are destroyed, read described operating system OS and/or backup file corresponding to described application program by described basic input-output system BIOS; Described operating system OS and/or described application program is repaired based on described backup file.
10. the electronic equipment as described in claim arbitrary in claim 6 ~ 9, is characterized in that, described acquiring unit, specifically for:
Obtain the key scan code for keyboard by the keyboard controller of described electronic equipment, and described key scan code is sent to described basic input-output system BIOS;
Described generation unit is specifically for judging by described basic input-output system BIOS whether described key scan code meets preset security strategy; When described key scan code symbol closes described preset security strategy, produce described system management interrupt SMI.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310421146.9A CN104462953B (en) | 2013-09-16 | 2013-09-16 | A kind of information processing method and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310421146.9A CN104462953B (en) | 2013-09-16 | 2013-09-16 | A kind of information processing method and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104462953A true CN104462953A (en) | 2015-03-25 |
| CN104462953B CN104462953B (en) | 2018-04-27 |
Family
ID=52908978
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310421146.9A Active CN104462953B (en) | 2013-09-16 | 2013-09-16 | A kind of information processing method and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104462953B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108292339A (en) * | 2016-01-26 | 2018-07-17 | 惠普发展公司,有限责任合伙企业 | System Management Mode privilege framework |
| CN110096888A (en) * | 2019-04-18 | 2019-08-06 | 苏州浪潮智能科技有限公司 | A kind of method and system for accelerating verifying and analysis SMM security risk |
| CN111796939A (en) * | 2020-06-30 | 2020-10-20 | 联想(北京)有限公司 | Processing method and device and electronic equipment |
| CN112507399A (en) * | 2020-12-08 | 2021-03-16 | 福州富昌维控电子科技有限公司 | Firmware and user program isolation protection method and terminal |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5850559A (en) * | 1996-08-07 | 1998-12-15 | Compaq Computer Corporation | Method and apparatus for secure execution of software prior to a computer system being powered down or entering a low energy consumption mode |
| CN1403915A (en) * | 2001-09-10 | 2003-03-19 | 英业达股份有限公司 | Computer antiviral method and computer adopting the method |
| CN1754153A (en) * | 2003-03-12 | 2006-03-29 | 英特尔公司 | Policy-based response to system errors occuring during os runtime |
| CN101110054A (en) * | 2006-07-20 | 2008-01-23 | 英业达股份有限公司 | Temperature detecting method |
| CN102455939A (en) * | 2010-10-19 | 2012-05-16 | 英业达股份有限公司 | System management interrupt(SMI) mechanism |
-
2013
- 2013-09-16 CN CN201310421146.9A patent/CN104462953B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5850559A (en) * | 1996-08-07 | 1998-12-15 | Compaq Computer Corporation | Method and apparatus for secure execution of software prior to a computer system being powered down or entering a low energy consumption mode |
| CN1403915A (en) * | 2001-09-10 | 2003-03-19 | 英业达股份有限公司 | Computer antiviral method and computer adopting the method |
| CN1754153A (en) * | 2003-03-12 | 2006-03-29 | 英特尔公司 | Policy-based response to system errors occuring during os runtime |
| CN101110054A (en) * | 2006-07-20 | 2008-01-23 | 英业达股份有限公司 | Temperature detecting method |
| CN102455939A (en) * | 2010-10-19 | 2012-05-16 | 英业达股份有限公司 | System management interrupt(SMI) mechanism |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108292339A (en) * | 2016-01-26 | 2018-07-17 | 惠普发展公司,有限责任合伙企业 | System Management Mode privilege framework |
| CN108292339B (en) * | 2016-01-26 | 2022-02-11 | 惠普发展公司,有限责任合伙企业 | System management mode privilege architecture |
| CN110096888A (en) * | 2019-04-18 | 2019-08-06 | 苏州浪潮智能科技有限公司 | A kind of method and system for accelerating verifying and analysis SMM security risk |
| CN111796939A (en) * | 2020-06-30 | 2020-10-20 | 联想(北京)有限公司 | Processing method and device and electronic equipment |
| CN112507399A (en) * | 2020-12-08 | 2021-03-16 | 福州富昌维控电子科技有限公司 | Firmware and user program isolation protection method and terminal |
| CN112507399B (en) * | 2020-12-08 | 2021-09-14 | 福州富昌维控电子科技有限公司 | Firmware and user program isolation protection method and terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104462953B (en) | 2018-04-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10474819B2 (en) | Methods and systems for maintaining a sandbox for use in malware detection | |
| KR101701014B1 (en) | Reporting malicious activity to an operating system | |
| CN105468980A (en) | Security control method, device and system | |
| CN101770406A (en) | Apparatus and method for runtime integrity verification | |
| CN104636221A (en) | Method and device for processing computer system fault | |
| CN104462953A (en) | Information processing method and electronic equipment | |
| CN105260659A (en) | Kernel-level code reuse type attack detection method based on QEMU | |
| WO2015174512A1 (en) | Information-processing device, information-processing monitoring method, program, and recording medium | |
| CN102650944A (en) | Operation system security bootstrap device and bootstrap device | |
| WO2015164576A1 (en) | Method for completing a secure erase operation | |
| CN102708330B (en) | Method for preventing system from being invaded, invasion defense system and computer | |
| CN106909835A (en) | A kind of method that kernel integrity measurement is realized based on CPU space-time isolation mech isolation tests | |
| CN105447387A (en) | Trusted application detection method and apparatus based on hardware isolation environment | |
| CN113312620B (en) | Program safety detection method and device, processor chip and server | |
| JP2014075118A (en) | Information processor | |
| CN110609713A (en) | Implementation method for controlling battery to enter transportation power saving mode and electronic device | |
| CN107832606B (en) | SGX-based trust chain implementation method and system | |
| JP2013506185A (en) | Windows Kernel Modification Detection Method | |
| CN104462942A (en) | Method and system for detecting trusted user input/output interface of mobile terminal | |
| CN113282923B (en) | Remote control method, computing device and storage medium | |
| WO2015114741A1 (en) | Diagnostic method for information processing device, diagnostic program for information processing device, and information processing device | |
| KR20110057297A (en) | Dynamic analyzing system for malicious bot and methods therefore | |
| CN111382416B (en) | Application program operation identification method and device, terminal equipment and storage medium | |
| KR20180019594A (en) | And apparatus for protecting the program counter structure of a processor system and for monitoring the processing of an interrupt request | |
| CN109388948B (en) | Virtualization technology-based potential malware analysis method and related device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |