CN104462953B - A kind of information processing method and electronic equipment - Google Patents
A kind of information processing method and electronic equipment Download PDFInfo
- Publication number
- CN104462953B CN104462953B CN201310421146.9A CN201310421146A CN104462953B CN 104462953 B CN104462953 B CN 104462953B CN 201310421146 A CN201310421146 A CN 201310421146A CN 104462953 B CN104462953 B CN 104462953B
- Authority
- CN
- China
- Prior art keywords
- operating system
- basic input
- application program
- bios
- output system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a kind of information processing method and electronic equipment, this method is applied in electronic equipment, which, which includes basic input-output system BIOS, operating system OS and the application program based on operating system OS, this method, includes:When operating system OS is in running order, security incident is obtained, wherein security incident is used to indicate to carry out safety analysis to operating system OS and application program;According to security incident generation system management interrupt SMI;The interrupt handling routine firmware loads that response system management interrupt includes basic input-output system BIOS are into SMRAM;Interrupt handling routine firmware is performed in SMRAM, safety analysis is carried out to operating system OS and application program by basic input-output system BIOS.In the above-mentioned technical solutions, safety analysis is carried out to operating system and application program by BIOS, solves electronic equipment low technical problem of accuracy rate when being detected to applications security in the prior art, so as to fulfill the protection to operating system and application program.
Description
Technical field
The present invention relates to electronic technology field, the method and electronic equipment of more particularly to a kind of information processing.
Background technology
With the continuous development of scientific technology, the function of electronic equipment is stronger and stronger, the application software that can be installed
It is more and more.Mounted application software is present in hard disk and registry entry, easily lacks and is maliciously tampered, in order to ensure
The normal operation of each application software is, it is necessary to which electronic equipment detects and repairs destroyed application software.
In the prior art, electronic equipment passes through operating system OS(Operating System)Real-time guard application software
File, file and registry entry are not tampered, meanwhile, detect and repair destroyed application software.
But present inventor has found that the prior art is deposited during technical solution in realizing the embodiment of the present application
In, since the rogue programs such as virus, wooden horse are easily run on operating system OS, operating system OS is hindered to application security
Property detection, cause electronic equipment low to the safety detection accuracy rate of application program, in addition can not detect it is destroyed should
With program, it is even more impossible to repair destroyed application program.It can be seen that electronic equipment is examined to applications security in the prior art
There are the technical problem that accuracy rate is low during survey.
The content of the invention
The embodiment of the present invention provides a kind of information processing method and electronic equipment, for solving electronic equipment in the prior art
The low technical problem of accuracy rate when being detected to applications security, improves the accuracy rate of applications security detection.
The embodiment of the present application provides a kind of information processing method, and applied in electronic equipment, the electronic equipment includes base
This input-output system BIOS, operating system OS and the application program based on the operating system OS, the described method includes:
When the operating system OS is in running order, security incident is obtained, wherein, the security incident is used to indicate
Safety analysis is carried out to the operating system OS and the application program;
According to the security incident, generation system management interrupt SMI;
Respond the system management interrupt SMI, the interrupt handling routine that the basic input-output system BIOS is included
Firmware loads are into SMRAM;
The interrupt handling routine firmware is performed in the SMRAM, passes through the basic input-output system BIOS pair
The operating system OS and the application program carry out safety analysis, realize to the operating system OS and the application program
Protection.
Optionally, the interrupt handling routine firmware is specially:
The firmware being set in advance in the basic input system BIOS, when the interrupt handling routine firmware performs when institute
State basic input-output system BIOS can to the operating system OS and the application program based on the operating system OS into
Row safety analysis.
Optionally, arrived in the interrupt handling routine firmware loads for including the basic input-output system BIOS
Before in SMRAM, the method further includes:
Controlling has the function of that the firmware of Part I is in running order in the basic input-output system BIOS so that
The interrupt handling routine firmware can by the Part I gain-of-function of the basic input-output system BIOS be used for pair
The operating system OS and the application program carry out the first data of safety analysis.
Optionally, it is described by the basic input-output system BIOS to the operating system OS and the application program
Safety analysis is carried out, is specifically included:
The interrupt handling routine firmware reads first data by the basic input-output system BIOS;
Based on first data, detect the operating system OS and whether the application program is destroyed;
As the operating system OS and/or the destroyed application program, pass through the basic input output system
BIOS reads the operating system OS and/or the corresponding backup file of the application program;
The operating system OS and/or the application program are repaired based on the backup file.
Optionally, the acquisition security incident, specifically includes:
Key scan code for keyboard is obtained by the keyboard controller of the electronic equipment, and by the button
Scan code is sent to the basic input-output system BIOS;
It is described to be included according to the security incident, generation system management interrupt SMI:
Judge whether the key scan code meets default security strategy by the basic input-output system BIOS;
When the key scan code symbol closes the default security strategy, the system management interrupt SMI is produced.
The embodiment of the present application also provides a kind of electronic equipment, which includes basic input-output system BIOS, behaviour
Make system OS and the application program based on the operating system OS, the electronic equipment further include:
Acquiring unit, for when the operating system OS is in running order, obtaining security incident, wherein, the peace
Total event is used to indicate to carry out safety analysis to the operating system OS and the application program;
Generation unit, for according to the security incident, generation system management interrupt SMI;
Loading unit, for responding the system management interrupt SMI, the basic input-output system BIOS is included
Interrupt handling routine firmware loads are into SMRAM;
Safety analysis unit, for performing the interrupt handling routine firmware in the SMRAM, by described substantially defeated
Enter output system BIOS and safety analysis is carried out to the operating system OS and the application program, realize to the operating system OS
With the protection of the application program.
Optionally, the loading unit is specifically used for:
By the interrupt handling routine firmware loads into SMRAM, wherein, the solid interrupt handling routine is to pre-set
Firmware in the basic input system BIOS, the basic input and output system when the interrupt handling routine firmware performs
Unite BIOS can to the operating system OS and the application program based on the operating system OS carry out safety analysis.
Optionally, the electronic equipment further includes:
Control unit, for adding in the interrupt handling routine firmware for including the basic input-output system BIOS
Before being downloaded in SMRAM, controlling has the function of Part I firmware in the basic input-output system BIOS is in work
State so that the interrupt handling routine firmware can be obtained by the Part I function of the basic input-output system BIOS
It must be used for the first data that safety analysis is carried out to the operating system OS and the application program.
Optionally, the safety analysis unit, is specifically used for:
The interrupt handling routine firmware reads first data by the basic input-output system BIOS;It is based on
First data, detect the operating system OS and whether the application program is destroyed;As the operating system OS and/or
When the application program is destroyed, the operating system OS and/or described is read by the basic input-output system BIOS
The corresponding backup file of application program;The operating system OS and/or the application program are repaired based on the backup file.
Optionally, the acquiring unit, is specifically used for:
Key scan code for keyboard is obtained by the keyboard controller of the electronic equipment, and by the button
Scan code is sent to the basic input-output system BIOS;
The generation unit is specifically used for judging that the key scan code is by the basic input-output system BIOS
It is no to meet default security strategy;When the key scan code symbol closes the default security strategy, produce in the system administration
Disconnected SMI.
Said one or multiple technical solutions in the embodiment of the present application, at least have following one or more technology effects
Fruit:
1st, it is used to indicate to answer to operating system OS and based on operating system OS by when operating system OS works, obtaining
The security incident of safety analysis is carried out with program, and based on security incident come generation system management interrupt SMI, and then load basic
The interrupt handling routine firmware that input-output system BIOS is included is into SMRAM, by basic input-output system BIOS to behaviour
Make system OS and application program carries out safety analysis.Operation and operating system OS due to basic input-output system BIOS is complete
Isolation, thus from operating system OS Malware infringement, solve in the prior art electronic equipment to application program
Accuracy rate low technical problem during safety detection, and then the accuracy rate of applications security detection is improved, realize to operation
The protection of system OS and application program.
2nd, since the application is carrying out safety by basic input-output system BIOS to operating system OS and application program
During analysis, controlling in basic input-output system BIOS has the function of that the firmware of Part I is in running order, i.e. calling portion
Divide basic input-output system BIOS, rather than basic input-output system BIOS is all run, therefore can effectively subtract
The operating load of small electronic appliances, the speed of lifting electronic equipments safety analysis.
3rd, the application is obtained by keyboard controller when obtaining the security incident of triggering safety analysis and is directed to keyboard
Key scan code, and key scan code is sent to basic input-output system BIOS, basic input-output system BIOS is sentenced
Break and to meet the security incident of security strategy, so that generation system management interrupt SMI.The security incident obtained due to electronic equipment
Produced by keyboard, when user taps keyboard, can trigger safety analysis in real time is so as to fulfill to operation
The protection for OS and the application program of uniting;And security incident is produced by keyboard, Malware can not be distorted, and further ensure
The validity that electronic equipment analyzes operating system OS and application security.
4th, in operating system OS and/or destroyed application program, basic input-output system BIOS read operation is passed through
System OS and/or the corresponding backup file of application program, and the backup file repair operation system OS based on reading and/or application
Program.Since the interrupt handling routine firmware of basic input-output system BIOS can not be by virus and Trojan discovery, it can be ensured that
Success can be repaired every time, and since system management interrupt SMI is operated in System Management Mode SMM and viral wooden horse operation
System protection pattern is isolation, it can be ensured that repair mechanism is safe and reliable, improves and repairs operating system OS and/or using journey
The success rate of sequence.
Brief description of the drawings
Fig. 1 is a kind of flow diagram for information processing method that the embodiment of the present application one provides;
Fig. 2 is the block diagram for a kind of electronic equipment that the embodiment of the present application two provides.
Embodiment
In technical solution provided by the embodiments of the present application, by for indicating to operating system OS and based on operating system
The application program of OS carries out the security incident triggering generation system management interrupt SMI of safety analysis, and interrupt handling routine is consolidated
Part is loaded into SMRAM, and operating system OS and application program are pacified by basic input-output system BIOS in SMRAM
Complete analysis.Operation and operating system OS due to basic input-output system BIOS is completely isolated, from operating system OS
Malware is encroached on, so as to solve electronic equipment low technology of accuracy rate when being detected to applications security in the prior art
Problem, and then improve the accuracy rate of applications security detection.
Below in conjunction with the accompanying drawings to main realization principle, embodiment and its correspondence of the embodiment of the present application technical solution
The beneficial effect that can reach is explained in detail.
Embodiment one
Please referring to Fig.1, the embodiment of the present application provides a kind of information processing method, applied in electronic equipment, the electronics
Equipment includes basic input-output system BIOS, operating system OS and the application program based on the operating system OS, described
Method includes:
S101:When the operating system OS is in running order, security incident is obtained, wherein, the security incident is used
Safety analysis is carried out to the operating system OS and the application program in instruction;
S102:According to the security incident, generation system management interrupt SMI;
S103:Respond the system management interrupt SMI, the interrupt processing that the basic input-output system BIOS is included
Program firmware loads are into SMRAM;
S104:The interrupt handling routine firmware is performed in the SMRAM, passes through the basic input output system
BIOS carries out safety analysis to the operating system OS and the application program, realizes to the operating system OS and the application
The protection of program.
In specific implementation process, electronic equipment includes basic input-output system BIOS, operating system OS and is based on
The application program of the operating system OS, wherein operating system OS include system program, that is, system software, and are based on the operation
The application program of system OS is nonsystematic program, that is, third-party application software.The third-party application software installed on electronic equipment leads to
It is normally present in the hard disk and registry entry of electronic equipment.When the installation file of third-party application software in a hard disk is complete,
When the registry entry of tripartite's application software is not tampered with, third-party application software can normally be run on operating system OS,
In order to ensure the normal operation of third-party application software and system software, S101 is performed.
S101:When the operating system OS is in running order, security incident is obtained, wherein, the security incident is used
Safety analysis is carried out to the operating system OS and the application program in instruction.Specifically, it is in work in operating system OS
During state, security incident can be on the key-press event on electronic equipment keyboard or electronic equipment in addition to keyboard
Specific button event.Preferably, in order to reduce the production cost of electronic equipment, using the key-press event of keyboard as security incident,
At this time, the key scan code for being directed to keyboard can be obtained by the keyboard controller of electronic equipment by obtaining security incident, and
The key scan code is sent to the basic input-output system BIOS, and continues to execute S102.
S102:According to the security incident, generation system management interrupt SMI.Specifically, system management interrupt SMI
(System Management Interrupt)The processor that electronic equipment can be triggered enters System Management Mode SMM
(System Management Mode), with operation operating system OS patterns it is completely isolated, processor be switched to one it is separated
Run in address space, that is, Installed System Memory SMRAM.
In specific implementation process, basic input and output can be passed through according to security incident generation system management interrupt SMI
System bios produce after being determined whether to security incident.Specifically, electronic equipment keyboard controller by keyboard
Key scan code is sent to after basic input-output system BIOS, and basic input-output system BIOS judges the button received
Whether scan code meets default security strategy, the generation system management interrupt SMI if default security strategy is met;Conversely, receive
To key scan code do not meet default security strategy then not generation system management interrupt SMI.Wherein, default security strategy can
To be set as needed by designer, could be provided as having in key scan code specifically by key pressing such as F7;Also may be used
Such as it is no more than without departing from preset duration with being arranged to the time interval that one or two of button be pressed of taking up an official post of keyboard in key scan code
0.5 second;The combination that may be arranged as specified button in key scan code is pressed, such as:“ctrl”+“A”、“Fn”+“B”+
The combination buttons such as " C ", " B "+" C "+" D " are pressed.Such as:Assuming that default security strategy is key scan code in electronic equipment
In the time interval that is pressed of wantonly one or two of button be no more than 0.5 second, then basic input-output system BIOS can then be detected and connect
Whether time interval that two buttons be pressed is had in received key scan code without departing from 0.5 second, if user presses with per second
When the speed of lower 4 keyboards taps keyboard, keyboard controller the key scan code got is sent to input substantially it is defeated
Go out system bios, then basic input-output system BIOS will be detected between two buttons are pressed in keyboard scancode time
It is less than 0.5 second within 0.25 second, judges that the key scan code symbol closes security strategy, then corresponding generation system management interrupt SMI.
After S102 generation system management interrupts SMI, S103 is and then performed:The system management interrupt SMI is responded,
The interrupt handling routine firmware loads that the basic input-output system BIOS is included are into SMRAM.Specifically, at the interruption
Reason program firmware is the firmware being set in advance in the basic input system BIOS, when interrupt handling routine firmware performs when institute
State basic input-output system BIOS can to operating system OS and the application program based on operating system OS carry out safety point
Analysis.
In order to reduce the operating load of electronics processors, it is soft to the applications of operating system OS and the 3rd to improve electronic equipment
The safety analysis speed of part, the embodiment of the present application while S103 is performed or before control basic input-output system BIOS in
Have the function of that the firmware of Part I is in running order so that the interrupt handling routine firmware can be by described substantially defeated
The Part I gain-of-function for entering output system BIOS is used to carry out safety point to the operating system OS and the application program
First data of analysis.Specifically, the Part I function of input-output system BIOS is input-output system BIOS reading writing harddisks
With the function of registry entry, pre-set interrupt handling routine firmware can be by calling in basic input-output system BIOS
There is the firmware of Part I to obtain the required fixed disk file of safety analysis and registry entry, that is, read the first number
According to.
After having performed and being S103, S104 is continued to execute:The interrupt handling routine is performed in the SMRAM to consolidate
Part, safety analysis is carried out by the basic input-output system BIOS to the operating system OS and the application program.
In specific implementation process, electronic equipment to the operating system OS and is answered by basic input-output system BIOS
Following steps are specifically performed when carrying out safety analysis with program:
The first step:Interrupt handling routine firmware reads first data by the basic input-output system BIOS,
When performing interrupt handling routine firmware, calling in basic input-output system BIOS has the function of the firmware of Part I, reads
Take the first data:The required fixed disk file of safety analysis and registry entry, then perform second step.
Second step:Based on first data, detect the operating system OS and whether the application program is destroyed.Tool
Body, detect operating system OS and whether the whether destroyed main inspection fixed disk file of application program based on operating system OS lacks
Lose and whether registry entry is tampered.At this time, basic input-output system BIOS inspection is not only third-party application software
Fixed disk file and registry entry, while also detect the fixed disk file and registry entry of operating system OS.Because some virus and
Wooden horse can singly not destroy third-party application software, can also destroy system software, cause operating system OS some afunction or
Fluctuation of service, so the application also carries out safety analysis by basic input-output system BIOS to operating system OS, ensures
The security of operating system OS.When basic input-output system BIOS detects that the corresponding fixed disk files of operating system OS do not lack
When mistake, registry entry are not tampered with, determine that operating system OS is not destroyed, on the contrary then definite operating system OS is destroyed;Equally
, basic input-output system BIOS detect the corresponding fixed disk file of third-party application software do not lack, registry entry not by
When distorting, determine that third-party application software is not destroyed, on the contrary then definite third-party application software is destroyed.
3rd step:As the operating system OS and/or the destroyed application program, pass through the basic input and output
System bios read the operating system OS and/or the corresponding backup file of the application program.Specifically, utilize basic input
Output system BIOS reads operating system OS and/or third-party application software in electronic equipment and corresponds to the literacy of hard disk
Backup file, complete file and registry entry comprising operating system OS and/or third-party application software in the backup file
Original value, that is, correct registration entry value.
4th step:The operating system OS and/or the application program are repaired based on the backup file.Specifically, work as
When the fixed disk file of operating system OS and/or third-party application software lacks, then the hard disk text of missing is obtained from backup file
Part, and accordingly write the corresponding position of hard disk;When the registry entry of operating system OS and/or third-party application software are tampered
When, then the original value of corresponding registry entry is read from backup file, the registry entry being tampered is rewritten as original value, so that
Repair destroyed operating system OS and/or third-party application software.
In specific implementation process, since basic input-output system BIOS is to operating system OS and third-party application software
Reparation be sightless to operating system OS and user, so electronic equipment is pacified by basic input-output system BIOS
Complete analysis goes out operating system OS and/or when third-party application software is destroyed by Malware, can also be while repairing or electricity
The attack that alarm notice consumer electronic devices receive Malware is sent during sub- device power self-test, so that user is right in time
Electronic equipment carries out virus and wooden horse killing, so as to further protect the security of operating system OS and third-party application software.
In the above-described embodiments, it is used to indicate to operating system OS and be based on by when operating system OS works, obtaining
The application program of operating system OS carries out the security incident of safety analysis, and based on security incident come generation system management interrupt
SMI, and then interrupt handling routine firmware that basic input-output system BIOS includes is loaded into SMRAM, by inputting substantially
Output system BIOS carries out safety analysis to operating system OS and application program.Due to the operation of basic input-output system BIOS
It is completely isolated with operating system OS, therefore from the Malware infringement in operating system OS, solve electronics in the prior art
Equipment low technical problem of accuracy rate when being detected to applications security, and then improve the standard of applications security detection
True rate, realizes the protection to operating system OS and application program.
Further, above-described embodiment is obtained when obtaining the security incident of triggering safety analysis by keyboard controller
Basic input-output system BIOS is sent to for the key scan code of keyboard, and by key scan code, is inputted substantially defeated
Go out the security incident that system bios are judged to meet security strategy, so that generation system management interrupt SMI.Since electronic equipment obtains
Security incident produced by keyboard, user tap keyboard when, can trigger in real time safety analysis so as to
Realize the protection to operating system OS and application program;And security incident is produced by keyboard, Malware can not be distorted,
Further ensure the validity that electronic equipment analyzes operating system OS and application security.
Also, above-described embodiment passes through basic input output system in operating system OS and/or destroyed application program
BIOS read operation system OS and/or the corresponding backup file of application program, and the backup file repair operation system based on reading
System OS and/or application program.Since the interrupt handling routine firmware of basic input-output system BIOS can not be by virus and wooden horse
It was found that, it can be ensured that can repair success every time, and due to system management interrupt SMI be operated in System Management Mode SMM with
The system protection pattern of viral wooden horse operation is isolation, it can be ensured that repair mechanism is safe and reliable, improves reparation operation system
The success rate for OS and/or the application program of uniting.
Embodiment two
Please refer to Fig.2, the embodiment of the present application provides a kind of electronic equipment, which includes basic input output system
BIOS, operating system OS and the application program based on the operating system OS, the electronic equipment further include:
Acquiring unit 201, for when the operating system OS is in running order, obtaining security incident, wherein, it is described
Security incident is used to indicate to carry out safety analysis to the operating system OS and the application program;
Generation unit 202, for according to the security incident, generation system management interrupt SMI;
Loading unit 203, for responding the system management interrupt SMI, by the basic input-output system BIOS bag
The interrupt handling routine firmware loads contained are into SMRAM;
Safety analysis unit 204, for performing the interrupt handling routine firmware in the SMRAM, passes through the base
This input-output system BIOS carries out safety analysis to the operating system OS and the application program, realizes to the operation system
The protection for OS and the application program of uniting.
In specific implementation process, the loading unit 203 is specifically used for:
By the interrupt handling routine firmware loads into SMRAM, wherein, the solid interrupt handling routine is to pre-set
Firmware in the basic input system BIOS, the basic input and output system when the interrupt handling routine firmware performs
Unite BIOS can to the operating system OS and the application program based on the operating system OS carry out safety analysis.
In order to obtain the first data that safety analysis is carried out to the operating system OS and the application program, the electronics
Equipment also provides:
Control unit 205, for consolidating in the interrupt handling routine for including the basic input-output system BIOS
Before part is loaded into SMRAM, controlling has the function of Part I firmware in the basic input-output system BIOS is in
Working status so that the interrupt handling routine firmware can pass through the Part I work(of the basic input-output system BIOS
The first data for being used for that safety analysis to be carried out to the operating system OS and the application program can be obtained.
It is described in order to repair the destroyed operating system OS and/or the application program in specific implementation process
Safety analysis unit 204, is specifically used for:
The interrupt handling routine firmware reads first data by the basic input-output system BIOS;It is based on
First data, detect the operating system OS and whether the application program is destroyed;As the operating system OS and/or
When the application program is destroyed, the operating system OS and/or described is read by the basic input-output system BIOS
The corresponding backup file of application program;The operating system OS and/or the application program are repaired based on the backup file.
In order to obtain triggering system management interrupt SMI, the acquiring unit 201, is specifically used for:
Key scan code for keyboard is obtained by the keyboard controller of the electronic equipment, and by the button
Scan code is sent to the basic input-output system BIOS;
The generation unit 202 is specifically used for judging the key scan code by the basic input-output system BIOS
Whether default security strategy is met;When the key scan code symbol closes the default security strategy, the system administration is produced
Interrupt SMI.
It is virtual bench corresponding with method by electronic equipment in this present embodiment, so, its specific course of work
Just no longer it is specifically described.
Pass through one or more of the embodiment of the present application technical solution, it is possible to achieve following one or more technology effect
Fruit:
1st, in the embodiment of the present application, by when operating system OS works, obtaining and being used to indicate to operating system OS and base
The security incident of safety analysis is carried out in the application program of operating system OS, and based on security incident come generation system management interrupt
SMI, and then interrupt handling routine firmware that basic input-output system BIOS includes is loaded into SMRAM, by inputting substantially
Output system BIOS carries out safety analysis to operating system OS and application program.Due to the operation of basic input-output system BIOS
It is completely isolated with operating system OS, therefore from the Malware infringement in operating system OS, solve electronics in the prior art
Equipment low technical problem of accuracy rate when being detected to applications security, and then improve the standard of applications security detection
True rate, realizes the protection to operating system OS and application program.
2nd, in the embodiment of the present application, due to by basic input-output system BIOS to operating system OS and application program
When carrying out safety analysis, controlling in basic input-output system BIOS has the function of that the firmware of Part I is in running order,
That is calling section basic input-output system BIOS, rather than basic input-output system BIOS is all run, therefore can
The effective operating load for reducing electronic equipment, the speed of lifting electronic equipments safety analysis.
3rd, in the embodiment of the present application, when obtaining the security incident of triggering safety analysis, pin is obtained by keyboard controller
Basic input-output system BIOS, basic input and output are sent to the key scan code of keyboard, and by key scan code
System bios judge the security incident for meeting security strategy, so that generation system management interrupt SMI.Since electronic equipment obtains
Security incident produced by keyboard, when user taps keyboard, safety analysis can be triggered in real time so as to reality
Now to the protection of operating system OS and application program;And security incident is produced by keyboard, Malware can not be distorted, into
One step ensure that the validity that electronic equipment analyzes operating system OS and application security.
4th, in the embodiment of the present application, in operating system OS and/or destroyed application program, basic input and output system is passed through
System BIOS read operation system OS and/or the corresponding backup file of application program, and the backup file repair operation based on reading
System OS and/or application program.Since the interrupt handling routine firmware of basic input-output system BIOS can not be by virus and wood
Horse finds, it can be ensured that success can be repaired every time, and since system management interrupt SMI is operated in System Management Mode SMM
Isolate with the system protection pattern of viral wooden horse operation, it can be ensured that repair mechanism is safe and reliable, improves reparation operation
The success rate of system OS and/or application program.
It should be understood by those skilled in the art that, the embodiment of the present invention can be provided as method, system or computer program
Product.Therefore, the present invention can use the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Apply the form of example.Moreover, the present invention can use the computer for wherein including computer usable program code in one or more
Usable storage medium(Including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)The computer program production of upper implementation
The form of product.
The present invention be with reference to according to the method for the embodiment of the present invention, equipment(System)And the flow of computer program product
Figure and/or block diagram describe.It should be understood that it can be realized by computer program instructions every first-class in flowchart and/or the block diagram
The combination of flow and/or square frame in journey and/or square frame and flowchart and/or the block diagram.These computer programs can be provided
The processors of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that the instruction performed by computer or the processor of other programmable data processing devices, which produces, to be used in fact
The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to
Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, thus in computer or
The instruction performed on other programmable devices is provided and is used for realization in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in a square frame or multiple square frames.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art
God and scope.In this way, if these modifications and changes of the present invention belongs to the scope of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to comprising including these modification and variations.
Claims (10)
1. a kind of information processing method, applied in electronic equipment, the electronic equipment include basic input-output system BIOS,
Operating system OS and the application program based on the operating system OS, the described method includes:
When the operating system OS is in running order, security incident is obtained, wherein, the security incident is used to indicate to institute
State operating system OS and the application program carries out safety analysis;The security incident is produced by keyboard;
According to the security incident, generation system management interrupt SMI;
The system management interrupt SMI is responded, the interrupt handling routine firmware that the basic input-output system BIOS is included
It is loaded into SMRAM;
The interrupt handling routine firmware is performed in the SMRAM, by the basic input-output system BIOS to described
Operating system OS and the application program carry out safety analysis, realize the guarantor to the operating system OS and the application program
Shield.
2. the method as described in claim 1, it is characterised in that the interrupt handling routine firmware is specially:
The firmware being set in advance in the basic input system BIOS, the base when the interrupt handling routine firmware performs
This input-output system BIOS can be to the operating system OS and the application program based on the operating system OS is pacified
Complete analysis.
3. the method as described in claim 1, it is characterised in that include the basic input-output system BIOS described
Before interrupt handling routine firmware loads are into SMRAM, the method further includes:
Controlling has the function of that the firmware of Part I is in running order in the basic input-output system BIOS so that described
Interrupt handling routine firmware can be used for described by the Part I gain-of-function of the basic input-output system BIOS
Operating system OS and the application program carry out the first data of safety analysis.
4. method as claimed in claim 3, it is characterised in that it is described by the basic input-output system BIOS to described
Operating system OS and the application program carry out safety analysis, specifically include:
The interrupt handling routine firmware reads first data by the basic input-output system BIOS;
Based on first data, detect the operating system OS and whether the application program is destroyed;
As the operating system OS and/or the destroyed application program, read by the basic input-output system BIOS
Take the operating system OS and/or the corresponding backup file of the application program;
The operating system OS and/or the application program are repaired based on the backup file.
5. the method as described in any claim in Claims 1 to 4, it is characterised in that the acquisition security incident, specific bag
Include:
Key scan code for keyboard is obtained by the keyboard controller of the electronic equipment, and by the key scan
Code is sent to the basic input-output system BIOS;
It is described to be included according to the security incident, generation system management interrupt SMI:
Judge whether the key scan code meets default security strategy by the basic input-output system BIOS;
When the key scan code symbol closes the default security strategy, the system management interrupt SMI is produced.
6. a kind of electronic equipment, which includes basic input-output system BIOS, operating system OS and based on described
The application program of operating system OS, the electronic equipment further include:
Acquiring unit, for when the operating system OS is in running order, obtaining security incident, wherein, the safe thing
Part is used to indicate to carry out safety analysis to the operating system OS and the application program;The security incident is produced by keyboard
It is raw;
Generation unit, for according to the security incident, generation system management interrupt SMI;
Loading unit, for responding the system management interrupt SMI, the interruption that the basic input-output system BIOS is included
Processing routine firmware loads are into SMRAM;
Safety analysis unit, for performing the interrupt handling routine firmware in the SMRAM, by it is described input substantially it is defeated
Go out system bios and safety analysis is carried out to the operating system OS and the application program, realize to the operating system OS and institute
State the protection of application program.
7. electronic equipment as claimed in claim 6, it is characterised in that the loading unit is specifically used for:
By the interrupt handling routine firmware loads into SMRAM, wherein, the interrupt handling routine is solid to be set in advance in
The firmware in basic input system BIOS is stated, the basic input output system when the interrupt handling routine firmware performs
BIOS can to the operating system OS and the application program based on the operating system OS carry out safety analysis.
8. electronic equipment as claimed in claim 6, it is characterised in that the electronic equipment further includes:
Control unit, for being arrived in the interrupt handling routine firmware loads for including the basic input-output system BIOS
Before in SMRAM, controlling has the function of that the firmware of Part I is in running order in the basic input-output system BIOS,
The interrupt handling routine firmware is used by the Part I gain-of-function of the basic input-output system BIOS
In the first data that safety analysis is carried out to the operating system OS and the application program.
9. electronic equipment as claimed in claim 8, it is characterised in that the safety analysis unit, is specifically used for:
The interrupt handling routine firmware reads first data by the basic input-output system BIOS;Based on described
First data, detect the operating system OS and whether the application program is destroyed;As the operating system OS and/or described
When application program is destroyed, the operating system OS and/or the application are read by the basic input-output system BIOS
The corresponding backup file of program;The operating system OS and/or the application program are repaired based on the backup file.
10. the electronic equipment as described in any claim in claim 6~9, it is characterised in that the acquiring unit is specific to use
In:
Key scan code for keyboard is obtained by the keyboard controller of the electronic equipment, and by the key scan
Code is sent to the basic input-output system BIOS;
The generation unit is specifically used for judging whether the key scan code accords with by the basic input-output system BIOS
Close default security strategy;When the key scan code symbol closes the default security strategy, the system management interrupt is produced
SMI。
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310421146.9A CN104462953B (en) | 2013-09-16 | 2013-09-16 | A kind of information processing method and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310421146.9A CN104462953B (en) | 2013-09-16 | 2013-09-16 | A kind of information processing method and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104462953A CN104462953A (en) | 2015-03-25 |
| CN104462953B true CN104462953B (en) | 2018-04-27 |
Family
ID=52908978
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310421146.9A Active CN104462953B (en) | 2013-09-16 | 2013-09-16 | A kind of information processing method and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104462953B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108292339B (en) * | 2016-01-26 | 2022-02-11 | 惠普发展公司,有限责任合伙企业 | System management mode privilege architecture |
| CN110096888B (en) * | 2019-04-18 | 2021-02-09 | 苏州浪潮智能科技有限公司 | Method and system for accelerating verification and analyzing SMM potential safety hazard |
| CN111796939B (en) * | 2020-06-30 | 2024-05-24 | 联想(北京)有限公司 | Processing method and device and electronic equipment |
| CN112507399B (en) * | 2020-12-08 | 2021-09-14 | 福州富昌维控电子科技有限公司 | Firmware and user program isolation protection method and terminal |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5850559A (en) * | 1996-08-07 | 1998-12-15 | Compaq Computer Corporation | Method and apparatus for secure execution of software prior to a computer system being powered down or entering a low energy consumption mode |
| CN1403915A (en) * | 2001-09-10 | 2003-03-19 | 英业达股份有限公司 | Computer antiviral method and computer adopting the method |
| CN1754153A (en) * | 2003-03-12 | 2006-03-29 | 英特尔公司 | Policy-based response to system errors occuring during os runtime |
| CN101110054A (en) * | 2006-07-20 | 2008-01-23 | 英业达股份有限公司 | Temperature detecting method |
| CN102455939A (en) * | 2010-10-19 | 2012-05-16 | 英业达股份有限公司 | System management interrupt(SMI) mechanism |
-
2013
- 2013-09-16 CN CN201310421146.9A patent/CN104462953B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5850559A (en) * | 1996-08-07 | 1998-12-15 | Compaq Computer Corporation | Method and apparatus for secure execution of software prior to a computer system being powered down or entering a low energy consumption mode |
| CN1403915A (en) * | 2001-09-10 | 2003-03-19 | 英业达股份有限公司 | Computer antiviral method and computer adopting the method |
| CN1754153A (en) * | 2003-03-12 | 2006-03-29 | 英特尔公司 | Policy-based response to system errors occuring during os runtime |
| CN101110054A (en) * | 2006-07-20 | 2008-01-23 | 英业达股份有限公司 | Temperature detecting method |
| CN102455939A (en) * | 2010-10-19 | 2012-05-16 | 英业达股份有限公司 | System management interrupt(SMI) mechanism |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104462953A (en) | 2015-03-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Wang et al. | Malicious firmware detection with hardware performance counters | |
| CN104462953B (en) | A kind of information processing method and electronic equipment | |
| CN107145782B (en) | Abnormal application program identification method, mobile terminal and server | |
| KR20150106941A (en) | Profiling code execution | |
| CN106682497A (en) | System and method of secure execution of code in hypervisor mode | |
| CN110048997A (en) | The security system and method for handling failure injection attacks | |
| JP2009509212A5 (en) | ||
| CN109379373A (en) | A kind of cloud security assessment system and method | |
| CN106611122A (en) | Virtual execution-based unknown malicious program offline detection system | |
| CN102650944A (en) | Operation system security bootstrap device and bootstrap device | |
| CN105930726B (en) | A kind of processing method and user terminal of malicious operation behavior | |
| CN102012988A (en) | Automatic binary unwanted code behavior analysis method | |
| CN104205113A (en) | Reporting malicious activity to operating system | |
| CN105930728B (en) | A kind of application checking method and device | |
| CN110866255A (en) | Intelligent contract vulnerability detection method | |
| CN111753301B (en) | File attack-free detection method and device, electronic equipment and medium | |
| CN102708330A (en) | Method for preventing system from being invaded, invasion defense system and computer | |
| US20170185770A1 (en) | System and method for detecting activities within a bootstrap of a computerized device based on monitoring of power consumption | |
| US20130326627A1 (en) | Apparatus and method for detecting vulnerability | |
| CN105653908B (en) | A kind of implicit anti-debug guard method | |
| CN107944268A (en) | A kind of host security defense method for HID keyboard attacks | |
| CN106569907A (en) | System start-up file verifying and compiling method | |
| CN106203119B (en) | Hide processing method, device and the electronic equipment of cursor | |
| CN104462942A (en) | Method and system for detecting trusted user input/output interface of mobile terminal | |
| KR20110032731A (en) | Detecting method whether windows kernel is modulated or not |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |