CN105426751A - Method and device for preventing system time from being tampered - Google Patents
Method and device for preventing system time from being tampered Download PDFInfo
- Publication number
- CN105426751A CN105426751A CN201510714024.8A CN201510714024A CN105426751A CN 105426751 A CN105426751 A CN 105426751A CN 201510714024 A CN201510714024 A CN 201510714024A CN 105426751 A CN105426751 A CN 105426751A
- Authority
- CN
- China
- Prior art keywords
- function
- local zone
- zone time
- service routine
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The embodiment of the invention discloses a method and a device for preventing system time from being tampered, wherein a service program which is started along with a system and used for detecting the called local time function of the system is created in advance; the method comprises the following steps: obtaining an entry function address of the set local time function; detecting whether the set local time function is called or not through the service program; and if so, modifying the obtained entry function address into the address of a preset empty function. By applying the embodiment of the invention, under the condition that the set local time function is called, the address of the entry function for setting the local time function is modified into the address of the empty function, and then the empty function is called without modifying the system time, so that the system time is prevented from being tampered.
Description
Technical field
The present invention relates to field of computer technology, particularly a kind ofly prevent method and the device of distorting system time.
Background technology
System time is the important component part of operating system, is the convenient entrance that user obtains correct time.
A lot of application software depends on system time to ensure that it runs normally at present.If system time is distorted by Malware or virus, then some fail-safe software may be caused to lose efficacy, can not protect system; Or cause the problems such as the corrupt data of some software (such as financial software).
Summary of the invention
The object of the embodiment of the present invention is to provide a kind of method and the device that prevent from distorting system time, in case the locking system time is tampered.
For achieving the above object, the embodiment of the invention discloses a kind of method preventing from distorting system time, be pre-created that system for tracking starts together, for detection system, the invoked service routine of local zone time function is set; Described method comprises:
Obtain the described entrance function address that local zone time function is set;
By described service routine, detect the described local zone time function that arranges and whether be called, if local zone time function being set described and being called, representing for distorting system time;
If so, then obtained described entrance function address is revised as the address of default do-nothing function.
Optionally, that described establishment system for tracking starts together, for detection system, the invoked service routine of local zone time function is set, comprising:
Open Service Control Manager function by calling system, be linked to Service Control Manager;
By calling establishment service function, establishment arranges the invoked service routine of local zone time function for detection system;
Controlling handles function by calling registration service, registering the control function of this service routine;
By calling described control function, the state of this service routine is set to starting state.
Optionally, the described entrance function address arranging local zone time function of described acquisition, comprising:
Be loaded in the process space of described service routine by comprising the described built-in function arranging local zone time function;
Obtaining program address function by calling, from the importing address table of described built-in function, obtaining the described entrance function address that local zone time function is set.
Optionally, comprise in described service routine for catching the described Hook function arranging the invoked information of local zone time function;
Described by described service routine, detect the described local zone time function that arranges and whether be called, comprising:
By the described Hook function in described service routine, described information is caught, if capture described information, represent that the described local zone time function that arranges is called.
Optionally, also comprise:
After receiving the delete instruction of user for described Hook function, delete described Hook function.
Optionally, also comprise:
After receiving the halt instruction of user for described service routine, by calling described control function, the state of described service routine is set to halted state.
For achieving the above object, the embodiment of the invention discloses a kind of device preventing from distorting system time, comprising: creation module, acquisition module, detection module and modified module, wherein,
Described creation module, for be pre-created that system for tracking starts together, for detection system, the invoked service routine of local zone time function is set;
Described acquisition module, for obtaining the described entrance function address arranging local zone time function;
Whether described detection module, for the service routine created by described creation module, detected the described local zone time function that arranges and be called, and arranging local zone time function and be called, representing for distorting system time if described;
Described modified module, for detect at described detection module described the invoked situation of local zone time function is set under, obtained described entrance function address is revised as the address of default do-nothing function.
Optionally, described creation module, specifically for:
Open Service Control Manager function by calling system, be linked to Service Control Manager;
By calling establishment service function, establishment arranges the invoked service routine of local zone time function for detection system;
Controlling handles function by calling registration service, registering the control function of this service routine;
By calling described control function, the state of this service routine is set to starting state.
Optionally, described acquisition module, specifically for:
Be loaded in the process space of described service routine by comprising the described built-in function arranging local zone time function;
Obtaining program address function by calling, from the importing address table of described built-in function, obtaining the described entrance function address that local zone time function is set.
Optionally, comprise in described service routine for catching the described Hook function arranging the invoked information of local zone time function;
Described detection module, specifically for:
Described Hook function in the service routine created by described creation module is caught described information, if capture described information, represents that the described local zone time function that arranges is called.
Optionally, also comprise: removing module,
Described removing module, for after receiving the delete instruction of user for described Hook function, deletes described Hook function.
Optionally, described creation module, also for:
After receiving the halt instruction of user for described service routine, by calling described control function, the state of described service routine is set to halted state.
As seen from the above technical solutions, embodiments provide a kind of method and the device that prevent from distorting system time, be pre-created that system for tracking starts together, for detection system, the invoked service routine of local zone time function is set; Method comprises: obtain the described entrance function address arranging local zone time function; By described service routine, detect the described local zone time function that arranges and whether be called, if local zone time function being set described and being called, representing for distorting system time; If so, then obtained described entrance function address is revised as the address of default do-nothing function.
The technical scheme that the application embodiment of the present invention provides, arranging in the invoked situation of local zone time function, the entrance function address arranging local zone time function being revised as the address of do-nothing function, and then calling do-nothing function, any amendment is not made to system time, prevent system time to be tampered.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
A kind of schematic flow sheet preventing from distorting the method for system time that Fig. 1 provides for the embodiment of the present invention;
A kind of structural representation preventing from distorting the device of system time that Fig. 2 provides for the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
In order to solve prior art problem, embodiments provide a kind of method and the device that prevent from distorting system time.First a kind of method of distorting system time that prevents that the embodiment of the present invention provides is introduced below.
A kind of schematic flow sheet preventing from distorting the method for system time that Fig. 1 provides for the embodiment of the present invention, can comprise:
S101: obtain the entrance function address that local zone time function is set;
Whether S102: by service routine, detect the described local zone time function that arranges and be called, and if so, performs S103;
Arranging local zone time function to be called if described, representing for distorting system time,
S103: the address of obtained described entrance function address being revised as default do-nothing function.
Concrete, above-mentioned service routine be that the system for tracking be pre-created starts together, for detection system, the invoked service routine of local zone time function is set.
Concrete, in actual applications, arranging local zone time function can be SetLocalTime function.
Concrete, create that system for tracking starts together, for detection system, the invoked service routine of local zone time function is set, Service Control Manager function can be opened by calling system, be linked to Service Control Manager; By calling establishment service function, establishment arranges the invoked service routine of local zone time function for detection system; Controlling handles function by calling registration service, registering the control function of this service routine; By calling described control function, the state of this service routine is set to starting state.
Exemplary, by the OpenSCManager function link in calling system API (ApplicationProgrammingInterface, application programming interface) function to Service Control Manager; By calling CreateService function creation for monitoring the invoked service routine MyService.exe of SetLocalTime function, by calling the control function of RegisterServiceCtrlHandler function registration service routine MyService.exe, by calling this control function, the state of service routine MyService.exe is set to starting state.
Concrete, in actual applications, the ChangeServiceStatus function that can also be provided by call operation system, is set to 4 by the state value of service routine MyService.exe, and the state value of service is that 4 expression services are in running status (i.e. starting state).
Concrete, obtaining the entrance function address that local zone time function is set, can being loaded in the process space of described service routine by comprising the described built-in function arranging local zone time function; Obtaining program address function by calling, from the importing address table of described built-in function, obtaining the described entrance function address that local zone time function is set.
In actual applications, SetLocalTime function is a function in API calls, API calls is all be encapsulated with DLL (built-in function), therefore, the built-in function comprising SetLocalTime function is needed to be loaded in the process space of service routine MyService.exe of above-mentioned establishment, by calling GetProcAddress function, the entrance function address of SetLocalTime function is obtained from the importing address table of built-in function, wherein, the preassigned load address of function (function true address) is stored in importing address table.Suppose that the entrance function address of SetLocalTime function obtained is 00030100H.
Concrete, comprise for catching the described Hook function arranging the invoked information of local zone time function in above-mentioned service routine; By described service routine, detect the described local zone time function that arranges and whether be called, by the described Hook function in described service routine, described information can be caught, if capture described information, represent that the described local zone time function that arranges is called.
In actual applications, the platform that Hook (hook) is windows messaging treatment mechanism, application program can monitor certain message of specified window above, and the window monitored can be that other processes create.When message arrive after, target window process function pre-treatment it.Hook Mechanism allows application program to intercept and capture process windows messaging or particular event.Hook is actually the program segment of a processing messages, by system call, it is linked into system.Whenever specific message sends, before not arriving object window, hook program just first catches this message, that is Hook Function first obtains control.At this moment namely Hook Function can process this message, also can not deal with and continue to transmit this message, can also force the transmission of end
Above-mentioned Hook function, can be created by the SetWindowsHookEx function in calling system api function, and utilize the types of variables HOOKPROC in SetWindowsHookEx function to be SetLocalTime function, namely above-mentioned Hook function is used for catching the invoked information of SetLocalTime function.When capturing the invoked information of SetLocalTime function, representing that SetLocalTime function is called, now, the entry address of SetLocalTime function being revised as the address of default do-nothing function, suppose that the address of default do-nothing function is 003514D0H.Now, call do-nothing function, any amendment is not made to system time, prevent system time to be tampered.
In actual applications, there is the situation that user initiatively revises system time, now user can send halt instruction for described service routine; The state of described service routine, after receiving the halt instruction of user for described service routine, can be set to halted state by calling described control function by system.Make service routine not be in running status, user can modify to system time.
In actual applications, there is the situation that user initiatively revises system time, now user can send delete instruction for above-mentioned Hook function; System, after receiving the delete instruction of user for above-mentioned Hook function, deletes above-mentioned Hook function.Even if make service routine be in running status, SetLocalTime function is called, and can not capture the invoked information of SetLocalTime function, user can modify to system time.
Concrete, delete Hook function, unloading deletion can be carried out by the UnhookWindowsHookEx function in calling system api function.
The present invention is embodiment illustrated in fig. 1 in application, arranging in the invoked situation of local zone time function, the entrance function address arranging local zone time function being revised as the address of do-nothing function, and then calling do-nothing function, any amendment is not made to system time, prevent system time to be tampered.
Corresponding with above-mentioned embodiment of the method, the embodiment of the present invention also provides a kind of device preventing from distorting system time.
A kind of structural representation preventing from distorting the device of system time that Fig. 2 provides for the embodiment of the present invention, can comprise: creation module 201, acquisition module 202, detection module 203 and modified module 204, wherein,
Creation module 201, for be pre-created that system for tracking starts together, for detection system, the invoked service routine of local zone time function is set;
The creation module 201 of illustrated embodiment of the present invention, specifically may be used for:
Open Service Control Manager function by calling system, be linked to Service Control Manager;
By calling establishment service function, establishment arranges the invoked service routine of local zone time function for detection system;
Controlling handles function by calling registration service, registering the control function of this service routine;
By calling described control function, the state of this service routine is set to starting state.
The creation module 201 of illustrated embodiment of the present invention, can also be used for:
After receiving the halt instruction of user for described service routine, by calling described control function, the state of described service routine is set to halted state.
Obtain module 202, for obtaining the described entrance function address arranging local zone time function;
The acquisition module 202 of illustrated embodiment of the present invention, specifically may be used for:
Be loaded in the process space of described service routine by comprising the described built-in function arranging local zone time function;
Obtaining program address function by calling, from the importing address table of described built-in function, obtaining the described entrance function address that local zone time function is set.
Whether detection module 203, for the service routine created by creation module 201, detected the described local zone time function that arranges and be called, and arranging local zone time function and be called, representing for distorting system time if described;
Comprise Hook function in the service routine that creation module 201 creates, this Hook function is for catching the described function arranging the invoked information of local zone time function; The detection module 203 of illustrated embodiment of the present invention, specifically may be used for:
Described Hook function in the service routine created by described creation module is caught described information, if capture described information, represents that the described local zone time function that arranges is called.
Modified module 204, for detect at detection module 203 described the invoked situation of local zone time function is set under, obtained described entrance function address is revised as the address of default do-nothing function.
In actual applications, a kind of device preventing from distorting system time that the embodiment of the present invention provides, can also comprise: removing module (not shown),
Removing module, for after receiving the delete instruction of user for described Hook function, deletes the above-mentioned Hook function comprised in the service routine of creation module 201 establishment.
The present invention is embodiment illustrated in fig. 2 in application, arranging in the invoked situation of local zone time function, the entrance function address arranging local zone time function being revised as the address of do-nothing function, and then calling do-nothing function, any amendment is not made to system time, prevent system time to be tampered.
It should be noted that, in this article, the such as relational terms of first and second grades and so on is only used for an entity or operation to separate with another entity or operational zone, and not necessarily requires or imply the relation that there is any this reality between these entities or operation or sequentially.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, article or equipment and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, article or equipment.When not more restrictions, the key element limited by statement " comprising ... ", and be not precluded within process, method, article or the equipment comprising described key element and also there is other identical element.
Each embodiment in this instructions all adopts relevant mode to describe, between each embodiment identical similar part mutually see, what each embodiment stressed is the difference with other embodiments.Especially, for device embodiment, because it is substantially similar to embodiment of the method, so description is fairly simple, relevant part illustrates see the part of embodiment of the method.
One of ordinary skill in the art will appreciate that all or part of step realized in said method embodiment is that the hardware that can carry out instruction relevant by program has come, described program can be stored in computer read/write memory medium, here the alleged storage medium obtained, as: ROM/RAM, magnetic disc, CD etc.
The foregoing is only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention.All any amendments done within the spirit and principles in the present invention, equivalent replacement, improvement etc., be all included in protection scope of the present invention.
Claims (10)
1. prevent a method of distorting system time, it is characterized in that, be pre-created that system for tracking starts together, for detection system, the invoked service routine of local zone time function is set; Described method comprises:
Obtain the described entrance function address that local zone time function is set;
By described service routine, detect the described local zone time function that arranges and whether be called, if local zone time function being set described and being called, representing for distorting system time;
If so, then obtained described entrance function address is revised as the address of default do-nothing function.
2. method according to claim 1, is characterized in that, that described establishment system for tracking starts together, arrange the invoked service routine of local zone time function for detection system, comprising:
Open Service Control Manager function by calling system, be linked to Service Control Manager;
By calling establishment service function, establishment arranges the invoked service routine of local zone time function for detection system;
Controlling handles function by calling registration service, registering the control function of this service routine;
By calling described control function, the state of this service routine is set to starting state.
3. method according to claim 1, is characterized in that, the described entrance function address arranging local zone time function of described acquisition, comprising:
Be loaded in the process space of described service routine by comprising the described built-in function arranging local zone time function;
Obtaining program address function by calling, from the importing address table of described built-in function, obtaining the described entrance function address that local zone time function is set.
4. method according to claim 1, is characterized in that, comprises for catching the described Hook function arranging the invoked information of local zone time function in described service routine;
Described by described service routine, detect the described local zone time function that arranges and whether be called, comprising:
By the described Hook function in described service routine, described information is caught, if capture described information, represent that the described local zone time function that arranges is called.
5. method according to claim 4, is characterized in that, also comprises:
After receiving the delete instruction of user for described Hook function, delete described Hook function.
6. the method according to claim 2 to 4 any one, is characterized in that, also comprises:
After receiving the halt instruction of user for described service routine, by calling described control function, the state of described service routine is set to halted state.
7. prevent the device distorting system time, it is characterized in that, comprising: creation module, acquisition module, detection module and modified module, wherein,
Described creation module, for be pre-created that system for tracking starts together, for detection system, the invoked service routine of local zone time function is set;
Described acquisition module, for obtaining the described entrance function address arranging local zone time function;
Whether described detection module, for the service routine created by described creation module, detected the described local zone time function that arranges and be called, and arranging local zone time function and be called, representing for distorting system time if described;
Described modified module, for detect at described detection module described the invoked situation of local zone time function is set under, obtained described entrance function address is revised as the address of default do-nothing function.
8. device according to claim 7, is characterized in that, described creation module, specifically for:
Open Service Control Manager function by calling system, be linked to Service Control Manager;
By calling establishment service function, establishment arranges the invoked service routine of local zone time function for detection system;
Controlling handles function by calling registration service, registering the control function of this service routine;
By calling described control function, the state of this service routine is set to starting state.
9. device according to claim 7, is characterized in that, described acquisition module, specifically for:
Be loaded in the process space of described service routine by comprising the described built-in function arranging local zone time function;
Obtaining program address function by calling, from the importing address table of described built-in function, obtaining the described entrance function address that local zone time function is set.
10. device according to claim 7, is characterized in that, comprises for catching the described Hook function arranging the invoked information of local zone time function in described service routine;
Described detection module, specifically for:
Described Hook function in the service routine created by described creation module is caught described information, if capture described information, represents that the described local zone time function that arranges is called.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510714024.8A CN105426751A (en) | 2015-10-27 | 2015-10-27 | Method and device for preventing system time from being tampered |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510714024.8A CN105426751A (en) | 2015-10-27 | 2015-10-27 | Method and device for preventing system time from being tampered |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105426751A true CN105426751A (en) | 2016-03-23 |
Family
ID=55504956
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510714024.8A Pending CN105426751A (en) | 2015-10-27 | 2015-10-27 | Method and device for preventing system time from being tampered |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105426751A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105956467A (en) * | 2016-04-21 | 2016-09-21 | 北京金山安全软件有限公司 | System time setting method and device and electronic equipment |
| CN106203162A (en) * | 2016-06-30 | 2016-12-07 | 中国地质大学(武汉) | The method for secret protection of a kind of combining the two ways of dredging and plugging and system |
| CN106469272A (en) * | 2016-08-31 | 2017-03-01 | 北京力鼎创软科技有限公司 | A kind of windows process protection method and system |
| CN107766733A (en) * | 2017-10-10 | 2018-03-06 | 北京奇虎科技有限公司 | A kind of screen method of security breaches, device and terminal |
| CN109032687A (en) * | 2018-06-11 | 2018-12-18 | 北京奇艺世纪科技有限公司 | Shield the method and device that SDK danger is called |
| CN109464805A (en) * | 2018-10-11 | 2019-03-15 | 北京奇虎科技有限公司 | Malware detection methods, device, electronic equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1702596A (en) * | 2005-07-08 | 2005-11-30 | 北京北大方正电子有限公司 | Method for protecting content of digital works for hand-held devices |
| CN104156661A (en) * | 2014-07-26 | 2014-11-19 | 珠海市君天电子科技有限公司 | Device and method for preventing account passwords from being tampered |
| CN104573509A (en) * | 2013-10-21 | 2015-04-29 | 研祥智能科技股份有限公司 | System time protection method and system time protection device |
-
2015
- 2015-10-27 CN CN201510714024.8A patent/CN105426751A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1702596A (en) * | 2005-07-08 | 2005-11-30 | 北京北大方正电子有限公司 | Method for protecting content of digital works for hand-held devices |
| CN104573509A (en) * | 2013-10-21 | 2015-04-29 | 研祥智能科技股份有限公司 | System time protection method and system time protection device |
| CN104156661A (en) * | 2014-07-26 | 2014-11-19 | 珠海市君天电子科技有限公司 | Device and method for preventing account passwords from being tampered |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105956467A (en) * | 2016-04-21 | 2016-09-21 | 北京金山安全软件有限公司 | System time setting method and device and electronic equipment |
| CN106203162A (en) * | 2016-06-30 | 2016-12-07 | 中国地质大学(武汉) | The method for secret protection of a kind of combining the two ways of dredging and plugging and system |
| CN106203162B (en) * | 2016-06-30 | 2019-03-19 | 中国地质大学(武汉) | A kind of method for secret protection and system of combining the two ways of dredging and plugging |
| CN106469272A (en) * | 2016-08-31 | 2017-03-01 | 北京力鼎创软科技有限公司 | A kind of windows process protection method and system |
| CN107766733A (en) * | 2017-10-10 | 2018-03-06 | 北京奇虎科技有限公司 | A kind of screen method of security breaches, device and terminal |
| CN109032687A (en) * | 2018-06-11 | 2018-12-18 | 北京奇艺世纪科技有限公司 | Shield the method and device that SDK danger is called |
| CN109032687B (en) * | 2018-06-11 | 2021-09-03 | 北京奇艺世纪科技有限公司 | Method and device for shielding dangerous call of SDK (software development kit) |
| CN109464805A (en) * | 2018-10-11 | 2019-03-15 | 北京奇虎科技有限公司 | Malware detection methods, device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105426751A (en) | Method and device for preventing system time from being tampered | |
| US7673137B2 (en) | System and method for the managed security control of processes on a computer system | |
| US10706151B2 (en) | Systems and methods for tracking malicious behavior across multiple software entities | |
| US20200120120A1 (en) | Techniques for network inspection for serverless functions | |
| US10372444B2 (en) | Android dynamic loading file extraction method, recording medium and system for performing the method | |
| US7665139B1 (en) | Method and apparatus to detect and prevent malicious changes to tokens | |
| US10839077B2 (en) | Detecting malicious software | |
| EP3270318B1 (en) | Dynamic security module terminal device and method for operating same | |
| US11706220B2 (en) | Securing application behavior in serverless computing | |
| WO2019148727A1 (en) | Electronic device, redis-based exception warning method and storage medium | |
| CN109815700B (en) | Application program processing method and device, storage medium and computer equipment | |
| CN109800577B (en) | Method and device for identifying escape safety monitoring behavior | |
| US10198309B2 (en) | Unexpected event detection during execution of an application | |
| US20160246590A1 (en) | Priority Status of Security Patches to RASP-Secured Applications | |
| CN107239698A (en) | A kind of anti-debug method and apparatus based on signal transacting mechanism | |
| CN113946825B (en) | Memory horse processing method and system | |
| KR101500512B1 (en) | Device and method for securing computer | |
| CN111901318A (en) | Method, system and equipment for detecting command injection attack | |
| CN115086081B (en) | Escape prevention method and system for honeypots | |
| CN108647516B (en) | Method and device for defending against illegal privilege escalation | |
| CN115758353A (en) | Application program protection method, device, equipment and storage medium | |
| CN106856477B (en) | Threat processing method and device based on local area network | |
| CN111259392B (en) | Kernel module-based malicious software interception method and device | |
| CN114036505A (en) | Safety operation and maintenance analysis server, safety operation and maintenance analysis method and computer equipment | |
| CN109800580B (en) | Permission control method and device of system process, storage medium and computer equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20181206 Address after: Room 105-53811, No. 6 Baohua Road, Hengqin New District, Zhuhai City, Guangdong Province Applicant after: Zhuhai Leopard Technology Co.,Ltd. Address before: 519070, six level 601F, 10 main building, science and technology road, Tangjia Bay Town, Zhuhai, Guangdong. Applicant before: Zhuhai Juntian Electronic Technology Co.,Ltd. Applicant before: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd. |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160323 |