CN105956467A - System time setting method and device and electronic equipment - Google Patents
System time setting method and device and electronic equipment Download PDFInfo
- Publication number
- CN105956467A CN105956467A CN201610251531.7A CN201610251531A CN105956467A CN 105956467 A CN105956467 A CN 105956467A CN 201610251531 A CN201610251531 A CN 201610251531A CN 105956467 A CN105956467 A CN 105956467A
- Authority
- CN
- China
- Prior art keywords
- application
- system time
- function
- application program
- call
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a method and a device for setting system time and electronic equipment, wherein the method comprises the following steps: acquiring an address of a kernel function for setting system time; setting a preset calling address of a first function as an acquired address of the kernel function, wherein the first function is used for judging whether a second application program is a malicious application program or not, and the second application program is an application program calling an application layer function for setting system time; acquiring a first setting instruction, wherein the first setting instruction is generated by triggering when the second application program calls an application layer function for setting system time; calling the first function to judge whether the second application program is a malicious application program; if yes, keeping the current setting of the system time; if not, setting the system time. By adopting the embodiment of the invention, malicious software can be prevented from modifying the system time, thereby being beneficial to improving the safety of the system.
Description
Technical field
The present invention relates to security of system protection field, more particularly to method to set up, device and the electronic equipment of a kind of system time.
Background technology
Development along with Internet technology, the Malwares such as virus, wooden horse emerge in an endless stream, owing to a lot of application programs are to run according to system time, some Malwares are in order to prevent by antivirus software identification and deletion, being destroyed the operation of antivirus software, such as virus to be changed to 2002 by system time by amendment system time, Ka Basiji 7.0 will cease to be in force automatically, virus just can break through the protection gate of antivirus software, vandalism system.Therefore, the method to set up safety of current system time is relatively low, exists and is revised, by Malware, the hidden danger causing the safety of system to reduce.
Summary of the invention
Embodiments provide the method to set up of a kind of system time, device and electronic equipment, favorably prevent Malware from revising system time, thus the safety of beneficially raising system.
Embodiment of the present invention first aspect provides the method to set up of a kind of system time, including:
Obtain the address of the kernel function that system time is set;
The call address of the first default function is set to the address of the described kernel function obtained, described first function is for judging whether the second application program is malicious application, and described second application program is the application program of the application layer function calling and arranging system time;
Obtaining first and arrange instruction, described first arranges triggering when instructing the application layer function being arranged system time by described second application call produces;
Call described first function and judge whether described second application program is malicious application;
The most then never call the described kernel function that system time is set, keep the current setting of system time;If it is not, then call the described kernel function arranging system time, and by described kernel function according to described first arrange instruction system time is configured.
In conjunction with first aspect, in the first possible embodiment of first aspect, described malicious application includes: unknown application program or the application program of confirmed danger.
In conjunction with the first possible embodiment of first aspect or first aspect, in the embodiment that the second of first aspect is possible, described in call described first function and judge whether described second application program is malicious application, including:
Call described first function and obtain the process name of process corresponding to described second application program;
Judge whether described second application program is malicious application according to described process name.
In conjunction with the embodiment that the second of first aspect is possible, in the third possible embodiment of first aspect, described judge whether described second application program is malicious application according to described process name, including:
If judging that described second application program is malicious application according to described process name, then ejecting prompt window, prompting user confirms whether described second application program is malicious application;
If getting the confirmation instruction of user, then judge that described second application program is as malicious application;If get user denies instruction, then judge that described second application program is not as malicious application.
Embodiment of the present invention second aspect provide a kind of system time device is set, including:
First acquiring unit, for obtaining the address of the kernel function arranging system time;
Unit is set, for the call address of the first default function being set to the address of the described kernel function obtained, described first function is for judging whether the second application program is malicious application, and described second application program is the application program of the application layer function calling and arranging system time;
Second acquisition unit, arranges instruction for obtaining first, and described first arranges triggering when instructing the application layer function being arranged system time by described second application call produces;
Processing unit, is used for calling described first function and judges whether described second application program is malicious application;The most then keep the current setting of system time;If it is not, then call the described kernel function arranging system time, and by described kernel function according to described first arrange instruction system time is configured.
In conjunction with second aspect, in the first possible embodiment of second aspect,
Described malicious application includes: unknown application program or the application program of confirmed danger.
The first possible embodiment in conjunction with second aspect or second aspect, in the embodiment that the second of second aspect is possible, in terms of calling described first function and judging whether described second application program is malicious application, described processing unit specifically for
Call described first function and obtain the process name of process corresponding to described second application program;
Judge whether described second application program is malicious application according to described process name.
In conjunction with the embodiment that the second of second aspect is possible, in the third possible embodiment of second aspect,
Described judge whether described second application program is malicious application according to described process name in terms of, described processing unit specifically for,
If judging that described second application program is malicious application according to described process name, then ejecting prompt window, prompting user confirms whether described second application program is malicious application;
If getting the confirmation instruction of user, then judge that described second application program is as malicious application;If get user denies instruction, then judge that described second application program is not as malicious application.
Embodiment of the present invention second aspect provides a kind of electronic equipment, including: processor, memorizer, communication interface and bus;
Described processor, described memorizer and described communication interface are connected by described bus and complete mutual communicating;
Described memorizer storage executable program code;
Described processor runs the program corresponding with described executable program code by reading the executable program code of storage in described memorizer, for the method to set up performing a kind of system time;Wherein, the method to set up of described system time includes:
Obtain the address of the kernel function that system time is set;
The call address of the first default function is set to the address of the described kernel function obtained, described first function is for judging whether the second application program is malicious application, and described second application program is the application program of the application layer function calling and arranging system time;
Obtaining first and arrange instruction, described first arranges triggering when instructing the application layer function being arranged system time by described second application call produces;
Call described first function and judge whether described second application program is malicious application;
The most then keep the current setting of system time;If it is not, then call the described kernel function arranging system time, and by described kernel function according to described first arrange instruction system time is configured.
During it can be seen that use the technical scheme that the embodiment of the present invention provides, if the application program attempting to be configured system time is malicious application, then never call the described kernel function that system time is set, keep the current setting of system time;Malware so it is possible to prevent to revise system time, thus the safety of beneficially raising system
Accompanying drawing explanation
In order to be illustrated more clearly that the technical scheme of the embodiment of the present invention, in describing embodiment below, the required accompanying drawing used is briefly described, apparently, accompanying drawing in describing below is only some embodiments of the present invention, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the schematic flow sheet of the method to set up of a kind of system time that embodiments of the invention provide;
Fig. 2 is the schematic flow sheet of the method to set up of a kind of system time that another embodiment of the present invention provides;
Fig. 3 is the schematic flow sheet of the method to set up of a kind of system time that another embodiment of the present invention provides;
Fig. 4 is the structural representation arranging device of a kind of system time that embodiments of the invention provide;
Fig. 5 is the structural representation of a kind of electronic equipment that one embodiment of the invention provides.
Detailed description of the invention
Embodiments provide the method to set up of a kind of system time, device and electronic equipment, it is possible to prevent Malware from revising system time.
In order to make those skilled in the art be more fully understood that the present invention program, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is the embodiment of a present invention part rather than whole embodiments.Based on the embodiment in the present invention, the every other embodiment that those of ordinary skill in the art are obtained under not making creative work premise, all should belong to the scope of protection of the invention.
It is described in detail individually below.
Term " first " in description and claims of this specification and above-mentioned accompanying drawing, " second ", " the 3rd " and " the 4th " etc. are for distinguishing different object rather than for describing particular order.Additionally, term " includes " and " having " and their any deformation, it is intended that cover non-exclusive comprising.Such as contain series of steps or the process of unit, method, system, product or equipment are not limited to step or the unit listed, but the most also include step or the unit do not listed, or the most also include other step intrinsic for these processes, method, product or equipment or unit.
Refer to the schematic flow sheet of method to set up that Fig. 1, Fig. 1 are a kind of system times that one embodiment of the present of invention provides, as it is shown in figure 1, the method to set up of a kind of system time that one embodiment of the present of invention provides can include herein below:
101, the address of the kernel function that system time is set is obtained.
Optionally, in some possible embodiments of the present invention, the kernel function arranging system time can be NtSetSystemTime function.
102, the call address of the first default function is set to the address of the described kernel function obtained, described first function is for judging whether the second application program is malicious application, and described second application program is the application program of the application layer function calling and arranging system time.
Wherein, by the call address of the first default function being set to the address of the described kernel function of acquisition, it is possible to achieve when the function that the address having kernel function described in application call is corresponding, the function called is described first function.It should be noted that, after the address of the described kernel function that the call address of the first function is set to acquisition, the address of kernel function can be by the first function setup, if being D than the address arranging kernel function, then during function at call address D, the function called is described kernel function.
103, obtaining first and arrange instruction, described first arranges triggering when instructing the application layer function being arranged system time by described second application call produces.
104, call described first function and judge whether described second application program is malicious application;The most then never call the described kernel function that system time is set, keep the current setting of system time;If it is not, then call the described kernel function arranging system time, and by described kernel function according to described first arrange instruction system time is configured.
Wherein, malicious application can be unknown application program or the application program of confirmed danger.
During it can be seen that use the technical scheme that the embodiment of the present invention provides, if the application program attempting to be configured system time is malicious application, then never call the described kernel function that system time is set, keep the current setting of system time;Malware so it is possible to prevent to revise system time, thus the safety of beneficially raising system.
Refer to the schematic flow sheet of method to set up that Fig. 2, Fig. 2 are a kind of system times that an alternative embodiment of the invention provides, as in figure 2 it is shown, the method to set up of a kind of system time that an alternative embodiment of the invention provides can include herein below:
201, the address of the kernel function that system time is set is obtained.
Optionally, in some possible embodiments of the present invention, the kernel function arranging system time can be NtSetSystemTime function.
202, the call address of the first default function is set to the address of the described kernel function obtained, described first function is for judging whether the second application program is malicious application, and described second application program is the application program of the application layer function calling and arranging system time.
Wherein, by the call address of the first default function being set to the address of the described kernel function of acquisition, it is possible to achieve when the function that the address having kernel function described in application call is corresponding, the function called is described first function.It should be noted that, after the address of the described kernel function that the call address of the first function is set to acquisition, the address of kernel function can be by the first function setup, if being D than the address arranging kernel function, then during function at call address D, the function called is described kernel function.
203, obtaining first and arrange instruction, described first arranges triggering when instructing the application layer function being arranged system time by described second application call produces.
204, call described first function and obtain the process name of process corresponding to described second application program.
205, judge whether described second application program is malicious application according to described process name.The most then never call the described kernel function that system time is set, keep the current setting of system time;If it is not, then call the described kernel function arranging system time, and by described kernel function according to described first arrange instruction system time is configured.
Can be seen that, when using the technical scheme that the embodiment of the present invention provides, if the process name that the entitled malicious software applications of process that the application program calling the application layer function arranging system time is corresponding is corresponding, then never call the described kernel function that system time is set, keep the current setting of system time;Malware so it is possible to prevent to revise system time, thus the safety of beneficially raising system.
Refer to the schematic flow sheet of method to set up that Fig. 3, Fig. 3 are a kind of system times that an alternative embodiment of the invention provides, as it is shown on figure 3, the method to set up of a kind of system time that an alternative embodiment of the invention provides can include herein below:
301, the address of kernel function NtSetSystemTime that system time is set is obtained.
302, the call address of the first default function NewNtSetSystemTime is set to the address of described kernel function NtSetSystemTime obtained, described first function NewNtSetSystemTime is for judging whether the second application program is malicious application, and described second application program is the application program of the application layer function SetSystemTime calling and arranging system time.
Wherein, by the call address of the first default function NewNtSetSystemTime being set to the address of described kernel function NewNtSetSystemTime obtained, can realize when there being corresponding for the address NtSetSystemTime function of kernel function described in application call, the function called is described first function NewNtSetSystemTime.It should be noted that, after the address of described kernel function NewNtSetSystemTime that the call address of the first function NewNtSetSystemTime is set to acquisition, the address of kernel function NtSetSystemTime can be arranged by the first function NewNtSetSystemTime, if the address that ratio arranges kernel function NtSetSystemTime is D, then during function at call address D, the function called is described kernel function NtSetSystemTime.
303, obtaining first and arrange instruction, described first arranges triggering when instructing the application layer function SetSystemTime being arranged system time by described second application call produces.
304, call described first function and obtain the process name of process corresponding to described second application program.
Specifically, the first function can obtain the process name of process corresponding to described second application program by calling PsGetCurrentProcessId and ZwQueryInformationProcess in kernel function.
305, judge whether described second application program is malicious application according to described process name.
If it is not, then call described kernel function NtSetSystemTime arranging system time, and by described kernel function NtSetSystemTime according to described first arrange instruction system time is configured.
The most then ejecting prompt window, prompting user confirms whether described second application program is malicious application;If getting the confirmation instruction of user, then judge that described second application program is as malicious application;If get user denies instruction, then judge that described second application program is not as malicious application.If described second application program is judged to malicious application, then never call described kernel function NtSetSystemTime that system time is set, keep the current setting of system time;If described second application program is judged to it is not malicious application, then call described kernel function NtSetSystemTime that system time is set, and by described kernel function NtSetSystemTime, instruction is set according to described first system time is configured.
Can be seen that, when using the technical scheme that the embodiment of the present invention provides, when judging the second application program as malicious application according to process name, eject prompt window, instruction according to user further confirms that whether described second application program is malicious application, reliability can be improved, not only improve and prevent Malware from revising system time, may insure that again and according to the request of non-malicious software, system time can be modified, thus the technical scheme using the present embodiment to provide is conducive to the safety and reliability of raising system.
Refer to the structural representation that device is set of a kind of system time that Fig. 4, Fig. 4 provide for one embodiment of the present of invention.As shown in Figure 4, the device 400 that arranges of a kind of system time that the embodiment of the present invention provides may include that
First acquiring unit 401, for obtaining the address of the kernel function arranging system time.
Optionally, in some possible embodiments of the present invention, the kernel function arranging system time can be NtSetSystemTime function.
Unit 402 is set, for the call address of the first default function being set to the address of the described kernel function obtained, described first function is for judging whether the second application program is malicious application, and described second application program is the application program of the application layer function calling and arranging system time.
Wherein, by the call address of the first default function being set to the address of the described kernel function of acquisition, it is possible to achieve when the function that the address having kernel function described in application call is corresponding, the function called is described first function.It should be noted that, after the address of the described kernel function that the call address of the first function is set to acquisition, the address of kernel function can be by the first function setup, if being D than the address arranging kernel function, then during function at call address D, the function called is described kernel function.
Second acquisition unit 403, arranges instruction for obtaining first, and described first arranges triggering when instructing the application layer function being arranged system time by described second application call produces.
Processing unit 404, is used for calling described first function and judges whether described second application program is malicious application;The most then keep the current setting of system time;If it is not, then call the described kernel function arranging system time, and by described kernel function according to described first arrange instruction system time is configured.
Wherein, malicious application can be unknown application program or the application program of confirmed danger.
During it can be seen that use the technical scheme that the embodiment of the present invention provides, if the application program attempting to be configured system time is malicious application, then never call the described kernel function that system time is set, keep the current setting of system time;Malware so it is possible to prevent to revise system time, thus the safety of beneficially raising system.
Optionally, in some possible embodiments of the present invention, in terms of calling described first function and judging whether described second application program is malicious application, described processing unit specifically for, call described first function and obtain the process name of process corresponding to described second application program;Judge whether described second application program is malicious application according to described process name.
Optionally, in some possible embodiments of the present invention, described judge whether described second application program is malicious application according to described process name in terms of, described processing unit specifically for, if judging that described second application program is malicious application according to described process name, then ejecting prompt window, prompting user confirms whether described second application program is malicious application;If getting the confirmation instruction of user, then judge that described second application program is as malicious application;If get user denies instruction, then judge that described second application program is not as malicious application.So not only improve and prevent Malware from revising system time, may insure that again and according to the request of non-malicious software, system time can be modified, thus the technical scheme using the present embodiment to provide is conducive to the safety and reliability of raising system.
See the structural representation of a kind of electronic equipment that Fig. 5, Fig. 5 provide for the embodiment of the present invention, described electronic equipment 500, may include that
Processor 501, memorizer 502, communication interface 503 and bus 504;
Wherein, described processor 501, described memorizer 502 and described communication interface 503 are connected by described bus 504 and complete mutual communicating;
Described memorizer 502 stores executable program code;
Described processor 501 runs the program corresponding with described executable program code by reading the executable program code of storage in described memorizer 502, for the method to set up performing a kind of system time;Wherein, the method to set up of a kind of system time includes herein below:
Obtain the address of the kernel function that system time is set;
The call address of the first default function is set to the address of the described kernel function obtained, described first function is for judging whether the second application program is malicious application, and described second application program is the application program of the application layer function calling and arranging system time;
Obtaining first and arrange instruction, described first arranges triggering when instructing the application layer function being arranged system time by described second application call produces;
Call described first function and judge whether described second application program is malicious application;
The most then never call the described kernel function that system time is set, keep the current setting of system time;If it is not, then call the described kernel function arranging system time, and by described kernel function according to described first arrange instruction system time is configured.
During it can be seen that use the technical scheme that the embodiment of the present invention provides, if the application program attempting to be configured system time is malicious application, then never call the described kernel function that system time is set, keep the current setting of system time;Malware so it is possible to prevent to revise system time, thus the safety of beneficially raising system.
The embodiment of the present invention additionally provides a kind of storage medium, and wherein, this storage medium is used for storing application program, and described application program is for operationally performing the method to set up of a kind of system time described in the embodiment of the present invention.
The embodiment of the present invention additionally provides a kind of application program, and wherein, this application program is for operationally performing the method to set up of a kind of system time described in the embodiment of the present invention.
It should be noted that, for aforesaid each method embodiment, in order to be briefly described, therefore it is all expressed as a series of combination of actions, but those skilled in the art should know, the present invention is not limited by described sequence of movement, because according to the present invention, some step can use other orders or carry out simultaneously.Secondly, those skilled in the art also should know, embodiment described in this description belongs to preferred embodiment, necessary to involved action and the module not necessarily present invention.
In the above-described embodiments, the description to each embodiment all emphasizes particularly on different fields, and does not has the part described in detail, may refer to the associated description of other embodiments in certain embodiment.
In several embodiments provided herein, it should be understood that disclosed device, can realize by another way.Such as, device embodiment described above is schematic, the division of the most described unit, it is only a kind of logic function to divide, actual can have other dividing mode when realizing, the most multiple unit or assembly can in conjunction with or be desirably integrated into another system, or some features can be ignored, or does not performs.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be the INDIRECT COUPLING by some interfaces, device or unit or communication connection, can be being electrical or other form.
The described unit illustrated as separating component can be or may not be physically separate, and the parts shown as unit can be or may not be physical location, i.e. may be located at a place, or can also be distributed on multiple NE.Some or all of unit therein can be selected according to the actual needs to realize the purpose of the present embodiment scheme.
It addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it is also possible to be that unit is individually physically present, it is also possible to two or more unit are integrated in a unit.Above-mentioned integrated unit both can realize to use the form of hardware, it would however also be possible to employ the form of SFU software functional unit realizes.
If described integrated unit is using the form realization of SFU software functional unit and as independent production marketing or use, can be stored in a computer read/write memory medium.Based on such understanding, completely or partially can embodying with the form of software product of part that prior art is contributed by technical scheme the most in other words or this technical scheme, this computer software product is stored in a storage medium, including some instructions with so that a computer equipment (can be for personal computer, server or the network equipment etc.) performs all or part of step of method described in each embodiment of the present invention.And aforesaid storage medium includes: USB flash disk, read only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), portable hard drive, the various media that can store program code such as magnetic disc or CD.
The above, above example only in order to technical solution of the present invention to be described, is not intended to limit;Although the present invention being described in detail with reference to previous embodiment, wherein, it will be understood by those within the art that: the technical scheme described in foregoing embodiments still can be modified by it, or wherein portion of techniques feature is carried out equivalent;And these amendments or replacement, do not make the essence of appropriate technical solution depart from the scope of various embodiments of the present invention technical scheme.
Claims (9)
1. the method to set up of a system time, it is characterised in that including:
Obtain the address of the kernel function that system time is set;
The call address of the first default function is set to the address of the described kernel function obtained, and described first function is used for
Judging whether the second application program is malicious application, described second application program is the application layer called and arrange system time
The application program of function;
Obtaining first and arrange instruction, described first arranges instruction is arranged the application of system time by described second application call
Trigger during layer functions and produce;
Call described first function and judge whether described second application program is malicious application;
The most then never call the described kernel function that system time is set, keep the current setting of system time;If it is not, then
Call the described kernel function that system time is set, and according to described first, instruction is set to system time by described kernel function
It is configured.
Method the most according to claim 1, it is characterised in that
Described malicious application includes: unknown application program or the application program of confirmed danger.
Method the most according to claim 1 and 2, it is characterised in that described in call described first function and judge described
Whether two application programs are malicious application, including:
Call described first function and obtain the process name of process corresponding to described second application program;
Judge whether described second application program is malicious application according to described process name.
Method the most according to claim 3, it is characterised in that described according to described process name judge described second application
Whether program is malicious application, including:
If judging that described second application program is malicious application according to described process name, then ejecting prompt window, prompting is used
Family confirms whether described second application program is malicious application;
If getting the confirmation instruction of user, then judge that described second application program is as malicious application;If getting user
Deny instruction, then judge that described second application program is not as malicious application.
5. a system time device is set, it is characterised in that including:
First acquiring unit, for obtaining the address of the kernel function arranging system time;
Unit is set, for the call address of the first default function is set to the address of the described kernel function obtained, institute
Stating the first function for judging whether the second application program is malicious application, described second application program for calling to arrange is
The application program of the application layer function of system time;
Second acquisition unit, arranges instruction for obtaining first, and described first arranges instruction by described second application call
Trigger when the application layer function of system time is set and produce;
Processing unit, is used for calling described first function and judges whether described second application program is malicious application;If so,
Then keep the current setting of system time;If it is not, then call the described kernel function arranging system time, and by described kernel
Function arranges instruction according to described first and is configured system time.
Device the most according to claim 5, it is characterised in that
Described malicious application includes: unknown application program or the application program of confirmed danger.
7. according to the device described in claim 5 or 6, it is characterised in that judge described second calling described first function
Whether application program is malicious application aspect, described processing unit specifically for,
Call described first function and obtain the process name of process corresponding to described second application program;
Judge whether described second application program is malicious application according to described process name.
Device the most according to claim 7, it is characterised in that judge that described second should according to described process name described
Whether be malicious application aspect by program, described processing unit specifically for,
If judging that described second application program is malicious application according to described process name, then ejecting prompt window, prompting is used
Family confirms whether described second application program is malicious application;
If getting the confirmation instruction of user, then judge that described second application program is as malicious application;If getting user
Deny instruction, then judge that described second application program is not as malicious application.
9. an electronic equipment, it is characterised in that including: processor, memorizer, communication interface and bus;
Described processor, described memorizer and described communication interface are connected by described bus and complete mutual communicating;
Described memorizer storage executable program code;
Described processor runs and described executable program generation by reading the executable program code of storage in described memorizer
The program that code is corresponding, for the method to set up performing a kind of system time;Wherein, the method to set up bag of described system time
Include:
Obtain the address of the kernel function that system time is set;
The call address of the first default function is set to the address of the described kernel function obtained, and described first function is used for
Judging whether the second application program is malicious application, described second application program is the application layer called and arrange system time
The application program of function;
Obtaining first and arrange instruction, described first arranges instruction is arranged the application of system time by described second application call
Trigger during layer functions and produce;
Call described first function and judge whether described second application program is malicious application;
The most then keep the current setting of system time;If it is not, then call the described kernel function arranging system time, and
Arranged instruction by described kernel function according to described first system time is configured.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610251531.7A CN105956467A (en) | 2016-04-21 | 2016-04-21 | System time setting method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610251531.7A CN105956467A (en) | 2016-04-21 | 2016-04-21 | System time setting method and device and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105956467A true CN105956467A (en) | 2016-09-21 |
Family
ID=56917973
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610251531.7A Pending CN105956467A (en) | 2016-04-21 | 2016-04-21 | System time setting method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105956467A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109464805A (en) * | 2018-10-11 | 2019-03-15 | 北京奇虎科技有限公司 | Malware detection methods, device, electronic equipment and storage medium |
| CN111259389A (en) * | 2020-01-09 | 2020-06-09 | 青岛海尔科技有限公司 | Operating system protection method, device and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110131188A1 (en) * | 2009-12-01 | 2011-06-02 | International Business Machines Corporation | Method and system for real time system log integrity protection |
| CN102902909A (en) * | 2012-10-10 | 2013-01-30 | 北京奇虎科技有限公司 | System and method for preventing file from being tampered |
| CN104573509A (en) * | 2013-10-21 | 2015-04-29 | 研祥智能科技股份有限公司 | System time protection method and system time protection device |
| CN105426751A (en) * | 2015-10-27 | 2016-03-23 | 珠海市君天电子科技有限公司 | Method and device for preventing system time from being tampered |
-
2016
- 2016-04-21 CN CN201610251531.7A patent/CN105956467A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110131188A1 (en) * | 2009-12-01 | 2011-06-02 | International Business Machines Corporation | Method and system for real time system log integrity protection |
| CN102902909A (en) * | 2012-10-10 | 2013-01-30 | 北京奇虎科技有限公司 | System and method for preventing file from being tampered |
| CN104573509A (en) * | 2013-10-21 | 2015-04-29 | 研祥智能科技股份有限公司 | System time protection method and system time protection device |
| CN105426751A (en) * | 2015-10-27 | 2016-03-23 | 珠海市君天电子科技有限公司 | Method and device for preventing system time from being tampered |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109464805A (en) * | 2018-10-11 | 2019-03-15 | 北京奇虎科技有限公司 | Malware detection methods, device, electronic equipment and storage medium |
| CN111259389A (en) * | 2020-01-09 | 2020-06-09 | 青岛海尔科技有限公司 | Operating system protection method, device and storage medium |
| CN111259389B (en) * | 2020-01-09 | 2022-08-05 | 青岛海尔科技有限公司 | Operating system protection method, device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102189295B1 (en) | Continuous classifiers for computer security applications | |
| Qiao et al. | Merging permission and api features for android malware detection | |
| CN101826139B (en) | Method and device for detecting Trojan in non-executable file | |
| CN104361076B (en) | The abnormality eliminating method and device of browser | |
| CN105335184B (en) | Application installation method and device | |
| US9516056B2 (en) | Detecting a malware process | |
| CN101373505B (en) | Method and apparatus for releasing handle and file deleting system | |
| CN104091120B (en) | Android system malicious program processing method and device | |
| CN105718171B (en) | A kind of data processing method and terminal | |
| CN106874232B (en) | Charging method, device and terminal of Universal Serial Bus (USB) | |
| CN106612178A (en) | Method and device for protecting security of Android adb data transmission | |
| CN105354498A (en) | Operation method of registry, related device and equipment | |
| US20190325134A1 (en) | Neural network detection of malicious activity | |
| CN106485170A (en) | A kind of data inputting method and device | |
| CN107479874B (en) | DLL injection method and system based on Windows platform | |
| CN105956467A (en) | System time setting method and device and electronic equipment | |
| EP3113065A1 (en) | System and method of detecting malicious files on mobile devices | |
| CN106650447A (en) | Method and system for preventing PowerShell malicious code execution | |
| CN106548097A (en) | The operation method and device of network device software | |
| CN106020895A (en) | Application program starting method and user terminal | |
| US11263309B2 (en) | Block device signature-based integrity protection for containerized applications | |
| CN105138378B (en) | A kind of BIOS writes with a brush dipped in Chinese ink method and electronic equipment | |
| US9953157B2 (en) | Method and apparatus for protecting application program | |
| CN106203114A (en) | Application program protection method and device and electronic equipment | |
| CN103679024A (en) | Virus treating method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20181206 Address after: Room 105-53811, No. 6 Baohua Road, Hengqin New District, Zhuhai City, Guangdong Province Applicant after: Zhuhai Leopard Technology Co.,Ltd. Address before: 100085 East District, Second Floor, 33 Xiaoying West Road, Haidian District, Beijing Applicant before: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd. |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160921 |