CN106201032B - Modify processing method, device and the electronic equipment of double click interval time - Google Patents

Modify processing method, device and the electronic equipment of double click interval time Download PDF

Info

Publication number
CN106201032B
CN106201032B CN201610552278.9A CN201610552278A CN106201032B CN 106201032 B CN106201032 B CN 106201032B CN 201610552278 A CN201610552278 A CN 201610552278A CN 106201032 B CN106201032 B CN 106201032B
Authority
CN
China
Prior art keywords
function
software process
interval time
double click
click interval
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610552278.9A
Other languages
Chinese (zh)
Other versions
CN106201032A (en
Inventor
杨峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhuhai Baoqu Technology Co Ltd
Original Assignee
Zhuhai Seal Interest Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhuhai Seal Interest Technology Co Ltd filed Critical Zhuhai Seal Interest Technology Co Ltd
Priority to CN201610552278.9A priority Critical patent/CN106201032B/en
Publication of CN106201032A publication Critical patent/CN106201032A/en
Application granted granted Critical
Publication of CN106201032B publication Critical patent/CN106201032B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/03Arrangements for converting the position or the displacement of a member into a coded form
    • G06F3/033Pointing devices displaced or positioned by the user, e.g. mice, trackballs, pens or joysticks; Accessories therefor
    • G06F3/0354Pointing devices displaced or positioned by the user, e.g. mice, trackballs, pens or joysticks; Accessories therefor with detection of 2D relative movements between the device, or an operating part thereof, and a plane or surface, e.g. 2D mice, trackballs, pens or pucks
    • G06F3/03541Mouse/trackball convertible devices, in which the same ball is used to track the 2D relative movement
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/03Arrangements for converting the position or the displacement of a member into a coded form
    • G06F3/033Pointing devices displaced or positioned by the user, e.g. mice, trackballs, pens or joysticks; Accessories therefor
    • G06F3/0354Pointing devices displaced or positioned by the user, e.g. mice, trackballs, pens or joysticks; Accessories therefor with detection of 2D relative movements between the device, or an operating part thereof, and a plane or surface, e.g. 2D mice, trackballs, pens or pucks
    • G06F3/03543Mice or pucks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/03Arrangements for converting the position or the displacement of a member into a coded form
    • G06F3/033Pointing devices displaced or positioned by the user, e.g. mice, trackballs, pens or joysticks; Accessories therefor
    • G06F3/0362Pointing devices displaced or positioned by the user, e.g. mice, trackballs, pens or joysticks; Accessories therefor with detection of 1D translations or rotations of an operating part of the device, e.g. scroll wheels, sliders, knobs, rollers or belts

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

The present invention discloses a kind of processing method, device and electronic equipment for modifying double click interval time, is able to solve the problem of prior art cannot prevent Malware modification double click interval time from causing system that cannot be effectively protected safely.The described method includes: inspection software process calls the behavior for forbidding shut-off function function;When detecting that software process calls the feature index No. the first forbidden obtaining when the behavior of shut-off function function and be passed to when the software process calls and forbids shut-off function function;Judge whether feature index No. the second of feature index No. the first kernel corresponding with double click interval time power function is modified is identical;Calling if not identical forbids shut-off function function to execute operation corresponding with feature index No. the first, otherwise judges whether the software process is malicious software process;Then refuse double click interval time operation of modifying if malicious software process, otherwise calls and shut-off function function is forbidden to execute modification double click interval time operation.The present invention is suitable for handling the modification operation of double click interval time.

Description

Modify processing method, device and the electronic equipment of double click interval time
Technical field
The present invention relates to technical field of system security more particularly to a kind of processing sides for modifying double click interval time Method, device and electronic equipment.
Background technique
In computer systems, it is provided with SetDoubleClickTime function, for connecting twice for mouse setting by mouse The time interval of key is marked, system default double-press time interval is 500 milliseconds, and Malware can be using the method change mouse Interval time is double-clicked, if double click interval time is set as 10 seconds, such user's operation mouse will be spaced 10 seconds and press Key just calculates double-click, seriously destroys user system environment.
Currently, in order to prevent double click interval time be not modified, be under normal conditions hook application layer SetDoubleClickTime function, the function that SetDoubleClickTime function corresponds to system kernel are NtUserCallOneParam function.NtUserCallOneParam function is a public function, the function of many application layers The function of corresponding kernel is all it.NtUserCallOneParam function distinguishes different application layers with a feature index number Function, rogue program can be passed to corresponding feature index number by the NtUserCallOneParam function of calling kernel, come Double click interval time is modified, such rogue program being capable of destruction of computer systems environment.
Therefore, the processing method of existing modification double click interval time cannot prevent Malware modification mouse double Interval time is hit, causes system that cannot be effectively protected safely.
Summary of the invention
In view of this, the embodiment of the present invention provides a kind of processing method, device and electricity for modifying double click interval time Sub- equipment can prevent Malware from modifying double click interval time, thus effective protection system safety.
In a first aspect, the embodiment of the present invention provides a kind of processing method for modifying double click interval time, comprising:
Inspection software process calls the behavior for forbidding shut-off function function;
When detecting that software process calling forbids the behavior of shut-off function function, obtains the software process and call and prohibit Feature index No. the first being only passed to when shut-off function function;
Judge the second function of the feature index No. first kernel corresponding with double click interval time power function is modified Whether energy call number is identical;
If not identical, calling forbids shut-off function function to execute operation corresponding with the feature index No. first, Otherwise judge whether the software process is malicious software process;
If the software process is malicious software process, refuse double click interval time operation of modifying, otherwise Calling forbids shut-off function function to execute modification double click interval time operation.
With reference to first aspect, in the first embodiment of first aspect, the modification double click interval time function Feature index No. the second that energy function corresponds to kernel is different under different systems.
With reference to first aspect, in second of embodiment of first aspect, it is described judge the software process whether be Malicious software process includes:
Obtain the characteristic information of the software process;
The characteristic information of the software process is inquired in the feature database for being stored with malicious software process characteristic information;
If the characteristic information of the software process can be inquired, determine the software process for malicious software process, it is no Then determine that the software process is not malicious software process.
Second of embodiment with reference to first aspect, in the third embodiment of first aspect, in the detection Before software process calling forbids the behavior of shut-off function function, the method also includes:
Feature database is established, the characteristic information for the malicious software process that will acquire is stored in the feature database.
Second aspect, the embodiment of the present invention provide a kind of processing unit for modifying double click interval time, comprising:
Detection unit calls the behavior for forbidding shut-off function function for inspection software process;
Acquiring unit, for detecting that software process calling forbids the behavior of shut-off function function when the detection unit When, it obtains the software process and calls the feature index No. the first for forbidding being passed to when shut-off function function;
First judging unit, for judging the feature index No. first and modification double click interval time power function Whether feature index No. the second of corresponding kernel is identical;
First processing units, for when the judging result of first judging unit is not identical, calling to forbid shutting down Power function executes operation corresponding with the feature index No. first;
Second judgment unit, for when the judging result of first judging unit be it is identical when, judge the software into Whether journey is malicious software process;
The second processing unit, for when the second judgment unit determines the software process for malicious software process, Refuse double click interval time operation of modifying;
Third processing unit, for determining that the software process is not malicious software process when the second judgment unit When, calling forbids shut-off function function to execute modification double click interval time operation.
In conjunction with second aspect, in the first embodiment of second aspect, the modification double click interval time function Feature index No. the second that energy function corresponds to kernel is different under different systems.
In conjunction with second aspect, in second of embodiment of second aspect, the second judgment unit includes:
Subelement is obtained, for obtaining the characteristic information of the software process;
Subelement is inquired, for inquiring the software process in the feature database for being stored with malicious software process characteristic information Characteristic information;
Judgment sub-unit, for determining when the inquiry subelement can inquire the characteristic information of the software process The software process is malicious software process, otherwise determines that the software process is not malicious software process.
In conjunction with second of embodiment of second aspect, in the third embodiment of second aspect, described device is also Include:
Establish unit, for the detection unit inspection software process call forbid shut-off function function behavior it Before, feature database is established, the characteristic information for the malicious software process that will acquire is stored in the feature database.
The third aspect, the embodiment of the present invention provide a kind of electronic equipment, and the electronic equipment includes: shell, processor, deposits Reservoir, circuit board and power circuit, wherein circuit board is placed in the space interior that shell surrounds, processor and memory setting On circuit boards;Power circuit, for each circuit or the device power supply for above-mentioned electronic equipment;Memory is for storing and can hold Line program code;Processor is run and executable program code pair by reading the executable program code stored in memory The program answered, for executing the processing method of aforementioned any modification double click interval time.
A kind of processing method, device and electronic equipment for modifying double click interval time provided in an embodiment of the present invention, When detecting that software process calling forbids the behavior of shut-off function function, obtains the software process calling and forbid the function that shuts down Feature index No. the first being passed to when energy function judges the feature index No. first and modification double click interval time function Can function correspond to kernel feature index No. the second it is whether identical, if not identical, calling forbid shut-off function function execute and The corresponding operation of the feature index No. first, otherwise judges whether the software process is malicious software process, if then Refuse double click interval time operation of modifying, otherwise calls and shut-off function function is forbidden to execute modification double click interval Time operation.Compared with prior art, the present invention can forbid the function that shuts down in such a way that hook forbids shut-off function function Energy function is modified malicious software process the behavior of double click interval time before executing by way of kernel and intercepted, Prevent Malware from modifying double click interval time, thus effective protection system safety.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with Other attached drawings are obtained according to these attached drawings.
Fig. 1 is the flow chart of the processing method embodiment one of present invention modification double click interval time;
Fig. 2 is the flow chart of the processing method embodiment two of present invention modification double click interval time;
Fig. 3 is the structural schematic diagram of the processing device embodiment one of present invention modification double click interval time;
Fig. 4 is the structural schematic diagram of the processing device embodiment two of present invention modification double click interval time;
Fig. 5 is the structural schematic diagram of electronic equipment embodiment of the present invention.
Specific embodiment
The embodiment of the present invention is described in detail with reference to the accompanying drawing.
It will be appreciated that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Base Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts it is all its Its embodiment, shall fall within the protection scope of the present invention.
In following various embodiments of the present invention, NtUserCallOneParam function is to forbid shut-off function function, SetDoubleClickTime function is modification double click interval time power function.
Fig. 1 is the flow chart of the processing method embodiment one of present invention modification double click interval time, as shown in Figure 1, The method of the present embodiment may include:
Step S11, inspection software process calls the behavior of NtUserCallOneParam function.
In the present embodiment, NtUserCallOneParam function is a public function of inner nuclear layer, many application layers The function that function corresponds to kernel is all the NtUserCallOneParam function.
Step S12, when detecting that software process calls the behavior of NtUserCallOneParam function, described in acquisition Software process calls feature index No. the first being passed to when NtUserCallOneParam function.
In the present embodiment, software process can be passed to first to inner nuclear layer when calling NtUserCallOneParam function Feature index number.
Specifically, aforesaid operations can be realized by Hook Function, the Hook Function and NtUserCallOneParam Function is linked up with, and when having detected that software process calls NtUserCallOneParam function, is being executed Before NtUserCallOneParam function, which obtains feature index No. the first that software process is passed to inner nuclear layer.
Step S13, judge the second of the feature index No. first kernel corresponding with SetDoubleClickTime function Whether feature index number is identical, if not identical, thens follow the steps S14, no to then follow the steps S15.
In the present embodiment, the SetDoubleClickTime function is the second function of corresponding kernel using layer functions Call number is different under different systems.Specifically, the SetDoubleClickTime function corresponds to the second of kernel Feature index number is 60 under XP system, is 63 under Win7 system, is 65 under Win8 system, is under Win8.1 system 67, it is 69 under Win10 system.
Specifically, the process of step S13 can be realized by the Hook Function in step S12.
Step S14, NtUserCallOneParam function is called to execute behaviour corresponding with the feature index No. first Make.
In the present embodiment, if the second of the feature index No. first kernel corresponding with SetDoubleClickTime function Feature index number is not identical, shows that the corresponding operation of the software process is not modification double click interval time, then can hold The row software process.
Step S15, judge whether the software process is malicious software process, if the software process be Malware into Journey thens follow the steps S16, no to then follow the steps S17.
In the present embodiment, Malware refers to virus, the journey of worm and Trojan Horse that malice task is executed in system Sequence is implemented to control by destroying software process to system.
Specifically, the process of step S17 can be realized by the Hook Function in step S12.
Step S16, refuse double click interval time operation of modifying.
In the present embodiment, if the software process is malicious software process, modification double click interval time behaviour is executed Work may damage safely system, it is therefore desirable to intercept, tie to this modification double click interval time operation Shu Benci operation.
Specifically, the process of step S17 can be realized by the Hook Function in step S12.
Step S17, NtUserCallOneParam function is called to execute modification double click interval time operation.
In the present embodiment, if the software process is not malicious software process, show the corresponding modification of the software process The operation of double click interval time is normal operating, can permit this modification double click interval time operation and carries out.
Specifically, the process of step S17 can be realized by the Hook Function in step S12.
The present embodiment obtains institute when detecting that software process calls the behavior of NtUserCallOneParam function It states software process and calls feature index No. the first being passed to when NtUserCallOneParam function, judge first function Whether feature index No. the second of call number kernel corresponding with SetDoubleClickTime function is identical, if not identical, adjusts Operation corresponding with the feature index No. first is executed with NtUserCallOneParam function, otherwise judges the software Whether process is malicious software process, if then refusing double click interval time operation of modifying, is otherwise called NtUserCallOneParam function executes modification double click interval time operation.Compared with prior art, the present invention can It is soft to malice before the execution of NtUserCallOneParam function by way of linking up with NtUserCallOneParam function The behavior that part process modifies double click interval time by way of kernel is intercepted, and prevents Malware modification mouse double Interval time is hit, thus effective protection system safety.
Fig. 2 is the flow chart of the processing method embodiment two of present invention modification double click interval time, as shown in Fig. 2, The method of the present embodiment may include:
Step S21, feature database is established, the characteristic information for the malicious software process that will acquire is stored in the feature database In.
In the present embodiment, feature database can be established according to the malicious software process that security software in system monitors, it will The characteristic information of the malicious software process monitored is stored in the feature database, alternatively, user can add manually malice it is soft The characteristic information of part process is into the feature database.Wherein, the characteristic information of software process can be characterized code, each software into Journey has unique condition code.
Further, the feature database can also be updated according to the real-time monitoring situation of security software.
Step S22, inspection software process calls the behavior of NtUserCallOneParam function.
In the present embodiment, the process of the behavior of inspection software process calling NtUserCallOneParam function and above-mentioned side The step S11 of method embodiment is similar, and details are not described herein again.
Step S23, when detecting that software process calls the behavior of NtUserCallOneParam function, described in acquisition Software process calls feature index No. the first being passed to when NtUserCallOneParam function.
In the present embodiment, obtains the software process and call the first function being passed to when NtUserCallOneParam function The process of energy call number is similar with the step S12 of above method embodiment, and details are not described herein again.
Step S24, judge the second of the feature index No. first kernel corresponding with SetDoubleClickTime function Whether feature index number is identical, if not identical, thens follow the steps S25, no to then follow the steps S26 and step S27.
In the present embodiment, the of the feature index No. first kernel corresponding with SetDoubleClickTime function is judged Whether identical feature indexes No. two process be similar with the step S13 of above method embodiment, and details are not described herein again.
Step S25, NtUserCallOneParam function is called to execute behaviour corresponding with the feature index No. first Make.
In the present embodiment, NtUserCallOneParam function is called to execute corresponding with the feature index No. first The process of operation is similar with the step S14 of above method embodiment, and details are not described herein again.
Step S26, the characteristic information of the software process is obtained.
In the present embodiment, the characteristic information of the software process can be characterized code, and each software process has unique Condition code.
Specifically, the process of step S26 can be realized by the Hook Function in step S12.
Step S27, the feature of the software process is inquired in the feature database for being stored with malicious software process characteristic information Information determines that the software process for malicious software process, executes step if the characteristic information of the software process can be inquired Otherwise rapid S28 determines that the software process is not malicious software process, execute step S29.
In the present embodiment, Malware refers to virus, the journey of worm and Trojan Horse that malice task is executed in system Sequence is implemented to control by destroying software process to system.
Specifically, the process of step S27 can be realized by the Hook Function in step S12.
Step S28, refuse double click interval time operation of modifying.
In the present embodiment, refuse the modify process of double click interval time operation and the step of above method embodiment Rapid S16 is similar, and details are not described herein again.
Step S29, NtUserCallOneParam function is called to execute modification double click interval time operation.
In the present embodiment, NtUserCallOneParam function is called to execute the mistake of modification double click interval time operation Journey is similar with the step S17 of above method embodiment, and details are not described herein again.
The present embodiment obtains institute when detecting that software process calls the behavior of NtUserCallOneParam function It states software process and calls feature index No. the first being passed to when NtUserCallOneParam function, judge first function Whether feature index No. the second of call number kernel corresponding with SetDoubleClickTime function is identical, if not identical, adjusts Operation corresponding with the feature index No. first is executed with NtUserCallOneParam function, is otherwise being stored with malice The characteristic information of the software process is inquired in the feature database of software process characteristic information with judge the software process whether be Otherwise malicious software process is called if then refusing double click interval time operation of modifying NtUserCallOneParam function executes modification double click interval time operation.Compared with prior art, the present invention can It is soft to malice before the execution of NtUserCallOneParam function by way of linking up with NtUserCallOneParam function The behavior that part process modifies double click interval time by way of kernel is intercepted, and prevents Malware modification mouse double Interval time is hit, thus effective protection system safety.
Fig. 3 is the structural schematic diagram of the processing device embodiment one of present invention modification double click interval time, such as Fig. 3 institute Show, the device of the present embodiment may include: detection unit 11, acquiring unit 12, the first judging unit 13, first processing units 14, second judgment unit 15, the second processing unit 16, third processing unit 17, wherein detection unit 11 is used for inspection software The behavior of process calling NtUserCallOneParam function;Acquiring unit 12, for having been detected when the detection unit 11 When software process calls the behavior of NtUserCallOneParam function, obtains the software process and call Feature index No. the first being passed to when NtUserCallOneParam function;First judging unit 13, for judging described Whether feature index No. the second of feature index No. one kernel corresponding with SetDoubleClickTime function is identical;First processing Unit 14, for calling NtUserCallOneParam letter when the judging result of first judging unit 13 is not identical Number executes operation corresponding with the feature index No. first;Second judgment unit 15, for working as first judging unit When 13 judging result is identical, judge whether the software process is malicious software process;The second processing unit 16, for working as When the second judgment unit 15 determines the software process for malicious software process, refusal modify double click interval when Between operate;Third processing unit 17, for when the second judgment unit 15 determine the software process not and be Malware into Cheng Shi calls NtUserCallOneParam function to execute modification double click interval time operation.
The device of the present embodiment can be used for executing the technical solution of embodiment of the method shown in Fig. 1, realization principle and skill Art effect is similar, and details are not described herein again.
Further, the SetDoubleClickTime function corresponds to feature index No. the second of kernel and is in different It is different under system.
Further, the SetDoubleClickTime function corresponds to feature index No. the second of kernel under XP system It is 60, is 63 under Win7 system, be 65 under Win8 system, be 67 under Win8.1 system, is 69 under Win10 system.
Fig. 4 is the structural schematic diagram of the processing device embodiment two of present invention modification double click interval time, such as Fig. 4 institute Show, on the basis of the device of the present embodiment apparatus structure shown in Fig. 3, further, the second judgment unit 15 includes:
Subelement 151 is obtained, for obtaining the characteristic information of the software process;
Subelement 152 is inquired, for inquiring the software in the feature database for being stored with malicious software process characteristic information The characteristic information of process;
Judgment sub-unit 153, for the characteristic information of the software process can be inquired when the inquiry subelement 152 When, the software process is determined for malicious software process, otherwise determines that the software process is not malicious software process.
Further, described device further include:
Unit 18 is established, for calling NtUserCallOneParam function in the 11 inspection software process of detection unit Behavior before, establish feature database, the characteristic information for the malicious software process that will acquire is stored in the feature database.
The device of the present embodiment can be used for executing the technical solution of embodiment of the method shown in Fig. 1 or Fig. 2, realize former Reason is similar with technical effect, and details are not described herein again.
It should be noted that, in this document, relational terms such as first and second and the like are used merely to a reality Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to Non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those Element, but also including other elements that are not explicitly listed, or further include for this process, method, article or equipment Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that There is also other identical elements in process, method, article or equipment including the element.
Each embodiment in this specification is all made of relevant mode and describes, same and similar portion between each embodiment Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.
For Installation practice, since it is substantially similar to the method embodiment, so the comparison of description is simple Single, the relevent part can refer to the partial explaination of embodiments of method.
Expression or logic and/or step described otherwise above herein in flow charts, for example, being considered use In the order list for the executable instruction for realizing logic function, may be embodied in any computer-readable medium, for Instruction execution system, device or equipment (such as computer based system, including the system of processor or other can be held from instruction The instruction fetch of row system, device or equipment and the system executed instruction) it uses, or combine these instruction execution systems, device or set It is standby and use.For the purpose of this specification, " computer-readable medium ", which can be, any may include, stores, communicates, propagates or pass Defeated program is for instruction execution system, device or equipment or the dress used in conjunction with these instruction execution systems, device or equipment It sets.The more specific example (non-exhaustive list) of computer-readable medium include the following: there is the electricity of one or more wirings Interconnecting piece (electronic device), portable computer diskette box (magnetic device), random access memory (RAM), read-only memory (ROM), erasable edit read-only storage (EPROM or flash memory), fiber device and portable optic disk is read-only deposits Reservoir (CDROM).In addition, computer-readable medium can even is that the paper that can print described program on it or other are suitable Medium, because can then be edited, be interpreted or when necessary with it for example by carrying out optical scanner to paper or other media His suitable method is handled electronically to obtain described program, is then stored in computer storage.
It should be appreciated that each section of the invention can be realized with hardware, software, firmware or their combination.
In the above-described embodiment, multiple steps or method can be with storages in memory and by suitable instruction execution The software or firmware that system executes are realized.For example, in another embodiment, can be used if realized with hardware Any one of following technology well known in the art or their combination are realized: being had for realizing logic function to data-signal The discrete logic of the logic gates of energy, the specific integrated circuit with suitable combinational logic gate circuit, programmable gate Array (PGA), field programmable gate array (FPGA) etc..
The embodiment of the present invention also provides a kind of electronic equipment, and the electronic equipment includes described in aforementioned any embodiment Device.
Fig. 5 is the structural schematic diagram of electronic equipment embodiment of the present invention, may be implemented to implement shown in Fig. 1 or Fig. 2 of the present invention The process of example, as shown in figure 5, above-mentioned electronic equipment may include: shell 31, processor 32, memory 33, circuit board 34 and electricity Source circuit 35, wherein circuit board 34 is placed in the space interior that shell 31 surrounds, and processor 32 and memory 33 are arranged in circuit On plate 34;Power circuit 35, for each circuit or the device power supply for above-mentioned electronic equipment;Memory 33 is for storing and can hold Line program code;Processor 32 is run and executable program generation by reading the executable program code stored in memory 33 The corresponding program of code, for executing the processing method of aforementioned any modification double click interval time.
Processor 32 to the specific implementation procedures of above-mentioned steps and processor 32 by operation executable program code come The step of further executing may refer to the description of Fig. 1 of the present invention or embodiment illustrated in fig. 2, and details are not described herein.
The electronic equipment exists in a variety of forms, including but not limited to:
(1) mobile communication equipment: the characteristics of this kind of equipment is that have mobile communication function, and to provide speech, data Communication is main target.This Terminal Type includes: smart phone (such as iPhone), multimedia handset, functional mobile phone and low Hold mobile phone etc..
(2) super mobile personal computer equipment: this kind of equipment belongs to the scope of personal computer, there is calculating and processing function Can, generally also have mobile Internet access characteristic.This Terminal Type includes: PDA, MID and UMPC equipment etc., such as iPad.
(3) portable entertainment device: this kind of equipment can show and play multimedia content.Such equipment include: audio, Video player (such as iPod), handheld device, e-book and intelligent toy and portable car-mounted navigation equipment.
(4) server: providing the equipment of the service of calculating, and the composition of server includes that processor, hard disk, memory, system are total Line etc., server is similar with general computer architecture, but due to needing to provide highly reliable service, in processing energy Power, stability, reliability, safety, scalability, manageability etc. are more demanding.
(5) other electronic equipments with data interaction function.
Those skilled in the art are understood that realize all or part of step that above-described embodiment method carries It suddenly is that relevant hardware can be instructed to complete by program, the program can store in a kind of computer-readable storage medium In matter, which when being executed, includes the steps that one or a combination set of embodiment of the method.
For convenience of description, description apparatus above is to be divided into various units/modules with function to describe respectively.Certainly, exist Implement to realize each unit/module function in the same or multiple software and or hardware when the present invention.
As seen through the above description of the embodiments, those skilled in the art can be understood that the present invention can It realizes by means of software and necessary general hardware platform.Based on this understanding, technical solution of the present invention essence On in other words the part that contributes to existing technology can be embodied in the form of software products, the computer software product It can store in storage medium, such as ROM/RAM, magnetic disk, CD, including some instructions are used so that a computer equipment (can be personal computer, server or the network equipment etc.) executes the certain of each embodiment or embodiment of the invention Method described in part.

Claims (9)

1. a kind of processing method for modifying double click interval time characterized by comprising
Inspection software process calls the behavior for forbidding shut-off function function;Wherein, described to forbid the shut-off function function to be NtUserCallOneParam function;
When detecting that software process calling forbids the behavior of shut-off function function, obtains the software process calling and forbid closing Feature index No. the first being passed to when machine power function;
Judge the second function rope of the feature index No. first kernel corresponding with double click interval time power function is modified Whether quotation marks are identical;
If not identical, calling forbids shut-off function function to execute operation corresponding with the feature index No. first, otherwise Judge whether the software process is malicious software process;
If the software process is malicious software process, refuses double click interval time operation of modifying, otherwise call Shut-off function function is forbidden to execute modification double click interval time operation.
2. the processing method of modification double click interval time according to claim 1, which is characterized in that the modification mouse Feature index No. the second that mark double-click interval time power function corresponds to kernel is different under different systems.
3. the processing method of modification double click interval time according to claim 1, which is characterized in that the judgement institute State whether software process is that malicious software process includes:
Obtain the characteristic information of the software process;
The characteristic information of the software process is inquired in the feature database for being stored with malicious software process characteristic information;
If the characteristic information of the software process can be inquired, determine that the software process for malicious software process, is otherwise sentenced The fixed software process is not malicious software process.
4. the processing method of modification double click interval time according to claim 3, which is characterized in that in the detection Before software process calling forbids the behavior of shut-off function function, the method also includes:
Feature database is established, the characteristic information for the malicious software process that will acquire is stored in the feature database.
5. a kind of processing unit for modifying double click interval time characterized by comprising
Detection unit calls the behavior for forbidding shut-off function function for inspection software process;Wherein, described to forbid shut-off function Function is NtUserCallOneParam function;
Acquiring unit, for when the detection unit detect software process calling forbid the behavior of shut-off function function when, It obtains the software process and calls the feature index No. the first for forbidding being passed to when shut-off function function;
First judging unit, for judging that the feature index No. first is corresponding with modification double click interval time power function Whether feature index No. the second of kernel is identical;
First processing units, for when the judging result of first judging unit is not identical, calling to forbid shut-off function Function executes operation corresponding with the feature index No. first;
Second judgment unit, for judging that the software process is when the judging result of first judging unit is identical No is malicious software process;
The second processing unit, for when the second judgment unit determines the software process for malicious software process, refusal Modify double click interval time operation;
Third processing unit, for adjusting when the second judgment unit determines that the software process is not malicious software process The operation of double click interval time is modified with forbidding shut-off function function to execute.
6. the processing unit of modification double click interval time according to claim 5, which is characterized in that the modification mouse Feature index No. the second that mark double-click interval time power function corresponds to kernel is different under different systems.
7. the processing unit of modification double click interval time according to claim 5, which is characterized in that described second sentences Disconnected unit includes:
Subelement is obtained, for obtaining the characteristic information of the software process;
Subelement is inquired, for inquiring the spy of the software process in the feature database for being stored with malicious software process characteristic information Reference breath;
Judgment sub-unit, for when the inquiry subelement can inquire the characteristic information of the software process, described in judgement Software process is malicious software process, otherwise determines that the software process is not malicious software process.
8. the processing unit of modification double click interval time according to claim 7, which is characterized in that described device is also Include:
Unit is established, for building before detection unit inspection software process calling forbids the behavior of shut-off function function Vertical feature database, the characteristic information for the malicious software process that will acquire are stored in the feature database.
9. a kind of electronic equipment, which is characterized in that the electronic equipment includes: shell, processor, memory, circuit board and electricity Source circuit, wherein circuit board is placed in the space interior that shell surrounds, and processor and memory setting are on circuit boards;Power supply Circuit, for each circuit or the device power supply for above-mentioned electronic equipment;Memory is for storing executable program code;Processing Device runs program corresponding with executable program code by reading the executable program code stored in memory, for holding The processing method of row preceding claims 1-4 described in any item modification double click interval times.
CN201610552278.9A 2016-07-13 2016-07-13 Modify processing method, device and the electronic equipment of double click interval time Active CN106201032B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610552278.9A CN106201032B (en) 2016-07-13 2016-07-13 Modify processing method, device and the electronic equipment of double click interval time

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610552278.9A CN106201032B (en) 2016-07-13 2016-07-13 Modify processing method, device and the electronic equipment of double click interval time

Publications (2)

Publication Number Publication Date
CN106201032A CN106201032A (en) 2016-12-07
CN106201032B true CN106201032B (en) 2019-04-30

Family

ID=57476742

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610552278.9A Active CN106201032B (en) 2016-07-13 2016-07-13 Modify processing method, device and the electronic equipment of double click interval time

Country Status (1)

Country Link
CN (1) CN106201032B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101414341A (en) * 2007-10-15 2009-04-22 北京瑞星国际软件有限公司 Software self-protection method
CN102457474A (en) * 2010-10-21 2012-05-16 镇江金软计算机科技有限责任公司 Method for managing logs of lessee of software-as-a-service (SaaS) application software

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101414341A (en) * 2007-10-15 2009-04-22 北京瑞星国际软件有限公司 Software self-protection method
CN102457474A (en) * 2010-10-21 2012-05-16 镇江金软计算机科技有限责任公司 Method for managing logs of lessee of software-as-a-service (SaaS) application software

Also Published As

Publication number Publication date
CN106201032A (en) 2016-12-07

Similar Documents

Publication Publication Date Title
Wang et al. Quantitative security risk assessment of android permissions and applications
CN105930739B (en) A kind of method and terminal for preventing file deleted
CN106201468B (en) A kind of processing method of screenshotss, device and electronic equipment
CN103020524A (en) Computer virus monitoring system
Shezan et al. Read between the lines: An empirical measurement of sensitive applications of voice personal assistant systems
WO2012088109A3 (en) Providing a security boundary
CN106203077B (en) A kind of processing method of Copy Info, device and electronic equipment
CN106203092A (en) Method and device for intercepting shutdown of malicious program and electronic equipment
CN103049695A (en) Computer virus monitoring method and device
CN106203119B (en) Hide processing method, device and the electronic equipment of cursor
CN106682493B (en) A kind of method, apparatus for preventing process from maliciously being terminated and electronic equipment
Prince Cybersecurity: The security and protection challenges of our digital world
CN104462953B (en) A kind of information processing method and electronic equipment
CN106201032B (en) Modify processing method, device and the electronic equipment of double click interval time
CN105787302B (en) A kind of processing method of application program, device and electronic equipment
CN106022111B (en) Processing method and device for hiding pop-up window and electronic equipment
CN106203115A (en) Application program protection method and device and electronic equipment
CN106203114A (en) Application program protection method and device and electronic equipment
CN106709357A (en) Kernel internal storage monitoring based vulnerability prevention system for Android platform
CN106203118B (en) Processing method and device for modifying flicker time of insertion mark and electronic equipment
CN106127050A (en) Method and device for preventing system cursor from being maliciously modified and electronic equipment
CN106022109A (en) Method and device for preventing thread from being suspended and electronic equipment
CN102929802A (en) Stored resource protection method and system
CN106228062B (en) A kind of method, apparatus and electronic equipment for the treatment of progress registration
CN106022015B (en) A kind of method, apparatus preventing process suspension and electronic equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20190124

Address after: 519031 Room 105-53811, No. 6 Baohua Road, Hengqin New District, Zhuhai City, Guangdong Province

Applicant after: Zhuhai Leopard Technology Co.,Ltd.

Address before: 100085 East District, No. 33 Xiaoying West Road, Haidian District, Beijing

Applicant before: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant