CN107944279A - BIOS vulnerability scanners and scan method based on UEFI - Google Patents
BIOS vulnerability scanners and scan method based on UEFI Download PDFInfo
- Publication number
- CN107944279A CN107944279A CN201711373147.5A CN201711373147A CN107944279A CN 107944279 A CN107944279 A CN 107944279A CN 201711373147 A CN201711373147 A CN 201711373147A CN 107944279 A CN107944279 A CN 107944279A
- Authority
- CN
- China
- Prior art keywords
- uefi
- bios
- driving
- scanning
- vulnerability
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The present invention provides the BIOS vulnerability scanners based on UEFI, the device includes:Vulnerability database, for storing the condition code of loophole, is used as condition code matches object, to verify that BIOS to be measured whether there is loophole during vulnerability scanning;UEFI firmwares start information scanning unit, acquisition, processing and the analysis to startup item information are realized, to verify the legitimacy of startup item;BIOS configuration information scanning elements, realize acquisition, analysis to the basic configuration information of BIOS, to judge whether to meet the requirement normally started;Health status scanning element is driven, the driving of various equipment and the state of controller to UEFI BIOS loadings are scanned, and whether detect each driving in normal operating conditions or whether by malicious modification.The device can be used for the scene of various BIOS loopholes of the needs scanning based on UEFI, so as to ensure the safe and reliable of BIOS system.Present invention also offers the BIOS vulnerability scanning methods based on UEFI.
Description
Technical field
The present invention relates to field of computer technology, is specifically a kind of BIOS vulnerability scanners based on UEFI and sweeps
Retouch method.
Background technology
With computer technology and the high speed development of Network Information, the number of computer virus outburst and new calculating
The speed that machine virus occurs all shows the trend risen rapidly year by year, how to be found in first time, removing virus becomes industry
Boundary's very concern.In order to solve the deficiency of traditional BIOS, Intel Company proposes firmware techniques EFI of new generation, later
Develop into UEFI (unified Extensible Firmware Interface).The technology is abstract by increasing by one layer between hardware and operating system,
Shield bottom hardware characteristic.Environment guiding carries out system by general mode, while UEFI additionally provides a debugging ring
Border, can allow user to run some application programs before os starting.
Security breaches existing for firmware layer have become one of important deterrent of information security industry, utilize its implementation
Attack have not easy-clear, be difficult to detect, the destructive inherent characteristics such as strong.Therefore attack of the research based on firmware layer, from bottom
Sound assurance is provided for computer security, there is important application value and research significance.
BIOS is the program being first carried out after computer starting, to calculate as the essential firmware program of firmware layer
Machine provides the bottom, most direct hardware controls.UEFI is the BIOS standards of a new generation, defines operating system and hardware platform
Interface specification between firmware.Its appearance not only changes the Starting mode of traditional BIOS, solves traditional BIOS and is difficult to
The problems such as extension, and convenient low level development environment is provide the user, but some safety are also inevitably brought at the same time
Hidden danger.At present, the prior art lacks the detection means for BIOS loopholes.
The content of the invention
To solve the above-mentioned problems, there is provided a kind of BIOS vulnerability scanners and scan method based on UEFI, can be with
For the various scenes for needing to scan the BIOS loopholes based on UEFI, so as to ensure the safe and reliable of BIOS system.
An embodiment of the present invention provides a kind of BIOS vulnerability scanners based on UEFI, the device includes:
Vulnerability database, for storing the condition code of loophole, is used as condition code matches object during vulnerability scanning, with
Verify that BIOS to be measured whether there is loophole;
UEFI firmwares start information scanning unit, realize acquisition, processing and the analysis to startup item information, are started with verifying
The legitimacy of item;
BIOS configuration information scanning elements, realize acquisition, analysis to the basic configuration information of BIOS, to judge whether to accord with
Close the requirement normally started;
Health status scanning element is driven, the driving of various equipment and the state of controller to UEFI BIOS loadings
It is scanned, whether detects each driving in normal operating conditions or whether by malicious modification.
The embodiment of the present invention additionally provides a kind of BIOS vulnerability scanning methods based on UEFI, and the method includes:
S1:Loading is used for the UEFI running environment for running UEFI application programs;
S2:BIOS configuration informations scanning element obtains BIOS configuration informations from SMBIOS tables of data;
S3:BIOS vulnerability scanner call functions obtain UEFI firmwares from global variable and start information;
S4:Driving health status scanning element is docked with EFI Driver Health Protocol, obtains driving health
Situation.
Further, the specific implementation process of step S1 is:First, after power-up, platform initialization loads successively afterwards
UEFI images and UEFI startup managers, are successfully entered system;Then, terminate and start service return startup menu, starting dish
Selection enters UEFI application programs in list, is loaded into interim operating system, and establish interim operating system environment.
Further, the specific implementation process of step S2 is:The inquiry defined using agreement EFI_SMBIOS_PROTOCOL
The interface of SMBIOS records obtains corresponding BIOS information.
Further, the specific implementation process of step S3 is:
S31:EFI_GET_VARIABLE () function is called to obtain the value in Boot Order;
S32:Descriptor in the startup item variable obtained in step S31 is separated into each field, and each field is registered
Into Bds Common Option List structures;
S33:The status information of startability is obtained by the attribute information table in system.
Further, the specific implementation process of step S4 is:
S41:Come in searching platform to install using the Locate Handle Buffer functions provided in UEFI guide services
The driving of Efi Driver Health Protocol;
S42:Each driver handle retrieved is circulated, the Handle provided in UEFI guide services is provided
Protocol functions obtain a Driver Health Protocol example;
S43:Using the Get Health Status methods in Driver Health Protocol come obtain the driving with
And drive the health status of managed controller;
S44:The state of return is handled, the driving or control are obtained by COMPONENT_NAME_PROTOCOL
The title of device processed.
Further, the step S4 is further included:
S45:If the driving under unhealthy status, then title and driving condition output will be driven, prompts to use
Family needs to change.
The effect provided in the content of the invention is only the effect of embodiment, rather than whole effects that invention is all, above-mentioned
A technical solution in technical solution has the following advantages that or beneficial effect:
1st, the present apparatus is scanned by BIOS configuration informations, startup item information scanning and driving health status scan, and is realized
Scanning to BIOS loopholes, so as to ensure the safe and reliable of BIOS system.Meanwhile the present apparatus and operating system are completely isolated, lead to
The mode for crossing conversion and control power realizes information exchange with firmware layer.
2nd, by establishing running environment, and call function is docked to realize BIOS configuration informations, startup item information and drive
The acquisition of dynamic health status information, can quickly realize comprehensive scanning to BIOS loopholes, strengthen the security of hardware structure.
Brief description of the drawings
Fig. 1 is the schematic diagram of apparatus of the present invention embodiment;
Fig. 2 is the realization principle figure of apparatus of the present invention;
Fig. 3 is the flow chart of the method for the present invention embodiment;
Fig. 4 is the schematic diagram of running environment loading of the present invention;
Fig. 5 is the reference chart of attribute list of the present invention.
Embodiment
In order to clarify the technical characteristics of the invention, below by embodiment, and its attached drawing is combined, to this hair
It is bright to be described in detail.Following disclosure provides many different embodiments or example is used for realizing the different knots of the present invention
Structure.In order to simplify disclosure of the invention, hereinafter the component and setting of specific examples are described.In addition, the present invention can be with
Repeat reference numerals and/or letter in different examples.This repetition is that for purposes of simplicity and clarity, itself is not indicated
Relation between various embodiments are discussed and/or are set.It should be noted that illustrated component is not necessarily to scale in the accompanying drawings
Draw.Present invention omits the description to known assemblies and treatment technology and process to avoid the present invention is unnecessarily limiting.
Embodiment
As shown in Figure 1, an embodiment of the present invention provides a kind of BIOS vulnerability scanners based on UEFI, the device
Start information scanning unit, BIOS configuration informations scanning element, driving health status scanning list including vulnerability database, UEFI firmwares
Member.
The vulnerability database is used for the condition code for storing loophole, and condition code matches pair are used as during vulnerability scanning
As to verify that BIOS to be measured whether there is loophole.
UEFI firmwares start information scanning unit, realize acquisition, processing and the analysis to startup item information, are started with verifying
The legitimacy of item.
BIOS configuration information scanning elements, realize acquisition, analysis to the basic configuration information of BIOS, to judge whether to accord with
Close the requirement normally started.
Health status scanning element is driven, the driving of various equipment and the state of controller to UEFI BIOS loadings
It is scanned, whether detects each driving in normal operating conditions or whether by malicious modification.
As shown in Fig. 2, the present apparatus is completely isolated with operating system, realized and firmware layer by way of conversion and control power
Information exchange.
As shown in figure 3, the embodiment of the present invention additionally provides a kind of BIOS vulnerability scanning methods based on UEFI, the side
Method includes:
S1:Loading is used for the UEFI running environment for running UEFI application programs.
UEFI allows by loading UEFI application programs and UEFI drivings come extensible frame fixed piece.When loading UEFI driving and
When UEFI application programs, taken when driving and application program are with access to guide service and operation all defined in UEFI
Business.
Fig. 4 shows UEFI Booting sequence figures:After power-up, the first step is platform initialization, and UEFI images will be added afterwards
It is loading UEFI startup managers afterwards to carry (including loading UEFI drivers and application program), if being successfully entered system,
It will terminate and start service return startup menu.And if selection enters UEFI application programs in menu is started, interim operation system
System will be loaded into, and establish interim operating system environment.And if interim operating system is successfully loaded, corresponding UEFI operations
Environment is successfully established.
UEFI Shell realize this interim operating system environment, it is a kind of special UEFI application programs.UEFI
Shell provides console interface, for starting application program, loading UEFI agreements and device driver and performing simple
Script file.The interface also provides command interface and performs the corresponding command or UEFI application programs.In fact, UEFI shell are one
A operating environment, is responsible for receiving user mutual as a shell.It receives user's input, transmits user and inputs to kernel
Perform, implementing result is shown to user.It is similar to the cmd under Windows environment or Shell circle under Linux environment
Face.
S2:BIOS configuration informations scanning element obtains BIOS configuration informations from SMBIOS tables of data.
EFI_SMBIOS_PROTOCOL defines an increase, deletes or inquire about the interface of SMBIOS records in UEFI.
When UEFI starts, the UEFI drivers for installing the agreement will be responsible for creating SMBIOS tables of data, and will be directed toward the tables of data
Pointer is placed in EFI system allocation list.In the BIOS configuration informations scanning of the virus scanning engine based on UEFI, the association is used
The interface of inquiry SMBIOS record defined in view obtains corresponding BIOS information.
Shown in EFI_SMBIOS_PROTOCOL is defined as follows:
typedef struct_EFI_SMBIOS_PROTOCOL{
EFI_SMBIOS_ADD Add;
EFI_SMBIOS_UPDATE_STRINGUpdate String;
EFI_SMBIOS_REMOVE Remove;
EFI_SMBIOS_GET_NEXT Get Next;
UINT8Major Version;
UINT8Minor Version;
}EFI_SMBIOS_PROTOCOL;
Get Next functions are used to inquire about all or part of SMBIOS records, its function declaration is as follows:
typedef
EFI_STATUS
(EFIAPI*EFI_SMBIOS_GET_NEXT)(
IN CONST EFI_SMBIOS_PROTOCOL*This,
IN OUT EFI_SMBIOS_HANDLE*Smbios Handle,
IN EFI_SMBIOS_TYPE*Type,OPTIONAL
OUT EFI_SMBIOS_TABLE_HEADER**Record,
OUT EFI_HANDLE*Producer Handle,OPTIONAL
)
Wherein, Type parameter represents the type of the SMBIOS to be inquired about records, more than 40 kind SMBIOS notes defined in UEFI
Record, only scans wherein more crucial several, including bios version, CPU models, CPU frequency, Installed System Memory information here.
If bios version is too low will to suggest that user is updated to the BIOS of latest edition, it is found to prevent the BIOS of lowest version
Loophole be subject to the attack of malice.Or other information is incorrect, if such as CPU frequency, Installed System Memory etc. with just
Reason condition is not inconsistent, it is also possible to is due to be distorted by malice, it should enhance your vigilance.
S3:BIOS vulnerability scanner call functions obtain UEFI firmwares from global variable and start information.
Service can call when guiding and operating system during the operation provided in UEFI kernels.Taken during operation
This characteristic of business, the interaction between underlying resource and upper strata operating system offer convenience, but are also whole meter from bottom
Calculation machine system brings security risk.
Startup item loader arbitrarily can add or change startup item in UEFI BIOS.Startup item loading can load
The Agent serviced during with operation invades program.Service is the invasion sex service of itself when the invasion program is run by calling
Push operation system, you can realize the operating system control of BIOS grades of UEFI.In addition the back door opened can be serviced by the invasion
Access the resource of this machine.
For this reason, being scanned based on the scanning engine of UEFI to the startup item of UEFI, and speculate the legitimacy of startup item.
Concrete implementation method is broadly divided into following three steps:
The first step, obtains startup item information.Startup manager be responsible for start UEFI application programs (including OS Loader),
UEFI drivers etc..Startup item information is stored in global variable Boot Order.Boot Order include a UINT16
The vector of type, this vector are the ordered lists being made of Boot#### options.First element in vector is first
The value of logic startup item, second element are the values of second logic startup item, and so on.The boot sequence of these startup items
It is exactly the default start sequence of startup manager.
The function interface of global variable is obtained when UEFI is transported defined in agent list, EFI_GET_VARIABLE () function can
To obtain the value in Boot Order.
Second step, handles startup item information.Each startup item variable includes an EFI_LOAD_OPTION and describes
Symbol.The descriptor is the field buffer area of a variable-length in units of byte.
Each field occurs in the following order in buffer area:
UINT16Attributes;// add-in attribute
UINT16File Path List Length;The length of //File Path List
CHAR16Description[];The readable descriptor of // user
EFI_DEVICE_PATH_PROTOCOL File Path List[];The packing array of //UEFI device paths
UINT8Optional Data[];// binary data buffering area
In order to facilitate the information for calling and analyzing each field in EFI_LOAD_OPTION descriptors.It is generally necessary to separate
Each field, and each field is registered in Bds Common Option List structures.
3rd step, analyzes startup item information.The letter such as the attribute of the to the effect that startup item of analysis and corresponding device type
Breath.Judge whether the startup item has potential threat by each attribute description.Each kind of startup item is listed in the table of Fig. 5
Property.
EFI_DEVICE_PATH_PROTOCOL agreements can use in any equipment handle, obtain related physical or patrol
Collect the general purpose routine or positional information of equipment.One invalid handle refers to it and is unable to logical mappings to a physical equipment, i.e., should
Handle not holding equipment Path First.Device path points out the relevant device location of the handle;And the size of device path is by structure
Structure into the equipment determines.
The File Path List fields of startup item store UEFI device path information, pass through EFI_DEVICE_PATH_
PROTOCOL agreements may recognize that the device type belonging to the startup item.
By performing three above step, the information such as the values of all startup items, attribute, device type can be obtained, with this
Judge whether the startup item is normal starting device and whether has potential security threat, these information are alternatively opened
The foundation of flowing mode.
It is to think have a case that to threaten below:
1) by the startup item information obtained compared with the startup menu of startup manager, both are inconsistent.
2) device type information of startup item can be identified, but the attribute of the startup item is not LOAD_OPTION_
ACTIVE。
3) attribute of startup item is LOAD_OPTION_HIDDEN, but appears in and start in menu.
S4:Driving health status scanning element is docked with EFI Driver Health Protocol, obtains driving health
Situation.
The specific implementation process of step S4 is:
S41:Come in searching platform to install using the Locate Handle Buffer functions provided in UEFI guide services
The driving of Efi Driver Health Protocol.Driver Health Handles are to be mounted with Efi
The driver handle of Driver Health Protocol, Num Handles are then the quantity of above-mentioned driving.
S42:Each driver handle retrieved is circulated, the Handle provided in UEFI guide services is provided
Protocol functions obtain a Driver Health Protocol example;
S43:Using the Get Health Status methods in Driver Health Protocol come obtain the driving with
And drive the health status of managed controller;
S44:The state of return is handled, the driving or control are obtained by COMPONENT_NAME_PROTOCOL
The title of device processed.
The step S4 is further included:
S45:If the driving under unhealthy status, then title and driving condition output will be driven, prompts to use
Family needs to change.
Although specification and drawings and examples have been carried out being described in detail to the invention, this area skill
Art personnel should be appreciated that still can be to the invention technical scheme is modified or replaced equivalently;And all do not depart from wound of the present invention
The technical solution for the spirit and scope made and its improvement, it is encompassed by among the protection domain of the invention patent.
Claims (7)
1. a kind of BIOS vulnerability scanners based on UEFI, it is characterized in that:The device includes:
Vulnerability database, for storing the condition code of loophole, is used as condition code matches object during vulnerability scanning, with verification
BIOS to be measured whether there is loophole;
UEFI firmwares start information scanning unit, acquisition, processing and the analysis to startup item information are realized, to verify startup item
Legitimacy;
BIOS configuration information scanning elements, realize acquisition, analysis to the basic configuration information of BIOS, to judge whether to meet just
The requirement often started;
Health status scanning element is driven, the state of driving and controller to the various equipment of UEFI BIOS loadings carries out
Whether scanning, detect each driving in normal operating conditions or whether by malicious modification.
2. a kind of BIOS vulnerability scanning methods based on UEFI, it is characterized in that:The method includes:
S1:Loading is used for the UEFI running environment for running UEFI application programs;
S2:BIOS configuration informations scanning element obtains BIOS configuration informations from SMBIOS tables of data;
S3:BIOS vulnerability scanner call functions obtain UEFI firmwares from global variable and start information;
S4:Driving health status scanning element is docked with EFI Driver Health Protocol, obtains driving health status.
3. a kind of BIOS vulnerability scanning methods based on UEFI according to claim 2, it is characterized in that:Step S1's is specific
The process of realization is:First, after power-up, by platform initialization, UEFI images and UEFI startup managers, success are loaded successively afterwards
Into system;Then, termination starts service return and starts menu, selects to enter UEFI application programs in menu is started, is loaded into
Interim operating system, and establish interim operating system environment.
4. a kind of BIOS vulnerability scanning methods based on UEFI according to claim 2, it is characterized in that:Step S2's is specific
The process of realization is:The interface of the inquiry SMBIOS records defined using agreement EFI_SMBIOS_PROTOCOL is corresponding to obtain
BIOS information.
5. a kind of BIOS vulnerability scanning methods based on UEFI according to claim 2, it is characterized in that:Step S3's is specific
The process of realization is:
S31:EFI_GET_VARIABLE () function is called to obtain the value in Boot Order;
S32:Descriptor in the startup item variable obtained in step S31 is separated into each field, and each field is registered to Bds
In Common Option List structures;
S33:The status information of startability is obtained by the attribute information table in system.
6. a kind of BIOS vulnerability scanning methods based on UEFI according to claim 2, it is characterized in that:Step S4's is specific
The process of realization is:
S41:To be mounted with Efi in searching platform using the Locate Handle Buffer functions provided in UEFI guide services
The driving of Driver Health Protocol;
S42:Each driver handle retrieved is circulated, the HandleProtocol functions provided in UEFI guide services are provided
To obtain a Driver Health Protocol example;
S43:The driving and drive are obtained using the Get Health Status methods in Driver Health Protocol
The health status of dynamic managed controller;
S44:The state of return is handled, the driving or controller are obtained by COMPONENT_NAME_PROTOCOL
Title.
7. a kind of BIOS vulnerability scanning methods based on UEFI according to claim 6, it is characterized in that:The step S4
Further include:
S45:If the driving under unhealthy status, then title and driving condition output will be driven, prompts user to need
Change.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711373147.5A CN107944279A (en) | 2017-12-19 | 2017-12-19 | BIOS vulnerability scanners and scan method based on UEFI |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711373147.5A CN107944279A (en) | 2017-12-19 | 2017-12-19 | BIOS vulnerability scanners and scan method based on UEFI |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107944279A true CN107944279A (en) | 2018-04-20 |
Family
ID=61941284
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711373147.5A Pending CN107944279A (en) | 2017-12-19 | 2017-12-19 | BIOS vulnerability scanners and scan method based on UEFI |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107944279A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109711161A (en) * | 2018-12-03 | 2019-05-03 | 联想(北京)有限公司 | A kind of monitoring method and electronic equipment |
CN109783146A (en) * | 2019-01-08 | 2019-05-21 | 郑州云海信息技术有限公司 | A kind of method of reading service device DMI information under shell |
CN110457907A (en) * | 2019-07-25 | 2019-11-15 | 腾讯科技(深圳)有限公司 | A kind of firmware program detecting method and device |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101079003A (en) * | 2006-05-23 | 2007-11-28 | 北京金元龙脉信息科技有限公司 | System and method for carrying out safety risk check to computer BIOS firmware |
CN102270288A (en) * | 2011-09-06 | 2011-12-07 | 中国人民解放军国防科学技术大学 | Method for performing trusted boot on operation system based on reverse integrity verification |
US20150121497A1 (en) * | 2012-04-05 | 2015-04-30 | Toucan System | Method For Securing Access To A Computer Device |
-
2017
- 2017-12-19 CN CN201711373147.5A patent/CN107944279A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101079003A (en) * | 2006-05-23 | 2007-11-28 | 北京金元龙脉信息科技有限公司 | System and method for carrying out safety risk check to computer BIOS firmware |
CN102270288A (en) * | 2011-09-06 | 2011-12-07 | 中国人民解放军国防科学技术大学 | Method for performing trusted boot on operation system based on reverse integrity verification |
US20150121497A1 (en) * | 2012-04-05 | 2015-04-30 | Toucan System | Method For Securing Access To A Computer Device |
Non-Patent Citations (1)
Title |
---|
刘宝凯: "基于UEFI的病毒扫描引擎的设计与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109711161A (en) * | 2018-12-03 | 2019-05-03 | 联想(北京)有限公司 | A kind of monitoring method and electronic equipment |
CN109783146A (en) * | 2019-01-08 | 2019-05-21 | 郑州云海信息技术有限公司 | A kind of method of reading service device DMI information under shell |
CN110457907A (en) * | 2019-07-25 | 2019-11-15 | 腾讯科技(深圳)有限公司 | A kind of firmware program detecting method and device |
CN110457907B (en) * | 2019-07-25 | 2021-04-20 | 腾讯科技(深圳)有限公司 | Firmware program detection method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11216256B2 (en) | Determining based on static compiler analysis that execution of compiler code would result in unacceptable program behavior | |
US10581879B1 (en) | Enhanced malware detection for generated objects | |
US9734333B2 (en) | Information security techniques including detection, interdiction and/or mitigation of memory injection attacks | |
US9348998B2 (en) | System and methods for detecting harmful files of different formats in virtual environments | |
US10237284B2 (en) | Internet of things security appliance | |
US9117079B1 (en) | Multiple application versions in a single virtual machine | |
US9594904B1 (en) | Detecting malware based on reflection | |
US10671726B1 (en) | System and method for malware analysis using thread-level event monitoring | |
US9213829B2 (en) | Computing device including a port and a guest domain | |
US6973578B1 (en) | System, method and computer program product for process-based selection of virus detection actions | |
CN105068932B (en) | A kind of detection method of Android application programs shell adding | |
US8347380B1 (en) | Protecting users from accidentally disclosing personal information in an insecure environment | |
US20130247198A1 (en) | Emulator updating system and method | |
US20080127344A1 (en) | Method and system for detecting windows rootkit that modifies the kernel mode system service dispatch table | |
US10216934B2 (en) | Inferential exploit attempt detection | |
US9262208B2 (en) | Automated, controlled distribution and execution of commands and scripts | |
WO1998021666A1 (en) | Url login | |
CN107944279A (en) | BIOS vulnerability scanners and scan method based on UEFI | |
US8312547B1 (en) | Anti-malware scanning in a portable application virtualized environment | |
CN106326735A (en) | Anti-injection method and apparatus | |
US20230342497A1 (en) | Computer device and method for managing privilege delegation | |
CN114707150A (en) | Malicious code detection method and device, electronic equipment and storage medium | |
Geetha Ramani et al. | Nonvolatile kernel rootkit detection using cross‐view clean boot in cloud computing | |
CN114372256A (en) | Application program running method, device, equipment and storage medium | |
CN113064601B (en) | Method, device, terminal and storage medium for determining dynamic loading file |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180420 |
|
RJ01 | Rejection of invention patent application after publication |