CN1107263C - Technology and hardware for prevention and treatment of computer virus - Google Patents
Technology and hardware for prevention and treatment of computer virus Download PDFInfo
- Publication number
- CN1107263C CN1107263C CN95111234A CN95111234A CN1107263C CN 1107263 C CN1107263 C CN 1107263C CN 95111234 A CN95111234 A CN 95111234A CN 95111234 A CN95111234 A CN 95111234A CN 1107263 C CN1107263 C CN 1107263C
- Authority
- CN
- China
- Prior art keywords
- file
- prevention
- sector
- virus
- disk
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention relates to a technique for prevention and treatment of computer viruses and hardware thereof. The hardware roughly comprises a circuit board and a program processing program thereof, wherein the circuit board accords with an IBM-PC expansion slot bus; during a start, a control program of a card can monitor operation to a hard disk at any time; if writing operation is currently carried out, whether the writing operation is carried out to a protective sector is judged; if the writing operation is not currently carried out, the current operation is imperatively stopped.
Description
The present invention is the safety technique of a kind of IBM-PC series microcomputer and compatible, and it is particularly related to the prevention and cure of viruses technology of a kind of IBM-PC series microcomputer and all compatibles.
The appearance of computer virus and spreading unchecked, give countries in the world particularly computing machine circle cause tremendous loss, for this reason, computer elites have done a large amount of work, develop the instrument of many antagonism computer viruses, but computer virus still spreads unchecked everywhere at present, and its one of the main reasons is to look into the development that the means of separating virus do not catch up with some viruses far away.Therefore, nearly all anti-virus method can only prevent known virus at present.Be exactly that research virus is earlier write corresponding detoxifcation software at virus then after the virus.Yet at present, the whole world has tens kinds of viruses to produce every day, and the style of virus constantly updates, and program means is also more and more higher, and develops towards hidden and the anti-microbial direction of antagonism, so it is very passive to go to remove virus with the method for software.For example the Chinese invention patent application number 91101812.3, and name is called " a kind of method of anti-computer virus ", and inventor Lv Cheming etc. promptly is an example that prevents virus with software.
Antivirus card is present best anti-virus instrument, it is by the feature that writes down virus file to be filtered inspection, it also can only prevent the virus of known several types, the virus that belongs to this several types has several thousand kinds, but up to ten thousand kinds of present virus possibilities, and a kind of virus of different mechanism can be easy to break through the defence line of antivirus card.Chinese invention patent application by Shenzhen Huaxing Science ﹠ Tech Co., Ltd.'s application, application number is 9010037.6, the patented claim that name is called " IBM-PC microcomputer virus technology " provides a kind of antivirus card, being to prevent and treat virus with the mode that software and hardware combines, is the wider anti-virus instrument of using at present.It has made a kind of antivirus card, be solidified with program on the card, the step of taking is to check earlier whether boot sector meets the form of DOS boot sector before carrying out guiding, the person of not meeting refuses guiding, in bootup process, at any time check whether memory size is modified, reduce that then refusal continues guiding if memory size occurs.Adopting above-mentioned steps is effectively, but also is unable to cope with the virus of dramatic growth, and for example above-mentioned antivirus card just is unable to cope with 92 years DIR-2 and 1820 viruses that occur.
European patent W09313477; name is called " guard of computer device " and is provided with a hardware unit; comprise a microprocessor; described microprocessor and EEPROM and memory RAM are joined; kind when being provided with; and the input/output end port that is connected with host bus etc., having designed necessary software, its principle is by realize the protection of disk file is prevented the infringement of virus at EEPROM protection FAT.But such scheme is too complicated, and the set hardware unit and the information interchange of main frame be difficulty very, and particularly very big at some operating system difficulty, cost is very high, and therefore improved necessity arranged.
The purpose of this invention is to provide a kind of prior art shortcoming that can overcome, with low cost, realize being easy to a kind of Prevention and Cure of Computer Virus technology and hardware.
For achieving the above object, the solution of the present invention is: a circuit board that meets IBM-PC expansion slot bus is provided, and described circuit board comprises:
---a data bus buffer,
---an address bus impact damper, its high position links to each other with an address decoder,
---a control bus impact damper,
---EEPROM links to each other with above-mentioned three impact dampers and address decoder.
Said apparatus is to link to each other with EEPROM with some logical circuits, is solidified with control program among the EEPROM and stores protected file for information about with the disk finishing technique, and described design of control program method comprises following several sections:
---start-up system work,
---read to interrupt the 13H interrupt vector,
---put new interruption 13H,
---return,
The new control program that interrupts 13H is:
---read new interruption 13H,
---be disk write operation, the sector number that writes is in the protection sector, then puts error flag, return,
---not disk write operation, change former interruption 13H,
---the sector number that writes changes former interruption BH not in the protection sector.
The card of above-mentioned technical characterictic circuit is inserted in the IBM-PC expansion slot, and the start aft engine is carried out the following step:
Move software kit after the host directs system; this software will be put in order disk; and the information relevant with protected file write among the EEPROM on the card; after the start; control program on the card can monitor the operation to hard disk at any time; if current is write operation, will judges and whether write operation be made in the protection sector, if then end by force.Therefore this programme with logical circuit and software thereof effectively to computer realization protection, realized purpose of the present invention.
Below in conjunction with diagram the present invention program is described in more detail.
Fig. 1 is the schematic diagram of circuit board;
Fig. 2 is a control card control program block diagram;
Fig. 3 is new interruption 13H flow chart;
Fig. 4 is the file consolidation flow chart.
Theory diagram referring to the circuit card of Fig. 1; be provided with data bus buffer (1); address bus impact damper (2); control bus impact damper (3); the PC bus interface of their ends and main frame; the other end links to each other with EEPROM (4); wherein; the high order end Λ 19-Λ 12 of address bus impact damper (2) links to each other with EEPROM (4) by an address decoder (6); in EEPROM, be solidified with the driver and the information relevant that meet IBM-PC series microcomputer ROM program load rule with protected file, and supporting with it software.
When this is placed in the microcomputer host expansion slot; can be automatically after main frame powers up be that the content of OC8000H-OEOOOOH detects to physical address; if find first; two bytes are respectively 55H; AAH; the 3rd byte is program length (is unit with 512 bytes); and all byte verifications and be zero in this length; CPU turns to the program on the execute card; program on the card is after executing some necessary initial work; intercept former interruption 13H; new interruption 13H has the ability that detects write operation; if current is write operation; to judge whether write operation is made in the protection sector, if then stop its process such as Fig. 2 by force; shown in the block diagram of Fig. 3.Its actual step is; this card is inserted in the expansion slot of main frame; start by the host directs system after; the operation software kit; this software can be automatically to executable files all on the hard disk; the file of user's appointment is handled; and write automatically among the EEPROM on the card with information such as these file file associated allocation tables and directory entries; forbid then this EEPROM is carried out illegal write operation; start computing machine then; then the program on the circuit board will be monitored the operation to hard disk at any time; if find Main Boot Record to system; the write operation of dos boot record and protected file all is considered to illegally, and ends by force, and other file can carry out normal write operation.
In conjunction with flow chart and above-mentioned technical finesse scheme, can be write as program with various language, be solidificated among the EEPROM of expansion card.
Go up the quantity of information of record in order to reduce card, the present invention has adopted the disk finishing technique, and its main points are:
1, all protected files is arranged in the continuous disk space, so only needs this interval start sector number of record and finish sector number.
2, FAT (file allocation table) is divided into two parts, a part is the allocation table of protected file, and another part is the file allocation table of protected file not, can prevent the destruction of some virus to file allocation table like this.And protected file and not the shared file allocation table sector of protected file write among the EEPROM on the card.
3, to the protection of sub-directory; sub-directory also is divided into two parts; the directory entry of protected file is placed in the protection sector; and do not protect part to place outside the guard interval; so both can prevent deletion to protected file; simultaneously, can also under this catalogue, add new file or the not protected file of deletion.
4, Main Boot Record and dos boot record are also listed in the row of protection, can be prevented the invasion of boot-type virus like this.
For realizing above-mentioned file consolidation technical scheme, its concrete flow chart as shown in Figure 4.
Compare with other virus proof tech, the present invention has following remarkable advantage:
1, the present invention adopts the method that soft and hardware combines, and guiding is finished in system Add anti-virus functionality before.
2, be to establish at additional this common feature of Virus of file for virus Meter, can prevent existing virus and new virus to the destruction of file, this point is it His method can't be accomplished.
3, the method does not account for system's resource, and is minimum to system impact itself.
4, realize easily highly versatile on the technology of the present invention.
In sum, the present invention is effective.
Claims (3)
1, a kind of Prevention and Cure of Computer Virus hardware is characterized in that: a circuit board that meets IBM-PC expansion slot bus is provided, and described circuit board comprises:
---a data bus buffer,
---an address bus impact damper, its high position links to each other with an address decoder,
---a control bus impact damper,
---EEPROM links to each other with above-mentioned three buffers and address decoder.
2, a kind of Prevention and Cure of Computer Virus technology is characterized in that: be solidified with control program among the EEPROM and store protected file for information about with the disk finishing technique, described design of control program method comprises following several sections:
---start-up system work,
---read to interrupt the 13H interrupt vector,
---put new interruption 13H,
---return,
The new control program that interrupts 13H is:
---read new interruption 13H,
---be disk write operation, the sector number that writes is in the protection sector, then puts error flag, return,
---not disk write operation, change former interruption 13H,
---the sector number that writes changes former interruption BH not in the protection sector.
3, a kind of Prevention and Cure of Computer Virus technology according to claim 2, it is characterized in that: described disk finishing technique the steps include:
1. all protected files are arranged in the continuous disk space, so only need this interval start sector number of record and finish sector number.
2. FAT (file allocation table) is divided into two parts, a part is the allocation table of protected file, and another part is the file allocation table of protected file not.
3. sub-directory also is divided into two parts, the directory entry of protected file is placed in the protection sector, and do not protect part to place outside the guard interval.
4. Main Boot Record and dos boot record are also listed in the row of protection.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN95111234A CN1107263C (en) | 1995-01-24 | 1995-01-24 | Technology and hardware for prevention and treatment of computer virus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN95111234A CN1107263C (en) | 1995-01-24 | 1995-01-24 | Technology and hardware for prevention and treatment of computer virus |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1127901A CN1127901A (en) | 1996-07-31 |
| CN1107263C true CN1107263C (en) | 2003-04-30 |
Family
ID=5078542
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN95111234A Expired - Fee Related CN1107263C (en) | 1995-01-24 | 1995-01-24 | Technology and hardware for prevention and treatment of computer virus |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1107263C (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1081363C (en) * | 1996-10-31 | 2002-03-20 | 西南石油学院 | Safety tech. for computer |
| CN1329828C (en) * | 2003-08-06 | 2007-08-01 | 华为技术有限公司 | Method and device for preventing computer virus |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO1993013477A1 (en) * | 1991-12-23 | 1993-07-08 | Onyx Technologies (Usa) Inc. | Computer protection device |
-
1995
- 1995-01-24 CN CN95111234A patent/CN1107263C/en not_active Expired - Fee Related
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO1993013477A1 (en) * | 1991-12-23 | 1993-07-08 | Onyx Technologies (Usa) Inc. | Computer protection device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1127901A (en) | 1996-07-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Kiriansky et al. | Secure execution via program shepherding | |
| EP0220920B1 (en) | Instruction for implementing a secure computer system | |
| McGregor et al. | A processor architecture defense against buffer overflow attacks | |
| AU2008203454B2 (en) | Systems & Methods for Preventing Unauthorized Use of Digital Content | |
| US7581089B1 (en) | Method of protecting a computer stack | |
| ATE225536T1 (en) | METHOD FOR TESTING JAVA BYTECODE PROGRAMS FOR SECURITY PROPERTIES | |
| Kharbutli et al. | Comprehensively and efficiently protecting the heap | |
| EP3864555B1 (en) | Verifying a stack pointer | |
| CN110532767B (en) | Internal isolation method for SGX (secure gateway) security application | |
| CN108154032A (en) | It is a kind of that the computer system root of trust construction method of memory integrity ensuring is had the function of based on credible performing environment | |
| CN1107263C (en) | Technology and hardware for prevention and treatment of computer virus | |
| Li et al. | Virtual wall: Filtering rootkit attacks to protect linux kernel functions | |
| Maar et al. | DOPE: DOmain protection enforcement with PKS | |
| Lattner et al. | Transparent pointer compression for linked data structures | |
| Manès et al. | Domain Isolated Kernel: A lightweight sandbox for untrusted kernel extensions | |
| KR100704721B1 (en) | method for computer protection with real-time monitoring and thereby computer and thereby system | |
| Dong et al. | Kims: kernel integrity measuring system based on trustzone | |
| Quach et al. | Supplementing modern software defenses with stack-pointer sanity | |
| Song et al. | metaSafer: A Technique to detect heap metadata corruption in WebAssembly | |
| Coady et al. | Exploring an aspect-oriented approach to operating system code | |
| EP2720170B1 (en) | Automated protection against computer exploits | |
| JP2020140689A (en) | Computer, operating system, and method | |
| US7409713B2 (en) | Method of protecting software code | |
| Ozdoganoglu et al. | Smashguard: A hardware solution to prevent attacks on the function return address | |
| Shen et al. | InversOS: Efficient Control-Flow Protection for AArch64 Applications with Privilege Inversion |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C53 | Correction of patent for invention or patent application | ||
| CB02 | Change of applicant information |
Applicant after: South-west Petroleum College Applicant before: Chen Lixue |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: APPLICANT; FROM: CHEN LIXUE TO: SOUTHWEST PETROLEUM INSTITUTE |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C19 | Lapse of patent right due to non-payment of the annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |