CN112214757B - Terminal registry security protection method and system based on windows driving technology - Google Patents
Terminal registry security protection method and system based on windows driving technology Download PDFInfo
- Publication number
- CN112214757B CN112214757B CN202010714753.4A CN202010714753A CN112214757B CN 112214757 B CN112214757 B CN 112214757B CN 202010714753 A CN202010714753 A CN 202010714753A CN 112214757 B CN112214757 B CN 112214757B
- Authority
- CN
- China
- Prior art keywords
- registry
- protection
- component
- protected
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Abstract
The invention discloses a terminal registry security protection method and a terminal registry security protection system based on a windows driving technology, wherein the protection method comprises the following steps: and capturing a registry request change instruction sent by an operating system. And judging whether the registry which is requested to be changed is a registry in the protection policy of the registry to be protected. And intercepting the change operation and controlling the agent component to send prompt information to the user when the registry which is requested to be changed is the registry in the protection policy of the registry to be protected. The terminal registry security protection method based on the windows driving technology adopts a windows operating system driving mode to protect the appointed registry path and all sub items from being tampered and deleted. Due to the fact that real-time detection can be achieved in a windows operating system driving mode, timely interception is achieved, monitoring avoidance of all tampering operation can be achieved, and real-time performance, effectiveness and convenience of registry protection are achieved.
Description
Technical Field
The invention relates to the technical field of registry security protection, in particular to a terminal registry security protection method and system based on windows drive technology.
Background
The registry is a core database in the windows operating system, in which various parameters are stored, and directly controls the starting of windows, the loading of hardware drivers and the running of some windows applications, thereby playing a core role in the whole system.
Registry damage may cause application software to run abnormally, driver loading fails, and more seriously, may cause the system to fail to boot, and may also cause serious cyber-security risks. Some trojans and viruses achieve the purpose of hiding self behaviors or destroying behaviors by writing in a registry, and the registry of the host is effectively protected to have important significance for application programs, operating systems and network safety of terminals, behavior detection of host application software and positioning and tracing of safety events.
There are many traditional methods for protecting the registry, for example, a method for detecting whether the registry changes based on a period, but the method cannot find the change of the registry in time, resulting in untimely protection of illegal host behaviors. Such as a method by capturing mouse and keyboard events that a user modifies a registry on an interface, but this method does not limit the behavior of malicious programs to modify the registry by invoking windows system APIs. Further, for example, by manually backing up the registry, the method cannot protect the registry, but only finds a remedy after the registry is destroyed.
In view of the above, there is a need for a security protection method capable of effectively protecting a registry in real time.
Disclosure of Invention
The invention aims to provide a terminal registry security protection method based on a windows driving technology, which can solve the defects in the prior art and can protect a specified registry path and all sub-items from being tampered and deleted. The registry required to be protected is detected in real time, timely interception is achieved, and all tampering operations can be prevented from being monitored.
The invention provides a terminal registry security protection method based on a windows driving technology, which comprises the following steps:
capturing a registry request change instruction sent by an operating system;
judging whether the registry which is requested to be changed is a registry in a to-be-protected registry protection strategy;
and intercepting the change operation and controlling the agent component to send prompt information to the user when the registry which is requested to be changed is the registry in the protection policy of the registry to be protected.
Further, "determining whether the registry requested to be changed is a registry in the protection policy of the registry to be protected" includes the following steps:
receiving a registry protection strategy to be protected added from an agent component database and storing the registry protection strategy to be protected in a drive linked list;
and judging whether the registry which is sent by the operating system and is requested to be changed is the registry to be protected recorded in the drive linked list.
Further, storing the registry protection policy in the agent component database in advance before receiving the registry protection policy to be protected added from the agent component database and storing the registry protection policy to the drive linked list;
the method specifically comprises the following steps:
the SPC interface component receives a registry protection strategy defined by a terminal security management terminal;
judging whether the registry of the registry protection strategy is effective or not;
and when the registry protection strategy is effective, storing the registry protection strategy in the agent component database, otherwise, feeding back the registry protection strategy to the terminal security management terminal.
Further, the 'judging whether the registry of the registry protection strategy is effective' adopts a regular expression to judge, wherein the path of the registry protection strategy is a character string adopting 'v' segmentation.
Further, receiving a registry protection policy defined by an SPC interface component terminal security management terminal configures a b/s architecture through management terminal software, wherein the terminal security management terminal is provided with a web interface and transmits the registry protection policy to the agent component after configuring the registry protection policy.
Further, when the registry requesting to be changed is the registry required to be protected, the change operation is intercepted, and the proxy component is controlled to send prompt information to the user, the proxy component is controlled to send out the system log at the same time, wherein the prompt information sent to the user is prompted in a popup mode of an operating system tray.
Further, before capturing a registry request change instruction sent by an operating system, the method further comprises an installation step, and the specific process is as follows:
installing registration protection software;
installing a registry protection driving component;
registering a callback function of an operating system registry operating core API (application program interface) so that a driving component can acquire an operating system instruction;
installing an agent component;
and (4) installing an SPC interface component.
Further, before intercepting the change operation and controlling the agent component to send prompt information to the user when the registry which is requested to be changed is the registry in the protection policy of the registry to be protected, judging whether the agent component is in a protection mode, and only driving the component to send out the interception under the condition that the agent component is in the protection mode;
if the agent component is in the debugging mode, the driving component only controls the agent component to send the prompt message, but does not intercept.
A protection system based on the above-mentioned security protection method for terminal registry based on windows driving technology,
comprising a drive assembly, said drive assembly comprising:
the receiving unit is used for capturing a registry request change instruction sent by an operating system;
the judging unit is used for judging whether the registry which is required to be changed is a registry in the protection strategy of the registry to be protected or not;
and the execution unit is used for intercepting the change operation and controlling the agent component to send prompt information to the user when the registry which is requested to be changed is the registry in the protection policy of the registry to be protected.
The SPC interface component issues a registry protection strategy to be protected to the proxy component, the proxy component stores the registry protection strategy to be protected and adds a registry path to a memory unit of the drive component, and meanwhile, the proxy component receives an instruction sent by the drive component execution unit to send a prompt to a user.
Compared with the prior art, the terminal registry security protection method based on the windows driving technology provided by the invention adopts a windows operating system driving mode to protect the appointed registry path and all sub items from being tampered and deleted. Due to the fact that real-time detection can be achieved in a windows operating system driving mode, timely interception is achieved, and monitoring avoidance of all tampering operations can be achieved. Meanwhile, after illegal registry operation behaviors are found, prompt information can be sent in time, and the real-time performance, effectiveness and convenience of registry protection are met.
Drawings
FIG. 1 is a flowchart of a security protection method for a terminal registry based on a windows driver technology according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a security protection method for a terminal registry based on a windows driver technology according to an embodiment of the present invention after a protection module is set;
fig. 3 is a flowchart illustrating a process of determining whether a registry requested to be changed is a registry in a protection policy of a registry to be protected in the method for securing a terminal registry based on a windows driver technology according to the embodiment of the present invention;
fig. 4 is a schematic flowchart illustrating a process of storing a registry protection policy in an agent component database in advance in the security protection method for a terminal registry based on a windows driver technology according to the embodiment of the present invention;
FIG. 5 is a schematic flowchart illustrating an installation step in a security protection method for a terminal registry based on a windows driver technology according to an embodiment of the present invention;
FIG. 6 is a schematic structural diagram of a protection system according to an embodiment of the disclosure;
fig. 7 is a schematic diagram illustrating the operation of the driving assembly in the protection system according to the embodiment of the present invention.
Detailed Description
The embodiments described below with reference to the drawings are illustrative only and should not be construed as limiting the invention.
The embodiment of the invention comprises the following steps: as shown in fig. 1, a method for protecting security of a terminal registry based on a windows driver technology is disclosed, which comprises the following steps:
capturing a registry request change instruction sent by an operating system;
judging whether the registry which is requested to be changed is a registry in a to-be-protected registry protection strategy;
and intercepting the change operation and controlling the agent component to send prompt information to the user when the registry which is requested to be changed is the registry in the protection policy of the registry to be protected.
The operating system receives a request for changing the registry operation and sends the request to a receiving unit of the driving assembly, a judging unit of the driving assembly judges whether the registry which is requested to be changed is the registry in the protection strategy of the registry to be protected, only when the registry which is requested to be changed is the registry in the protection strategy of the registry to be protected, the execution unit in the driving assembly carries out interception operation, and meanwhile, the driving assembly sends an instruction to the agent assembly so as to control the agent assembly to send prompt information to a user.
In this embodiment, a manner driven by a windows operating system is adopted to protect a specified registry path and all children items from being tampered and deleted. Due to the fact that real-time detection can be achieved in a windows operating system driving mode, timely interception is achieved, and monitoring avoidance of all tampering operations can be achieved. Meanwhile, after illegal registry operation behaviors are found, prompt information can be sent timely, and the real-time performance, effectiveness and convenience of registry protection are met.
Specifically, as shown in fig. 3, "determining whether the registry requested to be changed is the registry in the protection policy of the registry to be protected" includes the following steps:
receiving a registry protection strategy to be protected added from an agent component database and storing the registry protection strategy to be protected in a drive linked list;
and judging whether the registry which is sent by the operating system and is requested to be changed is the registry to be protected recorded in the drive linked list.
The drive component comprises a memory unit, the drive linked list is stored in the memory unit, and the registry to be protected in the registry protection strategy to be protected comes from the database of the proxy component. The drive linked list in the memory unit can be directly called in the process of judging by the judging unit of the drive component, so that the response efficiency of the drive component can be improved. Compared with the method that the database is read from the agent component for comparison and judgment, the method is higher in efficiency. Since reading the database from the proxy component is mostly inefficient to fall to disk; in addition, it takes a long time to perform communication between the components if the interface of the proxy component is called. The memory unit is arranged in the driving assembly, and judgment and response can be efficiently realized by utilizing the advantage of high addressing speed of the memory unit.
In this embodiment, "a registry protection policy to be protected added from the agent component database is received and stored in the drive linked list" is stored in advance in the agent component database; the specific agent component database is issued to the agent component through the SPC interface component;
as shown in fig. 4, the method specifically includes the following steps:
the SPC interface component receives a registry protection strategy defined by a terminal security management terminal;
judging whether the registry of the registry protection strategy is effective or not;
and when the registry protection strategy is effective, storing the registry protection strategy in the agent component database, otherwise, feeding back the registry protection strategy to the terminal security management terminal.
The terminal security management end is used for adding a registry which is defined to be protected, and sending the registry to the SPC interface component after being defined. In addition, in another embodiment, the mode of adding protection to the registry can also be added through the command line function of the registry protection software.
In order to ensure that the defined registry path is correct and valid, in this embodiment, after receiving the addition of the terminal security management end definition through the SPC interface component, validity check needs to be performed on the added registry policy, so as to avoid invalid registry path defined by the user, and thus the purpose of protection cannot be really achieved. The Windows registry has its own format specification, and many users may not know that the definition is wrong in the actual operation process, so the validity check is performed on the registry path. The validity detection is an easy-to-use and humanized step after the definition addition, and information can be fed back in time to ensure that the registry definition to be protected is accurately added.
Specifically, the judgment of whether the registry of the registry protection strategy is effective is carried out by adopting a regular expression, wherein the path of the registry protection strategy is a character string which is segmented by adopting \ ". And if the registry of the registry protection strategy is judged to be effective, storing the registry in an agency database, otherwise, feeding back the registry to an SPC interface component terminal security management terminal to remind a user in time.
Further, when the registry requesting to be changed is the registry required to be protected, the change operation is intercepted, and the proxy component is controlled to send prompt information to the user, and the proxy component is controlled to send out the system log, wherein the prompt information sent to the user is prompted in a popup mode of an operating system tray, for example, the user is prompted in a popup frame of the system to 'failure operation of the registry'. And the driving component simultaneously controls the agent component to send the alarm information to a third-party platform for analysis and processing through Syslog.
Before capturing a registry request change instruction sent by an operating system, the method further includes an installation step, as shown in fig. 5, and the specific process is as follows:
installing registration protection software;
installing a registry protection driving component;
registering a callback function of an operating system registry operating core API (application program interface) so that a driving component can acquire an operating system instruction;
installing an agent component;
and (4) installing an SPC interface component.
Before protection, the protection software needs to be installed, as shown in fig. 4, first, the protection software is registered, then the registry protection driver component is installed, and then a callback function, i.e., a hook function, of the windows system registry operating core API is registered, so that the driver component can obtain an operating system instruction. Then, the registry protection proxy component SafeProxy is installed, and finally, the SPC interface component is installed and fixed. The installation of the protection software is realized through the installation and fixation.
Further, as shown in fig. 2, "intercepting the change operation when the registry requested to be changed is the registry in the protection policy of the registry to be protected and controlling the agent component to send the prompt message to the user" also includes determining whether the agent component is in the protection mode, and the protection component sends out the interception only when the agent component is in the protection mode.
When the method is applied to an industrial personal computer, due to the fact that requirements for safety and stability of the environment of a host on an industrial control site are high, normal operation of industrial control software on the site can be affected if the host is not configured properly. In order to be suitable for industrial control field debugging and stable and safe operation of a system, the method also supports two operation modes, namely a debugging mode and a safety mode, wherein the debugging mode and the safety mode are different from each other in processing behaviors after abnormal registry operation occurs, if illegal registry operation occurs, only system tray prompting and log recording are supported in the debugging mode, and the safety mode has the function of the debugging mode and also blocks the registry operation. Because the operation stability of the industrial control field environment is the first premise, if the industrial control field environment is in the protection mode, once the configuration is wrong, the normal operation of industrial control software can be interfered, or the operation of a field industrial control system is wrong, so that the operation is dangerous.
Therefore, before the method and the device carry out the steps of intercepting the change operation when the registry which is requested to be changed is the registry in the protection strategy of the registry to be protected and controlling the proxy component to send prompt information to the user, judging whether the registry is in the protection mode or not is added. The interception operation is performed only in case of the protection mode. After the software is installed, the software can be operated for a period of time in a debugging mode, then the registry protection strategy is further perfected according to the alarm information generated in the debugging mode, and if no new alarm is generated for a period of time, the software is set to be in a protection mode. The arrangement of the structure can enhance the running stability and avoid the influence on the normal use of software due to errors.
The method specifically comprises the following processes that a computer system is subjected to Trojan horse virus, the Trojan horse virus operates and modifies a system registry, a drive component captures a registry request modification instruction sent by an operating system, then the drive component judges whether the registry which is requested to be modified is a registry in a registry protection strategy to be protected, and if not, the Trojan horse virus is allowed to operate and modify the registry. If the registry is required to be protected, judging whether the registry is in a protection mode, if not, controlling the agent component to send prompt information to a user by the driving component, and simultaneously not intercepting a change request of the registry, and running and modifying the registry by the Trojan horse virus. If the system log is in the protection mode, the driving component controls to intercept, controls the agent component to send prompt information to a user, and controls the agent component to send the system log out.
As shown in fig. 6 and fig. 7, the present invention also discloses a protection system using the above security protection method for terminal registry based on windows driving technology,
comprising a drive assembly, said drive assembly comprising:
the receiving unit is used for capturing a registry request change instruction sent by an operating system;
the judging unit is used for judging whether the registry which is required to be changed is a registry in the protection strategy of the registry to be protected or not;
and the execution unit is used for intercepting the change operation and controlling the agent component to send prompt information to the user when the registry which is requested to be changed is the registry in the protection policy of the registry to be protected.
Further, the protection system of the terminal registry security protection method based on the windows driving technology further comprises an agent component and an SPC interface component, wherein the SPC interface component issues a registry protection strategy to be protected to the agent component, the agent component stores the registry protection strategy to be protected and adds a registry path to a memory unit of the driving component, and meanwhile, the agent component receives an instruction sent by an execution unit of the driving component to send a prompt to a user.
In addition, the terminal registry security protection method based on the Windows drive technology supports Windows XP and all subsequent versions of Windows 32/64 bit operating systems. Namely, when the callback function of the operating system registry operating core API is registered, the callback function and the core APIs of all versions of Windows are provided with a registry operating hook mechanism, the registry protection is completed by utilizing the mechanism, and the program of the protection system is set to be a 32-bit program, so that the 32-bit Windows system can be operated, and the 64-bit Windows system can also be operated, thereby improving the applicability.
The construction, features and functions of the present invention are described in detail in the embodiments illustrated in the drawings, which are only preferred embodiments of the present invention, but the present invention is not limited by the drawings, and all equivalent embodiments modified or changed according to the idea of the present invention should fall within the protection scope of the present invention without departing from the spirit of the present invention covered by the description and the drawings.
Claims (8)
1. A terminal registry security protection method based on windows driving technology is characterized by comprising the following steps:
installing registration protection software;
installing a registry protection driving component;
registering a callback function of an operating system registry operating core API (application program interface) so that a driving component can acquire an operating system instruction;
installing an agent component;
installing an SPC interface component;
capturing a registry request change instruction sent by an operating system;
judging whether the registry which is requested to be changed is a registry in a to-be-protected registry protection strategy;
intercepting a change operation and controlling an agent component to send prompt information to a user when the registry which is requested to be changed is the registry in the protection strategy of the registry to be protected;
the method comprises the steps that an operating system receives a request for changing registry operation and sends the request to a receiving unit of a driving assembly, a judging unit of the driving assembly judges whether the registry which is requested to be changed is a registry in a protection strategy of a registry to be protected or not, only when the registry which is requested to be changed is the registry in the protection strategy of the registry to be protected, intercepting operation is carried out through an executing unit in the driving assembly, and meanwhile, the driving assembly sends an instruction to an agent assembly so as to control the agent assembly to send prompt information to a user;
the method for judging whether the registry requested to be changed is the registry in the protection policy of the registry to be protected comprises the following steps of:
receiving a registry protection strategy to be protected added from an agent component database and storing the registry protection strategy to be protected in a drive linked list;
judging whether a registry which is sent by an operating system and is required to be changed is a registry to be protected recorded in a drive linked list or not;
the drive component comprises a memory unit, a drive linked list is stored in the memory unit, and a registry to be protected in a registry protection strategy to be protected comes from a database of the proxy component;
the drive linked list in the memory unit can be directly called in the process of judging by the judging unit of the drive component.
2. The windows drive technology-based terminal registry security protection method according to claim 1, wherein the registry protection policy is stored in the agent component database in advance before the registry protection policy to be protected added from the agent component database is received and stored in the drive linked list;
the method specifically comprises the following steps:
the SPC interface component receives a registry protection strategy defined by a terminal security management terminal;
judging whether the registry of the registry protection strategy is effective or not;
and when the registry protection strategy is effective, storing the registry protection strategy in the agent component database, otherwise, feeding back the registry protection strategy to the terminal security management terminal.
3. The windows-drive-technology-based terminal registry security protection method according to claim 2, wherein the step of determining whether the registry of the registry protection policy is valid is determined by using a regular expression, wherein the path of the registry protection policy is a character string segmented by using "\".
4. The security protection method for the terminal registry based on the windows driving technology according to claim 2, characterized in that: the 'receiving SPC interface component terminal security management terminal defined registry protection strategy' configures b/s architecture through management terminal software, wherein the terminal security management terminal has a web interface, and after configuring the registry protection strategy, the terminal security management terminal issues the registry protection strategy to the agent component.
5. The windows-drive-technology-based terminal registry security protection method according to claim 1, wherein the step of intercepting the change operation and controlling the proxy component to send prompt information to the user when the registry requesting the change is the registry requested to be protected simultaneously controls the proxy component to send out the system log, wherein the step of sending the prompt information to the user adopts an operating system tray popup mode to prompt.
6. The method for securing terminal registry based on windows driving technology according to claim 1, wherein the step of intercepting the change operation and controlling the agent component to send prompt information to the user when the registry requesting the change is the registry in the protection policy of the registry to be protected further comprises the following steps:
judging whether the agent component is in a protection mode, and only driving the component to send out interception under the condition that the agent component is in the protection mode;
if the agent component is in the debugging mode, the driving component only controls the agent component to send the prompt message, but does not intercept.
7. A protection system based on the terminal registry security protection method based on the windows-driven technology according to any one of claims 1 to 6, comprising:
a drive assembly, the drive assembly comprising:
the receiving unit is used for capturing a registry request change instruction sent by an operating system;
the judging unit is used for judging whether the registry which is required to be changed is a registry in the protection strategy of the registry to be protected or not;
and the execution unit is used for intercepting the change operation and controlling the agent component to send prompt information to the user when the registry which is requested to be changed is the registry in the protection policy of the registry to be protected.
8. The protection system of the security protection method for the terminal registry based on the windows driving technology as claimed in claim 7, further comprising: the SPC interface component issues a registry protection strategy to be protected to the proxy component, the proxy component stores the registry protection strategy to be protected and adds a registry path to a memory unit of the drive component, and meanwhile, the proxy component receives an instruction sent by the drive component execution unit so as to send a prompt to a user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010714753.4A CN112214757B (en) | 2020-07-23 | 2020-07-23 | Terminal registry security protection method and system based on windows driving technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010714753.4A CN112214757B (en) | 2020-07-23 | 2020-07-23 | Terminal registry security protection method and system based on windows driving technology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112214757A CN112214757A (en) | 2021-01-12 |
| CN112214757B true CN112214757B (en) | 2022-08-02 |
Family
ID=74058855
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010714753.4A Active CN112214757B (en) | 2020-07-23 | 2020-07-23 | Terminal registry security protection method and system based on windows driving technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112214757B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101231682A (en) * | 2007-01-26 | 2008-07-30 | 李贵林 | Computer information safe method |
| CN102222189A (en) * | 2011-06-13 | 2011-10-19 | 上海置水软件技术有限公司 | Method for protecting operating system |
| CN102779030A (en) * | 2011-05-11 | 2012-11-14 | 奇智软件(北京)有限公司 | Execution method and device for registry operation |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7721340B2 (en) * | 2004-06-12 | 2010-05-18 | Microsoft Corporation | Registry protection |
-
2020
- 2020-07-23 CN CN202010714753.4A patent/CN112214757B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101231682A (en) * | 2007-01-26 | 2008-07-30 | 李贵林 | Computer information safe method |
| CN102779030A (en) * | 2011-05-11 | 2012-11-14 | 奇智软件(北京)有限公司 | Execution method and device for registry operation |
| CN102222189A (en) * | 2011-06-13 | 2011-10-19 | 上海置水软件技术有限公司 | Method for protecting operating system |
Non-Patent Citations (1)
| Title |
|---|
| Windows Mobile中注册表保护的实现;吴志恩等;《计算机工程》;20100105(第01期);第3章第3.1节 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112214757A (en) | 2021-01-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11687653B2 (en) | Methods and apparatus for identifying and removing malicious applications | |
| KR102419574B1 (en) | Systems and methods for correcting memory corruption in computer applications | |
| US10824725B2 (en) | Automatic detection of software that performs unauthorized privilege escalation | |
| US9218254B2 (en) | Systems, methods, and media for recovering an application from a fault or attack | |
| RU2698776C2 (en) | Method of maintaining database and corresponding server | |
| CN106991324B (en) | Malicious code tracking and identifying method based on memory protection type monitoring | |
| JP4406627B2 (en) | Computer security management, such as in virtual machines or hardened operating systems | |
| US20180075233A1 (en) | Systems and methods for agent-based detection of hacking attempts | |
| KR20160044484A (en) | Cloud deployment infrastructure validation engine | |
| CN105408911A (en) | Hardware and software execution profiling | |
| KR20130126251A (en) | System and method for web service monitoring | |
| US11853413B2 (en) | Computation device with increased resistance against address probing | |
| EP3079057B1 (en) | Method and device for realizing virtual machine introspection | |
| JP2015219682A (en) | Information processing device, information processing monitoring method, program, and recording medium | |
| CN114065196A (en) | Java memory horse detection method and device, electronic equipment and storage medium | |
| EP3667531A1 (en) | A computing device with increased resistance against address probing | |
| JP2006146600A (en) | Operation monitoring server, terminal apparatus and operation monitoring system | |
| CN112214757B (en) | Terminal registry security protection method and system based on windows driving technology | |
| Fetzer et al. | Switchblade: enforcing dynamic personalized system call models | |
| CN112269996A (en) | Dynamic measurement method of block chain main node-oriented active immune trusted computing platform | |
| KR101530532B1 (en) | Apparatus and Method for Detecting Rooting a Mobile Terminal | |
| Wang et al. | Retroactive auditing | |
| CN112527624A (en) | Detection system, detection method, and update verification method executed using detection method | |
| WO2023201583A1 (en) | Network system protection method and apparatus, and computer device and storage medium | |
| CN117472623A (en) | Method, device, equipment and storage medium for processing memory fault |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |