CN116451273A - Behavior hiding method and system based on message mechanism - Google Patents
Behavior hiding method and system based on message mechanism Download PDFInfo
- Publication number
- CN116451273A CN116451273A CN202310379877.5A CN202310379877A CN116451273A CN 116451273 A CN116451273 A CN 116451273A CN 202310379877 A CN202310379877 A CN 202310379877A CN 116451273 A CN116451273 A CN 116451273A
- Authority
- CN
- China
- Prior art keywords
- hiding
- window
- icon
- function
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 144
- 230000007246 mechanism Effects 0.000 title claims abstract description 30
- 230000006870 function Effects 0.000 claims abstract description 100
- 230000006399 behavior Effects 0.000 claims abstract description 42
- 230000008569 process Effects 0.000 claims description 102
- 238000005516 engineering process Methods 0.000 claims description 12
- 230000004048 modification Effects 0.000 claims description 8
- 238000012986 modification Methods 0.000 claims description 8
- 230000002452 interceptive effect Effects 0.000 claims description 6
- 238000012545 processing Methods 0.000 claims description 5
- 238000001914 filtration Methods 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 2
- 230000004083 survival effect Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000011065 in-situ storage Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000002035 prolonged effect Effects 0.000 description 1
- 238000012549 training Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6281—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44521—Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/451—Execution arrangements for user interfaces
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/546—Message passing systems or structures, e.g. queues
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2209/00—Indexing scheme relating to G06F9/00
- G06F2209/54—Indexing scheme relating to G06F9/54
- G06F2209/548—Queue
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The invention relates to a behavior hiding method and system based on a message mechanism, and belongs to the technical field of information security. The invention effectively solves the problem that the mechanism for displaying the system icon exposes the program calling behavior when the sensitive equipment is called by the Windows system, and realizes complete hiding of the program calling behavior on the graphical level. The system provided by the invention realizes the hiding management of the system icons, comprises various functions of hiding configuration management, starting and loading hiding configuration, hiding icon restoration display, existing icon information display and the like, can hide various types of sensitive equipment calling behaviors, supports a user to modify a hiding target through a configuration module, and realizes customized hiding of the sensitive equipment calling behaviors.
Description
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a behavior hiding method and system based on a message mechanism.
Background
In the network security attack and defense training, the actual scene is simulated as much as possible. In an actual attack scenario, in order to achieve the monitoring purpose, the remote control program usually has functions of recording and video, etc. that need to call sensitive devices. When the sensitive devices are used, the system can display corresponding icons in the tray window of the task bar to prompt the user that the related devices are being used, so that the concealment of the calling behavior of the devices is greatly reduced, and the attack program is exposed. Therefore, to implement remote control program behavior hiding, a system icon hiding technology is one of indispensable technologies.
The message mechanism is one of the core mechanisms of the Windows system. The system controls each window and its control in the system by sending messages to the windows. Typically, the message sent will be added to the message queue, the window reads the message from the message queue, and the window then determines whether to process based on the window handle to which the message is bound. The window handle is a unique identifier that the operating system sets for each window, through which the message sender identifies the target window for the message. Therefore, the system icon can be hidden through targeted interception and tampering of the window message.
Windows systems provide a message hooking mechanism for enabling applications to intercept system messages. The message hook is characterized in that the core of the message hook is a hook callback function, when in use, an application program is registered in the system, and then the messages are captured and processed before the target window receives the messages. During processing, the window process of the target window can be replaced in the hook function, so that the processing of interception, tampering and the like of the message is realized.
The system icon belongs to one of the tray icons, and the hiding of the tray icon includes hiding the system icon. A tray icon is essentially a button control that uses icons. Most of the existing tray icon hiding technologies switch the button to a hiding state by directly sending a HIDE message to a button control where the tray icon is located, but after hiding, a blank area with the size of the button is left in situ in the task bar, so that the hiding performance is poor. In addition, the Windows system provides a special function to realize the operation of the tray icon, no exception is left in the task bar after the icon is hidden, but the operation of the function on the system icon is shielded by the system.
Disclosure of Invention
First, the technical problem to be solved
The invention aims to solve the technical problems that: a new behavior hiding method is provided based on a message mechanism, the hiding of any tray icon is realized under the condition that the normal display of a taskbar is not affected, the calling behavior of a program on sensitive equipment is effectively hidden, the hiding performance of the program behavior is improved, and the survival time of the program is effectively prolonged.
(II) technical scheme
In order to solve the technical problems, the invention provides a behavior hiding method based on a message mechanism, which comprises the following steps:
(1) A hook function for hooking the window message is realized in the dynamic link library, and modification of the window process is realized in the hook function; implementing a new window process in the dynamic link library, and filtering icon creation information, namely target information, in the new window process; a hooking function is realized in the dynamic link library, a window handle and a process ID of a Shell_TrayWnd window are obtained, the hooking function is registered by calling SetWindow HookEx, and the hooking function is exported for external program calling;
(2) Acquiring a process handle of a desktop process in an application program, calling a process termination function to close the desktop process, and then newly building the desktop process; after the new desktop process is started, an application program is started, and a hook function is called.
Preferably, the dynamic connection library refers to dll files, wherein the hook functions, new window procedures and hooking functions necessary for message hooking are defined and realized; after the hook function is registered, the system can inject dll files into the target process to run.
Preferably, the window procedure refers to a callback function of the window for processing the window message, and the function address is stored in the window attribute.
Preferably, the modification of the window procedure implemented in the hook function is specifically: firstly, unSetWindowHookEx is called to cancel a hook function, then SetWindowLongPtr is called to replace the address of the original window process with the address of the new window process, and if the replacement fails, the self module is unloaded; after the replacement is successful, the window invokes a new window procedure to process the window message.
Preferably, the target information to be filtered refers to information sent to the tray window by the system for creating the tray icon, the message type is wm_copydata, and the data thereof is stored in the structure body copydatastrot; after the new desktop process is started, a tray icon is re-created, and when the tray icon is created, related information of the icon is contained in COPYDATARUCT, and the data type is ICONINFOEXW; the field szModName in ICONINFOEXW stores the prompt text of the icon; in the new window process, judging whether the information is the target icon or not by comparing the prompt text of the intercepted data with the prompt text of the target icon, if so, directly exiting, and if not, transmitting the information to the original window process.
Preferably, the hooking function is an interface function of the dll file and the application program, and the message hooking is started after the hooking function is executed.
Preferably, the desktop process refers to an explorer. In the step (2), inquiring the PID of the desktop process by using a process snapshot technology, closing the original desktop process by using a termationProcess function, and creating a new desktop process by using a CreateProcess function; after the desktop process is newly established, the desktop can re-establish the tray icon, thereby triggering message interception.
Preferably, in step (2), after the new desktop process is started, the hook function is registered again after the new tray window is created by circularly inquiring the hook function realized in step (1).
The invention also provides a device calling behavior hiding management system based on the message mechanism, which comprises:
the target icon hiding module is used for hiding the target icon according to the hiding configuration of the user by applying the behavior hiding method based on the message mechanism;
the hidden configuration management module supports the user to input, delete, modify and inquire the keywords of the target icon, can store the hidden configuration into a registry according to the user instruction, display the keyword list of the user configuration, and call the target icon hiding module to re-filter the icon according to the hidden configuration;
the icon information display module is used for acquiring a prompt text of the current tray icon by using a remote process memory reading technology and displaying the prompt text in a list form for a user to view;
the hidden reproduction module is used for reading the hidden configuration set last time from the registry when the system is started, if the related hidden configuration is read, the target icon hiding module is called to hide the target icon, and finally the hidden configuration management module is called to display a hidden configuration interactive interface; and if the relevant hidden configuration is not read, directly calling a hidden configuration management module to display a hidden configuration interactive interface.
Preferably, the keywords input in the hidden configuration management module are keywords of target icons added in the future, so that a pre-interception function is realized; by adding, deleting and modifying the hiding configuration, the hiding and displaying of the target icon can be realized.
(III) beneficial effects
The invention provides a behavior hiding method and a behavior hiding system based on a message mechanism, which effectively solve the problem that a mechanism for displaying a system icon exposes program calling behavior when a sensitive device is called by a Windows system, and realize complete hiding of the program sensitive device calling behavior in a graphical layer. The system provided by the invention realizes the hiding management of the system icons, comprises various functions of hiding configuration management, starting and loading hiding configuration, hiding icon restoration display, existing icon information display and the like, can hide various types of sensitive equipment calling behaviors, supports a user to modify a hiding target through a configuration module, and realizes customized hiding of the sensitive equipment calling behaviors.
Drawings
FIGS. 1a to 1d are flowcharts of a behavior hiding method based on a message mechanism according to the present invention; wherein FIG. 1a is a main program flow, FIG. 1b is a hook function flow, FIG. 1c is a hook function flow, and FIG. 1d is a custom window process flow;
FIG. 2 is a diagram of a message mechanism-based behavior hiding method module architecture according to the present invention;
FIG. 3 is a diagram of a message mechanism-based device call behavior hiding management system architecture;
FIG. 4 is a hidden configuration management module interface of the device call behavior hidden management system based on the message mechanism provided by the invention;
fig. 5 is an interface of an icon information display module of the device calling behavior hiding management system based on the message mechanism.
Detailed Description
To make the objects, contents and advantages of the present invention more apparent, the following detailed description of the present invention will be given with reference to the accompanying drawings and examples.
Windows creates a relevant system icon in the taskbar when a program invokes a sensitive device to alert the user that the device is being used, directly exposing the sensitive device invocation behavior of the program. Calling behavior for sensitive equipment of the hidden program, prolonging the survival time of the program, and hiding the system icon. The existing hiding technology has the problems that after the task bar is hidden, the display is abnormal or the system icons cannot be hidden, the calling behavior of sensitive equipment of the program cannot be completely hidden, and the concealment of the program is difficult to improve. In order to solve the technical problems, the invention provides a behavior hiding method based on a message mechanism, which utilizes the characteristic that the original tray icon can be rebuilt by a restarted desktop process, and sets a message hook capable of filtering the tray icon rebuilding message at a proper time of desktop restarting, so as to realize target icon hiding while ensuring the normal display of a taskbar, thereby effectively hiding the calling behavior of sensitive equipment of a program and improving the concealment of the program.
The implementation flow of the method is shown in fig. 1, and the module architecture of the method is shown in fig. 2. On the other hand, the invention provides a device calling behavior hiding management system based on a message mechanism, which realizes hiding of system icons generated when a program calls sensitive devices, supports hiding configuration management functions, enables a user to add, modify and delete target icons, supports hiding reproduction functions, can automatically hide the system icons set last time when software is restarted, supports displaying a current tray icon list, and can display information of the current tray icons. The architecture is shown in fig. 3.
In a first aspect of the present invention, a behavior hiding method based on a message mechanism is provided, where behavior hiding is implemented by hiding a corresponding system icon. The method comprises the following steps:
(1) A hook function for hooking the window message is realized in the dynamic link library, and modification of the window process is realized in the hook function; implementing a new window process in the dynamic link library, and filtering icon creation information, namely target information, in the new window process; a hooking function is realized in the dynamic link library, a window handle and a process ID of a Shell_TrayWnd window are obtained, the hooking function is registered by calling SetWindow HookEx, and the hooking function is exported for external program calling;
(2) And acquiring a process handle of the desktop process in the application program, calling a process termination function to close the desktop process, and then newly building the desktop process. After the new desktop process is started, an application program is started, and a hook function is called.
Further, the dynamic connection library refers to dll files, in which the hook functions, new window procedures, and hooking functions necessary for message hooking are defined and implemented. After the hook function is registered, the system can inject dll files into the target process to run.
The window process refers to a callback function of the window for processing window information, and a function address is stored in a window attribute.
The modification of the window process in the hook function is specifically: firstly, unSetWindowHookEx is called to cancel the hook function, then SetWindowLongPtr is called to replace the address of the original window process with the address of the new window process, and if the replacement fails, the self module is unloaded. After replacement, the window invokes a new window procedure to process the window message.
The above target information to be filtered refers to information sent to the tray window by the system for creating the tray icon, the message type is wm_copydata, and the data thereof is stored in the structure body copydatastrot. After the new desktop process is started, the tray icon is re-created, and when the tray icon is created, the copydatastrot contains related information of the icon, and the data type is iconninfooexw. The field szModName in ICONINFOEXW stores the prompt text for the icon. In the new window process, judging whether the information is the target icon or not by comparing the prompt text of the intercepted data with the prompt text of the target icon, if so, directly exiting, and if not, transmitting the information to the original window process.
The hooking function is an interface function of the dll file and the application program, and a message hook is started after the hooking function is executed.
The desktop process refers to an explorer. In the step (2), the PID of the desktop process is queried by using a process snapshot technology, the original desktop process is closed by using a termationProcess function, and the desktop process is newly built by using a CreateProcess function. After the desktop process is newly established, the desktop can re-establish the tray icon, thereby triggering message interception.
In step (2), after the new desktop process is started (restarted), it should be noted that the desktop process will not immediately create a new tray icon window, and the hook registration will not be successful at this time, and it is necessary to circularly search in the hook function implemented in step (1) until the creation of the new tray window is completed, and then register the hook function.
In a second aspect of the present invention, a device call behavior hiding management system based on a message mechanism is provided. Four main modules of the system include:
(1) The target icon hiding module is used for hiding the target icon according to the hiding configuration of the user by applying the behavior hiding method based on the message mechanism;
(2) The hidden configuration management module supports the user to input, delete, modify and inquire the keywords of the target icon, can store the hidden configuration into a registry according to the user instruction and display the keyword list of the user configuration, and invokes the target icon hiding module to re-filter the icon according to the hidden configuration;
(3) The icon information display module acquires a prompt text of the current tray icon by using a remote process memory reading technology and displays the prompt text in a list form on a software interface for a user to view;
(4) And the hiding reproduction module is used for reading the hiding configuration set last time from the registry when the system is started, calling the target icon hiding module to hide the target icon if the related hiding configuration is read, and finally calling the hiding configuration management module to display the hiding configuration interactive interface. If the relevant hidden configuration is not read, directly calling a hidden configuration management module to display a hidden configuration interactive interface;
furthermore, the keywords entered in the hidden configuration management module may be keywords of a target icon added in the future, so as to implement a pre-interception function. By adding, deleting and modifying the hiding configuration, the hiding and displaying of the target icon can be realized.
According to the behavior hiding method based on the message mechanism, the desktop restarting means is used for forcing the desktop to reconstruct the tray icon, the message hook is arranged before the tray icon is reconstructed after the desktop is restarted, and the created message of the target icon is filtered, so that the hiding of the target icon is realized, and meanwhile, the normal display of the taskbar window is not influenced. The following describes in detail the embodiments of the key steps of the method:
(1) Implementation of hook function
The UnSetWindowHookEx is called to cancel the hook function, the GetModuleFileName function is called to acquire a path of the hook function, the LoadLibrary is called to load the hook function into the current process again, the GWL_WNDPROC attribute of the window is set by the SetWindowLongPtr function, the address is replaced by the address of the new window process, and the address of the original window process is recorded.
(2) Implementation of a Window procedure
When the message type is wm_copydata, its data is converted into copydatastroct type. The cbData field is read, and when the value is 0x5CC, the data of the lpData field is converted into iconlinfoetexw. And reading the szModName field, comparing the szModName field with the keywords of the target icon, returning to 0 if the keywords are contained, and otherwise, transmitting the message to the original window process. Message types other than wm_copydata are passed directly to the original window procedure process.
(3) Implementation of the hooking function
And circularly calling FindWindowA and GetWindowThreadProcessId until the window handle of the Shell_TrayWnd window and the thread ID corresponding to the window are acquired. Calling the SetWindow HookEx function registers a message hook of the WH_CALLWNDPROC type and records a hook handle.
(4) Implementation of desktop restart
Obtaining a current PROCESS snapshot through a PROCESS snapshot technology, obtaining the PID of an Explorer.exe PROCESS through PROCESS traversal and PROCESS name comparison, calling an OpenProcess function to apply for obtaining a PROCESS handle by using a PROCESS_TERMINARNATE permission, calling a terminal PROCESS function to close an original desktop PROCESS, calling a CreateProcess function to create a new Explorer.exe PROCESS, and calling a hook function after the creation is completed.
The foregoing describes a method embodiment, and the following further describes the device call behavior hiding management software based on the message mechanism provided by the present invention through a system embodiment.
The invention provides a device calling behavior hiding management system based on a message mechanism, which realizes a system icon hiding function generated when sensitive devices are called, supports a user to carry out hiding configuration, supports automatic loading of previous hiding configuration when starting to reproduce previous hiding, and supports displaying of a current tray icon information list. The software can be developed into a command line window program and can be divided into a target icon hiding module, a hiding configuration management module, an icon information display module and a hiding reproduction module, and each module is described in detail below:
(1) Target icon hiding module
The module firstly restarts the desktop process, and then the hiding of the tray icons is realized by calling the hook function in the dll file. The Dll file implements a hook function, a new window procedure function, a hook function, and a hidden configuration loading function.
Further, the hidden configuration loading function firstly calls the RegOpenKeyEx function to open a registry hkey_current_user\softwave\trayicon hider, calls the RegGetValue function to read the data of a registry item IconKey, and analyzes the data into a keyword array to be provided for a new window process function.
(2) Hiding configuration management module
The module is responsible for interacting with a user, supporting the user to add, delete, modify and query keywords, and displaying the added keywords in a list form in a software interface. After the USER inputs the save instruction, the USER invokes a registry-related function to store the keyword into the registry item IconKey of hkey_current_user\softwire\trayicon hider. And after the user inputs the refreshing instruction, the target icon hiding module is called, and the target icon is filtered according to the latest hiding configuration.
(3) Icon information display module
The module firstly acquires a window handle of the ToolbarWindow32 window and an ID of a process where the window handle is located, then sends an icon inquiry message to the ToolbarWindow32 window, reads current tray icon information from the process where the ToolbarWindow32 window is located into the process through a remote process memory reading technology, and finally displays the current tray icon information in a software interface in a list mode.
(4) Hidden reproduction module
The module operates when SOFTWARE is started, if a registry item IconKey of HKEY_current_USER/SOFTWARE/TrayIcon Hider exists, the target icon hiding module is called to load the previous hiding configuration to hide the target icon, otherwise, the registry item is newly built, and a main interface is displayed.
The foregoing is merely a preferred embodiment of the present invention, and it should be noted that modifications and variations could be made by those skilled in the art without departing from the technical principles of the present invention, and such modifications and variations should also be regarded as being within the scope of the invention.
Claims (10)
1. A behavior hiding method based on a message mechanism, comprising the steps of:
(1) A hook function for hooking the window message is realized in the dynamic link library, and modification of the window process is realized in the hook function; implementing a new window process in the dynamic link library, and filtering icon creation information, namely target information, in the new window process; a hooking function is realized in the dynamic link library, a window handle and a process ID of a Shell_TrayWnd window are obtained, the hooking function is registered by calling SetWindow HookEx, and the hooking function is exported for external program calling;
(2) Acquiring a process handle of a desktop process in an application program, calling a process termination function to close the desktop process, and then newly building the desktop process; after the new desktop process is started, an application program is started, and a hook function is called.
2. The method of claim 1, wherein the dynamic connection library refers to dll files in which a hook function, a new window procedure, a hook function necessary for message hooking are defined and implemented; after the hook function is registered, the system can inject dll files into the target process to run.
3. The method of claim 1, wherein the window procedure refers to a callback function of the window for processing window messages, and function addresses are stored in window attributes.
4. The method of claim 1, wherein the modification to the window procedure implemented in the hook function is specifically: firstly, unSetWindowHookEx is called to cancel a hook function, then SetWindowLongPtr is called to replace the address of the original window process with the address of the new window process, and if the replacement fails, the self module is unloaded; after the replacement is successful, the window invokes a new window procedure to process the window message.
5. The method of claim 1, wherein the target information to be filtered refers to information for creating a tray icon, which is sent to a tray window by a system, the message type being wm_copydata, the data of which is stored in a structure body copydatastrot; after the new desktop process is started, a tray icon is re-created, and when the tray icon is created, related information of the icon is contained in COPYDATARUCT, and the data type is ICONINFOEXW; the field szModName in ICONINFOEXW stores the prompt text of the icon; in the new window process, judging whether the information is the target icon or not by comparing the prompt text of the intercepted data with the prompt text of the target icon, if so, directly exiting, and if not, transmitting the information to the original window process.
6. The method of claim 1, wherein the hooking function is an interface function of a dll file and an application, and the message hooking is started after the hooking function is executed.
7. The method of claim 1, wherein the desktop process is referred to as an explorer. In the step (2), inquiring the PID of the desktop process by using a process snapshot technology, closing the original desktop process by using a termationProcess function, and creating a new desktop process by using a CreateProcess function; after the desktop process is newly established, the desktop can re-establish the tray icon, thereby triggering message interception.
8. The method of claim 1, wherein in step (2), after the new desktop process is started, the hook function is registered after the new tray window is created by circularly querying the hook function implemented in step (1).
9. A message mechanism-based device invocation behavior hiding management system, comprising:
a target icon hiding module, applying the behavior hiding method based on the message mechanism as claimed in any one of claims 1 to 8, to realize hiding of the target icon according to the hiding configuration of the user;
the hidden configuration management module supports the user to input, delete, modify and inquire the keywords of the target icon, can store the hidden configuration into a registry according to the user instruction, display the keyword list of the user configuration, and call the target icon hiding module to re-filter the icon according to the hidden configuration;
the icon information display module is used for acquiring a prompt text of the current tray icon by using a remote process memory reading technology and displaying the prompt text in a list form for a user to view;
the hidden reproduction module is used for reading the hidden configuration set last time from the registry when the system is started, if the related hidden configuration is read, the target icon hiding module is called to hide the target icon, and finally the hidden configuration management module is called to display a hidden configuration interactive interface; and if the relevant hidden configuration is not read, directly calling a hidden configuration management module to display a hidden configuration interactive interface.
10. The method of claim 9, wherein the keywords entered in the hidden configuration management module are keywords of target icons added in the future, thereby implementing a pre-interception function; by adding, deleting and modifying the hiding configuration, the hiding and displaying of the target icon can be realized.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310379877.5A CN116451273A (en) | 2023-04-11 | 2023-04-11 | Behavior hiding method and system based on message mechanism |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310379877.5A CN116451273A (en) | 2023-04-11 | 2023-04-11 | Behavior hiding method and system based on message mechanism |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116451273A true CN116451273A (en) | 2023-07-18 |
Family
ID=87125062
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310379877.5A Pending CN116451273A (en) | 2023-04-11 | 2023-04-11 | Behavior hiding method and system based on message mechanism |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116451273A (en) |
-
2023
- 2023-04-11 CN CN202310379877.5A patent/CN116451273A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220075696A1 (en) | Application Exception Recovery | |
| US20150067167A1 (en) | Hot pluggable extensions for access management system | |
| US20200218529A1 (en) | Image upgrade method and device | |
| US6698016B1 (en) | Method for injecting code into another process | |
| CN105094791A (en) | Status bar notification storage method and status bar notification storage device | |
| US9262433B2 (en) | Virtualization of file input/output operations | |
| CN112148699B (en) | Log management method, device, equipment and medium | |
| KR100832074B1 (en) | Method of Monitoring hided processes, System thereof | |
| CA2386100A1 (en) | Method and system for intercepting application program interface | |
| CN111782999B (en) | Page display method, device, equipment and system | |
| CN109359092A (en) | File management method, desktop display method, device, terminal and medium | |
| CN116451273A (en) | Behavior hiding method and system based on message mechanism | |
| CN109445966B (en) | Event processing method, device, medium and computing equipment | |
| CN109413507B (en) | Method, device, terminal and medium for processing reference relationship between barrage library and live broadcast room | |
| CN113591000B (en) | Browser engine switching method, device and equipment | |
| CN110704247B (en) | Processing method and device for application memory exception, electronic equipment and device | |
| CN112632032A (en) | Data migration method and device, storage medium and terminal equipment | |
| CN113792327B (en) | Authority management method, user interface and electronic equipment | |
| WO2020033112A1 (en) | Handling file commit and commit-delete operations in an overlay optimizer | |
| CN117951015A (en) | Software testing method, device, computer equipment and storage medium | |
| CN109344008B (en) | Processing method and device | |
| CN111274210A (en) | Metadata processing method and device and electronic equipment | |
| CN117195203A (en) | Process protection method and device for operating system, computer equipment and storage medium | |
| CN116522294A (en) | Application starting method, device, equipment and storage medium | |
| CN116166422A (en) | Memory optimization method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |