CN110414230B - Virus checking and killing method and device, computer equipment and storage medium - Google Patents
Virus checking and killing method and device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN110414230B CN110414230B CN201910543853.2A CN201910543853A CN110414230B CN 110414230 B CN110414230 B CN 110414230B CN 201910543853 A CN201910543853 A CN 201910543853A CN 110414230 B CN110414230 B CN 110414230B
- Authority
- CN
- China
- Prior art keywords
- information
- account
- killing
- virus
- token
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Virology (AREA)
- Power Sources (AREA)
- Storage Device Security (AREA)
Abstract
The disclosure relates to a virus searching and killing method, a virus searching and killing device, computer equipment and a storage medium, and belongs to the technical field of application. The method comprises the following steps: acquiring a virus searching and killing request of a user terminal; acquiring first authority information corresponding to an administrator account from the administrator account information, and acquiring second authority information corresponding to a currently logged-in personal account from the personal account information; creating a first functional process of a virus checking and killing application; performing right reduction processing on the functional process to obtain a second functional process after the right reduction processing; carrying out right-lifting processing on the second function process after the right is reduced to obtain a third function process after the right-lifting processing; and virus searching and killing treatment is carried out on the data file in the user terminal. By adopting the method and the system, even if viruses are hidden in the specific types of data files of the currently logged personal account, the viruses can be checked and killed by the virus checking and killing application, and the safety of the computer can be guaranteed.
Description
Technical Field
The present disclosure relates to the field of application technologies, and in particular, to a virus searching and killing method, apparatus, computer device, and storage medium.
Background
With the development of science and technology, the requirements on computer security are higher and higher. In order to defend against external attacks, virus checking and killing applications are installed in a computer, and the virus checking and killing applications can normally operate and perform virus checking and killing only under the condition that high-level administrator authority is obtained. In practical application, for some enterprise employees, when they log in a personal account in an operating system of a computer, the personal account only has normal user permissions, and only an administrator account has high-level administrator permissions. The virus checking and killing application is started in a system operation interface for logging in the personal account, and the virus checking and killing application obtains the authority of a common user by default, so that the virus checking and killing application cannot normally run.
In the situation that the personal account only has the authority of the common user, in order to solve the problem, when the virus checking and killing application is detected to be started, the authority of the virus checking and killing application is required to be increased, and the authority of the virus checking and killing application is increased to the authority of a high-level administrator, so that the virus checking and killing application after the authority is increased can normally run. The authority of the virus checking and killing application needs to be promoted to the authority of a high-level administrator in the following way: when the fact that the virus killing application is triggered to be started is detected, a Token (permission Token) corresponding to the permission of a high-level administrator is obtained from a system process corresponding to an administrator account, then a function process of the virus killing application is established based on the Token corresponding to the permission of the high-level administrator, and initialization processing and subsequent processing of the function process are completed based on the Token corresponding to the permission of the high-level administrator. It should be noted that, when the operating system is started, the system processes corresponding to the currently logged-in personal account and the administrator account are both started, and the system processes are used to implement the basic functions of the operating system.
In carrying out the present disclosure, the inventors found that at least the following problems exist:
in the process of promoting the authority of the virus killing application to the authority of the high-level administrator, because the function process of the virus killing application is created based on the Token corresponding to the authority of the high-level administrator and the initialization processing of the function process is completed based on the Token corresponding to the authority of the high-level administrator, when certain specific types of data files are read in the running process of the subsequent function process, certain specific types of data files of the administrator account are read, for example, desktop data files of the administrator account. Therefore, the functional process cannot read some specific types of data files of the currently logged personal account, and viruses are often hidden in the specific types of data files of the currently logged personal account, so that the security of the computer cannot be guaranteed finally.
Disclosure of Invention
The embodiment of the application provides a virus checking and killing method, a virus checking and killing device, computer equipment and a storage medium, and can solve the problem that the safety of a computer cannot be guaranteed. The present disclosure provides the following technical solutions:
according to a first aspect of the embodiments of the present disclosure, there is provided a virus killing method, the method including:
acquiring a virus searching and killing request of a user terminal;
calling administrator account information and currently logged personal account information of the user terminal according to the virus searching and killing request;
acquiring first authority information corresponding to an administrator account from the administrator account information, and acquiring second authority information corresponding to a currently logged-in personal account from the personal account information, wherein the first authority information is information required when an operation that the administrator account has authority is executed, and the second authority information is information required when an operation that the currently logged-in personal account has authority is executed;
creating a first function process of a virus checking and killing application based on first authority information corresponding to the administrator account, wherein the process attribute information of the first function process comprises the first authority information;
based on second authority information corresponding to the currently logged-in personal account, performing right reduction processing on the function process to obtain a second function process subjected to the right reduction processing, wherein the process attribute information of the second function process comprises the second authority information;
setting an account configuration file identifier corresponding to the virus checking and killing application in a system registry as an account configuration file identifier in the second permission information based on the second function process;
based on first authority information corresponding to the administrator account, performing right-lifting processing on the second function process after the right is reduced to obtain a third function process after the right-lifting processing, wherein the process attribute information of the third function process comprises the first authority information;
and performing virus searching and killing processing on the data file in the user terminal based on the third functional process.
Optionally, the first permission information is a first Token, and the second permission information is a second Token.
Optionally, the creating a first function process of the virus killing application based on the first permission information corresponding to the administrator account includes:
replacing the interactive interface session identifier in the first Token with the interactive interface session identifier in the second Token;
creating an environment execution variable corresponding to the currently logged-in personal account based on the second Token;
and creating a first functional process of the virus killing application based on the first Token after replacing the interactive interface session identifier and the environment execution variable.
Optionally, the account profile identifier corresponding to the virus killing application in the system registry comprises HKEY _ CURRENT _ USER.
Optionally, the performing, based on the first permission information corresponding to the administrator account, an authorization process on the second function process after the authorization is reduced to obtain a third function process after the authorization process, includes:
determining whether the current process attribute information of the second functional process comprises the second authority information;
and if the current process attribute information of the second functional process comprises the second authority information, performing right-lifting processing on the second functional process after the right is reduced based on the first authority information corresponding to the administrator account to obtain a third functional process after the right-lifting processing.
Optionally, the method further comprises:
and if the current process attribute information of the second functional process does not comprise the second authority information, closing the second functional process, and transferring to the step of calling the administrator account information and the currently logged personal account information of the user terminal according to the virus checking and killing request.
According to a second aspect of the embodiments of the present disclosure, there is provided a virus killing apparatus, the apparatus including:
the acquisition module is used for acquiring a virus searching and killing request of the user terminal;
the calling module is used for calling the administrator account information and the currently logged personal account information of the user terminal according to the virus searching and killing request;
the acquisition module is configured to acquire first permission information corresponding to an administrator account from the administrator account information, and acquire second permission information corresponding to a currently logged-in personal account from the personal account information, where the first permission information is information required when an operation that the administrator account has permission is executed, and the second permission information is information required when an operation that the currently logged-in personal account has permission is executed;
the creating module is used for creating a first function process of the virus killing application based on first authority information corresponding to the administrator account, wherein the process attribute information of the first function process comprises the first authority information;
the right reducing module is used for performing right reducing processing on the functional process based on second right information corresponding to the currently logged personal account to obtain a second functional process after the right reducing processing, wherein the process attribute information of the second functional process comprises the second right information;
the initialization module is used for setting an account configuration file identifier corresponding to the virus checking and killing application in a system registry as an account configuration file identifier in the second authority information based on the second function process;
the right-lifting module is used for performing right lifting processing on the second function process after the right is reduced based on first right information corresponding to the administrator account to obtain a third function process after the right lifting processing, wherein the process attribute information of the third function process comprises the first right information;
and the virus searching and killing module is used for performing virus searching and killing processing on the data file in the user terminal based on the third functional process.
Optionally, the first permission information is a first Token, and the second permission information is a second Token.
Optionally, the creating module is configured to:
replacing the interactive interface session identifier in the first Token with the interactive interface session identifier in the second Token;
creating an environment execution variable corresponding to the currently logged-in personal account based on the second Token;
and creating a first functional process of the virus killing application based on the first Token after replacing the interactive interface session identifier and the environment execution variable.
Optionally, the account profile identifier corresponding to the virus killing application in the system registry comprises HKEY _ CURRENT _ USER.
Optionally, the weight reduction module is configured to:
determining whether the current process attribute information of the second functional process comprises the second authority information;
and when the current process attribute information of the second functional process comprises the second authority information, performing right-lifting processing on the second functional process after the right is reduced based on the first authority information corresponding to the administrator account to obtain a third functional process after the right-lifting processing.
Optionally, the right dropping module is further configured to:
and when the current process attribute information of the second function process does not comprise the second authority information, closing the second function process, and executing the calling of the administrator account information and the currently logged personal account information of the user terminal according to the virus checking and killing request through the calling module.
According to a third aspect of embodiments of the present disclosure, there is provided a computer device comprising a processor, a communication interface, a memory, and a communication bus, wherein:
the processor, the communication interface and the memory complete mutual communication through the communication bus;
the memory is used for storing a computer program;
the processor is used for executing the program stored in the memory so as to realize the virus searching and killing method.
According to a fourth aspect of the embodiments of the present disclosure, a computer-readable storage medium is provided, in which a computer program is stored, and the computer program, when executed by a processor, implements the virus searching and killing method.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects:
according to the method provided by the embodiment of the disclosure, the right-lifting process is realized by the step of creating the first function process of the virus killing application based on the first authority information corresponding to the administrator account, then the right-reducing process can be performed on the function process to obtain the second function process after the right-reducing process, the initialization process is completed by the second function process after the right-reducing process, and finally the right-lifting process is performed on the second function process after the right-reducing process based on the first authority information corresponding to the administrator account to obtain the third function process after the right-lifting process again. By the mode, the function process can read and write certain specific types of data files of the currently logged personal account instead of certain specific types of data files of the administrator account, and even if viruses are hidden in the specific types of data files of the currently logged personal account, the virus searching and killing application can search and kill the viruses, so that the safety of the computer can be guaranteed.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure. In the drawings:
FIG. 1 is a schematic diagram illustrating a user account control in accordance with an exemplary embodiment;
FIG. 2 is a schematic flow diagram illustrating a method for virus killing according to an exemplary embodiment;
FIG. 3 is a schematic flow diagram illustrating a method for virus killing according to an exemplary embodiment;
FIG. 4 is a schematic flow diagram illustrating a method for virus killing according to an exemplary embodiment;
FIG. 5 is a schematic flow diagram illustrating a method for virus killing according to an exemplary embodiment;
FIG. 6 is a schematic flow diagram illustrating a method for virus killing in accordance with an exemplary embodiment;
FIG. 7 is a schematic diagram illustrating a virus killing apparatus according to an exemplary embodiment;
FIG. 8 is a schematic diagram illustrating a configuration of a computer device, according to an example embodiment.
With the foregoing drawings in mind, certain embodiments of the disclosure have been shown and described in more detail below. These drawings and written description are not intended to limit the scope of the disclosed concepts in any way, but rather to illustrate the concepts of the disclosure to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
The embodiment of the disclosure provides a virus searching and killing method, which can be realized by computer equipment. The computer device may be a tablet computer, a desktop computer, a notebook computer, or the like.
An operating system (e.g., Windows operating system) and applications may be installed in the computer device. Users use various applications based on their different requirements in the process of using the computer equipment. Target applications, such as virus killing applications, remote login applications or other applications related to computer security, may be installed in the computer device.
In practical applications, for applications related to computer security, when such applications as a target application are started, the target application may need to obtain a high-level administrator authority of an operating system to normally operate, and then some system configuration files and some system sensitive files may be normally read and written. If a UAC (User Account Control) is turned on in the operating system, the default target application and task always run in the secure context of the personal Account, and the target application needs to run in the secure context of the administrator Account, a dialog box as shown in fig. 1 pops up. If the authority of the target application needs to be promoted to the high-level administrator authority, a password corresponding to an administrator account is input into the dialog box in fig. 1. If the password passes the verification, the authority of the target application can be promoted to the high-level administrator authority. However, in some cases, the individual user who is using the computer device does not know the password corresponding to the administrator account, and cannot pass the password authentication, and finally cannot normally run the target application. In order to solve this problem, embodiments of the present disclosure provide a virus searching and killing method, which may be specifically referred to the following method embodiments, and details are not repeated here.
An exemplary embodiment of the present disclosure provides a virus searching and killing method, as shown in fig. 2, a processing flow of the method may include the following steps:
step S210, a virus killing request of the user terminal is obtained.
In implementation, when installing and deploying the virus killing application, an authorization service can be installed, and when starting the virus killing application under the condition of logging in the personal account, the authorization service can be informed to start a functional process of the virus killing application with the administrator authority by sending a virus killing request.
And step S220, calling the administrator account information and the currently logged personal account information of the user terminal according to the virus searching and killing request.
In implementation, when the operating system is started, the system processes corresponding to the currently logged-in personal account and the administrator account are started, and the system processes are used for realizing the basic functions of the operating system.
An operating system, such as a Windows operating system, may be installed in the computer device, and a plurality of processes, including a system process corresponding to an administrator account, a system process corresponding to a currently logged-in personal account, and the like, are run in the operating system. The computer device may search a system process corresponding to the administrator account in a plurality of processes, and the system process corresponding to the administrator account correspondingly stores data (which may be referred to as administrator account information) that the process needs to operate, including Token corresponding to the high-level administrator authority.
The computer device may also search a system process corresponding to the currently logged-in personal account in a plurality of processes, and data (which may be referred to as personal account information) that the process needs to operate is correspondingly stored in the system process corresponding to the currently logged-in personal account, including Token corresponding to the common user authority.
In step S230, first authority information corresponding to the administrator account is obtained from the administrator account information, and second authority information corresponding to the currently logged-in individual account is obtained from the individual account information.
The first authority information is information required for executing an operation that the administrator account has authority, and the second authority information is information required for executing an operation that the currently logged-in personal account has authority.
In an implementation, the first permission information may be a first Token, and the second permission information may be a second Token. Token is a permission Token, and each process in the Windows operating system has a respective Token. The Token stores information such as a session id (interactive interface session identifier) and an Access Control List (ACL). Session is an interactive interface Session of the Windows operating system, each logged-in account has a corresponding interactive interface Session, and each interactive interface Session has a corresponding SessionId. The interactive interface session with the low authority cannot actively send messages to the interactive interface session with the high authority, and the interactive interface session with the high authority has the function of actively sending messages to the interactive interface session with the low authority. An ACL is a list used in the Windows operating system to represent user (group) rights.
The computer device may search for a Token corresponding to the high-level administrator authority in a system process corresponding to the administrator account, and copy the searched Token to obtain a first Token corresponding to the high-level administrator authority.
For example, as shown in fig. 3, in the system process corresponding to the administrator account, Token D corresponding to the high-level administrator authority is searched, Token D is copied, and Token a is obtained.
The computer device may also search for a Token corresponding to the authority of the ordinary user in a system process corresponding to the currently logged-in personal account, and copy the searched Token to obtain a second Token corresponding to the authority of the ordinary user.
For example, as shown in fig. 3, in the system process corresponding to the currently logged-in personal account, Token B corresponding to the general user authority is searched, Token B is copied, and Token C is obtained.
Step S240, a first function process of the virus killing application is created based on the first permission information corresponding to the administrator account.
The process attribute information of the first functional process comprises first authority information. The first functional process is used for actually running the target application and is a carrier for the target application to realize specific application functions.
In an implementation, the computer device may not only create the first functional process of the target application based on the first Token, but may also create the first functional process of the target application based on the second Token. In this way, the data files that can be read and written by the first functional process are not only the data files corresponding to the administrator account, but also some specific types of data files corresponding to the currently logged-in personal account, such as temporary data files and desktop data files. Furthermore, if the target application is a virus check application, the virus check application can read and write some specific types of data files corresponding to the currently logged personal account, so as to prevent viruses from being hidden in some specific types of data files corresponding to the currently logged personal account.
And step S250, performing right reduction processing on the functional process based on the second authority information corresponding to the currently logged-in personal account to obtain a second functional process after the right reduction processing.
And the process attribute information of the second functional process comprises second authority information.
In implementation, since the first functional process is created by the first Token, the process attribute of the first functional process is defaulted to be run based on the first Token, and the process attribute information of the first functional process includes the first authority information. The process attribute of the functional process may be set, and the functional process is forced to simulate the second Token to operate, so that the process attribute information of the second functional process includes the second authority information.
For example, as shown in fig. 3, a function process is executed by default using Token a, and after the process attribute of the function process is set, Token C may be forcibly emulated to execute the function process.
Step S260, based on the second functional process, setting the account configuration file identifier corresponding to the virus killing application in the system registry as the account configuration file identifier in the second permission information.
In implementation, the computer device may perform initialization processing of the functional process based on the second Token, that is, setting an account profile identifier corresponding to the virus killing application in the system registry as the account profile identifier in the second permission information. In this way, the functional process can read and write some specific type of data file, such as plug-in, corresponding to the currently logged-in personal account. The plug-in may be an IE (Internet Explorer, Web browser) plug-in. Furthermore, if the target application is a virus check application, the virus check application can read and write some specific types of data files corresponding to the currently logged personal account, so as to prevent viruses from being hidden in some specific types of data files corresponding to the currently logged personal account.
And step S270, performing right-lifting processing on the second function process after the right is reduced based on the first authority information corresponding to the administrator account to obtain a third function process after the right-lifting processing.
And the process attribute information of the third functional process comprises first authority information.
In implementation, the process of creating the functional process of the target application based on the first Token may be regarded as performing right-lifting on the target application, the process of creating the functional process of the target application based on the second Token and performing initialization processing on the functional process based on the second Token may be regarded as performing right-lifting on the target application, and finally, the right-lifting on the target application after the right-lifting may be performed again, and the process attribute information of the second functional process may be restored and set as the first permission information, so that the process of performing right-lifting on the target application after the right-lifting may be performed again. After the target application after the right is reduced is subjected to the right increasing again, the target application can obtain the high-level administrator right again.
Step S280, based on the third function process, virus searching and killing processing is carried out on the data file in the user terminal.
And a third function process of the virus searching and killing application is actually operated through the authority of a high-level administrator, so that a specific application function is realized. For example, if the target application is a virus killing application, a third functional process of the virus killing application may obtain high-level administrator privileges, and the third functional process may scan data files and kill viruses based on the high-level administrator privileges. In the process of scanning data files and checking and killing viruses based on the authority of a high-level administrator, some system configuration files, system sensitive files and other files which can be operated only by the authority of the high-level administrator can be read and written.
According to the method provided by the embodiment of the disclosure, the right-lifting process is realized by the step of creating the first function process of the virus killing application based on the first authority information corresponding to the administrator account, then the right-reducing process can be performed on the function process to obtain the second function process after the right-reducing process, the initialization process is completed by the second function process after the right-reducing process, and finally the right-lifting process is performed on the second function process after the right-reducing process based on the first authority information corresponding to the administrator account to obtain the third function process after the right-lifting process again. By the mode, the function process can read and write certain specific types of data files of the currently logged personal account instead of certain specific types of data files of the administrator account, and even if viruses are hidden in the specific types of data files of the currently logged personal account, the virus searching and killing application can search and kill the viruses, so that the safety of the computer can be guaranteed.
Based on the same concept as the above-mentioned disclosed embodiment, an exemplary embodiment of the present disclosure provides a virus searching and killing method, as shown in fig. 4, a processing flow of the method may include the following steps:
step S410, when a virus searching and killing request of the user terminal is obtained, a first Token corresponding to the authority of the administrator is obtained in the system process corresponding to the administrator account, and a second Token corresponding to the authority of the common user is obtained in the system process corresponding to the currently logged-in personal account.
In operation, a plurality of processes are running in the operating system, including a system process corresponding to an administrator account, a system process corresponding to a currently logged-in personal account, and the like. The computer device may search a system process corresponding to the administrator account in the multiple processes, and the system process corresponding to the administrator account correspondingly stores data that the process needs to operate, including Token corresponding to the high-level administrator authority. Therefore, the Token corresponding to the high-level administrator authority can be searched in the system process corresponding to the administrator account, and the searched Token is copied to obtain the first Token corresponding to the high-level administrator authority.
The computer device may also search a system process corresponding to the currently logged-in personal account in a plurality of processes, and data that the process needs to operate is correspondingly stored in the system process corresponding to the currently logged-in personal account, including Token corresponding to the common user authority. Therefore, the Token corresponding to the authority of the common user can be searched in the system process corresponding to the currently logged-in personal account, and the searched Token is copied to obtain the second Token corresponding to the authority of the common user.
Step S420, replace the interactive interface session identifier in the first Token with the interactive interface session identifier in the second Token.
In an implementation, a first SessionId is stored in the first Token, a second SessionId is stored in the second Token, and the first SessionId in the first Token may be replaced by the second SessionId, resulting in the first Token storing the second SessionId. Thus, the problem of Session isolation can be solved.
Step S430, based on the second Token, creating an environment execution variable corresponding to the currently logged-in personal account.
The environment execution variables refer to parameters used in the operating system to specify the operating system running environment, such as the location of the temporary data file and the location of the system data file. The temporary file may be a desktop data file.
In an implementation, the computer device may create an environment execution variable, such as EnvA, corresponding to the currently logged-in personal account based on the second Token. After creating the EnvA through the second Token, the location of the temporary data file and the location of the system data file recorded by the EnvA may be the location of the temporary data file and the location of the system data file corresponding to the currently logged-in personal account. Therefore, the virus checking and killing application can normally read and write the temporary data file and the system data file corresponding to the currently logged personal account.
Step S440, based on the first Token and the environment execution variable after replacing the interactive interface session identifier, a first function process of the virus checking and killing application is created.
In an implementation, the computer device may create a first functional process of the virus killing application based on the first Token and the EnvA storing the second SessionId.
For example, as shown in fig. 3, Token a stores the SessionId of Token B, and a functional process of the virus killing application can be created by Token a and EnvA.
Step S450, setting the account configuration file identifier corresponding to the virus killing application in the system registry as the account configuration file identifier in the second Token.
In an implementation, the computer device may perform an initialization process of the second functional process based on the second Token, for example, set an account profile identifier corresponding to the virus killing application in the system registry as the account profile identifier in the second permission information. In this way, the second functional process can read and write some specific type of data file, such as plug-in, corresponding to the currently logged-in personal account. The plug-in may be an IE plug-in. Furthermore, if the virus checking application is a virus checking application, the virus checking application can read and write some specific type of data files corresponding to the currently logged personal account, so as to prevent viruses from being hidden in some specific type of data files corresponding to the currently logged personal account.
Step S460, based on the first Token, performing virus searching and killing processing on the data file in the user terminal.
In implementation, the process of creating the first functional process of the virus killing application based on the first Token may be regarded as performing right improvement on the virus killing application, the process of creating the first functional process of the virus killing application based on the second Token and performing initialization processing on the functional process based on the second Token may be regarded as performing right reduction on the virus killing application, and finally, the right reduction may be performed on the virus killing application again.
According to the method provided by the embodiment of the disclosure, the right-lifting process is realized by the step of creating the first function process of the virus killing application based on the first authority information corresponding to the administrator account, then the right-reducing process can be performed on the function process to obtain the second function process after the right-reducing process, the initialization process is completed by the second function process after the right-reducing process, and finally the right-lifting process is performed on the second function process after the right-reducing process based on the first authority information corresponding to the administrator account to obtain the third function process after the right-lifting process again. By the mode, the function process can read and write certain specific types of data files of the currently logged personal account instead of certain specific types of data files of the administrator account, and even if viruses are hidden in the specific types of data files of the currently logged personal account, the virus searching and killing application can search and kill the viruses, so that the safety of the computer can be guaranteed.
Based on the same concept as the above-mentioned disclosed embodiment, an exemplary embodiment of the present disclosure provides a virus searching and killing method, as shown in fig. 5, a processing flow of the method may include the following steps:
step S510, when acquiring a virus searching and killing request of the user terminal, acquiring a first Token corresponding to the administrator authority in a system process corresponding to the administrator account, and acquiring a second Token corresponding to the normal user authority in a system process corresponding to the currently logged-in personal account.
In operation, a plurality of processes are running in the operating system, including a system process corresponding to an administrator account, a system process corresponding to a currently logged-in personal account, and the like. The computer device may search a system process corresponding to the administrator account in the multiple processes, and the system process corresponding to the administrator account correspondingly stores data that the process needs to operate, including Token corresponding to the high-level administrator authority. Therefore, the Token corresponding to the high-level administrator authority can be searched in the system process corresponding to the administrator account, and the searched Token is copied to obtain the first Token corresponding to the high-level administrator authority.
The computer device may also search a system process corresponding to the currently logged-in personal account in a plurality of processes, and data that the process needs to operate is correspondingly stored in the system process corresponding to the currently logged-in personal account, including Token corresponding to the common user authority. Therefore, the Token corresponding to the authority of the common user can be searched in the system process corresponding to the currently logged-in personal account, and the searched Token is copied to obtain the second Token corresponding to the authority of the common user.
Step S520, creating a first functional process of the virus killing application based on the first Token and the second Token.
In the implementation, the implementation of step S520 may refer to the above embodiments, which are not described herein again.
Step S530, suspend the first functional process.
In an implementation, after suspending the first functional process, the first functional process may be caused to pause.
Step S540, setting the process attribute of the first functional process as simulating a second Token to run, so as to obtain a second functional process.
In implementation, since the first functional process is created by the first Token, the process attribute of the first functional process is defaulted to be run based on the first Token. The process attribute of the first functional process may be set to force the first functional process to emulate the second Token operation.
Step S550, resuming the starting of the second functional process, so that the second functional process sets the account configuration file identifier corresponding to the virus killing application in the system registry as the account configuration file identifier in the second Token.
In implementation, because the second functional process is currently in a suspended state, after the process attribute of the second functional process is set, the second functional process can be resumed to continue to run. When the second function process continues to run, the second Token is simulated to run, that is, the account configuration file identifier corresponding to the virus killing application in the system registry can be set as the account configuration file identifier in the second authority information through the second Token.
Optionally, the account profile identifier corresponding to the virus killing application in the system registry comprises HKEY _ CURRENT _ USER.
In implementation, the storage locations of the plug-ins corresponding to different accounts are recorded in the system registry, for example, the IE plug-in corresponding to the administrator account is stored in the a location, and the IE plug-in corresponding to the currently logged-in individual account is stored in the B location. At this time, if HKEY _ CURRENT _ USER is initialized by the second Token, the operation of pointing to the storage location of the plug-in corresponding to the currently logged-in personal account can be implemented by setting HKEY _ CURRENT _ USER in the system registry as the account profile identifier in the second Token. Wherein the account profile identification in the second Token may be the SessionId of the currently logged-in personal account. Further, when the virus searching application searches for the plug-in, the storage location of the plug-in corresponding to the currently logged-in personal account is found. The virus searching and killing application can perform required processing on the plug-in corresponding to the currently logged-in personal account, for example, virus searching and killing processing is performed.
Step S560, based on the first Token, performing virus searching and killing processing on the data file in the user terminal.
In implementation, the process of creating the first functional process of the virus killing application based on the first Token may be regarded as performing right improvement on the virus killing application, the process of creating the first functional process of the virus killing application based on the second Token and performing initialization processing on the functional process based on the second Token may be regarded as performing right reduction on the virus killing application, and finally, the right reduction may be performed on the virus killing application again.
The simulation of the second Token running function process can be eliminated, so that the function process can be recovered to be run based on the first Token, and the subsequent processing of the third function process can be executed through the first Token.
According to the method provided by the embodiment of the disclosure, the right-lifting process is realized by the step of creating the first function process of the virus killing application based on the first authority information corresponding to the administrator account, then the right-reducing process can be performed on the function process to obtain the second function process after the right-reducing process, the initialization process is completed by the second function process after the right-reducing process, and finally the right-lifting process is performed on the second function process after the right-reducing process based on the first authority information corresponding to the administrator account to obtain the third function process after the right-lifting process again. By the mode, the function process can read and write certain specific types of data files of the currently logged personal account instead of certain specific types of data files of the administrator account, and even if viruses are hidden in the specific types of data files of the currently logged personal account, the virus searching and killing application can search and kill the viruses, so that the safety of the computer can be guaranteed.
Based on the same concept as the above-mentioned disclosed embodiment, an exemplary embodiment of the present disclosure provides a virus searching and killing method, as shown in fig. 6, a processing flow of the method may include the following steps:
step S601, when a virus checking and killing request of the user terminal is obtained, a service right-lifting process is started.
In implementation, the service may be notified of the initiation of the service authorization Process by Inter-Process Communication (IPC).
Step S602, copying the Token corresponding to the administrator authority in the system process corresponding to the administrator account through the Token authority of the service.
Step S603, the SessionId of Token corresponding to the copied administrator authority is set as the SessionId of Token corresponding to the currently logged-in personal account.
Step S604, creating an environment execution variable corresponding to the currently logged-in personal account through the second Token.
Step S605, by replacing Token and environment execution variable after the SessionId, creates a first functional process of the virus killing application, and suspends the first functional process.
Step S606, the authority of the first function process is set to be a low authority, and a second function process is obtained.
And step S607, resuming the starting of the second functional process and entering the process starting process.
In step S608, the process starts.
In step S609, it is determined whether the second functional process has undergone the power down process.
In implementation, whether the function process is subjected to the right reducing process may be determined by determining whether the current process attribute information of the second function process includes the second authority information.
Step S610, if the second functional process is subjected to the right reduction process, the second functional process is restored to the high right, a third functional process is obtained, and step S611 is executed.
In implementation, if the current process attribute information of the second functional process includes second authority information, the second functional process after the authority reduction is subjected to the authority increasing processing based on the first authority information corresponding to the administrator account to obtain a third functional process after the authority increasing processing. And if the current process attribute information of the second functional process does not comprise the second authority information, closing the second functional process, and turning to the step of calling the administrator account information and the currently logged personal account information of the user terminal according to the virus checking and killing request.
In step S611, if the second functional process has not been subjected to the privilege reducing process, it is determined whether the second functional process has the high-level administrator privilege.
Step S612, if the high-level administrator authority is provided, it is determined whether the authorization process is performed.
Step S613, if the high-level administrator authority is not provided, sending IPC to notify the service to start the service right-lifting process, and entering the service right-lifting process again.
Step S614, if the high-level administrator authority is provided and the authorization process is not performed, acquiring the SessionId of Token for returning when querying Token through the Hook Token, and executing step S615.
In step S615, if the high-level administrator authority is provided and the privilege escalation process is performed, the process is started.
According to the method provided by the embodiment of the disclosure, the right-lifting process is realized by the step of creating the first function process of the virus killing application based on the first authority information corresponding to the administrator account, then the right-reducing process can be performed on the function process to obtain the second function process after the right-reducing process, the initialization process is completed by the second function process after the right-reducing process, and finally the right-lifting process is performed on the second function process after the right-reducing process based on the first authority information corresponding to the administrator account to obtain the third function process after the right-lifting process again. By the mode, the function process can read and write certain specific types of data files of the currently logged personal account instead of certain specific types of data files of the administrator account, and even if viruses are hidden in the specific types of data files of the currently logged personal account, the virus searching and killing application can search and kill the viruses, so that the safety of the computer can be guaranteed.
Still another exemplary embodiment of the present disclosure provides a virus killing apparatus, as shown in fig. 7, including:
an obtaining module 710, configured to obtain a virus killing request of a user terminal;
the calling module 720 is configured to call administrator account information and currently logged-in personal account information of the user terminal according to the virus searching and killing request;
the obtaining module 710 is configured to obtain first permission information corresponding to an administrator account from the administrator account information, and obtain second permission information corresponding to a currently logged-in personal account from the personal account information, where the first permission information is information required when an operation that the administrator account has permission is executed, and the second permission information is information required when an operation that the currently logged-in personal account has permission is executed;
a creating module 730, configured to create a first function process of a virus killing application based on first permission information corresponding to the administrator account, where process attribute information of the first function process includes the first permission information;
the right reducing module 740 is configured to perform right reducing processing on the function process based on second right information corresponding to the currently logged-in personal account to obtain a second function process after the right reducing processing, where process attribute information of the second function process includes the second right information;
an initialization module 750, configured to set, based on the second function process, an account configuration file identifier corresponding to the virus checking and killing application in a system registry as an account configuration file identifier in the second permission information;
the right-lifting module 760 is configured to perform right lifting processing on the second function process after the right is removed based on first right information corresponding to the administrator account to obtain a third function process after the right lifting processing, where process attribute information of the third function process includes the first right information;
and a virus searching and killing module 770, configured to perform virus searching and killing processing on the data file in the user terminal based on the third functional process.
Optionally, the first permission information is a first Token, and the second permission information is a second Token.
Optionally, the creating module 730 is configured to:
replacing the interactive interface session identifier in the first Token with the interactive interface session identifier in the second Token;
creating an environment execution variable corresponding to the currently logged-in personal account based on the second Token;
and creating a first functional process of the virus killing application based on the first Token after replacing the interactive interface session identifier and the environment execution variable.
Optionally, the account profile identifier corresponding to the virus killing application in the system registry comprises HKEY _ CURRENT _ USER.
Optionally, the weight reduction module 740 is configured to:
determining whether the current process attribute information of the second functional process comprises the second authority information;
and when the current process attribute information of the second functional process comprises the second authority information, performing right-lifting processing on the second functional process after the right is reduced based on the first authority information corresponding to the administrator account to obtain a third functional process after the right-lifting processing.
Optionally, the weight reduction module 740 is further configured to:
and when the current process attribute information of the second function process does not include the second authority information, closing the second function process, and executing the calling of the administrator account information and the currently logged personal account information of the user terminal according to the virus checking and killing request through the calling module 720.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
According to the device provided by the embodiment of the disclosure, the right-lifting process is realized by the step of creating the first function process of the virus killing application based on the first authority information corresponding to the administrator account, then the right-reducing process can be performed on the function process to obtain the second function process after the right-reducing process, the initialization process is completed by the second function process after the right-reducing process, and finally the right-lifting process is performed on the second function process after the right-reducing process based on the first authority information corresponding to the administrator account to obtain the third function process after the right-lifting process again. By the mode, the function process can read and write certain specific types of data files of the currently logged personal account instead of certain specific types of data files of the administrator account, and even if viruses are hidden in the specific types of data files of the currently logged personal account, the virus searching and killing application can search and kill the viruses, so that the safety of the computer can be guaranteed.
It should be noted that: in the device for operating software provided in the above embodiment, when the software is operated, only the division of the functional modules is illustrated, and in practical applications, the functions may be distributed by different functional modules according to needs, that is, the internal structure of the computer device is divided into different functional modules to complete all or part of the functions described above. In addition, the device for running software and the method for running software provided by the above embodiments belong to the same concept, and the specific implementation process thereof is detailed in the method embodiments and will not be described herein again.
Fig. 8 shows a schematic structural diagram of a server 1900 provided in an exemplary embodiment of the present disclosure. The server 1900 may have a large difference due to different configurations or performances, and may include one or more processors (CPUs) 1910 and one or more memories 1920. The memory 1920 stores at least one instruction, which is loaded and executed by the processor 1910 to implement the method for executing software according to the above embodiments.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.
Claims (14)
1. A virus searching and killing method is characterized by comprising the following steps:
acquiring a virus searching and killing request of a user terminal;
calling administrator account information and currently logged personal account information of the user terminal according to the virus searching and killing request;
acquiring first authority information corresponding to an administrator account from the administrator account information, and acquiring second authority information corresponding to a currently logged-in personal account from the personal account information, wherein the first authority information is information required when an operation that the administrator account has authority is executed, and the second authority information is information required when an operation that the currently logged-in personal account has authority is executed;
creating a first function process of a virus checking and killing application based on first authority information corresponding to the administrator account, wherein the process attribute information of the first function process comprises the first authority information;
based on second authority information corresponding to the currently logged-in personal account, performing right reduction processing on the function process to obtain a second function process subjected to the right reduction processing, wherein the process attribute information of the second function process comprises the second authority information;
setting an account configuration file identifier corresponding to the virus checking and killing application in a system registry as an account configuration file identifier in the second permission information based on the second function process;
based on first authority information corresponding to the administrator account, performing right-lifting processing on the second function process after the right is reduced to obtain a third function process after the right-lifting processing, wherein the process attribute information of the third function process comprises the first authority information;
and performing virus searching and killing processing on the data file in the user terminal based on the third functional process.
2. The method of claim 1, wherein the first permission information is a first Token, and wherein the second permission information is a second Token.
3. The method of claim 2, wherein creating the first functional process of the virus killing application based on the first permission information corresponding to the administrator account comprises:
replacing the interactive interface session identifier in the first Token with the interactive interface session identifier in the second Token;
creating an environment execution variable corresponding to the currently logged-in personal account based on the second Token;
and creating a first functional process of the virus killing application based on the first Token after replacing the interactive interface session identifier and the environment execution variable.
4. The method of claim 1, wherein the account profile identification corresponding to the virus-killing application in the system registry comprises HKEY _ CURRENT _ USER.
5. The method according to claim 1, wherein the performing right-lifting processing on the second function process after the right is removed based on the first authority information corresponding to the administrator account to obtain a third function process after the right-lifting processing includes:
determining whether the current process attribute information of the second functional process comprises the second authority information;
and if the current process attribute information of the second functional process comprises the second authority information, performing right-lifting processing on the second functional process after the right is reduced based on the first authority information corresponding to the administrator account to obtain a third functional process after the right-lifting processing.
6. The method of claim 5, further comprising:
and if the current process attribute information of the second functional process does not comprise the second authority information, closing the second functional process, and transferring to the step of calling the administrator account information and the currently logged personal account information of the user terminal according to the virus checking and killing request.
7. A virus killing apparatus, comprising:
the acquisition module is used for acquiring a virus searching and killing request of the user terminal;
the calling module is used for calling the administrator account information and the currently logged personal account information of the user terminal according to the virus searching and killing request;
the acquisition module is configured to acquire first permission information corresponding to an administrator account from the administrator account information, and acquire second permission information corresponding to a currently logged-in personal account from the personal account information, where the first permission information is information required when an operation that the administrator account has permission is executed, and the second permission information is information required when an operation that the currently logged-in personal account has permission is executed;
the creating module is used for creating a first function process of the virus killing application based on first authority information corresponding to the administrator account, wherein the process attribute information of the first function process comprises the first authority information;
the right reducing module is used for performing right reducing processing on the functional process based on second right information corresponding to the currently logged personal account to obtain a second functional process after the right reducing processing, wherein the process attribute information of the second functional process comprises the second right information;
the initialization module is used for setting an account configuration file identifier corresponding to the virus checking and killing application in a system registry as an account configuration file identifier in the second authority information based on the second function process;
the right-lifting module is used for performing right lifting processing on the second function process after the right is reduced based on first right information corresponding to the administrator account to obtain a third function process after the right lifting processing, wherein the process attribute information of the third function process comprises the first right information;
and the virus searching and killing module is used for performing virus searching and killing processing on the data file in the user terminal based on the third functional process.
8. The apparatus of claim 7, wherein the first permission information is a first Token, and wherein the second permission information is a second Token.
9. The apparatus of claim 8, wherein the creation module is configured to:
replacing the interactive interface session identifier in the first Token with the interactive interface session identifier in the second Token;
creating an environment execution variable corresponding to the currently logged-in personal account based on the second Token;
and creating a first functional process of the virus killing application based on the first Token after replacing the interactive interface session identifier and the environment execution variable.
10. The apparatus of claim 7, wherein the account profile identification corresponding to the virus killing application in the system registry comprises HKEY _ CURRENT _ USER.
11. The apparatus of claim 7, wherein the de-weighting module is configured to:
determining whether the current process attribute information of the second functional process comprises the second authority information;
and when the current process attribute information of the second functional process comprises the second authority information, performing right-lifting processing on the second functional process after the right is reduced based on the first authority information corresponding to the administrator account to obtain a third functional process after the right-lifting processing.
12. The apparatus of claim 11, wherein the drop weight module is further configured to:
and when the current process attribute information of the second function process does not comprise the second authority information, closing the second function process, and executing the calling of the administrator account information and the currently logged personal account information of the user terminal according to the virus checking and killing request through the calling module.
13. A computer device, comprising a processor, a communication interface, a memory, and a communication bus, wherein:
the processor, the communication interface and the memory complete mutual communication through the communication bus;
the memory is used for storing a computer program;
the processor is configured to execute the program stored in the memory to implement the method steps of any of claims 1-6.
14. A computer-readable storage medium, characterized in that a computer program is stored in the computer-readable storage medium, which computer program, when being executed by a processor, carries out the method steps of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910543853.2A CN110414230B (en) | 2019-06-21 | 2019-06-21 | Virus checking and killing method and device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910543853.2A CN110414230B (en) | 2019-06-21 | 2019-06-21 | Virus checking and killing method and device, computer equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110414230A CN110414230A (en) | 2019-11-05 |
| CN110414230B true CN110414230B (en) | 2022-04-08 |
Family
ID=68359664
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910543853.2A Active CN110414230B (en) | 2019-06-21 | 2019-06-21 | Virus checking and killing method and device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110414230B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113392383A (en) * | 2021-06-09 | 2021-09-14 | 北京和信创天科技股份有限公司 | Multi-user dynamic right-lifting method for Windows system |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4532237B2 (en) * | 2004-10-29 | 2010-08-25 | 株式会社日立製作所 | Computer and access control method in computer |
| US7636851B2 (en) * | 2005-06-30 | 2009-12-22 | Microsoft Corporation | Providing user on computer operating system with full privileges token and limited privileges token |
| US8850549B2 (en) * | 2009-05-01 | 2014-09-30 | Beyondtrust Software, Inc. | Methods and systems for controlling access to resources and privileges per process |
| CN103632088A (en) * | 2012-08-28 | 2014-03-12 | 阿里巴巴集团控股有限公司 | Method and device for detecting Trojan horses |
| GB2538518B (en) * | 2015-05-19 | 2017-12-27 | Avecto Ltd | Computer device and method for controlling access to a resource via a security system |
| US10325116B2 (en) * | 2017-06-30 | 2019-06-18 | Vmware, Inc. | Dynamic privilege management in a computer system |
-
2019
- 2019-06-21 CN CN201910543853.2A patent/CN110414230B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN110414230A (en) | 2019-11-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11848982B2 (en) | Access services in hybrid cloud computing systems | |
| CN105427096B (en) | Payment security sandbox implementation method and system and application program monitoring method and system | |
| EP3671508B1 (en) | Customizing operating system kernels with secure kernel modules | |
| EP3488584B1 (en) | Usage tracking in hybrid cloud computing systems | |
| US11438349B2 (en) | Systems and methods for protecting devices from malware | |
| US20170004309A1 (en) | System and method for detecting malicious code in address space of a process | |
| US20130212709A1 (en) | System and Method for Securing Virtual Computing Environments | |
| CN102495750A (en) | Virtual desktop configuration and operation techniques | |
| Kandukuru et al. | Android malicious application detection using permission vector and network traffic analysis | |
| US20210194904A1 (en) | Security management of an autonomous vehicle | |
| CN110414230B (en) | Virus checking and killing method and device, computer equipment and storage medium | |
| KR20160145574A (en) | Systems and methods for enforcing security in mobile computing | |
| Song et al. | App’s auto-login function security testing via android os-level virtualization | |
| Salehi et al. | Welcome to Binder: A kernel level attack model for the Binder in Android operating system | |
| CN114065183A (en) | Authority control method and device, electronic equipment and storage medium | |
| US10089261B2 (en) | Discriminating dynamic connection of disconnectable peripherals | |
| Chen et al. | SAMEVED: A System Architecture for Managing and Establishing Virtual Elastic Datacenters | |
| US8332940B2 (en) | Techniques for securing a computing environment | |
| Jindal et al. | Protecting android devices following BYOD policy against data security and privacy attacks | |
| KR101415403B1 (en) | System and method for providign secure space being shared | |
| WO2016112219A1 (en) | System and method for monitoring a computer system using machine interpretable code | |
| Zhu et al. | A Dynamic Supervisory Mechanism of Process Behaviors Based on Dalvik VM | |
| CN116566633A (en) | Attack behavior defending method, device, equipment and storage medium | |
| GB2457305A (en) | Controlling access to system resources using script and application identifiers |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |