CN102819717B - Method and device for carrying out protection processing on file - Google Patents
Method and device for carrying out protection processing on file Download PDFInfo
- Publication number
- CN102819717B CN102819717B CN201210279819.7A CN201210279819A CN102819717B CN 102819717 B CN102819717 B CN 102819717B CN 201210279819 A CN201210279819 A CN 201210279819A CN 102819717 B CN102819717 B CN 102819717B
- Authority
- CN
- China
- Prior art keywords
- catalogue
- file
- path
- assigned operation
- agent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 238000012545 processing Methods 0.000 title abstract description 3
- 230000000903 blocking effect Effects 0.000 claims abstract description 14
- 238000012217 deletion Methods 0.000 claims description 24
- 230000037430 deletion Effects 0.000 claims description 24
- 230000008569 process Effects 0.000 claims description 22
- 230000010354 integration Effects 0.000 claims description 14
- 238000000605 extraction Methods 0.000 claims description 11
- 101150093240 Brd2 gene Proteins 0.000 claims description 9
- 208000032826 Ring chromosome 3 syndrome Diseases 0.000 claims description 9
- 230000008878 coupling Effects 0.000 claims description 9
- 238000010168 coupling process Methods 0.000 claims description 9
- 238000005859 coupling reaction Methods 0.000 claims description 9
- 230000009471 action Effects 0.000 description 17
- 238000001914 filtration Methods 0.000 description 7
- 230000008901 benefit Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 208000031481 Pathologic Constriction Diseases 0.000 description 1
- 101150007742 RING1 gene Proteins 0.000 description 1
- 208000035217 Ring chromosome 1 syndrome Diseases 0.000 description 1
- 208000032825 Ring chromosome 2 syndrome Diseases 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000009931 harmful effect Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a device for carrying out protection processing on a file. The method comprises the following steps of acquiring a path of the protected file and/or a protected directory; blocking a designated operation aiming at the file and/or the directory; extracting a path of the file and or the directory which the designated operation aims at; judging whether the path of the file and or the directory which the designated operation aims at is the path of the protected file and/or the protected directory; and if yes, intercepting the designated operation aiming at the file and/or the directory. According to the invention, the file can be prevented from being deleted by mistake and the stability of a system is ensured.
Description
Technical field
The present invention relates to file processing technology field, be specifically related to a kind of method of file protection process, and, a kind of device of file protection process.
Background technology
Along with computer is at the work of people and the universal of life; the files tend stored in computer is many; user can manually delete some files usually when management computer document; or need to clear up some files when certain software of unloading; if but some important files can be deleted when manual operation error or software unloading; some can be caused not want, and deleting the file maybe can not deleted is deleted by mistake, deletes the file can not deleted in system and probably causes system instability or other harmful effects.
Therefore, the technical matters that those skilled in the art are in the urgent need to address is: how to prevent file from being deleted by mistake.
Summary of the invention
In view of the above problems, the present invention is proposed to provide a kind of overcoming the problems referred to above or a kind of method of file protection process solved the problem at least in part and the device of corresponding a kind of file protection process.
According to one aspect of the present invention, provide a kind of method of file protection process, comprising:
Obtain the path of agent-protected file and/or catalogue;
Clog needle is to the assigned operation of file and/or catalogue;
Extract described assigned operation for file and/or the path of catalogue;
Judge described assigned operation for file and/or the path of catalogue, be whether the path of agent-protected file and/or catalogue;
If so, the described assigned operation for file and/or catalogue of interception.
Alternatively, described assigned operation for file and/or the path of catalogue be not the path of agent-protected file and/or catalogue time, allow the described assigned operation for file and/or catalogue.
Alternatively, described catalogue comprises catalogue itself, the sub-directory in catalogue and file.
Alternatively, described assigned operation comprises deletion and mobile operation, the mobile operation of catalogue itself and/or the deletion of catalogue lining catalogue and file of file itself and moves operation.
Alternatively, the path of described acquisition agent-protected file and/or catalogue is the DOS path of agent-protected file and/or catalogue, and the described assigned operation for file and/or catalogue is blocked by filter Driver on FSD,
Described extraction assigned operation for file and/or the step in path of catalogue comprise:
Described filter Driver on FSD obtain described assigned operation for file and/or the NT path of catalogue;
Described NT path integration is become DOS path by described filter Driver on FSD.
Alternatively, described judgement assigned operation for file and/or the path of catalogue, be whether that the step in the path of agent-protected file and/or catalogue comprises:
Described filter Driver on FSD by described assigned operation for file and/or the DOS path of catalogue, to mate with the DOS path of described agent-protected file and/or catalogue, and will the result notice user interface of coupling; Described matching result comprises, when there is occurrence, judge described assigned operation for file and/or the path of catalogue as the result in the path of agent-protected file and/or catalogue; And, when there is not occurrence, judge described assigned operation for file and/or the path of catalogue not as the result in the path of agent-protected file and/or catalogue,
The step of the assigned operation for file and/or catalogue described in described interception comprises:
Described user interface according to described assigned operation for file and/or the path of catalogue be the result in the path of agent-protected file and/or catalogue, generate the information of the described assigned operation for file and/or catalogue of interception, and be sent to filter Driver on FSD;
Described filter Driver on FSD is according to the operation of described interception for the described assigned operation for file and/or catalogue of the information and executing interception of the assigned operation of file and/or catalogue.
Alternatively, described assigned operation for file and/or path for agent-protected file and/or catalogue, the path of catalogue time allow the step of the described assigned operation for file and/or catalogue to comprise:
Described user interface according to described assigned operation for file and/or the path of catalogue be not the result in the path of agent-protected file and/or catalogue, generate the information allowing the described assigned operation for file and/or catalogue, and be sent to filter Driver on FSD;
Described filter Driver on FSD allows the operation of the described assigned operation for file and/or catalogue for the information and executing of the assigned operation of file and/or catalogue according to described permission.
Alternatively, described filter Driver on FSD is positioned at the 0th level of privilege Ring0, and described user interface is positioned at the 3rd level of privilege Ring3.
According to a further aspect in the invention, provide a kind of device of file protection process, comprising:
Acquisition module, for obtaining the path of agent-protected file and/or catalogue;
Blocking module, for the assigned operation of clog needle to file and/or catalogue;
Extraction module, for extract described assigned operation for file and/or the path of catalogue;
Judge module, for judge described assigned operation for file and/or the path of catalogue, be whether the path of agent-protected file and/or catalogue; If so, then blocking module is called;
Blocking module, for tackling the described assigned operation for file and/or catalogue.
Alternatively, the device of described a kind of file protection process also comprises:
Allow module, for described assigned operation for file and/or the path of catalogue be the path of agent-protected file and/or catalogue time, for the assigned operation of file and/or catalogue described in allowing.
Alternatively, described catalogue comprises catalogue itself, the sub-directory in catalogue and file.
Alternatively, described assigned operation comprises deletion and mobile operation, the mobile operation of catalogue itself and/or the deletion of catalogue lining catalogue and file of file itself and moves operation.
Alternatively, the path of described agent-protected file and/or catalogue is the DOS path of agent-protected file and/or catalogue, and the described assigned operation for file and/or catalogue is blocked by filter Driver on FSD,
Described extraction module comprises:
NT path obtains submodule, for obtained by filter Driver on FSD described assigned operation for file and/or the NT path of catalogue;
Path integration submodule, for becoming DOS path by described filter Driver on FSD by described NT path integration.
Alternatively, described judge module comprises:
Route matching submodule, for by described filter Driver on FSD by described assigned operation for file and/or the DOS path of catalogue, to mate with the DOS path of described agent-protected file and/or catalogue, and will the result notice user interface of coupling; Described matching result comprises, when there is occurrence, judge described assigned operation for file and/or the path of catalogue as the result in the path of agent-protected file and/or catalogue; And, when there is not occurrence, judge described assigned operation for file and/or the path of catalogue not as the result in the path of agent-protected file and/or catalogue,
Described blocking module comprises:
The intercept information being positioned at user interface generates submodule, for according to described assigned operation for file and/or the path of catalogue be the result in the path of agent-protected file and/or catalogue, generate the information of the described assigned operation for file and/or catalogue of interception, and be sent to filter Driver on FSD;
Be positioned at the operation intercepting submodule of filter Driver on FSD, for according to the operation of described interception for the described assigned operation for file and/or catalogue of the information and executing interception of the assigned operation of file and/or catalogue.
Alternatively, described permission module comprises:
The permission information being positioned at user interface generates submodule, for according to described assigned operation for file and/or the path of catalogue be not the result in the path of agent-protected file and/or catalogue, generate the information allowing the described assigned operation for file and/or catalogue, and be sent to filter Driver on FSD;
The operation being positioned at filter Driver on FSD allows submodule, for according to the operation allowing the described assigned operation for file and/or catalogue described in described permission for the information and executing of the assigned operation of file and/or catalogue.
Alternatively, described filter Driver on FSD is positioned at the 0th level of privilege Ring0, and described user interface is positioned at the 3rd level of privilege Ring3.
Window kernel file filtration drive can be applied according to the method for a kind of file protection process of the present invention to filter the file of specifying and/or catalogue and the file operation of specifying; satisfactory operation is blocked; mutual with the user interface being positioned at Ring3 layer by the filter Driver on FSD being positioned at Ring0 layer; tackle the assigned operation of satisfactory file of specifying and/or catalogue, solve thus and prevent file from being achieved the beneficial effect ensureing system stable operation by the problem that mistake is deleted.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to technological means of the present invention can be better understood, and can be implemented according to the content of instructions, and can become apparent, below especially exemplified by the specific embodiment of the present invention to allow above and other objects of the present invention, feature and advantage.
Accompanying drawing explanation
By reading hereafter detailed description of the preferred embodiment, various other advantage and benefit will become cheer and bright for those of ordinary skill in the art.Accompanying drawing only for illustrating the object of preferred implementation, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts by identical reference symbol.In the accompanying drawings:
Fig. 1 shows a kind of according to an embodiment of the invention flow chart of steps of embodiment of the method 1 of file protection process;
Fig. 2 shows a kind of according to an embodiment of the invention flow chart of steps of embodiment of the method 2 of file protection process;
Fig. 3 shows a kind of according to an embodiment of the invention structured flowchart of device embodiment 1 of file protection process;
Fig. 4 shows a kind of according to an embodiment of the invention structured flowchart of device embodiment 2 of file protection process.
Embodiment
Below with reference to accompanying drawings exemplary embodiment of the present disclosure is described in more detail.Although show exemplary embodiment of the present disclosure in accompanying drawing, however should be appreciated that can realize the disclosure in a variety of manners and not should limit by the embodiment set forth here.On the contrary, provide these embodiments to be in order to more thoroughly the disclosure can be understood, and complete for the scope of the present disclosure can be conveyed to those skilled in the art.
One of core idea of the embodiment of the present invention is, by filter Driver on FSD, the file of specifying and/or catalogue (user adds file and/or the catalogue of protection) and the file activities (delete and mobile) of specifying are filtered, satisfactory action is blocked, then user interface is notified from filter Driver on FSD, user interface carries out Logic judgment, generating judgement action is should be allowed to perform or the information of interception, user interface is by judgement information backspace file filtration drive, the operation allowing and tackle finally is completed by filter Driver on FSD, prevent file and/or catalogue from being deleted by mistake by such process.
Filter Driver on FSD is the filtration drive Technical Architecture based on Windows NT file system provided by Microsoft, filter Driver on FSD works in the kernel mode of operating system, be between file system forms such as () FAT/NTFS and I/O manager, the IRP to file system (I/O Request Packet and I/O ask bag) that interception I/O manager sends and Fast-I/O asks and carry out concrete filtration treatment before distribution.Filter Driver on FSD up-to-date at present adopts minifilter framework.
With reference to Fig. 1, show a kind of according to an embodiment of the invention flow chart of steps of embodiment of the method 1 of file protection process, specifically can comprise the following steps:
Step 101: the path obtaining agent-protected file and/or catalogue;
Wherein, catalogue comprises catalogue itself, the sub-directory in catalogue and file, and the path obtaining agent-protected file and/or catalogue is the DOS path of agent-protected file and/or catalogue.
Wherein, described shielded file comprises the file with file type of directly following after disk drive, such as: c: def.txt; Sub-directory in described shielded catalogue or file comprise that to follow be a directory name after disk drive, are the file of file type after directory name, such as: C: abc def.txt.
Specifically, a file and/or catalogue add respective rule and just form agent-protected file and/or catalogue in its DOS path.Described respective rule can be the rule presetting and add up, as a kind of preferred exemplary of the present embodiment, article one, respective rule can comprise a path and an action type, the rule formed with No. * in path is the rule of file itself, and/or the rule of catalogue lining catalogue and file, the rule do not formed with No. * in path is the rule of catalogue itself.Respective rule can be stored in a file, or stores in other modes such as chained list or node tree, or stores in the server, when rule used by needs, directly can read from listed files, or from server, obtain the rule of real-time update.Rule as a structure, can notify filter Driver on FSD from user interface, such as:
(1) for catalogue adds rule
A catalogue, as c: abc
Then need to add following rule
C: abc RENAME
C: abc the DELETE of *
C: abc the RENAME of *
First is used for protecting catalogue itself
Latter two is used for protecting the sub-directory in catalogue and file
(2) for file adds rule
A file, as c: def.txt
Then need to add following rule
C: abc the DELETE of *
C: abc the RENAME of *
Be used for protected file.
Step 102: clog needle is to the assigned operation of file and/or catalogue;
Assigned operation herein for file and/or catalogue is used for, in all operations for All Files in system, identifying assigned operation.As a kind of preferred exemplary of the present embodiment, assigned operation mainly comprises deletion DELETE and mobile RENAME two kinds operation, can comprise deletion and mobile operation, the mobile operation of catalogue itself and/or the deletion of catalogue lining catalogue and file of file itself and move operation.In specific implementation, four kinds of situations below can be comprised:
(1) user deletes a file, be divided into direct deleted file and file erase to recycle bin.
User directly deletes a file and can cause deleting DELETE operation, actual to recycle bin for file erase be that a mobile RENAME operates;
(2) user deletes a catalogue, if catalogue is not empty, can does one and delete DELETE operation, finally just carry out deletion DELETE to catalogue and operate each file under catalogue;
(3) user moves a file, if with drive, this shift action is a mobile RENAME operation; If different drive, copying files to target location, is then that the file erase DELETE of original position operates;
(4) user moves a catalogue, if with drive, this shift action is a mobile RENAME operation of catalogue; If different drive, being copy and the deletion DELETE operation of each file in catalogue, is finally the mobile RENAME operation of catalogue.
As a kind of preferred exemplary of the present embodiment; filter Driver on FSD identifies assigned operation by following mode: the rule with * in path can be put into a chained list by filter Driver on FSD; rule not with * is put one into and is stretched in tree; when there is a file activities in system; just mated by the type of action brought with in the rule of agent-protected file and/or catalogue; if meet coupling, blocked action by filter Driver on FSD, the continuation stopping this action performs.
Step 103: extract described assigned operation for file and/or the path of catalogue;
Owing to being blocked by filter Driver on FSD for the assigned operation of file and/or catalogue, filter Driver on FSD works in the kernel mode of operating system, what obtain is the NT path of file and/or catalogue, after filter Driver on FSD obtains NT path, need to change, could compare with DOS path, wherein, DOS path is exactly the path of usual application program, such as: C: MYFILE.CPP, NT path and kernel mode path, be exactly the path that kernel is used for really accessing device file, such as Device HarddiskVolume1 MYFILE.CPP
In a preferred embodiment of the present application, described step 103 can comprise following sub-step:
Sub-step S11: described filter Driver on FSD obtain described assigned operation for file and/or the NT path of catalogue;
Sub-step S12: described NT path integration is become DOS path by described filter Driver on FSD.
Specifically, described step 103 can be subdivided into following sub-step:
Sub-step S111: described filter Driver on FSD obtain described assigned operation for file and/or catalogue NT path after, obtain the volume information in corresponding device path according to described NT path;
Sub-step S112: described filter Driver on FSD obtains the drive title in the DOS path of this volume correspondence according to the volume information in described corresponding device path;
Sub-step S113: described drive title is stitched together and obtains corresponding DOS path by described filter Driver on FSD.
Such as:
The assigned operation that filter Driver on FSD obtains for file and/or the NT path of catalogue be Device HarddiskVolume1 MYFILE.CPP, the volume information obtaining device path corresponding to this NT path be Device HarddiskVolume1, obtain drive corresponding to this volume information for " C: " according to DOS Device and the mapping relations of drive, therefore its DOS path be C: MYFILE.CPP.
Step 104: judge described assigned operation for file and/or the path of catalogue, be whether the path of agent-protected file and/or catalogue;
In a preferred embodiment of the present application, described step 104 can judge with following methods:
Described filter Driver on FSD by described assigned operation for file and/or the DOS path of catalogue, to mate with the DOS path of described agent-protected file and/or catalogue, and will the result notice user interface of coupling; Described matching result can comprise, when there is occurrence, judge described assigned operation for file and/or the path of catalogue as the result in the path of agent-protected file and/or catalogue; And, when there is not occurrence, judge described assigned operation for file and/or the path of catalogue not as the result in the path of agent-protected file and/or catalogue.
Such as: c: abc a just can match user arrange c: abc *.
Step 105: described assigned operation for file and/or the path of catalogue be the path of agent-protected file and/or catalogue time, the described assigned operation for file and/or catalogue of interception.
In a preferred embodiment of the present application, described step 105 can comprise following sub-step:
Sub-step S21: described user interface according to described assigned operation for file and/or the path of catalogue be the result in the path of agent-protected file and/or catalogue, generate the information of the described assigned operation for file and/or catalogue of interception, and be sent to filter Driver on FSD;
Sub-step S22: described filter Driver on FSD is according to the operation of described interception for the described assigned operation for file and/or catalogue of the information and executing interception of the assigned operation of file and/or catalogue.
Wherein, described filter Driver on FSD is positioned at the 0th level of privilege Ring0, and described user interface is positioned at the 3rd level of privilege Ring3.
In all instructions of CPU, there are some instructions to be breakneck, if misused, whole system will be caused to collapse, such as: clear internal memory, clock etc. is set.So instruction is divided into privileged instruction and nonprivileged instruction by CPU, for the instruction of those danger, only allow operating system and correlation module thereof to use, common application program can only use those can not cause the instruction of disaster.Privilege level is divided into 4 ranks by the CPU of Intel: Ring0, Ring1, Ring2, Ring3.Windows only uses Ring0 and Ring3, and Ring0 layer operation system uses, and Ring3 layer User space pattern uses.
The filter Driver on FSD of Ring0 layer can select the message of the action of obstruction to continue to be sent to next stage filtration drive, and the filtration drive accepting more subordinate continues to filter, and finally arrives at the filtration drive of the bottom, is permission operation; Filter Driver on FSD also can stop downward single filter to drive the message sending de-blocking act, and this secondary stricture is and is blocked operation.
In practice, some deletion action to be deleted along with the closedown of software or movement, for these operations, filter Driver on FSD allows, so filter Driver on FSD is after intercepting an operation, can judge that this time operation is one and deletes and/or move operation normally or the operation that once may cause by mistake deleting, if one deletion and/or shift action then allow this action normally, described normal deletion shift action comprises the deletion of temporary file and/or mobile operation, and, to the deletion of empty list and/or the operation moving to recycle bin, and/or empty list is shifted out the operation of protection.
The temporary file that the modal deletion to temporary file and/or movement produce when being operating as software application, deleted and/or mobile when software is closed, such as:
Open the temporary file that word program produces, when closing word program, temporary file is deleted automatically, now should allow this deletion.
Filter Driver on FSD also can carry out analytic statistics to the result intercepted, and utilizes analysis result to supplement described respective rule, so that capture deletion action by mistake more accurately.
With reference to Fig. 2, show a kind of according to an embodiment of the invention flow chart of steps of embodiment of the method 2 of file protection process, specifically can comprise the following steps:
Step 201: the path obtaining agent-protected file and/or catalogue;
Wherein, catalogue comprises catalogue itself, the sub-directory in catalogue and file, and the path obtaining agent-protected file and/or catalogue is the DOS path of agent-protected file and/or catalogue.
Specifically, a file and/or catalogue add respective rule and just form agent-protected file and/or catalogue in its DOS path.Described respective rule can be the rule presetting and add up, as a kind of preferred exemplary of the present embodiment, article one, respective rule can comprise a path and an action type, the rule formed with No. * in path is the rule of file itself, and/or the rule of catalogue lining catalogue and file, the rule do not formed with No. * in path is the rule of catalogue itself.Respective rule can be stored in a file, or stores in other modes such as chained list or node tree, or stores in the server, when rule used by needs, directly can read from listed files, or from server, obtain the rule of real-time update.Rule as a structure, can notify filter Driver on FSD from user interface.
Step 202: clog needle is to the assigned operation of file and/or catalogue;
Assigned operation herein for file and/or catalogue is used for, in all operations for All Files in system, identifying assigned operation.As a kind of preferred exemplary of the present embodiment, assigned operation mainly comprises deletion DELETE and mobile RENAME two kinds operation, can comprise deletion and mobile operation, the mobile operation of catalogue itself and/or the deletion of catalogue lining catalogue and file of file itself and move operation.
Step 203: extract described assigned operation for file and/or the path of catalogue;
In a preferred embodiment of the present application, described step 203 can comprise following sub-step:
Sub-step S31: described filter Driver on FSD obtain described assigned operation for file and/or the NT path of catalogue;
Sub-step S32: described NT path integration is become DOS path by described filter Driver on FSD.
Step 204: judge described assigned operation for file and/or the path of catalogue, be whether the path of agent-protected file and/or catalogue;
In a preferred embodiment of the present application, described step 204 can judge with following methods:
Described filter Driver on FSD by described assigned operation for file and/or the DOS path of catalogue, to mate with the DOS path of described agent-protected file and/or catalogue, and will the result notice user interface of coupling; Described matching result can comprise, when there is occurrence, judge described assigned operation for file and/or the path of catalogue as the result in the path of agent-protected file and/or catalogue; And, when there is not occurrence, judge described assigned operation for file and/or the path of catalogue not as the result in the path of agent-protected file and/or catalogue.
Step 205: described assigned operation for file and/or the path of catalogue be not the path of agent-protected file and/or catalogue time, allow the described assigned operation for file and/or catalogue.
In a preferred embodiment of the present application, described step 205 can comprise following sub-step:
Sub-step S41: described user interface according to described assigned operation for file and/or the path of catalogue be not the result in the path of agent-protected file and/or catalogue, generate the information allowing the described assigned operation for file and/or catalogue, and be sent to filter Driver on FSD;
Sub-step S42: described filter Driver on FSD allows the operation of the described assigned operation for file and/or catalogue for the information and executing of the assigned operation of file and/or catalogue according to described permission.
The present embodiment and difference embodiment illustrated in fig. 1 are, what the present embodiment carried out is operate the permission of assigned operation, when described assigned operation for file and/or the path of catalogue be not the path of agent-protected file and/or catalogue time, filter Driver on FSD allows the situation of the described assigned operation for file and/or catalogue, and description embodiment illustrated in fig. 1 be described assigned operation for file and/or the path of catalogue be the path of agent-protected file and/or catalogue time, the situation of the described assigned operation for file and/or catalogue of filter Driver on FSD interception, the step that all the other steps describe with Fig. 1 is substantially identical, the present invention repeats no more this.
It should be noted that, for embodiment of the method, in order to simple description, therefore it is all expressed as a series of combination of actions, but those skilled in the art should know, the application is not by the restriction of described sequence of movement, because according to the application, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in instructions all belongs to preferred embodiment, and involved action and module might not be that the application is necessary.
With reference to Fig. 3, show a kind of according to an embodiment of the invention structured flowchart of device embodiment 1 of file protection process, specifically can comprise with lower module:
Acquisition module 301, for obtaining the path of agent-protected file and/or catalogue;
Blocking module 302, for the assigned operation of clog needle to file and/or catalogue;
Extraction module 303, for extract described assigned operation for file and/or the path of catalogue;
Judge module 304, for judge described assigned operation for file and/or the path of catalogue, be whether the path of agent-protected file and/or catalogue; If so, blocking module 305 is then called;
Blocking module 305, for tackling the described assigned operation for file and/or catalogue.
In a preferred embodiment of the present application, extraction module 303 can comprise:
NT path obtains submodule, for obtained by filter Driver on FSD described assigned operation for file and/or the NT path of catalogue;
Path integration submodule, for becoming DOS path by described filter Driver on FSD by described NT path integration.
In a preferred embodiment of the present application, judge module 304 can comprise:
Route matching submodule, for by described filter Driver on FSD by described assigned operation for file and/or the DOS path of catalogue, to mate with the DOS path of described agent-protected file and/or catalogue, and will the result notice user interface of coupling; Described matching result comprises, when there is occurrence, judge described assigned operation for file and/or the path of catalogue as the result in the path of agent-protected file and/or catalogue; And, when there is not occurrence, judge described assigned operation for file and/or the path of catalogue not as the result in the path of agent-protected file and/or catalogue,
Described blocking module 305 comprises:
The intercept information being positioned at user interface generates submodule, for according to described assigned operation for file and/or the path of catalogue be the result in the path of agent-protected file and/or catalogue, generate the information of the described assigned operation for file and/or catalogue of interception;
Be positioned at the operation intercepting submodule of filter Driver on FSD, for according to the operation of described interception for the described assigned operation for file and/or catalogue of the information and executing interception of the assigned operation of file and/or catalogue.
With reference to Fig. 4, show a kind of according to an embodiment of the invention structured flowchart of device embodiment 2 of file protection process, specifically can comprise with lower module:
Acquisition module 401, for obtaining the path of agent-protected file and/or catalogue;
Blocking module 402, for the assigned operation of clog needle to file and/or catalogue;
Extraction module 403, for extract described assigned operation for file and/or the path of catalogue;
Judge module 404, for judge described assigned operation for file and/or the path of catalogue, be whether the path of agent-protected file and/or catalogue; If not, then permission module 405 is called;
Allow module 405, for allowing the described assigned operation for file and/or catalogue.
In a preferred embodiment of the present application, extraction module 403 can comprise:
NT path obtains submodule, for obtained by filter Driver on FSD described assigned operation for file and/or the NT path of catalogue;
Path integration submodule, for becoming DOS path by described filter Driver on FSD by described NT path integration.
In a preferred embodiment of the present application, judge module 404 can comprise:
Route matching submodule, for by described filter Driver on FSD by described assigned operation for file and/or the DOS path of catalogue, to mate with the DOS path of described agent-protected file and/or catalogue, and will the result notice user interface of coupling; Described matching result comprises, when there is occurrence, judge described assigned operation for file and/or the path of catalogue as the result in the path of agent-protected file and/or catalogue; And, when there is not occurrence, judge described assigned operation for file and/or the path of catalogue not as the result in the path of agent-protected file and/or catalogue,
Described permission module 405 comprises:
The permission information being positioned at user interface generates submodule, for according to described assigned operation for file and/or the path of catalogue be not the result in the path of agent-protected file and/or catalogue, generate the information allowing the described assigned operation for file and/or catalogue, and be sent to filter Driver on FSD;
The operation being positioned at filter Driver on FSD allows submodule, for by according to the operation allowing the described assigned operation for file and/or catalogue described in described permission for the information and executing of the assigned operation of file and/or catalogue.
For device embodiment, due to itself and embodiment of the method basic simlarity, so description is fairly simple, relevant part illustrates see the part of embodiment of the method.
Each embodiment in this instructions all adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiments, between each embodiment identical similar part mutually see.
Intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment with display at this algorithm provided.Various general-purpose system also can with use based on together with this teaching.According to description above, the structure constructed required by this type systematic is apparent.In addition, the present invention is not also for any certain programmed language.It should be understood that and various programming language can be utilized to realize content of the present invention described here, and the description done language-specific is above to disclose preferred forms of the present invention.
In instructions provided herein, describe a large amount of detail.But can understand, embodiments of the invention can be put into practice when not having these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand in each inventive aspect one or more, in the description above to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes.But, the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires feature more more than the feature clearly recorded in each claim.Or rather, as claims below reflect, all features of disclosed single embodiment before inventive aspect is to be less than.Therefore, the claims following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and adaptively can change the module in the equipment in embodiment and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit be mutually repel except, any combination can be adopted to combine all processes of all features disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment or unit.Unless expressly stated otherwise, each feature disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) can by providing identical, alternative features that is equivalent or similar object replaces.
In addition, those skilled in the art can understand, although embodiments more described herein to comprise in other embodiment some included feature instead of further feature, the combination of the feature of different embodiment means and to be within scope of the present invention and to form different embodiments.Such as, in the following claims, the one of any of embodiment required for protection can use with arbitrary array mode.
All parts embodiment of the present invention with hardware implementing, or can realize with the software module run on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that the some or all functions that microprocessor or digital signal processor (DSP) can be used in practice to realize according to the some or all parts in the file protection treatment facility of the embodiment of the present invention.The present invention can also be embodied as part or all equipment for performing method as described herein or device program (such as, computer program and computer program).Realizing program of the present invention and can store on a computer-readable medium like this, or the form of one or more signal can be had.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.The present invention will be described instead of limit the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment when not departing from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and does not arrange element in the claims or step.Word "a" or "an" before being positioned at element is not got rid of and be there is multiple such element.The present invention can by means of including the hardware of some different elements and realizing by means of the computing machine of suitably programming.In the unit claim listing some devices, several in these devices can be carry out imbody by same hardware branch.Word first, second and third-class use do not represent any order.Can be title by these word explanations.
Claims (16)
1. a method for file protection process, is characterized in that, comprising:
Obtain the path of agent-protected file and/or catalogue;
Clog needle is to the assigned operation of file and/or catalogue;
Extract described assigned operation for file and/or the path of catalogue;
Judge described assigned operation for file and/or the path of catalogue, be whether the path of agent-protected file and/or catalogue;
If so, the described assigned operation for file and/or catalogue of interception;
Wherein, the described agent-protected file of acquisition and/or the path of catalogue are the DOS path of agent-protected file and/or catalogue, described extraction assigned operation for file and/or the step in path of catalogue comprise:
Obtain described assigned operation for file and/or the NT path of catalogue;
Described NT path integration is become DOS path.
2. the method for claim 1, is characterized in that, also comprises:
Described assigned operation for file and/or the path of catalogue be not the path of agent-protected file and/or catalogue time, allow the described assigned operation for file and/or catalogue.
3. the method for claim 1, is characterized in that, described catalogue comprises catalogue itself, the sub-directory in catalogue and file.
4. the method for claim 1, is characterized in that, described assigned operation comprises deletion and mobile operation, the mobile operation of catalogue itself and/or the deletion of catalogue lining catalogue and file of file itself and moves operation.
5. the method as described in claim 1,2,3 or 4, is characterized in that, the described assigned operation for file and/or catalogue is blocked by filter Driver on FSD,
Described filter Driver on FSD obtain described assigned operation for file and/or the NT path of catalogue, described NT path integration is become DOS path by described filter Driver on FSD.
6. the method as described in claim 1,2,3 or 4, is characterized in that, described judgement assigned operation for file and/or the path of catalogue, be whether that the step in the path of agent-protected file and/or catalogue comprises:
Filter Driver on FSD by described assigned operation for file and/or the DOS path of catalogue, to mate with the DOS path of described agent-protected file and/or catalogue, and will the result notice user interface of coupling; Described matching result comprises, when there is occurrence, judge described assigned operation for file and/or the path of catalogue as the result in the path of agent-protected file and/or catalogue; And, when there is not occurrence, judge described assigned operation for file and/or the path of catalogue not as the result in the path of agent-protected file and/or catalogue,
The step of the assigned operation for file and/or catalogue described in described interception comprises:
Described user interface according to described assigned operation for file and/or the path of catalogue be the result in the path of agent-protected file and/or catalogue, generate the information of the described assigned operation for file and/or catalogue of interception, and be sent to filter Driver on FSD;
Described filter Driver on FSD is according to the operation of described interception for the described assigned operation for file and/or catalogue of the information and executing interception of the assigned operation of file and/or catalogue.
7. method as claimed in claim 2, is characterized in that, described assigned operation for file and/or the path of catalogue be the path of agent-protected file and/or catalogue time, the step of the assigned operation for file and/or catalogue described in allowing comprises:
User interface according to described assigned operation for file and/or the path of catalogue be not the result in the path of agent-protected file and/or catalogue, generate the information allowing the described assigned operation for file and/or catalogue, and be sent to filter Driver on FSD;
Described filter Driver on FSD allows the operation of the described assigned operation for file and/or catalogue for the information and executing of the assigned operation of file and/or catalogue according to described permission.
8. method as claimed in claim 7, it is characterized in that, described filter Driver on FSD is positioned at the 0th level of privilege Ring0, and described user interface is positioned at the 3rd level of privilege Ring3.
9. a device for file protection process, is characterized in that, comprising:
Acquisition module, for obtaining the path of agent-protected file and/or catalogue;
Blocking module, for the assigned operation of clog needle to file and/or catalogue;
Extraction module, for extract described assigned operation for file and/or the path of catalogue;
Judge module, for judge described assigned operation for file and/or the path of catalogue, be whether the path of agent-protected file and/or catalogue; If so, then blocking module is called;
Blocking module, for tackling the described assigned operation for file and/or catalogue;
Wherein, the path of described agent-protected file and/or catalogue is the DOS path of agent-protected file and/or catalogue, and described extraction module is used for:
Obtain described assigned operation for file and/or the NT path of catalogue; Described NT path integration is become DOS path.
10. device as claimed in claim 9, is characterized in that, also comprise:
Allow module, for described assigned operation for file and/or the path of catalogue be the path of agent-protected file and/or catalogue time, for the assigned operation of file and/or catalogue described in allowing.
11. devices as claimed in claim 9, it is characterized in that, described catalogue comprises catalogue itself, the sub-directory in catalogue and file.
12. devices as claimed in claim 9, is characterized in that, described assigned operation comprises deletion and mobile operation, the mobile operation of catalogue itself and/or the deletion of catalogue lining catalogue and file of file itself and moves operation.
13. devices as described in claim 9,10,11 or 12, it is characterized in that, the described assigned operation for file and/or catalogue is blocked by filter Driver on FSD,
Described extraction module comprises:
NT path obtains submodule, for obtained by filter Driver on FSD described assigned operation for file and/or the NT path of catalogue;
Path integration submodule, for becoming DOS path by described filter Driver on FSD by described NT path integration.
14. devices as described in claim 9,10,11 or 12, it is characterized in that, described judge module comprises:
Route matching submodule, for by filter Driver on FSD by described assigned operation for file and/or the DOS path of catalogue, to mate with the DOS path of described agent-protected file and/or catalogue, and will the result notice user interface of coupling; Described matching result comprises, when there is occurrence, judge described assigned operation for file and/or the path of catalogue as the result in the path of agent-protected file and/or catalogue; And, when there is not occurrence, judge described assigned operation for file and/or the path of catalogue not as the result in the path of agent-protected file and/or catalogue,
Described blocking module comprises:
The intercept information being positioned at user interface generates submodule, for according to described assigned operation for file and/or the path of catalogue be the result in the path of agent-protected file and/or catalogue, generate the information of the described assigned operation for file and/or catalogue of interception, and be sent to filter Driver on FSD;
Be positioned at the operation intercepting submodule of filter Driver on FSD, for according to the operation of described interception for the described assigned operation for file and/or catalogue of the information and executing interception of the assigned operation of file and/or catalogue.
15. devices as claimed in claim 10, it is characterized in that, described permission module comprises:
The permission information being positioned at user interface generates submodule, for according to described assigned operation for file and/or the path of catalogue be not the result in the path of agent-protected file and/or catalogue, generate the information allowing the described assigned operation for file and/or catalogue, and be sent to filter Driver on FSD;
The operation being positioned at filter Driver on FSD allows submodule, for according to the operation allowing the described assigned operation for file and/or catalogue described in described permission for the information and executing of the assigned operation of file and/or catalogue.
16. devices as claimed in claim 15, it is characterized in that, described filter Driver on FSD is positioned at the 0th level of privilege Ring0, and described user interface is positioned at the 3rd level of privilege Ring3.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510218806.2A CN104834869A (en) | 2012-08-07 | 2012-08-07 | Method and device for carrying out protective treatment on files |
| CN201210279819.7A CN102819717B (en) | 2012-08-07 | 2012-08-07 | Method and device for carrying out protection processing on file |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210279819.7A CN102819717B (en) | 2012-08-07 | 2012-08-07 | Method and device for carrying out protection processing on file |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510218806.2A Division CN104834869A (en) | 2012-08-07 | 2012-08-07 | Method and device for carrying out protective treatment on files |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102819717A CN102819717A (en) | 2012-12-12 |
| CN102819717B true CN102819717B (en) | 2015-07-22 |
Family
ID=47303827
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510218806.2A Pending CN104834869A (en) | 2012-08-07 | 2012-08-07 | Method and device for carrying out protective treatment on files |
| CN201210279819.7A Active CN102819717B (en) | 2012-08-07 | 2012-08-07 | Method and device for carrying out protection processing on file |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510218806.2A Pending CN104834869A (en) | 2012-08-07 | 2012-08-07 | Method and device for carrying out protective treatment on files |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN104834869A (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104008343A (en) * | 2014-05-14 | 2014-08-27 | 北京奇虎科技有限公司 | Data shattering method and device |
| CN104036191B (en) * | 2014-06-11 | 2016-08-24 | 上海睿海信息技术有限公司 | A kind of based on filter Driver on FSD with the control method of file format condition code |
| CN109784041B (en) * | 2018-12-29 | 2020-10-16 | 360企业安全技术(珠海)有限公司 | Event processing method and device, storage medium and electronic device |
| CN110084057A (en) * | 2019-03-13 | 2019-08-02 | 浙江大华技术股份有限公司 | Safety access method, device, equipment and the storage medium of vital document |
| CN110334538A (en) * | 2019-06-03 | 2019-10-15 | 阿里巴巴集团控股有限公司 | A kind of method and device for the risk of missing for prompting block chain to deposit card source file |
| CN112395536A (en) * | 2019-08-15 | 2021-02-23 | 奇安信安全技术(珠海)有限公司 | Website attack defense method and device, storage medium and electronic device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1877594A (en) * | 2006-06-23 | 2006-12-13 | 北京飞天诚信科技有限公司 | Electronic file automatic protection method and system |
| CN101256570A (en) * | 2008-02-22 | 2008-09-03 | 山东中创软件工程股份有限公司 | File protection technique based on Windows system files filtering drive |
| CN101916349A (en) * | 2010-07-30 | 2010-12-15 | 中山大学 | File access control method based on filter driving, system and filer manager |
-
2012
- 2012-08-07 CN CN201510218806.2A patent/CN104834869A/en active Pending
- 2012-08-07 CN CN201210279819.7A patent/CN102819717B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1877594A (en) * | 2006-06-23 | 2006-12-13 | 北京飞天诚信科技有限公司 | Electronic file automatic protection method and system |
| CN101256570A (en) * | 2008-02-22 | 2008-09-03 | 山东中创软件工程股份有限公司 | File protection technique based on Windows system files filtering drive |
| CN101916349A (en) * | 2010-07-30 | 2010-12-15 | 中山大学 | File access control method based on filter driving, system and filer manager |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102819717A (en) | 2012-12-12 |
| CN104834869A (en) | 2015-08-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10977370B2 (en) | Method of remediating operations performed by a program and system thereof | |
| CN102819717B (en) | Method and device for carrying out protection processing on file | |
| US11573776B1 (en) | Extensible data transformation authoring and validation system | |
| US20240152618A1 (en) | Method of remediating operations performed by a program and system thereof | |
| CN104598809B (en) | Program monitoring method and defending method thereof, as well as relevant device | |
| US9594778B1 (en) | Dynamic content systems and methods | |
| CN103020524B (en) | Computer virus supervisory system | |
| CN109388538B (en) | Kernel-based file operation behavior monitoring method and device | |
| CN104598823A (en) | Kernel level rootkit detection method and system in Andriod system | |
| EP4095724B1 (en) | Method of remediating operations performed by a program and system thereof | |
| CN104699423B (en) | The method and apparatus that drive is bound in linux system | |
| US9021309B2 (en) | Method and system for creating virtual editable data objects by using a read-only data set as baseline | |
| CN102831351B (en) | A kind of method and apparatus for representing computer graphic target security attribute | |
| CN103473501B (en) | A kind of Malware method for tracing based on cloud security | |
| CN105574411A (en) | Dynamic unshelling method, device and equipment | |
| CN103699839A (en) | Method and device of detection processing of core-level rootkit | |
| Tamma et al. | Practical Mobile Forensics: Forensically investigate and analyze iOS, Android, and Windows 10 devices | |
| CN103559447B (en) | A kind of detection method, checkout gear and detection system based on Virus Sample feature | |
| US20190095285A1 (en) | Backup and recovery of data files using hard links | |
| CN102867147A (en) | File scanning method and device | |
| US10331624B2 (en) | Automated data classification system | |
| US20160070746A1 (en) | Automated suspension and rebuilding of database indices | |
| CN102446252B (en) | Method and device for showing off-limit files | |
| CN106557572A (en) | A kind of extracting method and system of Android application program file | |
| CN106354802A (en) | Method and device for searching attachment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220711 Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co., Ltd |
|
| TR01 | Transfer of patent right |