CN102520944A - Method for realizing virtualization of Windows application program - Google Patents
Method for realizing virtualization of Windows application program Download PDFInfo
- Publication number
- CN102520944A CN102520944A CN2011104020693A CN201110402069A CN102520944A CN 102520944 A CN102520944 A CN 102520944A CN 2011104020693 A CN2011104020693 A CN 2011104020693A CN 201110402069 A CN201110402069 A CN 201110402069A CN 102520944 A CN102520944 A CN 102520944A
- Authority
- CN
- China
- Prior art keywords
- space
- registration table
- file
- privately owned
- path
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Stored Programmes (AREA)
Abstract
The invention provides a method for realizing the virtualization of a Windows application program. The method comprises the following steps of: according to configuration files, intercepting a first system call which is related to a system registry and is called by the application program during the process of running, rewriting the intercepted first system call, and fusing a private registry with the system registry by using the rewritten system call so as to form a virtual registry; and according to the configuration files, intercepting a second system call which is related to the operation of a file and is called by the application program during the process of running, acquiring the space where the file belongs, returning path information which is applicable to the operation type for operating the file according to the path mapping relation among system space, software space and user space, and then, operating the file according to the path information. According to the technical scheme of the invention, the degree of coupling between the application program and an operating system is lowered, and the interference among application programs run in the same operating system is lowered.
Description
Technical field
The present invention relates to Intel Virtualization Technology, relate in particular to the virtualized implementation method of a kind of window application.
Background technology
Thin client technology is that application program is operated on the back-end server; And its display message is outputed on the remote client through network; Accept the input request that remote client is sent simultaneously, thereby reach targets such as resources centralized management, maintenance cost reduction, service quality raising.Along with the development of cloud computing, software is promptly served (Software as a Service) and is allowed the user to operate in the application program on the server through the remote client access operation.Can find that therefrom people more pay close attention to the service that application program provides, rather than what operating system is this application program operate on, where this application program is moved, how operating system supports its operation etc.The application program Intel Virtualization Technology is that application program is isolated from underlying operating system, and comes with other application isolation, thereby reduces the degree of coupling between application program and the operating system, reduces the technology of the interference between the application program.Through the application program Intel Virtualization Technology, can in same operating system, move a plurality of application programs independently.
At present, the method for setting up virtual execution environment for application program mainly comprises following several kinds:
(1) adopting virtual machine technique is that application program is set up virtual execution environment
Virtual machine technique is between soft, hardware, to introduce virtual level; Can independently running environment be provided for application program; Dynamic, distributivity and the isomerism of shielding hardware platform, the sharing of support hardware resource with multiplexing, and for each user provide belong to the individual independently, the isolation Calculation environment; The centralized management of hardware resource and software resource is provided for the keeper simultaneously.Virtual machine technique makes can move a plurality of operating systems simultaneously on same computer resource.A plurality of users can move independently application program through network entry in the corresponding operating system.Thereby virtual machine is the running environment that the operation of application program provides mutual isolation.
(2) be that application program is set up virtual execution environment through the file system isolation technology
Outstanding road (Jails) is through marking off execution environment Jail in the origin operation system, for program run provides " root " directory pattern of Unix system, the resource in the only addressable Jail of limits application.Each Jail is bound an IP address.Process among the Jail can't be mutual with the process communication outside the Jail.This system realizes prototype in the kernel of FreeBSD, can be considered a lightweight virtual machine.
Safe operation environment (SEE) adopts directly isolates the execution environment that (One-Way Isolation) mechanism has realized a safety.SEE is through realizing an off-limit file system, make the application program moved in the execution environment to the performance constraint of file system in isolating the file system that.The resource of the application program of in SEE, moving in can the read operation system, but any retouching operation is limited in the SEE.SEE is through safeguarding a revised file mapping table, make things convenient for the user to check in SEE the modification of being made.SEE can carry out rollback, submit operation to the modification of being made within it.The SEE system realizes in linux system.
Equally, health is executed the transparent access that (Consh) provides remote resource and local resource, handles for network calculations and has set up a limited execution environment, and it is implemented in the client layer of linux system.Another kind of execution environment A Erka (Alcatraz) is through the position of the operation of intercepting and capturing the application modification file, redirection file and is program maintenance file modification view; Calling program is controlled in the CACHE DIRECTORY the modification of system; Effect and original system after the insincere program execution are isolated; It is implemented on the linux system, intercepts and captures file operation at Virtual File System VFS (Virtual File System) layer.Advanced deployment system PDS (Progressive Deployment System) is a virtual execution environment that designs for the deployment that makes things convenient for application program, realizes the download as required of the software resource in the application program operational process through intercepting and capturing the system call of relevant document operation and registry operations in the application program operational process.
(3) mode through configuration file is that application program is set up virtual execution environment
Patron saint (Janus) operates in auxiliary routine in the comparatively safe execution environment through keeping watch on and limit the system call of auxiliary routine.It is that if promptly suitably limit the visit of an application program to the underlying operating system resource, this application program is very little to the harm meeting of system so according to following hypothesis.
Because each application requirement is different, designing a restriction scheme that is applicable to common used application program is the thing of a challenge.The isolation features that configurable carton and crate MAPBox not only provides Janus etc. to be had, and be configurable.MAPBox sorts out application program through the function of application program and for accomplishing this function resource needed, makes up the sandbox of initialization respective classes then according to the category attribute of application program.This somewhat similar multifunctional electronic mail extension type (MIME-types) is used for the form of flag data file.It is implemented on the linux system.
System call is followed the tracks of (Systrace) and is produced corresponding system call strategy through the system call of visiting in the analysis application operational process, and according to the operation of this policy constraints application program.Application program among the Systrace does not need to be run at franchise attitude, and can promote authority automatically according to strategy.Systrace is divided into two stages with the generation of strategy, i.e. training stage and user's operational phase.In the training stage, the system call information in the logging program operational process.After program executed, this recorded information of utilization tool analysis produced the system call strategy automatically.In user's operational phase,,, confirm corresponding system call strategy according to user's selection with user interactions to uncertain strategy.It is implemented on the linux system.
(4) set up virtual execution environment through the application isolation technology
Beans-beanpod (Pea-Pod) provides a kind of insincere isolation and migration mechanism of leaving over program.Privileged program among the Pea is limited in moving in the fraction system resource, thereby can prevent the invasion of privileged program.Pod with batch processing and user isolation in a virtual environment.Pod provides a kind of and restarts mechanism from the checkpoint, makes things convenient for the migration of program.Pod isolates those application components that communicate through file system or internet.Pea isolates those and carries out mutual application component through inter-process communication mechanisms.It is implemented on the linux system.
Plumage amount virtual machine FVM (Feather-weight Virtual Machine) provide a kind of like this mechanism, and promptly reality is isolated again.FVM is the lightweight virtual machine for an operating system grade of Windows program structure.FVM is that virtual and COW (copy-on-write) pattern has realized the mutual isolation of the resource between virtual machine and abundant share operating system resource through NameSpace.It can realize the isolation of communicating by letter.FVM mainly comprises with the lower part: file is virtual, registration table is virtual, system object is virtual, network interface is virtual, interprocess communication restriction and backstage service virtualization.FVM is implemented in the inner nuclear layer of Windows system, and its virtualization operations will influence all application programs of moving in this operating system, and is bigger to systematic influence.
Can know that by above-mentioned analysis setting up virtual execution environment for application program is that software is the key in the service architecture, promptly from operating system, isolates execution environment, and realize the isolation between the execution environment.At present; Have following defective in the implementation method of virtual execution environment: the implementation method of above-mentioned several kinds of virtual execution environments requires at first application program to be installed in the origin operation system; And the configuration information of application program and operating file leave in the operating system; Make that the degree of coupling of application program and operating system is higher, be not easy to loading application programs as required and preserve personalized customization data and the privately owned file data that the user produces in using the application program process.
Summary of the invention
The present invention provides a kind of window application virtualized implementation method, in order to reduce the degree of coupling of application program and operating system.
The present invention provides a kind of window application virtualized implementation method, comprising:
According to configuration file; Intercept and capture first system call relevant that application program is called with system registry in operational process; The system call of the dynamic link library that use is injected when said application program is carried out rewrites first system call of being intercepted and captured, and uses the system call after rewriteeing that privately owned registration table and system registry are merged; Form virtual registration table, so that said application program conducts interviews to said privately owned registration table and said system registry according to said virtual registration table;
According to said configuration file; Intercept and capture second system call relevant that said application program is called in operational process,, obtain the affiliated space of file according to the path parameter in second system call of being intercepted and captured with file operation; And according to the system space of storing in the said configuration file, software space and user's space path mapping relations each other; Return and operate the routing information that the action type of said file adapts, then, said file is operated according to said routing information.
The virtualized implementation method of window application provided by the invention through making up virtual registration table, leaves the configuration information that is relied in the application program operational process in the privately owned registration table in, independently opens with the system registry of operating system; Through carrying out virtual to file operation; Foundation is independent of user's space, the software space of system space; Thereby personalized customization data and private data that the user is produced in using the application program process are kept in the space that is independent of system space; The integrated application program has reached the purpose that reduces the degree of coupling of application program and operating system to the visit of user resources, software resource and system resource simultaneously.
Description of drawings
The process flow diagram of the virtualized implementation method of window application that Fig. 1 provides for one embodiment of the invention;
Fig. 2 A is the functional frame composition of the virtual registration table of present embodiment;
Fig. 2 B is the process flow diagram of the virtual implementation procedure of file access that provides of one embodiment of the invention;
Fig. 2 C is the structural representation of the doubly linked list that provides of one embodiment of the invention;
The process flow diagram of the virtualized implementation method of window application that Fig. 3 provides for another embodiment of the present invention.
Embodiment
The process flow diagram of the virtualized implementation method of window application that Fig. 1 provides for one embodiment of the invention.As shown in Figure 1, the method for present embodiment comprises:
Wherein, Reduce the degree of coupling of application program and operating system; Just configuration information that is relied in the application program operational process and operating file are left in the separate space; And the personalized customization data that the user is produced in using the application program process and privately owned document data saving be in separate space, and the integrated application program is to the visit of user resources, software resource and system resource simultaneously.
Be to realize above-mentioned purpose, present embodiment has been set up privately owned registration table in advance, is used for configuration information that the application storing operational process relies on etc.Based on this; This step 101 adopts the mode of virtual registration table; Promptly calling realization through rewriting system merges privately owned registration table and system registry; Application program forms virtual registration table, so that can realize the corresponding visit to privately owned registration table and system registry according to virtual registration table in operational process.
In order to realize the fusion of privately owned registration table and system registry; Application program is when carrying out; Can in dynamic link library (DLL), inject a system call; This system call is used to realize the rewriting to the system call relevant with system registry, so that privately owned registration table and system registry are merged, makes application program can visit privately owned registration table and obtains required configuration information.
In actual implementation procedure,, intercept and capture the system call relevant that application program is called in operational process, i.e. first system call with system registry at first according to configuration file.Then, use the system call of when application program is carried out, injecting dynamic link library to rewrite first system call of being intercepted and captured, use the system call after rewriteeing that privately owned registration table and system registry are merged, form virtual registration table.Like this; Application program just can conduct interviews to privately owned registration table and system registry according to virtual registration table in operational process; And no longer only system registry is conducted interviews; Thereby can from privately owned registration table, obtain required configuration information, realize isolation to a certain extent with operating system.
Wherein, Said rewriting can be to replace first system call with the system call in the dynamic link library; Can also be to use the system call in the dynamic link library that the parameter of first system call is made amendment, make amended first system call can system registry and privately owned registration table be merged.
In this step, first system call relevant with system registry of being tackled mainly is meant the system call to registration table reads, creates, modification or deletion action are closely related.Wherein, each first system call comprises Unicode version and ASCII version.
Purpose for the degree of coupling that realizes reducing application program and operating system; Also need be with operating file, the use personalized customization data that application program produced and privately owned document data saving in separate space; And want of the visit of integrated application program to user resources, software resource and system resource; In order to realize this purpose, present embodiment is set up software space and the user's space that is independent of system space in advance.Wherein, software space is used to store the data relevant with software, for example operating file etc.User's space is used to store and subscriber-related data, and for example the user uses the personalized customization data that application program produces, privately owned file data etc.Wherein, there are the path mapping relations each other in system space, software space and user's space, that is to say to find two other space according to one of them space.Wherein, system space, software space and user's space path mapping relations each other are stored in the configuration file in advance.
On the common basis that exists of system space, software space and user's space; Through intercepting and capturing the system call relevant with file operation; I.e. second system call, and according to the path parameter of system call, obtain the space under the file that will operate; Then according to system space, software space and the user's space path mapping relations each other that are stored in advance in the configuration file; Return the routing information that the action type with operation file adapts, file is operated in corresponding space according to the routing information that returns then, promptly executive system is called.
The virtual virtual execution environment of having realized from operating system, isolating application program of virtual registration table and file access has reduced the degree of coupling of application program and operating system.
Present embodiment is through making up virtual registration table; The configuration information that is relied in the application program operational process is left in the privately owned registration table; Independently open with the system registry of operating system; Virtual through file operation is carried out, set up the user's space, the software space that are independent of system space, thereby personalized customization data and private data that the user is produced are kept in the space that is independent of system space in using the application program process; The integrated application program has reached the purpose that reduces the degree of coupling of application program and operating system to the visit of user resources, software resource and system resource simultaneously.
To specify below through the system call after rewriteeing and how privately owned registration table and system registry merged, and form virtual registration table, thereby make application program through of the visit of virtual registration table to privately owned registration table and system registry.
Fig. 2 A is the functional frame composition of the virtual registration table of present embodiment.Shown in Fig. 2 A, this function structure mainly comprises: privately owned registration table writable layer (VRIOLayer), privately owned registry operations layer (VROPLayer), registration table fused layer (Virtual Registry) system registry (Original Windows APIs) and privately owned registration table (Private Registry).
Wherein, privately owned registration table writable layer (VRIOLayer): safeguard privately owned registration table content.This privately owned registration table writable layer mainly comprises following operation-interface: create key (CreateKey), settings (SetValue), establishment value (CreateValue), query note (QueryRecord), deletion (Delete), obtain next node (GetNextNode), obtain next key (GetNextKey), obtain version number (GetVersion) etc., these interfaces are used for auxiliary privately owned registration table writable layer and accomplish increase, deletion to privately owned registration table content, operation such as revise and search.Wherein GetVersion is used for reading the version (Version) number of privately owned registration table.Privately owned registration table is whenever made once and to be changed, and just increases 1 its Version number.The a plurality of process that is employed program creation for this Version number is shared, and is used between a plurality of processes, safeguarding the consistance of privately owned registration table.
Privately owned registry operations layer (VROPLayer): safeguard the privately owned registration table in the internal memory.Privately owned registry operations layer mainly comprises following operation-interface: create key (CreateKeyExW), delete key (DeleteKeyW), deletion value (DeleteValueW), enumerate key (EnumKeyExW), enumerated value (EnumValueW), open key (OpenKeyExW), the security information (SetKeySecurity) of query key information (QueryInfoKeyW), Query Value information (QueryValueExW), setting value (SetValueExW), the security information (GetKeySecurity) that reads key, setting key, read version number (GetVersion) etc., these operation-interfaces are used for the operation that auxiliary privately owned registry operations layer is accomplished the increase relevant with privately owned registration table, deletion, revised, searches.For example; This privately owned registry operations layer need be converted into corresponding data memory format (FF for example from internal memory binary value form with data item occurrence in the key; 00, FF, 00); And the character string that transmits this data memory format is stored in the privately owned registration table by the character string of privately owned registration table writable layer with this data memory format to privately owned registration table writable layer then.When from privately owned registration table, reading analog value; Adopt opposite conversion; Be that privately owned registration table writable layer reads character string and gives privately owned registry operations layer from privately owned registration table, convert the character string of data memory format into the internal memory binary format by privately owned registry operations layer.
Wherein, the privately owned registry operations layer of present embodiment is managed privately owned registration table with tree structure, and wherein the data item occurrence of registration table is stored in the registry key, and sub-key is stored in father's key.Path values identified from the root key to the object key shortest path the key of process.
Registration table fused layer (Virtual Registry): realize the fusion of privately owned registration table and system registry through virtual key (HKEY) handle.Concrete, through generating virtual HKEY handle, and through registered events object in virtual HKEY handle, then this handle will point to an amendment advice node.All amendment advice nodes are stored in the doubly linked list.Take place if rewrite the operation of first system call, then trigger the event object of registration.The process that generates the virtual key handle comprises: intercept and capture application program and open first system call of creating the registration table key assignments, open the path values of the registry key in first system call of creating the registration table key assignments according to application program, return the virtual key handle; If path values is present in the system registry, then opens the system registry key, and the handle that returns is stored in the virtual key handle; If path values is present in the privately owned registration table, then opens privately owned registry key, and the handle that returns is stored in the virtual key handle; If create new registration table key, then in privately owned registration table, create new key, and the handle that returns is stored in the virtual key handle.
For system registry or privately owned registration table, mainly comprise: operations such as inquiry, modification, deletion and amendment advice.So present embodiment is an example with inquiry, modification, deletion and amendment advice, privately owned registration table and system registry are merged in the system call that specifies after rewriteeing, to realize virtualized process.
For query manipulation: after generating virtual HKEY handle, the virtual registry query incident of registration when the amendment advice node corresponding with this virtual registry query incident is triggered, will be carried out virtual registry query incident in virtual HKEY.That is to say; When application queries registration table key assignments; Through intercepting and capturing first system call of application queries registration table key assignments; The amendment advice node corresponding with virtual registry query incident just is triggered, and then according to HKEY parameter in first system call of being intercepted and captured, carries out the query manipulation of virtual registration table.The query manipulation of the virtual registration table of present embodiment comprises following operation: in privately owned registration table, inquire about first key assignments (actual is a character string) according to first path values, if first key assignments exists in the privately owned registration table, carry out corresponding operating according to first key assignments; If first key assignments does not exist in the privately owned registration table, judge whether first path values exists in the delete list; If first path values exists in the delete list, return key assignments and do not have information; If first path values does not exist in the delete list, explain this key assignments exist with system registry in and do not deleted, from system registry, inquire about first key assignments according to first path values.
Wherein, first key assignments is meant the registration table key assignments of path values sign; The path values of storage in the first path values virtual key handle (HKEY).For example: when first key assignments is SOFTWARE the time, can carry out the operation of inquiry according to first key assignments.Delete list is the key assignments in the system registry of application storing deletion.Can not be modified through key assignments in this delete list feasible system registration table, but application program can't the access system registration table in deleted key assignments.
Operating process by above-mentioned query event is visible; Application program is preferentially inquired about in privately owned registration table; When in privately owned registration table, not existing; The inquiry system registration table has been realized the fusion of privately owned registration table and system registry, has realized the isolation of application program and operating system to a certain extent.
For retouching operation: after generating virtual HKEY handle, the virtual Registry Modifications incident of registration when the amendment advice node corresponding with this virtual Registry Modifications incident is triggered, will be carried out virtual Registry Modifications incident in virtual HKEY handle.That is to say; When application modification registration table key assignments; Through intercepting and capturing first system call of application modification registration table key assignments; The amendment advice node corresponding with virtual Registry Modifications incident just is triggered, and then according to HKEY parameter in first system call of being intercepted and captured, carries out the retouching operation of virtual registration table.The retouching operation of the virtual registration table of present embodiment comprises following operation: in privately owned registration table, inquire about second key assignments according to second path values, if second key assignments exists in the privately owned registration table, in privately owned registration table, carry out the modify operation according to second key assignments; If second key assignments does not exist in the privately owned registration table, judge whether second path values is present in the system registry; If second path values exists in the system registry, in privately owned registration table, create second key assignments and carry out the modify operation according to second path values; If there is not system registry in second path values, returns key assignments and do not have information.
Wherein, second key assignments is meant the registration table key assignments of path values sign; The path values of storage in the second path values virtual key handle (HKEY).
Operating process by above-mentioned query event is visible; Application program is preferentially inquired about and is revised in privately owned registration table; When in privately owned registration table, not existing, the inquiry system registration table is also created second key assignments, the operation of in privately owned registration table, making amendment then in privately owned registration table; Realize the fusion of privately owned registration table and system registry, realized the isolation of application program and operating system to a certain extent.
For deletion action: after generating virtual HKEY handle, the virtual registration table deletion event of registration when the amendment advice node corresponding with this virtual registration table deletion event is triggered, will be carried out virtual registration table deletion event in virtual HKEY handle.That is to say; When application program deletion registration table key assignments; Through intercepting and capturing first system call of application program deletion registration table key assignments; The amendment advice node corresponding with virtual registration table deletion event just is triggered, and then according to HKEY parameter in first system call of being intercepted and captured, carries out the deletion action of virtual registration table.The deletion action of the virtual registration table of present embodiment comprises following operation: directly be worth inquiry the 3rd key assignments in privately owned registration table according to Third Road; If the 3rd key assignments exists in the privately owned registration table; In privately owned registration table, carry out corresponding deletion action according to the 3rd key assignments, and judge that Third Road directly is worth and whether exist in the system registry; If the 3rd key assignments does not exist in the privately owned registration table, judge directly that Third Road directly is worth and whether exist in the system registry; Exist in the system registry if Third Road directly is worth, the record Third Road directly is worth in delete list; Do not exist in the system registry if Third Road directly is worth, return key assignments and do not have information.
Wherein, here delete list and the delete list in the query manipulation is same.A virtual execution environment is safeguarded a delete list.
Wherein, the 3rd key assignments is meant the registration table key assignments of path values sign; Third Road directly is worth the path values of storage in the virtual key handle (HKEY).
By above-mentioned visible; Application program is preferentially carried out deletion action in privately owned registration table; And after carrying out deletion action, the Third Road of the existence in the system registry directly is worth is stored in the delete list, realize that the deletion of privately owned registration table and system registry is synchronous; Realize the fusion of privately owned registration table and system registry, realized the isolation of application program and operating system to a certain extent.
Operate for amendment advice: after generating virtual HKEY handle; The virtual Registry Modifications notification event of registration in virtual HKEY handle; When the amendment advice node corresponding with this virtual Registry Modifications notification event is triggered, will carry out virtual Registry Modifications notification event.That is to say; When application modification notice registration table key assignments; Through intercepting and capturing first system call of application modification notice registration table key assignments; The amendment advice node corresponding with virtual Registry Modifications notification event just is triggered, and then according to HKEY parameter in first system call of being intercepted and captured, carries out the amendment advice operation of virtual registration table.The amendment advice operation of the virtual registration table of present embodiment comprises following operation: the version number that from version number's storage space, obtains privately owned registration table; If the version number of the privately owned registration table that is obtained is identical with the version number of local storage, carry out corresponding registration operation according to the version number of privately owned registration table; If the version number of the privately owned registration table that is obtained is inequality with the version number of local storage, the privately owned registration table of reconstruct, and the version number that preserves the privately owned registration table of reconstruct, and carry out corresponding registration operation according to the version number of the privately owned registration table of reconstruct; After carrying out the pairing registry operations of being intercepted and captured of system call; From version number's storage space, obtain the version number of privately owned registration table once more; If change has taken place in the version number of privately owned registration table; Event object according to the 4th path values and the corresponding registration operation of execution are registered activates registered events, sends amendment advice; If the version number of privately owned registration table does not change, then withdraw from this system call.
Wherein, the version number of local storage is meant the version number of the privately owned registration table that current process that application program is produced is stored in operational process.Wherein, the version number of the privately owned registration table in version number's storage space can be employed each process or the thread that program operation process produces and visits.
Wherein, the privately owned registration table of reconstruct is meant and reads privately owned registry file again, and in internal memory the tree structure of index building node and privately owned registration table.
Present embodiment is through incidents such as the virtual registry query of registration, modification, deletion and amendment advice in virtual HKEY handle; Realized the fusion of system registry and privately owned registration table under the various operational circumstances; Give full play to the effect of privately owned registration table, on configuration information, realized the form of application program and operating system.
Describe the implementation procedure of step 102 file accesses virtualization below in detail, shown in Fig. 2 B, mainly may further comprise the steps:
According to the difference in space under the file, and, will return different routing informations, describe one by one below the difference of file operation type.In the present embodiment, said space comprises system space, software space and user's space; Said action type to file can be: create, delete, revise or read.
When the file that will operate not in deposit system space, software space and the user centre; And to file create, delete, when modification or read operation, according to the routing information of path mapping relations backspace file in user's space between system space and the user's space.
When the file that will operate exists in the system space, and do not exist in software space and the user's space, and when file carried out read operation, according to the routing information of path mapping relations backspace file in software space between system space and the software space.
When the file that will operate exists in the system space; And do not exist in software space and the user's space; And file is created or during retouching operation; According to the routing information of path mapping relations backspace file in user's space between system space and the user's space, and file copied to the user's space from system space.
When the file that will operate exists in the system space; And do not exist in software space and the user's space; And when file is carried out deletion action; According to the routing information of path mapping relations backspace file in user's space between system space and the user's space, and file copied to the user's space from system space, and the path values of system space is stored in the delete list corresponding with system space.Wherein, through this delete list, the feasible system file can not be modified, but application program but can't be visited this document.
When the file that will operate exists in the software space, and do not exist in the user centre, and when file carried out read operation, the routing information of backspace file in software space.
When the file that will operate exists in the software space; And do not exist in the user's space; And file is created or during retouching operation; According to the routing information of path mapping relations backspace file in user's space between software space and the user's space, and said file copied to the said user's space from said software space.
When the file that will operate exists in the software space; And do not exist in the user's space; And when file is carried out deletion action; According to the routing information of path mapping relations backspace file in user's space between software space and the user's space, and file copied to the user's space from software space, and the path values of software space is stored in the delete list corresponding with software space.
When the file that will operate exists in the user's space, and to file create, delete, when modification or read operation, the routing information of backspace file in user's space.
Present embodiment also is called the file redirection rule with the process of above-mentioned return path information, and obtains result as shown in table 1.
Table 1
Wherein, before execution in step 1026, present embodiment is divided into system space, software space and user's space with storage space, and system space, software space and user's space path mapping relations are each other stored in the configuration file.Simultaneously, in configuration file, created and system space and software space delete list one to one.
The routing information that step 1027, basis are returned carries out corresponding operating to file.
This step 1027 is the process called of executive system just.
When judging path parameter and do not have any space, finish operation to file.
Further, illustrate the how file in the access system of application program in the present embodiment:
When the application call file is enumerated access function and is searched qualified first file (FindFirstFileExW); Recording parameters information; And construct the routing information in three spaces, return virtual FIND file handle, and realize the file in priority access user's space through this virtual searching (FIND) file handle; Next is the file in the software space, is the file in the system space once more.
When the application call file is enumerated access function and is searched next qualified file (FindNextFileW); Through virtual FIND file handle; At first return the file in the user's space; Return then and be present in the software space but be not present in the file that also is not present in the user's space in the delete list, return at last and be present in the system space but be not present in the file that also is not present in software space, the user's space in the delete list.
When the application call file is enumerated access function and closed FIND file handle (FindClose), close virtual FIND file handle.
Through aforesaid operations, virtual when having realized the application access file promptly allows application program access file from software space and user's space, realized the isolation with operating system.
Further; For the parameter that realizes producing when the parameter that produces in some system call process or system call finished etc. is stored; Present embodiment has marked off the parameter spatial cache in advance; And the memory buffers space is stored in the doubly linked list, that is to say with the form of doubly linked list and come stored parameter.
Based on this, in carrying out the system call process relevant, during return path information, check to be stored in whether there is idle parameter node in the parameter spatial cache in the doubly linked list with operation file; If there is idle parameter node, be the routing information allocation of parameters node that returns, and with the path information storage of returning in the parameter node that is distributed, and the parameter node identification of said distribution is not assigned with; If there is not idle parameter node; For the routing information that returns is created the parameter node; And with in the parameter spatial cache in the parameter node insertion doubly linked list of being created; Simultaneously with the path information storage of returning in the parameter node of being created, and the parameter node identification of being created is not assigned with.
Wherein, the parameter node is exactly a fritter memory headroom.
Further, when application program was carried out the corresponding operating end according to the routing information that returns to file after, parameter node that will the routing information that release is returned is shared at this moment, judged whether d/d parameter node comes the autoregressive parameter spatial cache; If d/d parameter node comes the autoregressive parameter spatial cache, d/d parameter node is regained and the parameter node identification of regaining is not used, so that other parameters use this parameter node to store.
Wherein, The various parameters that maybe need revise for application program is returned in operational process all can use the parameter spatial cache in the doubly linked list to carry out buffer memory; Be not limited to the routing information that returns in the file operation process, for example the back occur in the parameter of system object being carried out need in the rename process revising (for example: the system object name after the rename) also can use the parameter spatial cache in the doubly linked list to carry out buffer memory.
Whether present embodiment provides a kind of implementation structure of parameter node, comprising: the zone bit field: be used to identify this parameter node and be used, for example fill 0xffff and represent that this node is not used; 0x0 representes that this node just is used, and promptly is assigned with; Memory headroom: be used for the memory headroom of stored parameter; Memory headroom length field: the physical length of the memory headroom of expression stored parameter.The doubly linked list structure is shown in Fig. 2 C.
Through doubly linked list parameter is carried out buffer memory, can improve the performance and the availability of the virtual environment that is realized.
The process flow diagram of the virtualized implementation method of window application that Fig. 3 provides for another embodiment of the present invention.Present embodiment is based on realization embodiment illustrated in fig. 1, and is as shown in Figure 3, and the method for present embodiment also comprises after step 102:
Step 103, according to configuration file; The tertiary system tracking relevant with system object that the interception application program is called in operational process used; Used first the relevant process number that carries out of system object that is called to be sign with what create with tertiary system tracking; Use sign that said system object is carried out the rename operation, system object is operated according to the system object name of rename.
In the present embodiment, for realizing the isolation between each application program in the application program virtualized environment, when the access system object, need carry out rename, with the system object of sharing between virtual execution environment to system object.Wherein, the visit of system object is comprised open a system object or whether the inquiry system object exists.Based on this, the process number of first process that the virtualized environment that present embodiment provides according to the employing present embodiment is created is as sign, and the process of system object being carried out the rename operation comprises:
When whether system object of inquiry exists, at first use the original system object name to judge whether this system object exists; If do not exist, after the original system object name, append the process number of first process relevant, so that this system object is carried out rename, then according to this system object of system object name creation of rename with this system object.
When opening a system object, at first use the original system object name to judge whether to open this system object; If system object cannot be opened, then after the original system object name, append the process number of first process relevant with this system object, so that this system object is carried out rename, open this system object according to the system object name of rename then.
Step 104, according to configuration file; The Quaternary system tracking relevant with pass-along message that the interception application program is called in operational process used; According to the shared memory space corresponding with application program; To carrying out control operation according to the Quaternary system tracking with the process of creating, said shared memory space is used to store the process number of the process corresponding with application program.
In order to realize in the application program virtualized environment that the isolation between the application program also need limit the communication between process in the virtual execution environment.For this reason, present embodiment is according to configuration file, and the process that exists in the execution environment is obtained in the system call relevant with pass-along message of interception application call (being that the Quaternary system tracking is used) in view of the above.
When carrying out above-mentioned arbitrary system call, process is created in this system call meeting, and can be the course allocation process number of being created, and the process that this system call produced is mainly used in pass-along message, that is to say and need communicate with other processes.In order to realize communicating by letter between limiting process; Present embodiment is shared memory headroom through creating one for this application program; Allow to belong to this shared memory space of process visit of this application program; And the process that does not belong to this application program can not be visited this shared memory space, and this shared memory space is used to store the process number of the process under this application program.Wherein, the cross-thread that is present in the same process can be communicated by letter, and also can communicate by letter for the cross-thread in each process of same application; And the thread in the process of different application cannot be communicated by letter.Wherein, through thread number can find this thread interdependent process, and then judge according to process number whether this thread belongs to current application program.
Concrete, the process of creating when system call is when starting, and the process number with this process is registered in the shared memory space earlier.When process requested and a target process (i.e. first target process) when communicating by letter; Whether the process number of checking first target process exists in the shared memory space, if allow this process to communicate by letter with first target process; If, do not refuse this process and communicate by letter with first target process.In addition; When target process (i.e. second target process) request and this process communication, read the process number of target process, whether the process number of inspection target process exists in the shared memory space; If; Allow this process to communicate by letter, if not, refuse this process and communicate by letter with target process with target process.First target process and second target process all are processes.
Further, when process withdraws from, the process number of this process is deleted from shared memory space.
This shows, realized by the way the purpose of communicating by letter between limiting process having improved the isolation between the application program, make and in same operating system, can move a plurality of application programs simultaneously.
Present embodiment realizing on the virtualized basis of application program, further through the virtual of system object with to the restriction of interprocess communication, make and realizes between the application program isolating, and allows to move simultaneously in the same operating system a plurality of application programs.
In above-mentioned each embodiment, application program can be created multi-process, multithreading in operational process, and between multi-process, multithreading, has shared data, therefore need safeguard consistency of data sharing.In order to prevent that multi-process or multithreading from producing contradiction each other when visiting shared data, present embodiment provides a kind of realization mechanism, is process and thread and sets up key respectively, realizes the isolation between each process and each thread.For example: for thread or process are set up a key; When a certain thread or process are operated shared data; At first get into this key, other threads or process just can't be operated this shared data like this, thereby have guaranteed the consistance of the data that each thread or each process are shared.
Based on the above-mentioned scheme of setting up key, after the original system object name, append the process number of first process relevant in the above-mentioned steps 103 with system object, can realize through following steps with the operation of system object being carried out rename:
At first, get into first key, and in first key, carry out subsequent operation.Said subsequent operation comprises: the idle parameter node of application in the parameter spatial cache from doubly linked list, and this free time parameter node is used to store the system object name after the rename; Then, after the original system object name, append the process number of first process relevant, obtain the system object name after the rename, and the system object name after the rename is stored in the idle parameter node of being applied for system object.And after revising parameter, leave first key immediately.
Through aforesaid operations, when a plurality of threads are visited the same system object simultaneously, can prevent that simultaneously the system object name being carried out rename causes conflict.
Based on the above-mentioned scheme of setting up key, the relevant incident of in virtual HKEY handle, being registered in the above-mentioned steps 101 of various and virtual registration table specifically can be carried out in key.
For example: for virtual registry query incident: before in said privately owned registration table, inquiring about first key assignments, can carry out following operation earlier according to first path values:
Get into second key, and from version number's storage space, read the version number of privately owned registration table; The version number of the privately owned registration table that is read is compared with the local version number that stores, need to judge whether the privately owned registration table of reconstruct; If judged result is for being, the privately owned registration table of reconstruct then, and then carry out and in the privately owned registration table of reconstruct, inquire about first key assignments and other operations according to first path values; If judged result is then directly carried out and in former privately owned registration table, is inquired about first key assignments and other operations according to first path values for not.After virtual registry query incident finishes, leave second key.
In addition; For virtual Registry Modifications incident or virtual registration table deletion event: before in said privately owned registration table, inquiring about second key assignments according to second path values; Perhaps directly be worth in said privately owned registration table inquiry the 3rd key assignments according to Third Road before, also can carry out following operation earlier:
Get into second key, and from version number's storage space, read the version number of privately owned registration table; The version number of the privately owned registration table that is read is compared with the local version number that stores, need to judge whether the privately owned registration table of reconstruct; If judged result is for being, the privately owned registration table of reconstruct then, and then carry out according to second path values or Third Road and directly be worth inquiry second key assignments or the 3rd key assignments and other operations in the privately owned registration table of reconstruct; If judged result is not, then directly execution directly is worth inquiry second key assignments or the 3rd key assignments and other operations in former privately owned registration table according to second path values or Third Road.After virtual Registry Modifications incident or the end of virtual registration table deletion event, leave second key.
Further, before getting into second key, comprise: the current process of application program is carried out and is opened the operation of version number's storage space, and judges whether opening operation is successful; If the opening operation success, the version number that reads the privately owned registration table in version number's storage space, and the version number of the privately owned registration table that will read is stored in this locality; If version number's storage space is created in opening operation failure, and the version number of the privately owned registration table of initialization, the version number of the privately owned registration table that initialization is obtained stores the version number's storage space and this locality of being created respectively into.Said this locality is meant in the space of current process existence.
Through aforesaid operations, can realize initialization to the privately owned registration table version number of current process.
Based on above-mentioned each embodiment or embodiment; Present embodiment provides a kind of system architecture of the virtual execution environment of the application program-oriented method that the present invention realizes; Mainly comprise: 1, interception system calls: intercept and capture corresponding system call according to configuration file, realize virtual configurablely different assemblies.2, virtual registration table: rewrite the system call relevant, adopt and write copy (Copy-On-Write with the system registry table handling; Abbreviate as: COW) mechanism is come the visit of assistance application to system registry and privately owned registration table.3, file access is virtual: rewrite the pathname parameter in the system call relevant with file operation, and adopt COW mechanism to come the visit of assistance application to user's space, software space and user's space.4, system object is virtual: rewrite the object name in the system call relevant with the system object operation, assistance application is to the visit of original system object and private object.5, the communication between limiting process: limits application only can be sent message to the object in the execution environment at its place, realizes many instance operations of application program.
The start-up course of the virtual execution environment of the application program-oriented method of present embodiment is following:
Step 1, loading procedure read configuration information from configuration file (setting.ini) or order line, wherein the configuration information of order line has precedence over the configuration information in the configuration file.
The attribute that configuration file mainly comprises has: (1) starts execute file name (StartExeName): the relative path that starts the Exe file; (2) virtual registration table (VirtualRegistry): the relative path of virtual registry file; (3) file redirection (FileRedirection): file access is redirected the relative path of configuration file; (4) system object (SystemObject): virtualization system object whether; (5) internal process (Interprocess): the whether communication between limiting process.
Step 2, configuration information is write in the environmental variance of current process,
Step 3, create subprocess, start the executable file of application program, and will link up with dynamic link library (detoured.dll) and injection dynamic link library (ApplicationExeAssistant.dll) is injected into subprocess.
Step 4, subprocess load the ApplicationExeAssistant.dll dynamic link library that it relied on, and dynamic link library principal function (DllMain) function among the ApplicationExeAssistant.dll is called.
Step 5, in DllMain, read context variable values, and according to context variable values with amended system call hook in original system calls.
In step 6, the application program operational process, when calling the system call of being linked up with, can carry out the associative operation of amended system call.
After step 7, application program withdrawed from, loading procedure also withdrawed from.
The virtual execution environment of the application program-oriented method that the present invention realized has following beneficial effect: (1) is through leaving configuration information that is relied in the application program operational process and operating file in the separate space in; And in the personalized customization data and privately owned document data saving separate space that the user is produced in using the application program process; The integrated application program has reduced the degree of coupling of application program and operating system to the visit of user resources, software resource and system resource simultaneously.(2) system object through sharing between virtual virtual execution environment; And the communication between the restriction virtual execution environment; Realize that ratio is isolated more completely between the virtual execution environment, make and improved the isolation between application program by a plurality of instances that in same operating system, can move same application.(3) pass through at client layer; Realize single user of an application program-oriented method, the lightweight virtual execution environment of one way preface; And adopt parameter buffer memory, shared data consistency maintenance and optimize performance and the availability that method such as virtual registration table improves virtual execution environments, improve resource utilization and carried out efficient.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be accomplished through the relevant hardware of programmed instruction; Aforesaid program can be stored in the computer read/write memory medium; This program the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
What should explain at last is: above embodiment is only in order to explaining technical scheme of the present invention, but not to its restriction; Although with reference to previous embodiment the present invention has been carried out detailed explanation, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these are revised or replacement, do not make the scope of the essence disengaging various embodiments of the present invention technical scheme of relevant art scheme.
Claims (10)
1. the virtualized implementation method of window application is characterized in that, comprising:
According to configuration file; Intercept and capture first system call relevant that application program is called with system registry in operational process; The system call of the dynamic link library that use is injected when said application program is carried out rewrites first system call of being intercepted and captured, and uses the system call after rewriteeing that privately owned registration table and system registry are merged; Form virtual registration table, so that said application program conducts interviews to said privately owned registration table and said system registry according to said virtual registration table;
According to said configuration file; Intercept and capture second system call relevant that said application program is called in operational process,, obtain the affiliated space of file according to the path parameter in second system call of being intercepted and captured with file operation; And according to the system space of storing in the said configuration file, software space and user's space path mapping relations each other; Return and operate the routing information that the action type of said file adapts, then, said file is operated according to said routing information.
2. the virtualized implementation method of window application according to claim 1; It is characterized in that; Said according to configuration file, intercept and capture first system call relevant that application program is called with system registry in operational process, use the system call of the dynamic link library that when said application program is carried out, injects; Rewrite first system call of being intercepted and captured; And the system call after use rewriteeing merges privately owned registration table and system registry, forms virtual registration table, comprises so that said application program conducts interviews to said privately owned registration table and said system registry according to said virtual registration table:
Intercept and capture said application program and open first system call of creating the registration table key assignments, open the path values of the registry key in first system call of creating the registration table key assignments according to said application program, return the virtual key handle; If said path values is present in the said system registry, then opens the system registry key, and the handle that returns is stored in the said virtual key handle; If said path values is present in the said privately owned registration table, then opens privately owned registry key, and the handle that returns is stored in the virtual key handle; If create new registration table key, then in said privately owned registration table, create new key, and the handle that returns is stored in the virtual key handle;
Intercept and capture first system call of said application queries registration table key assignments, and, carry out the query manipulation of said virtual registration table according to virtual key handle parameter in first system call of said application queries registration table key assignments; The query manipulation of said virtual registration table comprises: in said privately owned registration table, inquire about first key assignments according to first path values, if said first key assignments exists in the said privately owned registration table, carry out corresponding operating according to said first key assignments; If said first key assignments does not exist in the said privately owned registration table, judge whether said first path values is present in the delete list; If said first path values exists in the said delete list, return key assignments and do not have information; If said first path values does not exist in the said delete list, from said system registry, inquire about said first key assignments according to said first path values;
Intercept and capture first system call of said application modification registration table key assignments, and, carry out the retouching operation of virtual registration table according to virtual key handle parameter in first system call of said application modification registration table key assignments; The retouching operation of said virtual registration table comprises: in said privately owned registration table, inquire about second key assignments according to second path values; If said second key assignments exists in the said privately owned registration table, in said privately owned registration table, carry out the modify operation according to said second key assignments; If said second key assignments does not exist in the said privately owned registration table, judge whether second path values is present in the said system registry; If said second path values exists in the said system registry, in said privately owned registration table, create said second key assignments and carry out the modify operation according to said second path values; If there is not said system registry in said second path values, returns key assignments and do not have information;
Intercept and capture first system call of said application program deletion registration table key assignments, and, carry out the deletion action of virtual registration table according to virtual key handle parameter in first system call of said application program deletion registration table key assignments; The deletion action of said virtual registration table comprises: directly be worth inquiry the 3rd key assignments in said privately owned registration table according to Third Road; If said the 3rd key assignments exists in the said privately owned registration table; In said privately owned registration table, carry out corresponding deletion action according to said the 3rd key assignments, and judge that said Third Road directly is worth and whether exist in the said system registry; If said the 3rd key assignments does not exist in the said privately owned registration table, judge directly that said Third Road directly is worth whether to exist in the said system registry; Exist in the said system registry if said Third Road directly is worth, the said Third Road of record directly is worth in said delete list; Do not exist in the said system registry if said Third Road directly is worth, return key assignments and do not have information;
Intercept and capture first system call of said application modification notice registration table key assignments, and notify virtual key handle parameter in first system call of virtual registration table key assignments according to said application modification, carry out the amendment advice operation of virtual registration table; The operation of the amendment advice of said virtual registration table comprises: obtain the version number of said privately owned registration table, if the version number of the privately owned registration table that is obtained is identical with the local version number that stores, carry out corresponding registration operation according to the version number of said privately owned registration table; If the version number of the privately owned registration table that is obtained is inequality with the version number of local storage, the said privately owned registration table of reconstruct, and the version number that preserves the privately owned registration table of reconstruct, and carry out corresponding registration operation according to the version number of the privately owned registration table of reconstruct; After carrying out corresponding registration operation, obtain the version number of said privately owned registration table once more, if change has taken place in the version number of said privately owned registration table, the event object of registering according to the 4th path values and the corresponding registration operation of execution sends the modification event notice; If the version number of said privately owned registration table does not change, then return.
3. the virtualized implementation method of window application according to claim 1; It is characterized in that, said according to the path parameter in second system call of being intercepted and captured, obtain the affiliated space of file; And according to the system space of storing in the said configuration file, software space and user's space path mapping relations each other; Return and operate the routing information that the action type of said file adapts, then, according to said routing information said file is operated and to be comprised:
Whether the form of judging said path parameter is long path form; If the path form of said path parameter is the short path form, the path parameter of short path form is converted into the path parameter of long path form;
Be not present in said system space, said software space and the said user's space when judge said file according to the header information of said path parameter; And said file is created, deleted, when modification or read operation, returns the routing information of said file in said user's space according to the path mapping relations between said system space and the said user's space;
Exist in the said system space when judge said file according to the header information of said path parameter; And do not exist in said software space and the said user's space; And when said file is carried out read operation, return the routing information of said file in said software space according to the path mapping relations between said system space and the said software space;
Exist in the said system space when judge said file according to the header information of said path parameter; And do not exist in said software space and the said user's space; And said file is created or during retouching operation; Return the routing information of said file in said user's space according to the path mapping relations between said system space and the said user's space, and said file is copied to the said user's space from said system space;
Exist in the said system space when judge said file according to the header information of said path parameter; And do not exist in said software space and the said user's space; And when said file is carried out deletion action; Return the routing information of said file in said user's space according to the path mapping relations between said system space and the said user's space; And said file copied to the said user's space from said system space, and the path values of said system space is stored in the delete list corresponding with said system space;
Exist in the said software space when judging said file, and do not exist in the said user centre, and when said file carried out read operation, return the routing information of said file in said software space according to the header information of said path parameter;
Exist in the said software space when judge said file according to the header information of said path parameter; And do not exist in the said user's space; And said file is created or during retouching operation; Return the routing information of said file in said user's space according to the path mapping relations between said software space and the said user's space, and said file is copied to the said user's space from said software space;
Exist in the said software space when judge said file according to the header information of said path parameter; And do not exist in the said user's space; And when said file is carried out deletion action; Return the routing information of said file in said user's space according to the path mapping relations between said software space and the said user's space; And said file copied to the said user's space from software space, and the path values of said software space is stored in the delete list corresponding with said software space;
Exist in the said user's space when judging said file, and said file is created, deleted, when modification or read operation, returns the routing information of said file in said user's space according to the header information of said path parameter;
According to the routing information that returns said file is carried out corresponding operating.
4. the virtualized implementation method of window application according to claim 3; It is characterized in that, said according to said configuration file, intercept and capture second system call relevant that said application program is called with file operation in operational process; According to the path parameter in second system call of being intercepted and captured; Obtain the space under the file, and according to the system space of storing in the said configuration file, software space and user's space path mapping relations each other, return and operate the routing information that the action type of said file adapts; Then, according to said routing information said file is comprised before operating:
Storage space is divided into said system space, said software space and said user's space, and said system space, said software space and said user's space path mapping relations are each other stored in the said configuration file;
In said configuration file, create and said system space and said software space delete list one to one.
5. according to the virtualized implementation method of each described window application of claim 1-4, it is characterized in that, also comprise:
According to said configuration file; Tackle the tertiary system tracking usefulness relevant that said application program is called with system object in operational process; Used first the relevant process number that carries out of system object that is called to be sign with what create with said tertiary system tracking; Use said sign that said system object is carried out the rename operation, said system object is operated according to the system object name of rename;
According to configuration file; Tackle the Quaternary system tracking usefulness relevant that said application program is called with pass-along message in operational process; According to the process number of in the shared memory space corresponding, storing with said application program; Process to creating in the said application program operational process limits control operation, communicating by letter between the process of creating with the said application program of restriction control and the process of other application programs establishments.
6. the virtualized implementation method of window application according to claim 5; It is characterized in that; Saidly used the process number of first relevant process of the system object that called to be sign with said tertiary system tracking with what create; Use said sign that said system object is carried out rename operation, according to the system object name of rename said system object operated and comprised:
Whether use original system object name is judged whether said system object exists or can be opened;
Cannot not be opened if said system object does not exist maybe, check the information that whether has the affiliated process of said system object in the said original system object name;
If judged result is not for existing, then after said original system object name, append the process number of first process relevant, so that said system object is carried out rename with said system object;
According to the system object name of rename, carry out the operation of creating or opening said system object.
7. the virtualized implementation method of window application according to claim 5; It is characterized in that; According to the process number of in the shared memory space corresponding, storing with said application program; Process to creating in the said application program operational process limits control operation, and communicating by letter between the process of creating with the said application program of restriction control and the process of other application programs establishments comprises:
When the process initiation created in the said application program operational process, the process number of said process is registered in the said shared memory space;
When said process requested is communicated by letter with first target process; Whether the process number of checking said first target process exists in the said shared memory space, if allow said process to communicate by letter with said first target process; If, do not refuse said process and communicate by letter with said first target process;
When said process withdraws from, the process number of said process is deleted from said shared memory space.
8. according to claim 3 or the virtualized implementation method of 4 described window applications, it is characterized in that, also comprise:
When return path information, inspection is stored in whether there is idle parameter node in the parameter spatial cache in the doubly linked list;
If there is idle parameter node, be the said routing information allocation of parameters node that returns, and with the said path information storage of returning in the parameter node that is distributed, and with the parameter node identification that is distributed for being assigned with;
If there is not idle parameter node; For the said routing information that returns is created the parameter node; And the parameter node of being created inserted in the parameter spatial cache in the said doubly linked list; Simultaneously with the said path information storage of returning in the parameter node of being created, and with the parameter node identification of being created for being assigned with;
When said file being carried out the corresponding operating end according to the routing information that returns; Judge that whether d/d parameter node is from said parameter spatial cache; If d/d parameter node is from said parameter spatial cache, with d/d parameter node regain and with the parameter node identification of regaining for not being used.
9. the virtualized implementation method of window application according to claim 6 is characterized in that, after said original system object name, appends the process number of first process relevant with said system object, comprises so that said system object is carried out rename:
Get into first key;
The idle parameter node of application in the parameter spatial cache from doubly linked list;
After said original system object name, append the process number of first process relevant, obtain the system object name after the rename with said system object;
System object name after the rename is stored in the idle parameter node of being applied for;
Leave said first key.
10. the virtualized implementation method of window application according to claim 2; It is characterized in that; Before in said privately owned registration table, inquiring about first key assignments according to first path values; Perhaps before in said privately owned registration table, inquiring about second key assignments, perhaps comprise before inquiry the 3rd key assignments directly being worth according to Third Road in said privately owned registration table according to second path values:
Get into second key;
From version number's storage space, read the version number of privately owned registration table;
The version number of the privately owned registration table that is read is compared with the local version number that stores, need to judge whether the said privately owned registration table of reconstruct;
If judged result is for being, the said privately owned registration table of reconstruct then;
After said virtual registry query incident finishes, perhaps after said virtual Registry Modifications incident finishes, perhaps after said virtual registration table deletion event finishes, also comprise:
Leave said second key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110402069.3A CN102520944B (en) | 2011-12-06 | 2011-12-06 | Method for realizing virtualization of Windows application program |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110402069.3A CN102520944B (en) | 2011-12-06 | 2011-12-06 | Method for realizing virtualization of Windows application program |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102520944A true CN102520944A (en) | 2012-06-27 |
| CN102520944B CN102520944B (en) | 2014-07-02 |
Family
ID=46291886
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110402069.3A Expired - Fee Related CN102520944B (en) | 2011-12-06 | 2011-12-06 | Method for realizing virtualization of Windows application program |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102520944B (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102929716A (en) * | 2012-11-07 | 2013-02-13 | 北京亿赛通科技发展有限责任公司 | Method for starting multiple processes |
| CN102981874A (en) * | 2012-11-15 | 2013-03-20 | 北京奇虎科技有限公司 | Computer processing system and registry redirection method |
| CN103019765A (en) * | 2012-11-15 | 2013-04-03 | 北京奇虎科技有限公司 | File redirection method, device and computer system |
| CN103970740A (en) * | 2013-01-24 | 2014-08-06 | 北京伸得纬科技有限公司 | System layer construction method for virtual machine operating system |
| CN104219078A (en) * | 2013-06-04 | 2014-12-17 | 阿里巴巴集团控股有限公司 | Method and device for processing multiple runtime environment data |
| WO2015024371A1 (en) * | 2013-08-21 | 2015-02-26 | 华为技术有限公司 | Adaptation method for cloud platform user interface, and adapter |
| CN105700914A (en) * | 2015-12-31 | 2016-06-22 | 北京金山安全软件有限公司 | Application software installation and starting method and device |
| WO2016110203A1 (en) * | 2015-01-06 | 2016-07-14 | 阿里巴巴集团控股有限公司 | File path storing and local file accessing method and device |
| CN105808550A (en) * | 2014-12-30 | 2016-07-27 | 迈普通信技术股份有限公司 | File access method and device |
| CN105930739A (en) * | 2016-04-14 | 2016-09-07 | 北京金山安全软件有限公司 | Method and terminal for preventing file from being deleted |
| CN106951061A (en) * | 2017-03-29 | 2017-07-14 | 联想(北京)有限公司 | Electronic equipment and control method |
| CN108604992A (en) * | 2016-05-26 | 2018-09-28 | 华为技术有限公司 | The system and method switched using the software definition between the lightweight virtual machine of host kernel resources |
| CN109683948A (en) * | 2018-12-13 | 2019-04-26 | 深圳创维-Rgb电子有限公司 | System data introduction method, device, electronic product and storage medium |
| CN110417860A (en) * | 2019-06-21 | 2019-11-05 | 深圳壹账通智能科技有限公司 | File transfer management method, apparatus, equipment and storage medium |
| CN111737690A (en) * | 2020-07-20 | 2020-10-02 | 北京升鑫网络科技有限公司 | Method and device for preventing malicious software from carrying out sensitive operation on data |
| CN111796972A (en) * | 2020-06-30 | 2020-10-20 | 苏州三六零智能安全科技有限公司 | File hot-repair method, device, equipment and storage medium |
| CN113703667A (en) * | 2021-07-14 | 2021-11-26 | 深圳市有为信息技术发展有限公司 | File system processing method and device for storing data in real time, vehicle-mounted terminal and commercial vehicle |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102105861A (en) * | 2008-07-28 | 2011-06-22 | 微软公司 | State separation for application changes |
| CN102231116A (en) * | 2011-07-04 | 2011-11-02 | 成都市华为赛门铁克科技有限公司 | Application program virtualization installing and loading method and device |
-
2011
- 2011-12-06 CN CN201110402069.3A patent/CN102520944B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102105861A (en) * | 2008-07-28 | 2011-06-22 | 微软公司 | State separation for application changes |
| CN102231116A (en) * | 2011-07-04 | 2011-11-02 | 成都市华为赛门铁克科技有限公司 | Application program virtualization installing and loading method and device |
Non-Patent Citations (1)
| Title |
|---|
| HAILEI SUN等: "Virtual execution environment for windows applications", 《CLOUD COMPUTING AND INTELLIGENCE SYSTEMS 》 * |
Cited By (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102929716B (en) * | 2012-11-07 | 2015-04-15 | 北京亿赛通科技发展有限责任公司 | Method for starting multiple processes |
| CN102929716A (en) * | 2012-11-07 | 2013-02-13 | 北京亿赛通科技发展有限责任公司 | Method for starting multiple processes |
| CN102981874A (en) * | 2012-11-15 | 2013-03-20 | 北京奇虎科技有限公司 | Computer processing system and registry redirection method |
| CN103019765A (en) * | 2012-11-15 | 2013-04-03 | 北京奇虎科技有限公司 | File redirection method, device and computer system |
| CN103019765B (en) * | 2012-11-15 | 2016-08-03 | 北京奇虎科技有限公司 | A kind of file redirection method, device and computer system |
| CN102981874B (en) * | 2012-11-15 | 2015-12-02 | 北京奇虎科技有限公司 | Computer processing system and registration table reorientation method |
| CN103970740A (en) * | 2013-01-24 | 2014-08-06 | 北京伸得纬科技有限公司 | System layer construction method for virtual machine operating system |
| CN104219078A (en) * | 2013-06-04 | 2014-12-17 | 阿里巴巴集团控股有限公司 | Method and device for processing multiple runtime environment data |
| CN104219078B (en) * | 2013-06-04 | 2018-08-24 | 阿里巴巴集团控股有限公司 | A kind for the treatment of method and apparatus of more runtime environment data |
| WO2015024371A1 (en) * | 2013-08-21 | 2015-02-26 | 华为技术有限公司 | Adaptation method for cloud platform user interface, and adapter |
| CN105808550A (en) * | 2014-12-30 | 2016-07-27 | 迈普通信技术股份有限公司 | File access method and device |
| CN105808550B (en) * | 2014-12-30 | 2019-02-15 | 迈普通信技术股份有限公司 | A kind of method and device accessing file |
| WO2016110203A1 (en) * | 2015-01-06 | 2016-07-14 | 阿里巴巴集团控股有限公司 | File path storing and local file accessing method and device |
| CN105700914A (en) * | 2015-12-31 | 2016-06-22 | 北京金山安全软件有限公司 | Application software installation and starting method and device |
| CN105930739A (en) * | 2016-04-14 | 2016-09-07 | 北京金山安全软件有限公司 | Method and terminal for preventing file from being deleted |
| CN105930739B (en) * | 2016-04-14 | 2019-07-23 | 珠海豹趣科技有限公司 | A kind of method and terminal for preventing file deleted |
| CN108604992A (en) * | 2016-05-26 | 2018-09-28 | 华为技术有限公司 | The system and method switched using the software definition between the lightweight virtual machine of host kernel resources |
| CN108604992B (en) * | 2016-05-26 | 2020-09-29 | 华为技术有限公司 | System and method for software defined switching between lightweight virtual machines using host kernel resources |
| CN106951061A (en) * | 2017-03-29 | 2017-07-14 | 联想(北京)有限公司 | Electronic equipment and control method |
| CN106951061B (en) * | 2017-03-29 | 2020-05-26 | 联想(北京)有限公司 | Electronic apparatus and control method |
| CN109683948A (en) * | 2018-12-13 | 2019-04-26 | 深圳创维-Rgb电子有限公司 | System data introduction method, device, electronic product and storage medium |
| CN110417860A (en) * | 2019-06-21 | 2019-11-05 | 深圳壹账通智能科技有限公司 | File transfer management method, apparatus, equipment and storage medium |
| CN111796972A (en) * | 2020-06-30 | 2020-10-20 | 苏州三六零智能安全科技有限公司 | File hot-repair method, device, equipment and storage medium |
| CN111796972B (en) * | 2020-06-30 | 2022-11-04 | 苏州三六零智能安全科技有限公司 | File hot-repair method, device, equipment and storage medium |
| CN111737690A (en) * | 2020-07-20 | 2020-10-02 | 北京升鑫网络科技有限公司 | Method and device for preventing malicious software from carrying out sensitive operation on data |
| CN113703667A (en) * | 2021-07-14 | 2021-11-26 | 深圳市有为信息技术发展有限公司 | File system processing method and device for storing data in real time, vehicle-mounted terminal and commercial vehicle |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102520944B (en) | 2014-07-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102520944B (en) | Method for realizing virtualization of Windows application program | |
| US7987152B1 (en) | Federation of clusters for enterprise data management | |
| CN111324571B (en) | Container cluster management method, device and system | |
| CN101329636B (en) | Method and apparatus for virtualizing window information | |
| US9053117B2 (en) | Storing application data with a unique ID | |
| US5857197A (en) | System and method for accessing data stores as objects | |
| US9892185B2 (en) | Method and system for syncing data structures | |
| US7895156B2 (en) | Method, system, and computer program product for implementing a model exchange framework generating a synchronization record in response to a model exchange request using fusion technology | |
| US20150186445A1 (en) | Mechanism for deprecating object oriented data | |
| CN109906446A (en) | Multilayer in memory virtualization system merges | |
| US10915551B2 (en) | Change management for shared objects in multi-tenancy systems | |
| US8707005B2 (en) | Data control systems for virtual environments | |
| US20230401241A1 (en) | System for lightweight objects | |
| CN112199200B (en) | Resource scheduling method and device, computer equipment and storage medium | |
| CN106933555A (en) | A kind of data framework system | |
| US9009731B2 (en) | Conversion of lightweight object to a heavyweight object | |
| AU2021411481B2 (en) | System and method for real-time, dynamic creation, delivery, and use of customizable web applications | |
| US7987470B1 (en) | Converting heavyweight objects to lightwight objects | |
| Rajasekar et al. | Micro-services: a service-oriented paradigm for scalable, distributed data management | |
| US20010013040A1 (en) | General purpose resource manager for hierarchical file systome | |
| bin Uzayr et al. | Knex and bookshelf | |
| Schwichtenberg et al. | Object Relationships and Loading Strategies | |
| CN114945908A (en) | System for creating a network of data sets | |
| Nalla et al. | A case study on Apache HBase | |
| Liberty et al. | Local Data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20140702 Termination date: 20171206 |