CN105117661B - File protection method and device - Google Patents

File protection method and device Download PDF

Info

Publication number
CN105117661B
CN105117661B CN201510472634.1A CN201510472634A CN105117661B CN 105117661 B CN105117661 B CN 105117661B CN 201510472634 A CN201510472634 A CN 201510472634A CN 105117661 B CN105117661 B CN 105117661B
Authority
CN
China
Prior art keywords
file
characteristic value
modification
file destination
code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510472634.1A
Other languages
Chinese (zh)
Other versions
CN105117661A (en
Inventor
李峥嵘
杨振辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhuhai Baoqu Technology Co Ltd
Original Assignee
Beijing Kingsoft Internet Security Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Kingsoft Internet Security Software Co Ltd filed Critical Beijing Kingsoft Internet Security Software Co Ltd
Priority to CN201510472634.1A priority Critical patent/CN105117661B/en
Publication of CN105117661A publication Critical patent/CN105117661A/en
Application granted granted Critical
Publication of CN105117661B publication Critical patent/CN105117661B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6281Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)
  • Document Processing Apparatus (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The embodiment of the invention discloses a file protection method and a device, wherein the method comprises the following steps: when a processing instruction for the characteristic value in the target file is detected, calling the code of the target modification file for modifying the target file to modify the encoding mode of the characteristic value in the target file or to modify the position of the code of the characteristic value in the target file in the code of the target file, wherein the characteristic value in the target file is used for uniquely identifying the target file, and the target modification file is a file for processing the characteristic value in the target file; and generating a target file according to the modified codes. By implementing the embodiment of the invention, the processing efficiency of the characteristic value in the file can be improved.

Description

A kind of document protection method and device
Technical field
The present invention relates to field of computer technology, and in particular to a kind of document protection method and device.
Background technology
With the continuous development of computer technology, the file of required storage is more and more, and therefore, the protection to file becomes One urgent problem to be solved.Wherein, file includes the characteristic value for unique mark file, when characteristic value is obtained by third party Afterwards, third party can destroy file or modification file function by characteristic value, therefore, in order to ensure the security of file needs pair Characteristic value is handled.Since after characteristic value is obtained by third party, third party can destroy file or modification by characteristic value File function, therefore, when research staff has found that file is destroyed or file function is changed, in order to ensure the security of file Need to handle characteristic value again.At present, need research staff's manual unlocking literary when handling characteristic value in file Part code, and document code is manually changed to realize, due to needing user to carry out multi-pass operation, reduce file The treatment effeciency of middle characteristic value.
The content of the invention
The embodiment of the invention discloses a kind of document protection method and device, the processing for improving characteristic value in file is imitated Rate.
First aspect of the embodiment of the present invention discloses a kind of document protection method, including:
When detecting for the process instruction of characteristic value in file destination, target described in invocation target modification file modification The code of file, to change the coding mode of the characteristic value, or to change the code of the characteristic value in the file destination Code in present position, the characteristic value is used for file destination described in unique mark, and the target modification file is to be used to locate Manage the file of the characteristic value;
According to the amended code building file destination.
With reference to the embodiment of the present invention in a first aspect, first aspect of the embodiment of the present invention the first possible implementation In, after detecting for the process instruction of characteristic value in file destination, the method further includes:
Judge whether the target modification file for handling the characteristic value;
If the target modification file is not present, the target modification file is generated, and performs invocation target modification text Part changes the step of code of the file destination.
With reference to the embodiment of the present invention in a first aspect, first aspect of the embodiment of the present invention second of possible implementation In, the file destination includes data segment, and the data segment includes the characteristic value;
The code of file destination includes described in the invocation target modification file modification:
The code of characteristic value present position in the code of the data segment described in invocation target modification file modification, to repair Change the code of the characteristic value present position in the code of the file destination.
With reference to the embodiment of the present invention in a first aspect, first aspect of the embodiment of the present invention the third possible implementation In, the file destination includes flag, and the flag is used for the coding mode for identifying the characteristic value;
The code of file destination includes described in the invocation target modification file modification:
The value of flag described in invocation target modification file modification, to change the coding mode of the characteristic value.
With reference to the third possible implementation of first aspect of the embodiment of the present invention, in first aspect of the embodiment of the present invention The 4th kind of possible implementation in, the file destination includes data segment, and the flag is the mark of the data segment Position;
The value of flag includes described in the invocation target modification file modification:
The value of flag bit described in invocation target modification file modification.
Second aspect of the embodiment of the present invention discloses a kind of file protection device, including:
Unit is changed, for when detecting for the process instruction of characteristic value in file destination, invocation target modification to be literary Part changes the code of the file destination, to change the coding mode of the characteristic value, or to change the code of the characteristic value The present position in the code of the file destination, the characteristic value are used for file destination described in unique mark, and the target is repaiied It is the file for handling the characteristic value to change file;
First generation unit, for according to the modification amended code building file destination of unit.
With reference to second aspect of the embodiment of the present invention, in the first possible implementation of second aspect of the embodiment of the present invention In, described device further includes:
Judging unit, for judging whether the target modification file for handling the characteristic value;
Second generation unit, for when the judging result of the judging unit is no, generating the target modification file, And trigger the step of modification unit performs the code of file destination described in invocation target modification file modification.
With reference to second aspect of the embodiment of the present invention, in second of possible implementation of second aspect of the embodiment of the present invention In, the file destination includes data segment, and the data segment includes the characteristic value;
The modification unit, the code of characteristic value described in file modification is changed in the data segment specifically for invocation target Code in present position, to change the code of characteristic value present position in the code of the file destination.
With reference to second aspect of the embodiment of the present invention, in the third possible implementation of second aspect of the embodiment of the present invention In, the file destination includes flag, and the flag is used for the coding mode for identifying the characteristic value;
The modification unit, specifically for the value of flag described in invocation target modification file modification, to change the spy The coding mode of value indicative.
With reference to the third possible implementation of second aspect of the embodiment of the present invention, in second aspect of the embodiment of the present invention The 4th kind of possible implementation in, the file destination includes data segment, and the flag is the mark of the data segment Position;
The mode of the value of flag is specially described in the modification cell call target modification file modification:
The value of flag bit described in invocation target modification file modification.
In the embodiment of the present invention, when detecting for the process instruction of characteristic value in file destination, invocation target modification The code of file modification file destination, to change the coding mode of characteristic value, or to change the code of characteristic value in file destination Code in present position, afterwards according to amended code building file destination, due to when detecting in file destination During the process instruction of characteristic value, automatic calling is changed to the code of file modification file destination, to change the coding of characteristic value Mode, or modification characteristic value code in the code of file destination present position, it is thus possible to improve characteristic value in file Treatment effeciency.
Brief description of the drawings
To describe the technical solutions in the embodiments of the present invention more clearly, below will be to needed in the embodiment Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for ability For the those of ordinary skill of domain, without creative efforts, it can also be obtained according to these attached drawings other attached Figure.
Fig. 1 is a kind of flow chart of document protection method disclosed by the embodiments of the present invention;
Fig. 2 is the flow chart of another document protection method disclosed by the embodiments of the present invention;
Fig. 3 is a kind of structure chart of file protection device disclosed by the embodiments of the present invention;
Fig. 4 is the structure chart of another file protection device disclosed by the embodiments of the present invention;
Fig. 5 is the structure chart of another file protection device disclosed by the embodiments of the present invention.
Embodiment
Below in conjunction with the attached drawing in the embodiment of the present invention, the technical solution in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is part of the embodiment of the present invention, instead of all the embodiments.Based on this hair Embodiment in bright, the every other implementation that those of ordinary skill in the art are obtained without making creative work Example, belongs to the scope of protection of the invention.
The embodiment of the invention discloses a kind of document protection method and device, the processing for improving characteristic value in file is imitated Rate.It is described in detail individually below.
Referring to Fig. 1, Fig. 1 is a kind of flow chart of document protection method disclosed by the embodiments of the present invention.As shown in Figure 1, This document guard method may comprise steps of.
S101, when detecting for the process instruction of characteristic value in file destination, invocation target modification file modification mesh The code of file is marked, to change the coding mode of characteristic value in file destination, or to change the code of characteristic value in file destination The present position in the code of file destination, characteristic value is used for unique mark file destination, target modification file in file destination It is the file for handling characteristic value in file destination.
In the present embodiment, file destination includes data segment, and data segment refers to be used to store in program inside file destination One piece of region of memory of the global variable of initialization, data segment include characteristic value, and characteristic value is used for unique mark file destination.When When research staff has found that file destination is destroyed or file destination function is changed, research staff can be defeated by modes such as keyboards Enter to be directed to the process instruction of characteristic value in file destination, ought detect the process instruction for characteristic value in file destination afterwards When, by the code of invocation target modification file modification file destination, to change the coding mode of characteristic value in file destination, or with The code of characteristic value present position in the code of file destination in modification file destination.
S102, according to amended code building file destination.
, will be according to amended target after the code of invocation target modification file modification file destination in the present embodiment The code of file regenerates file destination, and the coding mode of characteristic value in the file destination of generation, or the code of characteristic value exist Present position has changed in the code of file destination.Therefore, when third party uses file destination by the decoding before modification Mode obtains characteristic value in file destination, or third party from the code of amended file destination file destination by before modification When characteristic value present position obtains characteristic value in file destination, third party will be unable to get correct characteristic value, so as to Ensure the security of file.Wherein, target modification file is the file for handling characteristic value in file destination.
In the described document protection methods of Fig. 1, when detecting for the process instruction of characteristic value in file destination, Invocation target changes the code of file modification file destination, to change the coding mode of characteristic value, or to change the generation of characteristic value Code present position in the code of file destination, afterwards according to amended code building file destination, pin is detected due to working as To during the process instruction of characteristic value, automatic calling to be changed to the code of file modification file destination, to change in file destination The coding mode of characteristic value, or modification characteristic value code in the code of file destination present position, it is thus possible to improve literary The treatment effeciency of characteristic value in part.
Referring to Fig. 2, Fig. 2 is the flow chart of another document protection method disclosed by the embodiments of the present invention.Such as Fig. 2 institutes Show, this document guard method may comprise steps of.
S201, when detecting for the process instruction of characteristic value in file destination, judge whether to be used to handle mesh The target modification file of characteristic value in file is marked, characteristic value is used for unique mark file destination in file destination.
In the present embodiment, file destination includes data segment, and data segment refers to be used to store in program inside file destination One piece of region of memory of the global variable of initialization, data segment include characteristic value, and characteristic value is used for unique mark file destination.When When research staff has found that file destination is destroyed or file destination function is changed, research staff can be defeated by modes such as keyboards Enter to be directed to the process instruction of characteristic value in file destination.Due to can not directly change the code of file destination to change file destination The coding mode of middle characteristic value, or to change the code of characteristic value in file destination present position in the code of file destination, And need to modify by target modification file, therefore, when detect for characteristic value in file destination process instruction it Afterwards, the target modification file for handling characteristic value in file destination is first judged whether.
If S202, be not present target modification file, target modification file is generated.
In the present embodiment, when there is no the mesh that during target modification file, generation is used to handle characteristic value in file destination Mark modification file;Correspondingly, when there are during target modification file, step S203 will be performed.
The code of S203, invocation target modification file modification file destination, to change the coding of characteristic value in file destination Mode, or to change the code of characteristic value in file destination present position in the code of file destination.
As a kind of possible embodiment, file destination includes data segment, and data segment includes characteristic value;
The mode of code of invocation target modification file modification file destination is specially:
The code of characteristic value present position in the code of data segment in invocation target modification file modification file destination, with The code of characteristic value present position in the code of file destination in modification file destination.
In the present embodiment, when generation target modification file or judge there are after target modification file, by invocation target The code of characteristic value present position in the code of data segment in modification file modification file destination, it is special in file destination to change The code of value indicative present position in the code of file destination.Therefore, when third party is from the code of amended file destination When file destination obtains characteristic value in file destination by characteristic value present position before modification, third party will be unable to get correct Characteristic value, thereby may be ensured that the security of file.
For example, illustrated so that exclusive or is handled as an example, it is as follows:
Header file, i.e. data segment, defined in there are the character that characteristic value is stored inside FILE_CHARACTERISTIC String, is then packaged into a CONFIG again, and addition HEAD is as byte of padding inside CONFIG.Every time to characteristic value in file into During row processing, PADDING_SIZE can be adjusted to change offset of the characteristic value in data segment, then preserved again, due to Characteristic value changes in the position of data segment, and therefore, the value of exclusive or changes in the file destination of generation, so as to reality Now to the processing of characteristic value in file destination.
As a kind of possible embodiment, file destination includes flag, which is used to identify in file destination The coding mode of characteristic value;
The mode of code of invocation target modification file modification file destination is specially:
The value of the invocation target modification file modification flag, to change the coding mode of characteristic value in file destination.
As a kind of possible embodiment, file destination includes data segment, which is the flag bit of data segment;
The mode of the value of the invocation target modification file modification flag is specially:
Invocation target changes the value of file modification flag bit.
In the present embodiment, file destination can include flag, which is used to identify characteristic value in file destination Coding mode, the flag can be the flag bits of data segment, may not be the flag bit of data segment, and the present embodiment does not limit It is fixed.When generation target modification file or judge, there are after target modification file, invocation target to be changed file modification target The value of flag in file, to change the coding mode of characteristic value in file destination.When the flag is the flag bit of data segment When, the value that file modification flag bit can be changed with invocation target changes the coding mode of characteristic value in file destination.
For example, when the value of flag is 1, base64 can be used to encode to characteristic value in file destination Reason, when the value of flag is 2, can be handled characteristic value in file destination using exclusive or algorithm.
S204, according to amended code building file destination.
, will be according to amended target after the code of invocation target modification file modification file destination in the present embodiment The code of file regenerates file destination, and the coding mode of characteristic value in the file destination of generation, or the code of characteristic value exist Present position has changed in the code of file destination.Therefore, when third party uses file destination by the decoding before modification Mode obtains characteristic value in file destination, or third party from the code of amended file destination file destination by before modification When characteristic value present position obtains characteristic value in file destination, third party will be unable to get correct characteristic value, so as to Ensure the security of file.Wherein, target modification file is the file for handling characteristic value in file destination.
In the described document protection methods of Fig. 2, when detecting for the process instruction of characteristic value in file destination, Judge whether the target modification file for handling characteristic value in file destination, if target modification file is not present, give birth to Into target modification file, and invocation target changes the code of file modification file destination, to change characteristic value in file destination Coding mode, or to change the code of characteristic value in file destination present position in the code of file destination, due to when detection The process instruction of characteristic value in for file destination, and there are during target modification file, modification file modification will be called automatically The code of file destination, to change the coding mode of characteristic value, or changes the code of characteristic value in the code of file destination Present position, it is thus possible to improve in file characteristic value treatment effeciency.
Referring to Fig. 3, Fig. 3 is a kind of structure chart of file protection device disclosed by the embodiments of the present invention.As shown in figure 3, This document protective device 300 can include:
Unit 301 is changed, for changing unit, for working as the process instruction detected for characteristic value in file destination When, invocation target changes the code of file modification file destination, to change the coding mode of characteristic value in file destination, or to repair Change the code of characteristic value in the file destination present position in the code of file destination, characteristic value is used to uniquely mark in file destination Know file destination, target modification file is the file for handling characteristic value in file destination;
Generation unit 302, for according to the modification amended code building file destination of unit 301.
In the present embodiment, file destination includes data segment, and data segment refers to be used to store in program inside file destination One piece of region of memory of the global variable of initialization, data segment include characteristic value, and characteristic value is used for unique mark file destination.When When research staff has found that file destination is destroyed or file destination function is changed, research staff can be defeated by modes such as keyboards Enter to be directed to the process instruction of characteristic value in file destination, ought detect the process instruction for characteristic value in file destination afterwards When, invocation target is changed the code of file modification file destination by modification unit 301, to change the volume of characteristic value in file destination Code mode, or to change the code of characteristic value in file destination present position in the code of file destination.
In the present embodiment, after the code of modification unit 301 invocation target modification file modification file destination, generation unit 302 will regenerate file destination according to the code of amended file destination, the coding of characteristic value in the file destination of generation Mode, or the code of characteristic value have changed present position in the code of file destination.Therefore, when third party uses target File obtains characteristic value in file destination, or third party from the code of amended file destination by the decoding process before modification When middle file destination obtains characteristic value in file destination by characteristic value present position before modification, third party will be unable to get just True characteristic value, thereby may be ensured that the security of file.Wherein, target modification file is to be used to handle feature in file destination The file of value.
In the described file protection devices of Fig. 3, when detecting for the process instruction of characteristic value in file destination, Invocation target changes the code of file modification file destination, to change the coding mode of characteristic value, or to change the generation of characteristic value Code present position in the code of file destination, afterwards according to amended code building file destination, pin is detected due to working as To during the process instruction of characteristic value, automatic calling to be changed to the code of file modification file destination, to change in file destination The coding mode of characteristic value, or modification characteristic value code in the code of file destination present position, it is thus possible to improve literary The treatment effeciency of characteristic value in part.
Referring to Fig. 4, Fig. 4 is the structure chart of another file protection device disclosed by the embodiments of the present invention.Such as Fig. 4 institutes Show, this document protective device 400 can include:
Unit 401 is changed, for changing unit, for working as the process instruction detected for characteristic value in file destination When, invocation target changes the code of file modification file destination, to change the coding mode of characteristic value in file destination, or to repair Change the code of characteristic value in the file destination present position in the code of file destination, characteristic value is used to uniquely mark in file destination Know file destination, target modification file is the file for handling characteristic value in file destination;
First generation unit 402, for according to the modification amended code building file destination of unit 401.
In the present embodiment, file destination includes data segment, and data segment refers to be used to store in program inside file destination One piece of region of memory of the global variable of initialization, data segment include characteristic value, and characteristic value is used for unique mark file destination.When When research staff has found that file destination is destroyed or file destination function is changed, research staff can be defeated by modes such as keyboards Enter to be directed to the process instruction of characteristic value in file destination, ought detect the process instruction for characteristic value in file destination afterwards When, invocation target is changed the code of file modification file destination by modification unit 401, to change the volume of characteristic value in file destination Code mode, or to change the code of characteristic value in file destination present position in the code of file destination.
In the present embodiment, after the code of modification unit 401 invocation target modification file modification file destination, the first generation Unit 402 will regenerate file destination according to the code of amended file destination, characteristic value in the file destination of generation Coding mode, or the code of characteristic value have changed present position in the code of file destination.Therefore, when third party uses File destination obtains characteristic value in file destination, or third party from amended file destination by the decoding process before modification When file destination obtains characteristic value in file destination by characteristic value present position before modification in code, third party will be unable to obtain To correct characteristic value, the security of file thereby may be ensured that.Wherein, target modification file is to be used to handle in file destination The file of characteristic value.
As a kind of possible embodiment, file protection device 400 can also include:
Judging unit 403, for judging whether the target modification file for handling characteristic value in file destination;
Second generation unit 404, for when the judging result of judging unit 403 is no, generating target modification file, and Triggering modification unit 401 calls the step of code for performing invocation target modification file modification file destination.
In the present embodiment, due to can not directly change the code of file destination to change the coding of characteristic value in file destination Mode, or to change the code of characteristic value in file destination present position in the code of file destination, and need to pass through target Modification file is modified, therefore, after detecting for the process instruction of characteristic value in file destination, judging unit 403 It will determine that with the presence or absence of the target modification file for being used to handle characteristic value in file destination.
In the present embodiment, judge to be not present when judging unit 403 and repaiied for handling the target of characteristic value in file destination When changing file, the second generation unit 404 will generate the target modification file for being used for handling characteristic value in file destination;Correspondingly, When judging unit 403, which is judged to exist, is used to handle the target modification file of characteristic value in file destination, amendment will be triggered The code of first 401 invocation targets modification file modification file destination.
As a kind of possible embodiment, file destination includes data segment, and data segment includes characteristic value;
Unit 401 is changed, the code of file modification characteristic value is changed in the code of data segment specifically for invocation target Present position, to change the code of characteristic value present position in the code of file destination.
As in a kind of possible embodiment, file destination includes flag, which is used for identification characteristics value Coding mode;
Unit 401 is changed, specifically for the value of the invocation target modification file modification flag, to change this feature value Coding mode.
In the present embodiment, when the second generation unit 404 generation target modification file or judging unit 403 judge that there are mesh After mark modification file, invocation target is changed the code of characteristic value in file modification file destination in data by modification unit 401 Present position in the code of section, to change the code of characteristic value in file destination present position in the code of file destination.Cause This, characteristic value present position obtains target before file destination is by modification from the code of amended file destination by third party In file during characteristic value, third party will be unable to get correct characteristic value, thereby may be ensured that the security of file.
As a kind of possible embodiment, file destination includes data segment, which can be the mark of data segment Position;
The mode of the value of the modification unit 401 invocation target modification file modification flag is specially:
Invocation target changes the value of file modification flag bit.
As a kind of possible embodiment, file destination includes data segment, which is the flag bit of data segment;
The mode of the value of the modification unit 401 invocation target modification file modification flag is specially:
Invocation target changes the value of file modification flag bit.
In the present embodiment, file destination can include flag, which is used to identify characteristic value in file destination Coding mode, the flag can be the flag bits of data segment, may not be the flag bit of data segment, and the present embodiment does not limit It is fixed.Judge when the second generation unit 404 generates target modification file or judging unit 403 there are after target modification file, The value that invocation target is changed flag in file modification file destination by unit 401 is changed, to change characteristic value in file destination Coding mode.When the flag is the flag bit of data segment, the value that file modification flag bit can be changed with invocation target is come Change the coding mode of characteristic value in file destination.
In the described file protection devices of Fig. 4, when detecting for the process instruction of characteristic value in file destination, Invocation target changes the code of file modification file destination, to change the coding mode of characteristic value, or to change the generation of characteristic value Code present position in the code of file destination, afterwards according to amended code building file destination, pin is detected due to working as To during the process instruction of characteristic value, automatic calling to be changed to the code of file modification file destination, to change in file destination The coding mode of characteristic value, or modification characteristic value code in the code of file destination present position, it is thus possible to improve literary The treatment effeciency of characteristic value in part.
Referring to Fig. 5, Fig. 5 is the structure chart of another file protection device disclosed by the embodiments of the present invention.Such as Fig. 5 institutes Show, which can include:At least one processor 501 (such as CPU), at least one processor 502 are defeated Enter device 503 and at least one communication bus, 504.Wherein, the connection that communication bus 504 is used for realization between these components is led to Letter.Memory 502 can be high-speed RAM memory or non-labile memory (non-volatile Memory), a for example, at least magnetic disk storage.Memory 502 optionally can also be at least one and be located remotely from foregoing place The storage device of reason 501.Wherein:
Input unit 503, the process instruction of characteristic value in file destination is directed to for detecting, and the process instruction is sent out Give processor 501;
Batch processing code is stored with memory 502, processor 501 is used to call the program stored in memory 502 Code performs following operation:
Invocation target changes the code of file modification file destination, to change the coding mode of this feature value, or with modification The code of this feature value present position in the code of file destination, this feature value are used for unique mark file destination, and target is repaiied It is the file for processing feature value to change file;
According to amended code building file destination.
As a kind of possible embodiment, input unit detect for characteristic value in file destination process instruction it Afterwards, and 501 invocation target of processor modification file modification file destination code, processor 501 be additionally operable to call memory The program code stored in 502 performs following operation:
Judge whether the target modification file for handling this feature value;
If target modification file is not present, target modification file is generated, and performs invocation target modification file modification mesh The step of marking the code of file.
As a kind of possible embodiment, file destination includes data segment, and data segment includes this feature value;
The mode of code of 501 invocation target of processor modification file modification file destination is specially:
The code of invocation target modification file modification this feature value present position in the code of data segment, to change the spy The code of value indicative present position in the code of file destination.
As a kind of possible embodiment, file destination includes flag, which is used to identify this feature value Coding mode;
The mode of code of 501 invocation target of processor modification file modification file destination is specially:
The value of the invocation target modification file modification flag, to change the coding mode of this feature value.
As a kind of possible embodiment, file destination includes data segment, which can be the mark of data segment Position;
The mode of the value of 501 invocation target of the processor modification file modification flag is specially:
Invocation target changes the value of file modification flag bit.
In the described file protection devices of Fig. 5, when detecting for the process instruction of characteristic value in file destination, Invocation target changes the code of file modification file destination, to change the coding mode of characteristic value, or to change the generation of characteristic value Code present position in the code of file destination, afterwards according to amended code building file destination, pin is detected due to working as To during the process instruction of characteristic value, automatic calling to be changed to the code of file modification file destination, to change in file destination The coding mode of characteristic value, or modification characteristic value code in the code of file destination present position, it is thus possible to improve literary The treatment effeciency of characteristic value in part.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is can To instruct relevant hardware to complete by program, which can be stored in a computer-readable recording medium, storage Medium can include:Flash disk, read-only storage (Read-Only Memory, ROM), random access device (Random Access Memory, RAM), disk or CD etc..
Document protection method disclosed by the embodiments of the present invention and device are described in detail above, it is used herein Specific case is set forth the principle of the present invention and embodiment, and the explanation of above example is only intended to help to understand this The method and its core concept of invention;Meanwhile for those of ordinary skill in the art, according to the thought of the present invention, specific There will be changes in embodiment and application range, in conclusion this specification content should not be construed as to the present invention's Limitation.

Claims (10)

  1. A kind of 1. document protection method, it is characterised in that including:
    When detecting for the process instruction of characteristic value in file destination, file destination described in invocation target modification file modification Code, to change the coding mode of the characteristic value, or to change generation of the code of the characteristic value in the file destination Present position in code, the characteristic value are used for file destination described in unique mark, and the target modification file is to be used to handle institute The file of characteristic value is stated, the file destination includes data segment, and the data segment is used to store journey for file destination the inside One piece of region of memory of initialized global variable in sequence, the data segment include the characteristic value;
    According to the amended code building file destination.
  2. 2. according to the method described in claim 1, detect that the processing for characteristic value in file destination refers to it is characterized in that, working as After order, the method further includes:
    Judge whether the target modification file for handling the characteristic value;
    If the target modification file is not present, the target modification file is generated, and performs invocation target modification file and repaiies The step of changing the code of the file destination.
  3. 3. according to the method described in claim 1, it is characterized in that, the file destination includes data segment, the data segment bag Include the characteristic value;
    The code of file destination includes described in the invocation target modification file modification:
    The code of characteristic value present position in the code of the data segment described in invocation target modification file modification, to change State the code of the characteristic value present position in the code of the file destination.
  4. 4. according to the method described in claim 1, it is characterized in that, the file destination includes flag, the flag is used In the coding mode for identifying the characteristic value;
    The code of file destination includes described in the invocation target modification file modification:
    The value of flag described in invocation target modification file modification, to change the coding mode of the characteristic value.
  5. 5. according to the method described in claim 4, it is characterized in that, the file destination includes data segment, the flag is The flag bit of the data segment;
    The value of flag includes described in the invocation target modification file modification:
    The value of flag bit described in invocation target modification file modification.
  6. A kind of 6. file protection device, it is characterised in that including:
    Unit is changed, for when detecting for the process instruction of characteristic value in file destination, invocation target modification file to be repaiied Change the code of the file destination, to change the coding mode of the characteristic value, or to change the code of the characteristic value in institute Present position in the code of file destination is stated, the characteristic value is used for file destination described in unique mark, the target modification text Part is the file for handling the characteristic value, and the file destination includes data segment, and the data segment is the file destination The inside is used to store one piece of region of memory of initialized global variable in program, and the data segment includes the characteristic value;
    First generation unit, for according to the modification amended code building file destination of unit.
  7. 7. device according to claim 6, it is characterised in that described device further includes:
    Judging unit, for judging whether the target modification file for handling the characteristic value;
    Second generation unit, for when the judging result of the judging unit is no, generating the target modification file, and touch Send out described described in modification unit execution invocation target modification file modification the step of the code of file destination.
  8. 8. device according to claim 6, it is characterised in that the file destination includes data segment, the data segment bag Include the characteristic value;
    The modification unit, generation of the code in the data segment of characteristic value described in file modification is changed specifically for invocation target Present position in code, to change the code of characteristic value present position in the code of the file destination.
  9. 9. device according to claim 6, it is characterised in that the file destination includes flag, and the flag is used In the coding mode for identifying the characteristic value;
    The modification unit, specifically for the value of flag described in invocation target modification file modification, to change the characteristic value Coding mode.
  10. 10. device according to claim 9, it is characterised in that the file destination includes data segment, and the flag is The flag bit of the data segment;
    The mode of the value of flag is specially described in the modification cell call target modification file modification:
    The value of flag bit described in invocation target modification file modification.
CN201510472634.1A 2015-08-04 2015-08-04 File protection method and device Active CN105117661B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510472634.1A CN105117661B (en) 2015-08-04 2015-08-04 File protection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510472634.1A CN105117661B (en) 2015-08-04 2015-08-04 File protection method and device

Publications (2)

Publication Number Publication Date
CN105117661A CN105117661A (en) 2015-12-02
CN105117661B true CN105117661B (en) 2018-05-08

Family

ID=54665645

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510472634.1A Active CN105117661B (en) 2015-08-04 2015-08-04 File protection method and device

Country Status (1)

Country Link
CN (1) CN105117661B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106909810A (en) * 2015-12-22 2017-06-30 北京奇虎科技有限公司 A kind of method and device for realizing APK file protection

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7280956B2 (en) * 2003-10-24 2007-10-09 Microsoft Corporation System, method, and computer program product for file encryption, decryption and transfer
CN101359353A (en) * 2008-09-05 2009-02-04 成都市华为赛门铁克科技有限公司 File protection method and device
CN102334124A (en) * 2011-08-15 2012-01-25 华为终端有限公司 File protection method and device
CN102831346A (en) * 2012-07-31 2012-12-19 深圳市紫色力腾科技发展有限公司 Method and system for file protection
CN103793665A (en) * 2014-03-06 2014-05-14 北京淦蓝润和信息技术有限公司 Electronic document processing method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7280956B2 (en) * 2003-10-24 2007-10-09 Microsoft Corporation System, method, and computer program product for file encryption, decryption and transfer
CN101359353A (en) * 2008-09-05 2009-02-04 成都市华为赛门铁克科技有限公司 File protection method and device
CN102334124A (en) * 2011-08-15 2012-01-25 华为终端有限公司 File protection method and device
CN102831346A (en) * 2012-07-31 2012-12-19 深圳市紫色力腾科技发展有限公司 Method and system for file protection
CN103793665A (en) * 2014-03-06 2014-05-14 北京淦蓝润和信息技术有限公司 Electronic document processing method and device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
PE文件加壳技术研究与实现;焦龙龙等;《信息网络安全》;20130131;全文 *
vfp&exe加密程序破解实录;lpyxt;《香雪网》;20010817;第1-3页 *

Also Published As

Publication number Publication date
CN105117661A (en) 2015-12-02

Similar Documents

Publication Publication Date Title
JP4320013B2 (en) Unauthorized processing determination method, data processing apparatus, computer program, and recording medium
JP6058245B2 (en) Random number expansion apparatus, random number expansion method and random number expansion program
CN104685508B (en) Data processing equipment and data processing method
US9432400B2 (en) Method and system for protecting against unknown malicious activities by detecting a heap spray attack on an electronic device
US9230455B2 (en) Steganographic embedding of executable code
EP4089556A1 (en) Code pointer authentication for hardware flow control
EP3270318B1 (en) Dynamic security module terminal device and method for operating same
CN105760762B (en) A kind of unknown malicious code detecting method of embeded processor
CN110868405B (en) Malicious code detection method and device, computer equipment and storage medium
CN107239698A (en) A kind of anti-debug method and apparatus based on signal transacting mechanism
KR20160099160A (en) Method of modelling behavior pattern of instruction set in n-gram manner, computing device operating with the method, and program stored in storage medium configured to execute the method in computing device
CN105245495A (en) Similarity match based rapid detection method for malicious shellcode
CN105117661B (en) File protection method and device
CN109977633A (en) A kind of program protection method and relevant apparatus
CN108985096A (en) A kind of enhancing of Android SQLite database security, method for safely carrying out and device
CN108021790B (en) File protection method and device, computing equipment and computer storage medium
CN107798241A (en) Attack detecting device, system and method
US10044752B1 (en) Null-byte injection detection
CN112613034B (en) Malicious document detection method and system, electronic device and storage medium
CN111881047B (en) Method and device for processing obfuscated script
CN108256327A (en) A kind of file test method and device
CN106980564A (en) Process behavior monitoring method based on kernel hook
EP2947590A1 (en) Program code obfuscation based upon recently executed program code
CN115248908A (en) Method, device, equipment and storage medium for protecting core code
CN115203652B (en) IOS end security encryption control method based on source confusion

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20181203

Address after: Room 105-53811, No. 6 Baohua Road, Hengqin New District, Zhuhai City, Guangdong Province

Patentee after: Zhuhai Leopard Technology Co.,Ltd.

Address before: 100085 East District, Second Floor, 33 Xiaoying West Road, Haidian District, Beijing

Patentee before: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd.

TR01 Transfer of patent right