CN101304320A - Method and apparatus for processing address - Google Patents
Method and apparatus for processing address Download PDFInfo
- Publication number
- CN101304320A CN101304320A CNA2008101150392A CN200810115039A CN101304320A CN 101304320 A CN101304320 A CN 101304320A CN A2008101150392 A CNA2008101150392 A CN A2008101150392A CN 200810115039 A CN200810115039 A CN 200810115039A CN 101304320 A CN101304320 A CN 101304320A
- Authority
- CN
- China
- Prior art keywords
- base address
- randomization
- dynamic link
- link library
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The embodiment of the invention provides a address treatment method and a device thereof. The specific method comprises the following steps: base address randomization treatment is given to the dynamic link library that needs loading to get a base address value after randomization treatment; the parameters used for loading the initial base address of the dynamic link library that needs loading are modified so that the modified parameters can point to the base address value after randomization treatment. By changing the jump address and the position thereof that vicious codes needed, the embodiment of the invention can cause the buffer overflow attack cannot find the jump address, so that the jump address can not point to vicious procedures, thus causing the failure of the buffer overflow attack. Furthermore, the embodiment of the invention can result in the failure of the buffer overflow attack by using the jump address of the dynamic link library.
Description
Technical field
The present invention relates to technical field of the computer network, relate in particular to the method and apparatus that prevents buffer overflow attack in the computer network system.
Background technology
At present, it also is most threatening attack pattern that the attack of overflowing based on buffering area has become the most common in the network attack, and the attack that many harm are very big all belongs to this mode.
Buffering area overflows and is meant, computer program has surpassed the border of buffering area and overflowing of causing at the data bits of buffering area input.The data of overflowing may cover the legal data in the buffering area adjacent memory, destroy the data integrity of software, function return address in also possible coverage function pointer of the data of overflowing or the storehouse, the execution flow process of Rogue program, make calling program carry out some untrusted codes, thereby buffer-overflow vulnerability occurred.After the assailant finds Overflow Vulnerability, utilize program to surpass the code of its boundary length in the buffering area input, cause and overflow, after making the data of overflowing cover the return address, write at return address place can the reprogramming flow process address (being jump address), make this address point to the rogue program of oneself, thereby reach the purpose of attack, destruction system.
For the attack that prevents to overflow based on buffering area, prior art is by getting in touch with the system api function, check the return address of storehouse, judging whether to take place buffering area according to the position of return address and attribute overflows, and after finding that buffering area overflows, will cause that thread or process that this overflows finish.The flow process of this method as shown in Figure 1, concrete steps are as follows:
(1) links up with for system's api function of key and call;
(2) return address of inspection function
(3) position of judgement return address if the position of return address is in the address realm of stack, then is judged as stack overflow has taken place;
(4) read-write properties of judgement return address if the attribute of return address is to write, then is judged as to take place to pile and overflows.
The inventor finds that there are the following problems at least in the prior art in realizing process of the present invention:
The return address can be revised by malicious code, be that the assailant can seek the return instruction code, revise above-mentioned return address and make it point to this return instruction that the redirect by this return instruction comes back in the stack to be carried out, thereby walk around the protection of prior art, reach the purpose of attacking the destruction system.In addition, the attribute of return address can be revised by malicious code, and for example the assailant can be with the attribute modification of this return address for writing, thereby walk around the right protection of prior art, reaches attack, destroys the purpose of system.
Summary of the invention
Embodiments of the invention provide a kind of address processing method and device, not only can prevent buffer overflow attack, but also can effectively protect the attack of walking around prior art.
A kind of address processing method comprises:
The current dynamic link library that needs to load is carried out the base address randomization, obtain the base address value after the described randomization, modification is used to load the parameter value of the initial base address of dynamic link library that described current needs load, and makes the base address value after this amended parameter value points to described randomization.
A kind of address process device comprises:
The randomization unit is used for the dynamic link library that current needs load is carried out the base address randomization, obtains the base address value after the described randomization;
Revise the parameter unit, base address value after the described randomization that is used for obtaining according to described randomization unit, modification is used to load the parameter value of the initial base address of dynamic link library that described current needs load, and makes the base address value after this amended parameter value points to described randomization.
The technical scheme that is provided by the embodiment of the invention described above as can be seen, dynamic link library (the DLL that the embodiment of the invention loads by randomization, Dynamic Link Library) base address, make the base address when loading dynamic link library be different from the base address of distributing to dynamic link library according to system default mode or other general mode, also just make fixedly jump address in the base address change (promptly having changed the jump address that malicious code need utilize), thereby the memory headroom that makes the jump address that is used for carrying out malicious code in the flooding code can not point to the original imagination of assailant goes, make the flooding failure, realized effectively preventing the purpose of flooding; The embodiment of the invention also can effectively be protected the attack of walking around prior art simultaneously.
Description of drawings
Fig. 1 is the prior art schematic diagram;
The method flow schematic diagram that Fig. 2 provides for the embodiment of the invention;
Fig. 3 is the apparatus structure schematic diagram that the embodiment of the invention provides.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
In embodiments of the present invention, for buffer overflow attack was lost efficacy, a kind of address processing method is provided, the jump address of reprogramming flow process is in the dynamic link library that loads the time, then specifically can carry out the base address randomization to the current dynamic link library that needs to load, obtain the base address value after the described randomization, modification is used to load the parameter value of the initial base address of dynamic link library that described current needs load, and makes the base address value after this amended parameter value points to described randomization.
Accordingly, the memory headroom that base address in the embodiment of the invention after the randomization is pointed to also is different from the memory headroom that the base address is pointed under the base address arrangement mode of system default, change has also taken place in the data of former dynamic link library address space, comprises that change has also taken place for jump address and position thereof.
Wherein, randomization is carried out in base address to dynamic link library, comprise: calculate the randomization result according to randomized algorithm, and according to this randomization result and the base address information of having carried out the dynamic link library of base address randomization, calculate the described current base address value that needs the chained library that loads.
Concrete, above-mentioned the parameter value that is used to load the initial base address of current described dynamic link library is made amendment, for example can be to the value that is used to load the base address (parameter for example
*The value that BaseAdress is pointed) makes amendment.Can when loading dynamic link library, load initial base address during application according to above-mentioned amended parameter value.
For ease of understanding, be described in detail below in conjunction with the method flow of accompanying drawing to the embodiment of the invention to the embodiment of the invention.
To be the embodiment of the invention carry out the method flow diagram of randomization to DLL to Fig. 2, and concrete treatment step can comprise:
Step 21: the current dynamic link library that needs to load is carried out the base address randomization, obtain the base address value after the described randomization, concrete steps can comprise: calculate the randomization result according to randomized algorithm earlier, and according to this randomization result and the base address information of having carried out the dynamic link library of base address randomization, calculate the described current base address value that needs the dynamic link library that loads; In concrete the application, above-mentioned base address information can comprise: carried out the length information of the dynamic link library of base address randomization, or name information, or the positional information in disk, or base address value etc.;
For example, can utilize function to carry out randomization during specific implementation: the time with system is that variable utilizes function to produce a random number seed earlier, utilize this random number seed to generate random number again by another function, because this random number produced by the current time, therefore can guarantee the randomness of this random number; Then according to this random number, and the length information that has carried out the dynamic link library of base address randomization, or name information, or the positional information in disk, or information such as base address value, above-mentioned random number is transformed to the numerical value that meets the base address rule, and this numerical value is used for the value that the replacement system is used to distribute the function parameters pointed of DLL internal memory base address, and promptly this numerical value that obtains is the current base address value that needs the dynamic link library that loads; Simultaneously, when carrying out above-mentioned conversion, need consider to avoid the storage allocation space of base address value that obtains and the dynamic link library that has carried out the base address randomization to have and intersect, make mistakes, also can determine the address realm of current loading object to avoid loading;
Step 22: revise the parameter value of the initial base address of dynamic link library be used to load described current needs loading, make the base address value after this amended parameter value points to described randomization; For example during specific implementation, can make the parameter value of the initial base address of the relevant loading DLL in the function obtain revising by handling to being used for that the function that dynamic link library (DLL) is mapped to process or thread address space is linked up with (Hook);
For example, parameter
*BaseAddress is loading base address pointer, when
*Be dll file allocation base address by system according to the algorithm of acquiescence when the BaseAddress value is zero; When the embodiment of the invention will
*After the BaseAddress value was made amendment, system can be according to parameter
*The value that the BaseAddress value is pointed to is DLL allocation base address; Concrete, the embodiment of the invention can be made amendment to the parameter value that is used to load the initial base address of dynamic link library (DLL) that is used for dynamic link library (DLL) is mapped to the function of process or thread address space, comprises the value of the loading base address pointed in this function is made amendment;
Step 23: when loading described dynamic link library, load initial base address according to described amended parameter value; Concrete, system can be a pointer with the value of amended loading base address pointer, and distributes to the DLL of current loading with the value of this pointed as the initial base address of the DLL of current loading, and loads this DLL by this base address; Because a lot of DLL that need loading can be arranged in the system, therefore considered current base address information of having carried out other dynamic link library of base address randomization when revising the parameter that is used to load initial base address, the for example length information of dynamic link library, name information etc., there is intersection in the space that just can avoid distributing when loading these DLL like this, has also avoided loading and has made mistakes; Also can determine simultaneously the address realm of current loading object; After for example system has loaded the 1st, 2 dynamic link library successively, when loading the 3rd DLL, owing to just considered position, the size of the 1st, 2 DLL when calculating base address value, therefore, just avoided intersecting when loading the 3rd DLL with the allocation space of the 1st, 2 DLL.
Further, when the unique backup of a DLL in all process shared drives of system requirements, just carry out the randomization and the loading of base address in the time of can loading DLL for the first time after restarting system, all like this processes can be shared the dynamic link library (DLL) after this base address randomization; And after the DLL address randomization of being correlated with, along with the variation of DLL base address, the data of former DLL address space also change; Comprising, after the base address changed, jump address and position thereof in the raw address scope also changed accordingly.
Need to prove that the method that produces random number in the embodiment of the invention is a lot, be not limited in the method for above-mentioned generation random number, for example can also produce random number or be parameter generating random number etc. according to randomized function with other variable.
In technique scheme as can be seen, the embodiment of the invention is by the base address of randomization DLL, jump address and position thereof that can the reprogramming flow process, make buffer overflow attack can not find jump address, also just can't make jump address point to rogue program, thereby make the buffer overflow attack failure.Therefore, the embodiment of the invention buffer overflow attack that the jump address of utilizing dynamic link library is carried out lost efficacy.
Because when the assailant implements buffer overflow attack, can be according to general system assignment dynamic link library (DLL, the arrangement mode of base address dynamic link library), calculate the position of return address, make overflow data cover this return address then, and the jump address of writing the sensing rogue program at this place, return address, attack with realization; That is to say, because the particular location of DLL base address knows easily, so be easy to the victim utilization row buffer flooding of going forward side by side.Therefore, can find this situation of return address at the assailant according to system default or other general DLL base address arrangement mode, the embodiment of the invention is carried out randomization by the base address to DLL, change is given the base address of each DLL according to system assignment, makes DLL base address after the randomization of loading be different from the base address of the DLL that system distributes according to acquiescence or other general mode; When the assailant goes for the return address according to the base address distributing position of system default or other general distribution DLL again, will be because of finding the return address that is used to attack, and can't make jump address point to rogue program, thereby make the buffer overflow attack failure; Simultaneously, the embodiment of the invention also can effectively be protected the attack of walking around prior art.
Below in conjunction with utilizing the method that the buffer-overflow vulnerability in the browser auxiliary object ActiveX control carries out flooding in the playout software, the application process of the embodiment of the invention is described in detail.
For example, the user browse have a playout software browse the webpage of auxiliary object Active control the time, can trigger this buffer-overflow vulnerability.Concrete, according to the characteristic of above-mentioned leak, what the assailant used is the jump address among the pncrt.dll in this playout software.For example the supposing the system base address of distributing to pncrt.dll according to general allocation base address mode is 60A20000, and the assailant just can finish by the jump address in this address realm the buffering area of custom system is attacked.
If the technical scheme that adopts the embodiment of the invention to provide, after randomization is carried out in the base address that is about to the DLL of above-mentioned application program, the base address of the pncrt.dll that loads in subscriber equipment is 60A20000 no longer just, like this, when the assailant goes for jump address again according to the base address of imagining, just can't find the jump address of this imagination, also just can't make jump address point to rogue program, thereby make the buffer overflow attack failure.
From foregoing description as can be seen, the address processing method that the embodiment of the invention provides is compared with the method that allows malicious code carry out detection more earlier of prior art and is wanted safety, efficient a lot, and buffering area leak flooding for the unknown, also can tackle accurately and efficiently, make buffer overflow attack when also system not being worked the mischief, be prevented from carrying out; And the security protection software of having avoided prior art hysteresis quality that new leak condition code is obtained.
The embodiment of the invention also provides a kind of address process device, and the specific implementation structure can comprise as shown in Figure 3:
Revise parameter unit 32, base address value after the described randomization that is used for obtaining according to described randomization unit 31, modification is used to load the parameter value of the initial base address of dynamic link library that described current needs load, and makes the base address value after this amended parameter value points to described randomization;
By said apparatus, can carry out Hook and handle being used for dynamic link library (DLL) is mapped to the function of process or thread address space in the practical application, make the parameter value of the initial base address of the relevant loading DLL in this function obtain revising; And according to this amended parameter value loading DLL, thereby realize DLL base address randomization.
The address process device that provides in the embodiment of the invention can be arranged in the security protection software, with further raising systematic protection level.
In sum, various embodiments of the present invention are compared with prior art, the method that the embodiment of the invention provides is compared safer, efficient with the method that allows malicious code carry out detection more earlier of prior art, and the buffer-overflow vulnerability for the unknown is attacked, also can tackle accurately and efficiently, make buffer overflow attack when also system not being worked the mischief, be prevented from carrying out; And the security protection software of having avoided prior art hysteresis quality that new leak condition code is obtained.Therefore, the embodiment of the invention has realized effectively preventing the purpose of buffer overflow attack; Also can effectively protect simultaneously the attack of walking around prior art.
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (7)
1, a kind of address processing method is characterized in that, comprising:
The current dynamic link library that needs to load is carried out the base address randomization, obtain the base address value after the described randomization, modification is used to load the parameter value of the initial base address of dynamic link library that described current needs load, and makes the base address value after this amended parameter value points to described randomization.
2, method according to claim 1 is characterized in that, described method also comprises: load initial base address according to described amended parameter value when loading described dynamic link library.
3, method according to claim 1, it is characterized in that, described base address randomization, comprise: calculate the randomization result according to randomized algorithm, and according to this randomization result and the base address information of having carried out the dynamic link library of base address randomization, calculate the described current base address value that needs the dynamic link library that loads.
4, method according to claim 3 is characterized in that, described base address information of having carried out the dynamic link library of base address randomization comprises:
Carried out the length information of the dynamic link library of base address randomization, or name information, or the positional information in disk, or base address value.
5, a kind of address process device is characterized in that, comprising:
The randomization unit is used for the dynamic link library that current needs load is carried out the base address randomization, obtains the base address value after the described randomization;
Revise the parameter unit, base address value after the described randomization that is used for obtaining according to described randomization unit, modification is used to load the parameter value of the initial base address of dynamic link library that described current needs load, and makes the base address value after this amended parameter value points to described randomization.
6, device according to claim 5 is characterized in that, described randomization unit comprises:
Random cells is used for calculating the randomization result according to randomized algorithm;
Computing unit is used for the randomization result according to described random cells, and the base address information of having carried out the dynamic link library of base address randomization, calculates the described current base address value that needs the dynamic link library of loading.
7, device according to claim 5 is characterized in that, described device also comprises:
The load address unit is used for loading initial base address according to the amended parameter value in described modification parameter unit when loading described dynamic link library.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008101150392A CN101304320A (en) | 2008-06-16 | 2008-06-16 | Method and apparatus for processing address |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008101150392A CN101304320A (en) | 2008-06-16 | 2008-06-16 | Method and apparatus for processing address |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101304320A true CN101304320A (en) | 2008-11-12 |
Family
ID=40114048
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2008101150392A Pending CN101304320A (en) | 2008-06-16 | 2008-06-16 | Method and apparatus for processing address |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101304320A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102737188A (en) * | 2012-06-27 | 2012-10-17 | 北京奇虎科技有限公司 | Method and device for detecting malicious webpage |
| CN103995705A (en) * | 2014-06-04 | 2014-08-20 | 中国科学院信息工程研究所 | Operating system address space randomized distribution system and method |
| WO2015010589A1 (en) * | 2013-07-22 | 2015-01-29 | 北京国双科技有限公司 | Method and device for link address update |
| CN105335656A (en) * | 2015-11-02 | 2016-02-17 | 南京大学 | Software security enhancing method based on binary rewrite and dynamic randomization |
| CN105740697A (en) * | 2016-01-26 | 2016-07-06 | 国家信息技术安全研究中心 | Address space layout randomization method and device in XP |
| CN106326747A (en) * | 2016-08-26 | 2017-01-11 | 华中科技大学 | Detecting method for ROP (Return-Oriented Programming) attacks |
| CN106407754A (en) * | 2015-07-30 | 2017-02-15 | 中兴通讯股份有限公司 | Method and device for generating random layout program |
| CN106856470A (en) * | 2015-12-09 | 2017-06-16 | 中国电信股份有限公司 | For the method and device of guarding network attack |
| CN107169348A (en) * | 2017-05-15 | 2017-09-15 | 东信和平科技股份有限公司 | The anti-wrong method for implanting and system of Java Card virtual machine stacks |
| US10116529B2 (en) | 2013-07-22 | 2018-10-30 | Beijing Gridsum Technology Co., Ltd. | Method and device for link address update |
| CN108804937A (en) * | 2018-06-12 | 2018-11-13 | 广州华多网络科技有限公司 | System function call method and relevant apparatus |
-
2008
- 2008-06-16 CN CNA2008101150392A patent/CN101304320A/en active Pending
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102737188A (en) * | 2012-06-27 | 2012-10-17 | 北京奇虎科技有限公司 | Method and device for detecting malicious webpage |
| US10116529B2 (en) | 2013-07-22 | 2018-10-30 | Beijing Gridsum Technology Co., Ltd. | Method and device for link address update |
| WO2015010589A1 (en) * | 2013-07-22 | 2015-01-29 | 北京国双科技有限公司 | Method and device for link address update |
| CN103995705A (en) * | 2014-06-04 | 2014-08-20 | 中国科学院信息工程研究所 | Operating system address space randomized distribution system and method |
| CN103995705B (en) * | 2014-06-04 | 2017-04-19 | 中国科学院信息工程研究所 | Operating system address space randomized distribution system and method |
| CN106407754B (en) * | 2015-07-30 | 2021-06-18 | 中兴通讯股份有限公司 | Method and device for generating random layout program |
| CN106407754A (en) * | 2015-07-30 | 2017-02-15 | 中兴通讯股份有限公司 | Method and device for generating random layout program |
| CN105335656A (en) * | 2015-11-02 | 2016-02-17 | 南京大学 | Software security enhancing method based on binary rewrite and dynamic randomization |
| CN106856470A (en) * | 2015-12-09 | 2017-06-16 | 中国电信股份有限公司 | For the method and device of guarding network attack |
| CN105740697A (en) * | 2016-01-26 | 2016-07-06 | 国家信息技术安全研究中心 | Address space layout randomization method and device in XP |
| CN105740697B (en) * | 2016-01-26 | 2018-08-31 | 国家信息技术安全研究中心 | Address space layout method of randomization and device in a kind of XP |
| CN106326747B (en) * | 2016-08-26 | 2018-11-27 | 华中科技大学 | A kind of detection method for ROP attack |
| CN106326747A (en) * | 2016-08-26 | 2017-01-11 | 华中科技大学 | Detecting method for ROP (Return-Oriented Programming) attacks |
| CN107169348A (en) * | 2017-05-15 | 2017-09-15 | 东信和平科技股份有限公司 | The anti-wrong method for implanting and system of Java Card virtual machine stacks |
| CN107169348B (en) * | 2017-05-15 | 2020-07-28 | 东信和平科技股份有限公司 | Method and system for preventing error injection of Java Card virtual machine stack |
| CN108804937A (en) * | 2018-06-12 | 2018-11-13 | 广州华多网络科技有限公司 | System function call method and relevant apparatus |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101304320A (en) | Method and apparatus for processing address | |
| CN101309149B (en) | Address processing method and apparatus | |
| CN102132289B (en) | Method and device for code obfuscation | |
| CN103995705B (en) | Operating system address space randomized distribution system and method | |
| CN108885661A (en) | The randomization of time-varying address space layout | |
| US10528729B2 (en) | Methods and systems for defending against cyber-attacks | |
| CN108701025A (en) | The memory addressing method of safety | |
| CN108154032A (en) | It is a kind of that the computer system root of trust construction method of memory integrity ensuring is had the function of based on credible performing environment | |
| US20160062655A1 (en) | System and Method for Improved Memory Allocation in a Computer System | |
| CN101621498A (en) | Method, device and equipment for defending against network attacks | |
| CN103440176A (en) | Protection method and device for memory in real-time operation system | |
| US9804800B2 (en) | Detecting heap-spray in memory images | |
| CN101315655A (en) | Method and apparatus for preventing overflow attack of buffer area | |
| US9563787B2 (en) | Protection of a non-volatile memory by change of instructions | |
| KR102028704B1 (en) | Method for Protecting Memory Against Code Insertion Attacks in Electronic Device | |
| CN106681828A (en) | Method and device for reinforcing dynamic link library SO file of Android installation package | |
| CN104298922A (en) | Method and device of stopping vulnerability exploiting | |
| CN111373405B (en) | Computer-implemented method for preventing bit flipping attacks in computing devices | |
| CN109388441B (en) | Processing method, processing device, electronic equipment and readable storage medium | |
| US11755723B2 (en) | Device and method for validation of virtual function pointers | |
| US20220138311A1 (en) | Systems and methods for detecting and mitigating code injection attacks | |
| CN105426221B (en) | The method and system of caching is realized by JVM safe contexts | |
| WO2016107802A1 (en) | System and method for protecting a device against return-oriented programming attacks | |
| CN105224346B (en) | Objective function localization method and device | |
| CN113536254A (en) | Resource permission configuration method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: CHENGDU CITY HUAWEI SAIMENTEKE SCIENCE CO., LTD. Free format text: FORMER OWNER: HUAWEI TECHNOLOGY CO., LTD. Effective date: 20090424 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20090424 Address after: Qingshui River District, Chengdu high tech Zone, Sichuan Province, China: 611731 Applicant after: Chengdu Huawei Symantec Technologies Co., Ltd. Address before: Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Province, China: 518129 Applicant before: Huawei Technologies Co., Ltd. |
|
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20081112 |