CN101373505A - Method and apparatus for releasing handle and file deleting system - Google Patents
Method and apparatus for releasing handle and file deleting system Download PDFInfo
- Publication number
- CN101373505A CN101373505A CNA2008101270055A CN200810127005A CN101373505A CN 101373505 A CN101373505 A CN 101373505A CN A2008101270055 A CNA2008101270055 A CN A2008101270055A CN 200810127005 A CN200810127005 A CN 200810127005A CN 101373505 A CN101373505 A CN 101373505A
- Authority
- CN
- China
- Prior art keywords
- handle
- information
- file
- name information
- releasing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The embodiment of the invention discloses a method for releasing handles, a device and a file deletion system, relates to the technical field of releasing the handles of documents to be deleted, and solves the problem that a system needs restarting or leads error to occur to the process in the prior art of document deletion. In the embodiment, firstly, the handle information of the documents called during the process is searched for; if the handle information of the documents called during the process is the handle to be released, the process is informed of releasing the corresponding handle information, thereby completing the release of the handles. Corresponding handle information is released before documents infected with viruses are deleted in a virus-killing software system.
Description
Technical field
The present invention relates to computer realm, relate in particular to the method and the device that discharge the handle for the treatment of deleted file in the computing machine.
Background technology
No matter be to infect the malicious code of system or hiding wooden horse file, they generally can load privately owned code to internal system in system start-up, thereby system is damaged.If in the implanted in the above described manner operating system of virus document or be implanted in the process of moving, the handle of this document is not having can't to delete this type of virus document under the situation about discharging.Some file of editing causes the handle of this document not discharge because the process of loading this document is ended by accident, also can cause file to delete.If virus document can't be deleted, will damage system, for example: the malice occupying system resources occurs, malice is restarted computing machine, situations such as deadlock.
Prior art provides two kinds of methods to delete the file that this type of does not have releasing handle, and is specific as follows:
First method: document storage need be write file configuration table (FAT to this document on disk the time, FileAllocation Table), by finding filename corresponding file data structure from the FAT table, by traveling through this data structure file content is rewritten, to damage file, impaired file can't be loaded by process after system restarts, and can successfully delete this moment to this document.
The inventor is in realizing process of the present invention, find that there is following shortcoming at least in above-mentioned first method: the data content that on disk, carries out revised file, but when being called, this document handle is loaded in the internal memory, so have only after system restarts with the handle in the releasing memory, just can finish delete function.And, process loaded data file to be made amendment, the process operation can report an error and withdraw from.
Second method: when file of needs deletion, check at first whether this file is taken by other process, if there is process to take this document, in kernel objects, search the handle of this document, after finding handle, directly discharge the handle of file in the kernel objects, the handle that calls when so just can the process of dischargeing taking this document is so that delete this document.
The inventor finds that there is following shortcoming at least in above-mentioned second method in realizing process of the present invention: ignored the process that loads this file, and the direct handle of releasing document in kernel objects, the process that may cause taking this document reports an error and withdraws from; Perhaps, the process that need call this file under given conditions reports an error when specified conditions occur and withdraws from.
Summary of the invention
Embodiments of the invention provide a kind of method, device and file deleting system of releasing handle, and in that do not need to restart under the situation of system can deleted file, and the process that makes can not report an error owing to the incorrect release of handle and withdraws from.
Embodiments of the invention provide a kind of method of releasing handle, comprising:
Obtain the name information and the handle information of the file correspondence of process transfer;
Judge whether accessed name information is identical with the name information for the treatment of the releasing handle respective file;
If described name information is identical, the handle information of then notifying described process to discharge described name information respective file.
Embodiments of the invention also provide a kind of device of releasing handle, comprising:
Acquiring unit is used to obtain the name information and the handle information of the file correspondence of process transfer;
Judging unit is used to judge whether accessed name information is identical with the name information for the treatment of the releasing handle respective file;
Notification unit is used for when described name information is identical, the handle information of notifying described process to discharge described name information respective file.
Embodiments of the invention also provide a kind of file deleting system, comprising:
The filename deriving means is used to obtain the name information for the treatment of deleted file;
The handle releasing means is used to obtain the name information and the handle information of the file correspondence of process transfer; Judge whether accessed name information is identical with the name information for the treatment of deleted file; And when described name information is identical, the handle information of notifying described process to discharge described name information respective file;
The file delete device is used for the described deleted file for the treatment of is deleted.
The method of the releasing handle that the embodiment of the invention provides and device, at first in the file that process itself is called, obtain handle information and name information, then with name information that gets access to and the name information contrast for the treatment of the releasing handle respective file, if name information is identical, the handle informational needs of then representing this document is released, and the handle information that embodiment of the invention notification process itself will need to discharge discharges.Compared with prior art, the embodiment of the invention has been avoided searching in kernel objects and by the direct releasing handle of kernel objects, but search by the file of process transfer, and there is process itself to come releasing handle, be a kind of correct and safe releasing handle method, the process that can not cause taking this document withdraws from owing to the incorrect release of handle reports an error.Simultaneously, so can carry out the deletion action of respective file, do not need to wait and delete respective file again after restarting to system because handle has correctly been discharged.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the process flow diagram of the method for releasing handle in the embodiment of the invention 1;
Fig. 2 is the process flow diagram of the method for releasing handle in the embodiment of the invention 2;
Fig. 3 is the process flow diagram of the method for releasing handle in the embodiment of the invention 3;
Fig. 4 is the block diagram of the device of first kind of releasing handle in the embodiment of the invention 4;
Fig. 5 is the block diagram of the device of second kind of releasing handle in the embodiment of the invention 4;
Fig. 6 is the block diagram of the device of the third releasing handle in the embodiment of the invention 4;
Fig. 7 is the schematic diagram of file deleting system in the embodiment of the invention 5.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
In the process of application program, when needs are opened application file, need to open application file by OpenFile (opening file) function.The OpenFile function is after successfully opening an application file, in system kernel, generate the handle information of this application file, and return described handle information to process that should program, the process that this should program all will realize by handle all operations of this application file afterwards.If other process is arranged to be wanted this application file is made amendment or deleted, system will judge the handle information that whether has this application file in the kernel objects, if in kernel objects, there has been the handle information of this application file, represent that this handle information is not released, the requirement of above-mentioned other process is made amendment or the operation of deleting is refused by system.
And the module of calling for the process of system level, in the process of system level, open described module, need be by calling LoadLibrary (for the process executable module of packing into) function, and open the module of appointment by the 1pFilename of LoadLibrary function (pointing to the address of filename) parameter, shine upon this module then in the address space of calling process, after finishing, mapping returns the module handle information that is loaded by LoadLibrary, when after this process of system level is called module, can quote this handle information and seek the position of the module that the process of system level need quote, the same with reference document, when correctly not discharging this handle information, this module can not be deleted.
The embodiment of the invention is by searching handle in process, and comes releasing handle by process itself, thereby realizes the correct release of handle, avoided handle to be forced to discharge in kernel objects.Be described in detail below in conjunction with the method and the device of accompanying drawing embodiment of the invention releasing handle.
Embodiment 1:
Present embodiment provides a kind of method of releasing handle, can be correctly releasing handle safely so that can delete corresponding file.As shown in Figure 1, the method for concrete releasing handle comprises the steps:
101, as can be known, the handle information corresponding file that requires to discharge in order to discharge the handle of this document, is promptly treated releasing handle just by process transfer, at first obtains the name information and the handle information of the file correspondence of process transfer from above-mentioned analysis.
102, judge whether accessed name information is identical with the name information for the treatment of the releasing handle respective file, if described name information is identical, the handle information requirements of the file correspondence of expression process transfer are released, and then execution in step 103; Otherwise the handle information of the file correspondence of expression process transfer does not require to be released execution in step 104.
103, the handle information of notifying above-mentioned process to discharge described name information respective file.
104, owing to do not need to discharge described handle information, this step can be reselected a process, and returns execution in step 101.
The handle information specific implementation of notifying above-mentioned process to discharge described name information respective file described in the above-mentioned steps 103 is: inject the code that discharges described handle information in described process.That is: the technology of using thread far away to notify is injected one section code to described process, and will be loaded into the running space of described process after the injection of this section code, so this section code will return described process to own.In this section injecting codes, only need to use respective function to discharge corresponding handle information, for the process institute calling module of system level above-mentioned, generally adopt FreeLibrary (executable module that the release process loads) function to close the release that handle information can realize handle information; For application file above-mentioned, generally adopt CloseHandle (closing handle) function to close the release that handle information can reach handle information to picture.
Present embodiment is when searching the handle information that needs release, be in the file of process transfer, to search, in kernel objects, do not search, and in the time of last releasing handle information, also be that notification process is come releasing handle information by process itself, can guarantee that handle information is normally discharged by process itself, with directly in kernel hard closing handle information compare, can avoid the undesired release of handle information, withdraw from thereby avoid reporting an error by the process that the undesired release of handle information causes.
After above-mentioned process is finished release to handle information, just can directly delete this handle information corresponding file, do not need to restart system and delete this document again.
Embodiment 2:
Be that the module of system loads is an example with the file of process transfer below, specify the method that the embodiment of the invention provides releasing handle, as shown in Figure 2, this method comprises the steps:
201, after the process number in the acquisition system, open described process and set up snapshot for described process, this step can be finished by the interface function CreateToolhelp32Snapshot (setting up the reflection of appointment process in system) that system provides, CreateToolhelp32Snapshot can set up a snapshot for process in system, this snapshot comprises module and the thread information that this process is all.
202, the function Module32First (module that process begins most) that provides by system searches the information of first module in the above-mentioned snapshot.
203, obtain name information and handle information in the information that finds first module.
204, judge whether accessed name information is identical with the name information for the treatment of the releasing handle respective file, if described name information is identical, represent that the handle information requirements of this module correspondence are released, then execution in step 205; Otherwise the handle information of expression this document correspondence does not require to be released execution in step 206.
205, the handle information requirements owing to first module correspondence that is found are released, so preserve the handle information of described name information respective file, so that carry out releasing operation.
Generally speaking, this handle information is to be kept in the chained list, for example: the chained list of fifo queue formula.
206, judge whether module in the snapshot searches and finish, do not finish execution in step 207 if search; Finish execution in step 208 if search.
207, the function Module32Next that provides by system (the next module of process) searches the information of the next module in the above-mentioned snapshot, and execution in step 203.
208, judge whether to obtain next process number in the system, if next process number in the system that can obtain, then execution in step 201; Otherwise execution in step 209.
209, notice said system process discharges and has preserved handle information, and the handle information of having preserved is the handle information of the identical file correspondence of described name information.Specifically can use the technology of thread far away notice to realize the release of handle information, as: to as described in process inject one section code, and this section code will be loaded into the running space of described process after injecting.For system process calling module above-mentioned, in this section injecting codes, generally adopt FreeLibrary (executable module that the release process loads) function to close the release that handle information can realize handle information.
Be to adopt the handle information of preserving earlier in the present embodiment, in the reporting system process it is discharged, when practice, can be the formation of first in first out with the handle information setting of preserving, like this can be when searching the handle information that needs to discharge, notice corresponding system process is discharged the handle information that has found, accelerated processing speed.
In the present embodiment, the handle information of when the delivery system process insmods, calling, at first pass through the information of the mode acquisition module of snapshot, from the information of module, search the handle information that needs release then, after finding all handle information, discharge the handle information of this module by system process itself, avoided system process to answer the undesired release of handle information and report an error and withdraw from.
After system process is finished release to handle information, just can directly delete the module of this handle information correspondence, do not need to restart system and delete this module again.
Embodiment 3:
File with process transfer is that application file is an example below, specifies the method that the embodiment of the invention provides releasing handle, and as shown in Figure 3, this method comprises the steps:
301, directly obtain all application files that present all application processes of moving are called.Because calling the process of application file is general application process, can finish the operation of multi-process and multithreading by specific function: at first use ZwQuerySystemInformation (obtaining different system information type) function to enumerate the handle of the All Files of opening, next need to use a undocumented function ZwQueryInformationFile (obtaining the file information type different) to picture, by SYSTEM_INFORMATION_CLASS (system information enumeration type) structure wherein, finish the operation of multi-process and thread, to obtain all application files.
302, open a structure of the above-mentioned application file that gets access to, specifically describe a structure by the structure of title SYSTEM_INFORMATION_CLASS.
303, obtain the name information and the handle information of application file correspondence in the described opened structure.Use SystemHandleInformation (the system's handle information) parametric description of SYSTEM_INFORMATION_CLASS structure in the method, finish the operation of obtaining all application files.
304, judge whether accessed name information is identical with the name information for the treatment of the releasing handle respective file, if described name information is identical, represent that the handle information requirements of this module correspondence are released, then execution in step 305; Otherwise the handle information of expression this document correspondence does not require to be released execution in step 306.
305, preserve the handle information of described name information respective file, so that carry out the operation of releasing handle information.
306, judge in the application file got access to whether have the structure of opening or not, if the structure of not opening in addition, then execution in step 307, otherwise execution in step 308.
307, navigate to the next structure of not opening, and execution in step 302.
308, notify above-mentioned process to discharge the handle information of having preserved.This step can adopt the technology of thread notice far away to inject one section code to described process, and will be loaded into the running space of described process after the injection of this section code.For application file above-mentioned, in this section injecting codes, generally adopt CloseHandle (closing handle) function to close the release that handle information can reach handle information to picture.
Be to adopt the handle information of preserving earlier in the present embodiment, reinforming application process discharges it, when practice, can be the formation of first in first out with the handle information setting of preserving, like this can be when searching the handle information that needs to discharge, notice respective application process is discharged the handle information that has found, accelerated processing speed.
After application process is finished release to handle information, just can directly delete the application file of this handle information correspondence, do not need to restart system and delete this application file again.
Embodiment 4:
Corresponding to the foregoing description 1, present embodiment provides the device of first kind of releasing handle, and as shown in Figure 4, this device comprises: acquiring unit 41, judging unit 42 and notification unit 43.
The concrete function of each unit is as follows in this device: acquiring unit 41 is used to obtain the name information and the handle information of the file correspondence of process transfer; After getting access to corresponding name information and handle information, judging unit 42 is used to judge whether accessed name information is identical with the name information for the treatment of the releasing handle respective file; If described name information is identical, represent that then the handle information requirements in this document are released, described notification unit 43 is used for when name information is identical, the handle information of notifying described process to discharge described name information respective file.Described notification unit 43 realized by thread notification technique far away, as: by to as described in inject in the process discharge as described in the code of handle information, with the handle information of notifying described process to discharge described name information respective file.
Corresponding to the foregoing description 2, present embodiment also provides the device of second kind of releasing handle, and as shown in Figure 5, this device comprises: acquiring unit 51, judging unit 52, storage unit 53 and notification unit 54.The file that this device is mainly used to handle at described process transfer is the situation of the module of system loads, and in this case, the function of acquiring unit 51 is finished jointly by snapshot module 511 and acquisition module 512.The concrete function of each unit and module is described below:
Described snapshot module 511 is used to process to set up snapshot, comprises described module information in this snapshot, and described acquisition module 512 is used for obtaining the name information and the handle information of described module information.After getting access to corresponding name information and handle information, judging unit 52 is used to judge whether accessed name information is identical with the name information for the treatment of the releasing handle respective file; If described name information is identical, represent that then the handle information requirements in this document are released, described storage unit 53 is used for when described name information is identical, preserves the handle information of described name information respective file.Described notification unit 54 is used for when name information is identical, notify described process to discharge the handle information of having preserved, by the function that storage unit 53 and notification unit 54 are finished jointly, be equivalent to when described name information is identical, notify corresponding system process to discharge the handle information of respective file.
Corresponding to the foregoing description 3, present embodiment also provides a kind of device of releasing handle, and as shown in Figure 6, this device comprises: acquiring unit 61, judging unit 62, storage unit 63 and notification unit 64.The file that this device is mainly used to handle at described process transfer is the situation of application file, and in this case, the function of acquiring unit 61 is by opening module 611 and acquisition module 612 is finished jointly.The concrete function of each unit and module is described below:
Describedly open the structure that module 611 is used to open the application file of process transfer, described acquisition module 612 is used for obtaining the name information and the handle information of described structure application file correspondence.After getting access to corresponding name information and handle information, judging unit 62 is used to judge whether accessed name information is identical with the name information for the treatment of the releasing handle respective file; If described name information is identical, represent that then the handle information requirements in this document are released.Described storage unit 63 is used for when described name information is identical, preserves the handle information of described name information respective file.Described notification unit 64 is used for when name information is identical, notify described process to discharge the handle information of having preserved, by the function that storage unit 63 and notification unit 64 are finished jointly, be equivalent to when described name information is identical, notify corresponding process to discharge the handle information of respective file.
The notification unit that is adopted in the device of three kinds of releasing handles in the present embodiment (43,54 or 64) all can adopt thread notification technique far away to realize, as: by to as described in inject in the process discharge as described in the code of handle information, with the handle information of notifying described process to discharge described name information respective file.
The storage unit that is adopted in the device of back two kinds of releasing handles in the present embodiment can realize by fifo queue, so just can be when searching the handle information that needs to discharge, with notifying corresponding process to discharge the handle information that has found, accelerated processing speed.
Embodiment 5:
As shown in Figure 7, present embodiment provides a kind of file deleting system, and this system comprises: filename deriving means 71, handle releasing means 72 and file delete device 73.
Filename deriving means 71 in the present embodiment is used to obtain the name information for the treatment of deleted file; Handle releasing means 72 is used to obtain the name information and the handle information of the file correspondence of process transfer; Judge whether the name information for the treatment of deleted file that accessed name information and filename deriving means 71 get access to is identical; And when described name information is identical, the handle information of notifying described process to discharge described name information respective file; File delete device 73 is used for treating the deleted file deletion with described, because handle releasing means 72 will treat that the handle information of deleted file has correctly discharged, so file delete device 73 can be deleted this document smoothly.
Discharge all handles that need discharge in order to make handle releasing means 72 to concentrate, handle releasing means 72 in the present embodiment also is used for when described name information is identical, preserve the handle information of described name information respective file, so just can concentrate release, can improve the reliability that handle discharges the handle information of having preserved.
If handle releasing means 72 adopts the mode of first in first out to preserve the handle information of described name information respective file, then can when getting access to handle information, the handle information of having preserved be discharged, can improve the efficient that handle discharges.
The operation of above-mentioned releasing handle is a kind of normal handle dispose procedure, and correctly releasing handle can not cause corresponding process to report an error because of the undesired release of handle and withdraw from.After handle information is finished in release, just the deletion of corresponding file safety can not needed to restart system.
The embodiment of the invention mainly is used in the various deletions that need to carry out in the system file, is used in especially in the antivirus software system, discharges corresponding handle information before deletion infective virus file.
Through the above description of the embodiments, the those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential general hardware platform, can certainly pass through hardware, but the former is better embodiment under a lot of situation.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium that can read, floppy disk as computing machine, hard disk or CD etc., comprise some instructions with so that equipment (can be server, perhaps the network equipment etc.) carry out the described method of each embodiment of the present invention.
The above; only be the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection domain of described claim.
Claims (12)
1. the method for a releasing handle is characterized in that, comprising:
Obtain the name information and the handle information of the file correspondence of process transfer;
Judge whether accessed name information is identical with the name information for the treatment of the releasing handle respective file;
If described name information is identical, the handle information of then notifying described process to discharge described name information respective file.
2. the method for releasing handle according to claim 1 is characterized in that, the file of described process transfer is the module of system loads, wherein saidly obtains the name information of process transfer file correspondence and the step of handle information comprises:
For process is set up snapshot, comprise described module information in the described snapshot;
Obtain name information and handle information in the described module information.
3. the method for releasing handle according to claim 1 is characterized in that, the file of described process transfer is an application file, wherein saidly obtains the name information of process transfer file correspondence and the step of handle information comprises:
Open the structure of the application file of process transfer;
Obtain the name information and the handle information of application file correspondence in the described structure.
4. the method for releasing handle according to claim 1 is characterized in that, described notify the handle information that described process discharges described name information respective file before, also comprise:
If described name information is identical, preserve the handle information of described name information respective file.
5. the method for releasing handle according to claim 1 is characterized in that, the described step of the handle information that described process discharges described name information respective file of notifying comprises:
In described process, inject the code that discharges described handle information.
6. the device of a releasing handle is characterized in that, comprising:
Acquiring unit is used to obtain the name information and the handle information of the file correspondence of process transfer;
Judging unit is used to judge whether accessed name information is identical with the name information for the treatment of the releasing handle respective file;
Notification unit is used for when described name information is identical, the handle information of notifying described process to discharge described name information respective file.
7. the device of releasing handle according to claim 6 is characterized in that, the file of described process transfer is the module of system loads, and described acquiring unit comprises:
Snapshot module is used to process to set up snapshot, comprises described module information in the described snapshot;
Acquisition module is used for obtaining the name information and the handle information of described module information.
8. the device of releasing handle according to claim 6 is characterized in that, the file of described process transfer is an application file, and described acquiring unit comprises:
Open module, be used to open the structure of the application file of process transfer;
Acquisition module is used for obtaining the name information and the handle information of described structure application file correspondence.
9. the device of releasing handle according to claim 6 is characterized in that, described notification unit injects the code that discharges described handle information in described process, with the handle information of notifying described process to discharge described name information respective file.
10. the device of releasing handle according to claim 6 is characterized in that, also comprises:
Storage unit is used for when described name information is identical, preserves the handle information of described name information respective file.
11. a file deleting system is characterized in that comprising:
The filename deriving means is used to obtain the name information for the treatment of deleted file;
The handle releasing means is used to obtain the name information and the handle information of the file correspondence of process transfer; Judge whether accessed name information is identical with the name information for the treatment of deleted file; And when described name information is identical, the handle information of notifying described process to discharge described name information respective file;
The file delete device is used for the described deleted file for the treatment of is deleted.
12. file deleting system according to claim 11 is characterized in that, described handle releasing means also is used for when described name information is identical, preserves the handle information of described name information respective file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101270055A CN101373505B (en) | 2008-06-17 | 2008-06-17 | Method and apparatus for releasing handle and file deleting system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101270055A CN101373505B (en) | 2008-06-17 | 2008-06-17 | Method and apparatus for releasing handle and file deleting system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101373505A true CN101373505A (en) | 2009-02-25 |
| CN101373505B CN101373505B (en) | 2011-12-21 |
Family
ID=40447662
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008101270055A Expired - Fee Related CN101373505B (en) | 2008-06-17 | 2008-06-17 | Method and apparatus for releasing handle and file deleting system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101373505B (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102214088A (en) * | 2010-04-07 | 2011-10-12 | 腾讯科技(深圳)有限公司 | Document unlocking method and device |
| CN102542196A (en) * | 2011-11-23 | 2012-07-04 | 北京安天电子设备有限公司 | Method for finding and preventing malicious codes |
| CN102855437A (en) * | 2011-06-27 | 2013-01-02 | 奇智软件(北京)有限公司 | File unlocking method and device |
| CN102855436A (en) * | 2011-06-27 | 2013-01-02 | 奇智软件(北京)有限公司 | File unlocking method and file unlocking device |
| CN102855434A (en) * | 2011-06-27 | 2013-01-02 | 奇智软件(北京)有限公司 | File unlocking method and device |
| CN102902765A (en) * | 2012-09-25 | 2013-01-30 | 北京奇虎科技有限公司 | Method and device for removing file occupation |
| CN104050193A (en) * | 2013-03-15 | 2014-09-17 | 中国银联股份有限公司 | Message generating method and data processing system for realizing method |
| CN104503704A (en) * | 2014-12-19 | 2015-04-08 | 北京奇虎科技有限公司 | Cleaning method and device for disk space |
| CN104715198A (en) * | 2011-06-27 | 2015-06-17 | 北京奇虎科技有限公司 | File unlocking method and device |
| WO2016169212A1 (en) * | 2015-04-20 | 2016-10-27 | 安一恒通(北京)科技有限公司 | File management method and device |
| CN106975221A (en) * | 2017-03-30 | 2017-07-25 | 武汉斗鱼网络科技有限公司 | User terminal and game data live broadcast device and method |
| CN109151601A (en) * | 2017-06-28 | 2019-01-04 | 武汉斗鱼网络科技有限公司 | Quick start and method, storage medium, equipment and the system for obtaining game picture |
| CN112749142A (en) * | 2019-10-31 | 2021-05-04 | 上海哔哩哔哩科技有限公司 | Handle management method and system |
-
2008
- 2008-06-17 CN CN2008101270055A patent/CN101373505B/en not_active Expired - Fee Related
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102214088B (en) * | 2010-04-07 | 2015-07-01 | 腾讯科技(深圳)有限公司 | Document unlocking method and device |
| CN102214088A (en) * | 2010-04-07 | 2011-10-12 | 腾讯科技(深圳)有限公司 | Document unlocking method and device |
| CN102855437A (en) * | 2011-06-27 | 2013-01-02 | 奇智软件(北京)有限公司 | File unlocking method and device |
| CN102855436A (en) * | 2011-06-27 | 2013-01-02 | 奇智软件(北京)有限公司 | File unlocking method and file unlocking device |
| CN102855434A (en) * | 2011-06-27 | 2013-01-02 | 奇智软件(北京)有限公司 | File unlocking method and device |
| CN104715198B (en) * | 2011-06-27 | 2019-03-05 | 北京奇虎科技有限公司 | A kind of method and device of file unlock |
| CN102855437B (en) * | 2011-06-27 | 2015-08-05 | 奇智软件(北京)有限公司 | A kind of method of file unlock and device |
| CN104715198A (en) * | 2011-06-27 | 2015-06-17 | 北京奇虎科技有限公司 | File unlocking method and device |
| CN102855434B (en) * | 2011-06-27 | 2015-06-24 | 奇智软件(北京)有限公司 | File unlocking method and device |
| CN102855436B (en) * | 2011-06-27 | 2015-06-24 | 奇智软件(北京)有限公司 | File unlocking method and file unlocking device |
| CN102542196A (en) * | 2011-11-23 | 2012-07-04 | 北京安天电子设备有限公司 | Method for finding and preventing malicious codes |
| CN102542196B (en) * | 2011-11-23 | 2014-09-17 | 北京安天电子设备有限公司 | Method for finding and preventing malicious codes |
| CN102902765A (en) * | 2012-09-25 | 2013-01-30 | 北京奇虎科技有限公司 | Method and device for removing file occupation |
| CN104050193B (en) * | 2013-03-15 | 2017-11-03 | 中国银联股份有限公司 | Generate the method for message and realize the data handling system of this method |
| CN104050193A (en) * | 2013-03-15 | 2014-09-17 | 中国银联股份有限公司 | Message generating method and data processing system for realizing method |
| CN104503704A (en) * | 2014-12-19 | 2015-04-08 | 北京奇虎科技有限公司 | Cleaning method and device for disk space |
| CN104503704B (en) * | 2014-12-19 | 2018-05-04 | 北京奇虎科技有限公司 | The method for cleaning and device of a kind of disk space |
| WO2016169212A1 (en) * | 2015-04-20 | 2016-10-27 | 安一恒通(北京)科技有限公司 | File management method and device |
| CN106975221A (en) * | 2017-03-30 | 2017-07-25 | 武汉斗鱼网络科技有限公司 | User terminal and game data live broadcast device and method |
| CN109151601A (en) * | 2017-06-28 | 2019-01-04 | 武汉斗鱼网络科技有限公司 | Quick start and method, storage medium, equipment and the system for obtaining game picture |
| CN109151601B (en) * | 2017-06-28 | 2020-08-04 | 武汉斗鱼网络科技有限公司 | Method, storage medium, device and system for quickly starting and acquiring game picture |
| CN112749142A (en) * | 2019-10-31 | 2021-05-04 | 上海哔哩哔哩科技有限公司 | Handle management method and system |
| CN112749142B (en) * | 2019-10-31 | 2023-09-01 | 上海哔哩哔哩科技有限公司 | Handle management method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101373505B (en) | 2011-12-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101373505B (en) | Method and apparatus for releasing handle and file deleting system | |
| CN107808094B (en) | System and method for detecting malicious code in a file | |
| CN102722680B (en) | Method and system for removing rogue programs | |
| US9819695B2 (en) | Scanning method and device, and client apparatus | |
| US20120017276A1 (en) | System and method of identifying and removing malware on a computer system | |
| US7681237B1 (en) | Semi-synchronous scanning of modified files in real time | |
| US8209757B1 (en) | Direct call into system DLL detection system and method | |
| CN102867146B (en) | Method and system for preventing computer virus from repeatedly infecting system | |
| CN105893847B (en) | A kind of method, apparatus and electronic equipment for protecting security protection application file | |
| JP2010509654A (en) | API confirmation method using information recorded in call stack | |
| CN102831344A (en) | Course handling method and device | |
| CN101599114B (en) | Method and system for locating driver of virus program | |
| CN102004882A (en) | Method and device for detecting and processing remote-thread injection type Trojan | |
| CN101414329B (en) | Delete just in the method for operating virus | |
| CN116502220B (en) | Detection method and processing method for resistant Java memory horses | |
| CN107479874B (en) | DLL injection method and system based on Windows platform | |
| CN103514405B (en) | The detection method of a kind of buffer overflow and system | |
| CN103984897A (en) | Method and device for preventing virus invasion during installation of software | |
| US20100235377A1 (en) | Memory Object Sharing for Just In Time Compiled Data | |
| US8938807B1 (en) | Malware removal without virus pattern | |
| CN102222201A (en) | File scanning method and device thereof | |
| RU2583711C2 (en) | Method for delayed elimination of malicious code | |
| RU2526282C2 (en) | Method for synchronising access to shared resources of computing system and detecting and eliminating deadlocks using lock files | |
| CN105740028A (en) | Access control method and device | |
| WO2017114344A1 (en) | Root virus removal method and apparatus, and electronic device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: CHENGDU CITY HUAWEI SAIMENTEKE SCIENCE CO., LTD. Free format text: FORMER OWNER: HUAWEI TECHNOLOGY CO., LTD. Effective date: 20090424 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20090424 Address after: Qingshui River District, Chengdu high tech Zone, Sichuan Province, China: 611731 Applicant after: Chengdu Huawei Symantec Technologies Co., Ltd. Address before: Headquarters office building, Bantian HUAWEI base, Longgang District, Guangdong, Shenzhen Province, China: 518129 Applicant before: Huawei Technologies Co., Ltd. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: HUAWEI DIGITAL TECHNOLOGY (CHENGDU) CO., LTD. Free format text: FORMER NAME: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES CO., LTD. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River Patentee after: Huawei Symantec Technologies Co., Ltd. Address before: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River Patentee before: Chengdu Huawei Symantec Technologies Co., Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20111221 Termination date: 20170617 |