CN102479117A - Method and system for intercepting and capturing port data in Win9x operation system - Google Patents

Method and system for intercepting and capturing port data in Win9x operation system Download PDF

Info

Publication number
CN102479117A
CN102479117A CN 201010569720 CN201010569720A CN102479117A CN 102479117 A CN102479117 A CN 102479117A CN 201010569720 CN201010569720 CN 201010569720 CN 201010569720 A CN201010569720 A CN 201010569720A CN 102479117 A CN102479117 A CN 102479117A
Authority
CN
Grant status
Application
Patent type
Prior art keywords
port
system
operation
requests
data
Prior art date
Application number
CN 201010569720
Other languages
Chinese (zh)
Inventor
廖峰
张国喜
王乾
程双全
胡金辉
陈懿
陈磊
雷萌
高志刚
Original Assignee
航天信息股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Abstract

The invention relates to a method and a system for intercepting and capturing port data in a Win9x operation system. The method comprises the steps of: creating a log file corresponding to a port in a kernel mode; utilizing VxD driver program in the Win9x operation system, intercepting and capturing each operation request aiming at the port, judging whether the operation requests are reading/writing requests or not, if so, storing data to be read/written by the reading/writing requests to the log file corresponding to the port, and then, executing the reading/writing requests; and otherwise, executing the operation requests. When the technical scheme of the method and the system is utilized, the cost for intercepting and capturing the port data is reduced on the premise without applying and releasing the port use right.

Description

一种Win9x操作系统中截获端口数据的方法和系统 A method of operating system Win9x intercepted data and port systems

技术领域 FIELD

[0001] 本发明涉及数据截获领域,特别是涉及一种WinQx操作系统中截获端口数据的方法和系统。 [0001] The present invention relates to the field of data capture, and more particularly to a method and system for operating system WinQx intercepted data port.

背景技术 Background technique

[0002] 微软公司的Wir^x操作系统包括Windows 95,Windows 98系统,虽然已被基于NT 技术的Windows 2000/XP等操作系统所替代,但由于其结构相对简单,应用成本低,因而在工控、商业销售等领域中仍有广泛应用。 [0002] Microsoft Wir ^ x operating systems including Windows 95, Windows 98 system, although the technology is based on Windows NT 2000 / XP operating system, etc. Alternatively, but because of its relatively simple construction, low cost of application, and therefore in the industrial , business sales and other areas are still widely used. 在应用WinQx操作系统的计算机中,常常会保存一些重要的数据,例如工控数据库、技术文本、财务数据以及各类统计数据等,如果这些数据被泄露出去,会给这些单位带来巨大的风险和损失,因此,需要对应用WinQx操作系统的计算机输入或输出的数据进行严格监控,从而保证其中的重要数据的安全。 In computer applications WinQx operating system, often to save some important data, such as a huge risk industrial database, technical texts, financial data and a variety of statistical data, if such data is leaked, and these units will loss, therefore, the need for data input or output of a computer operating system application WinQx strictly monitored to ensure the safety of one of the important data. 由于计算机是通过端口来输入或者输出数据的,因此,可以采用监控计算机端口的方式来监控计算机输入或输出的数据,这就不可避免地要对端口读写的数据进行截获。 Since the computer is used to input or output data via the port, therefore, the computer can be used to monitor mode to monitor data port input or output of a computer, which is inevitable to read and write data ports intercepted.

[0003] WinQx操作系统下,端口都是独占设备,在对端口进行读、写、打开、关闭、控制等操作时,需要先申请该端口的使用权,只有在获得了端口的使用权之后才能对其进行操作,操作完毕后再释放该端口的使用权,这样,其他程序或设备才能对该端口进行访问。 After the time [0003] Under WinQx operating system, ports are the exclusive device in the port to read, write, open, close, control, etc., you need to first apply for the right to use the port, only won the right to use the port to its operation, the operation is completed and then release the right to use the port, so that other program or device to access the port.

[0004] 图1为现有的WinQx操作系统中截获端口数据的系统结构图。 [0004] FIG 1 interception system configuration diagram of a conventional data port WinQx operating system. 如图1所示,现有技术将专门的硬件截获设备103连接在所要监控的端口101与端口读写设备102之间,这样, 硬件截获设备103就独占了端口101的使用权,任何的端口读写设备102在对端口101进行操作时,都必须由硬件截获设备103作为中介。 1, the prior art will be intercepted by a dedicated hardware device 103 to be monitored is connected between the read and write port 101 and a port device 102, so that the hardware device 103 to capture an exclusive right to use the port 101, any port when the reader device 102 is operated port 101, must be intercepted by the hardware device 103 as an intermediary. 因此,现有技术截获端口101处读出或写入的数据的方法为当端口读写设备102向端口101发出读数据的请求时,该读请求就被硬件截获设备103截获,则硬件截获设备103申请端口101的独占使用权,在该申请获准之后, 硬件截获设备103从端口101获得该读请求所要求的数据,将该数据存储到自身的存储装置中,然后再将该数据送至端口读写设备102,从而实现对从端口101读取的数据的截获。 Thus when the method of the data, the prior art interception port 101 to read or write port when the reader device 102 to read data to the requesting port 101, the read request is intercepted by the hardware capture device 103, the hardware capture device exclusive use of the port 101 of the application 103, after the application has been approved, the hardware capture device 103 obtains the data required for the read request from the port 101, the data stored in the storage device itself, and then the data to the port read and write device 102, enabling to capture data read from the port 101. 当端口读写设备102向端口101发出写数据的请求以及所要写入的数据时,该写请求和待写入的数据也也被硬件截获设备103截获,该硬件截获设备103首先申请端口101的独占使用权,在该申请获准之后,硬件截获设备103将待写入的数据保存到自身的存储装置中, 然后将该写请求和待写入数据送至端口101,从而实现对写入端口101的数据的截获。 When the device 102 to read and write port data request and write data to be written to the port 101, the write request and data to be written is also intercepted 103 also intercepts hardware device, the hardware device 103 first intercepts the request port 101 save exclusive use, after the application has been approved, the hardware device 103 to capture data to be written to the memory device itself, then the write request and data to be written to the port 101, enabling the write port 101 the intercepted data. 截获完成之后,硬件截获设备103释放端口101的独占使用权。 After completion of interception, interception exclusive use of the hardware release port 101 of device 103.

[0005] 由此可见,现有技术利用硬件截获设备103作为中介,通过硬件截获设备103独占端口101的使用权,从而实现了对从端口101读取的数据以及写入端口101的数据的截获, 有效地保证了端口101所在的计算机的数据安全。 [0005] Thus, the prior art intercepted by hardware as an intermediary device 103, 103 through the exclusive use of the hardware intercepting device port 101, enabling the capture of data read from the data port 101 and write port 101 , effectively ensure the security of computer data port 101 is located. 但是,现有技术采用硬件截获设备103 来截获端口数据,所使用的硬件截获设备的数量不能少于要监控的端口的数量,对每个要实现计算机数据监控的单位来说,本单位内待监控的计算机数量通常比较多,而且有些计算机还有多个输入输出端口需要进行监控,这造成采用现有技术进行计算机端口数据截获的成本很高。 However, the prior art hardware capture device 103 to intercept the data port, the amount of hardware capture devices can be used is less than the number of ports to be monitored, for each unit of data to be monitored by computer, the units to be present within the the number of computer monitors are usually more, but some computers there are several input and output ports needs to be monitored, which resulted in the use of existing technology to the high cost of computer data port intercepted. 另外,现有技术中,硬件截获设备103需要独占端口101的使用权,才能对端 Further, the prior art, the hardware capture device 103 requires exclusive use of the port 101 to the peer

4口101进行访问,因而在访问端口101之前,硬件截获设备103需要申请该端口的使用权, 在访问结束后,又要释放该端口的使用权,这都需要花费一定的时间,在端口访问量比较大的情况下,现有技术需要花费大量的时间用于使用权的申请和释放。 4 101 access, thus before the access port 101, a hardware capture device 103 need to apply for the right to use the port, at the end of the visit, but also to release the right to use the port, it will take some time, the port access the ratio is large, the prior art takes a lot of time for the application and release of the right to use.

发明内容 SUMMARY

[0006] 本发明所要解决的技术问题是提供一种WinQx操作系统中截获端口数据的方法和系统,能在无需申请和释放端口使用权的前提下,降低端口数据截获的成本。 [0006] The present invention solves the technical problem is to provide a method and system for operating system WinQx intercepted data port, under the premise of no application can be released and the right to use the port, the port cost intercepted data.

[0007] 本发明解决上述技术问题的技术方案如下:一种WinQx操作系统中截获端口数据的方法,该方法包括: [0007] The present invention solves the above technical problem the following technical solution: A method for operating system WinQx intercepted data port, the method comprising:

[0008] 在内核模式下,创建与端口相对应的日志文件; [0008] In the kernel mode, and creates a log file corresponding to the port;

[0009] 利用Win9x操作系统中的VxD驱动程序,截获针对端口的每一操作请求,判断所述操作请求是否为读/写请求,如果是,则将所述读/写请求所要读/写的数据保存到与该端口相对应的日志文件,然后执行所述读/写请求;否则,执行所述操作请求。 [0009] using a VxD driver Win9x operating system, intercepts each port operation request for determining whether the operation request is a read / write request, and if so, the read / write request to be read / write saving data to the port corresponding to the log file, and then execute the read / write request; otherwise, performing the operation request.

[0010] 本发明的有益效果是:本发明中,由于在内核模式下创建了与端口相对应的日志文件,在利用WinQx操作系统中的VxD驱动程序截获针对端口的每一操作请求之后,都判断该操作请求是否为读/写请求,对于读/写请求,则将其要读/写的数据保存到与该端口相对应的日志文件,然后再执行该读/写请求,而对于读/写请求之外的其他操作请求,则不进行处理,直接执行该操作请求即可,因此,本发明能够实现对从端口读取的数据和写入端口的数据的截获,从而有效地监控计算机的输入输出数据,保证数据的安全,同时,本发明所采用的端口数据截获方法完全是软件方法,只需将该软件加载到各待监控计算机而无需采用任何专门的硬件截获设备来实现数据截获功能,因此,本发明大大降低了端口数据截获的成本。 [0010] Advantageous effects of the present invention are: the present invention, since the port corresponding to the log file is created in kernel mode, using WinQx VxD driver in the operating system after each operation request for interception port, are determining whether the operation request is a read / write requests for the read / write requests, it is to read data written / stored to the log file corresponding to the port, then perform the read / write request, and for the read / request other than the write operation request is not processed, the request can directly execute the operation, therefore, the present invention enables interception of write ports and read data from the data port, to effectively monitor the computer input and output data, data security, while interception port data used in the method of the present invention is a software method entirely, just the software is loaded into each computer to be monitored without using any special hardware device for data interception intercept function Therefore, the present invention greatly reduces the cost of the intercepted data port. 另外,由于本发明是在内核模式下利用软件方法在内核模式下对端口进行的访问,因此,无需申请或释放端口的使用权。 Further, since the present invention utilizes a software method to access port in kernel mode in kernel mode, it is not necessary to apply or release the right to use the port. 综上所述,本发明能在无需申请和释放端口使用权的前提下,降低端口数据截获的成本。 In summary, the present invention can be provided in the port without the need to apply and release the right to use, cost data port intercepted.

[0011] 在上述技术方案的基础上,本发明还可以做如下改进: [0011] Based on the foregoing technical solution, the present invention also can make the following improvements:

[0012] 进一步,在内核模式下,创建与端口相对应的日志文件之前,该方法进一步包括: 确定所述端口是否可用,如果是,则在内核模式下创建与该端口相对应的日志文件,否则, 不对该端口的数据进行截获。 [0012] Further, in kernel mode, the port corresponding to the previously created log file, the method further comprising: determining whether the port is available, if so, create the log files corresponding to the port in kernel mode, otherwise, do not intercept the data port.

[0013] 进一步,在判断所述操作请求为读/写请求之后,该方法进一步包括:将所述读/ 写请求所要读/写的数据顺序保存到缓冲区; After [0013] Further, in determining whether the operation request is a read / write request, the method further comprising: said read / write requests to read / write data is sequentially stored into a buffer;

[0014] 则将所述读/写请求所要读/写的数据保存到与该端口相对应的日志文件,为: Save [0014] then the read / write requests to read / write data to the log files corresponding to the port, is:

[0015] 确定所述读/写请求所要读/写的数据保存在所述缓冲区中的首地址和数据长度; [0015] determining said read / write requests to read / write data stored in the first address and the data length of the buffer;

[0016] 根据所述读/写请求所要读/写的数据保存在所述缓冲区中的首地址和数据长度,将首地址为所述缓冲区中的首地址、长度为所述数据长度的数据从所述缓冲区中取出, 保存到与该端口相对应的日志文件。 [0016] According to the read / write requests to read / write data stored in said first buffer address and data length, the first address is the first address buffer, the length of the data length removed from the data buffer, and stored into the log file corresponding to the port.

[0017] 进一步,在判断所述操作请求为读/写请求之后,该方法进一步包括: After [0017] Further, in determining whether the operation request is a read / write request, the method further comprising:

[0018] 将根据所述读/写请求进行数据读/写的时间与所述读/写请求所要读/写的数据相对应,保存到与该端口相对应的日志文件;[0019]禾口 / 或, [0018] According to the read / write request for data read / write time and the read / write requests to read / write data corresponds to the stored log file corresponding to the port; [0019] Wo port / or,

[0020] 将读/写请求标志与所述读/写请求所要读/写的数据相对应,保存到与该端口相对应的日志文件。 [0020] The read / write request flag of the read / write requests to read / write data corresponds to the stored log file corresponding to the port.

[0021] 进一步,所述端口为一个以上的端口,则: [0021] Further, the port is more than one port, then:

[0022] 所述创建与端口相对应的日志文件为:创建与每个端口相对应的日志文件; [0022] The created port corresponding to the log file: creating a port corresponding to each log file;

[0023] 所述截获针对端口的每一操作请求为:截获针对每个端口的每一操作请求。 [0023] The interception operation request for each port are: intercept each operation request for each port.

[0024] 进一步,所述端口为串行接口,和/或,所述端口为并行接口。 [0024] Further, the port is a serial interface, and / or, said port is a parallel interface.

[0025] 另外,本发明还提供了一种WinQx操作系统中截获端口数据的系统,所述端口具有端口编号,该系统包括:日志创建与保存模块、过滤模块、操作请求执行模块,其中: [0025] Further, the present invention also provides a system for operating system WinQx intercepted data port, said port having a port number, the system comprising: a log creation and storage module, a filtering module, the module performs the requested operation, wherein:

[0026] 所述日志创建与保存模块用于,在内核模式下,创建与端口相对应的日志文件;根据所述读/写请求所针对的端口的端口编号,确定所述读/写请求所针对的端口,将所述过滤模块送来的读/写请求所要读/写的数据保存到与所述读/写请求所针对的端口相对应的日志文件,将所述读/写请求发送到所述操作请求执行模块; [0026] The log creation and storage module, in kernel mode, creates a log file corresponding to the port; Number of the port in accordance with said read / write request for determining that the read / write request save for the port, the filter module sent the read / write requests to read / write data to the read / write request for the port corresponding to the log file, the read / write request to the operation request execution module;

[0027] 所述过滤模块用于,利用Win9x操作系统中的VxD驱动程序,截获针对端口的每一操作请求,判断所述操作请求是否为读/写请求;将读/写请求所要读/写的数据和所述读/写请求所针对的端口的端口编号发送到所述日志创建与保存模块;将读/写请求之外的其他操作请求发送到所述操作请求执行模块; [0027] The filter module for use Win9x VxD driver in the operating system intercepts requests for each port operation, the operation determines whether the request is a read / write request; read / write requests to read / write and the data read / write request number for the port on which to send the log creation and storage module; read / write operations other than the operation request requesting to transmit a request execution module;

[0028] 所述操作请求执行模块用于,利用WinQx操作系统中的VxD驱动程序,执行所述日志创建与保存模块送来的所述读/写请求;利用WinQx操作系统中的VxD驱动程序,执行所述过滤模块送来的所述读/写请求之外的其他操作请求。 [0028] means for performing the operation request by the driver VxD WinQx operating system, the execution log creation of the read / write request sent from the storage module; WinQx using VxD driver in the operating system, the filter module executing the sent read / write operation request other than the request.

[0029] 所述日志创建与保存模块进一步用于,确定所述端口是否可用;将端口不可用的消息发送到所述过滤模块; [0029] The log creation and storage module is further configured to determine whether said port is available; transmitting port unavailable message to the filter module;

[0030] 则所述过滤模块进一步用于,根据所述端口不可用的消息,不截获针对该端口的操作请求。 [0030] The filtering module is further configured to, according to the message of the port is not available, the operation does not intercept requests for the port.

[0031] 进一步,所述过滤模块进一步用于,将所述读/写请求所要读/写的数据顺序保存到缓冲区; [0031] Further, the filtering module is further configured, the read / write requests to read / write data is sequentially stored in a buffer;

[0032] 则所述日志创建与保存模块用于,确定所述读/写请求所要读/写的数据保存在所述缓冲区中的首地址和数据长度;根据所述读/写请求所要读/写的数据保存在所述缓冲区中的首地址和数据长度,将首地址为所述缓冲区中的首地址、长度为所述数据长度的数据从所述缓冲区中取出,保存到与所述读/写请求所针对的端口相对应的日志文件。 [0032] and then save the log creation means for determining that the read / write request to be read / write head of the data storage address and data length of the buffer; according to the read / write request to be read first address and the data length / write data stored in the buffer, the address is the first address of the first buffer, the data length is the data length is removed from the buffer, and the stored the read / write request for the log file corresponding to the port.

[0033] 进一步,所述日志创建与保存模块进一步用于,将根据所述读/写请求进行数据读/写的时间与所述读/写请求所要读/写的数据相对应,保存到与该端口相对应的日志文件;和/或,将读/写请求标志与所述读/写请求所要读/写的数据相对应,保存到与该端口相对应的日志文件。 [0033] Further, the log creation and storage module is further configured to perform data read / write time according to the read / write request and the read / write requests to read / write data corresponds to a stored the log files corresponding to the port; and / or the read / write request flag of the read / write requests to read / write data corresponds to the stored log file corresponding to the port.

[0034] 进一步,所述端口为一个以上的端口,则: [0034] Further, the port is more than one port, then:

[0035] 所述日志创建与保存模块用于,创建与每个端口相对应的日志文件; [0035] with the saved log creation module for creating a port corresponding to each log file;

[0036] 所述过滤模块用于,截获针对每个端口的每一操作请求。 [0036] The filter module for intercepting requests for each operation of each port.

[0037] 进一步,所述端口为串行接口,和/或,所述端口为并行接口。 [0037] Further, the port is a serial interface, and / or, said port is a parallel interface. 附图说明 BRIEF DESCRIPTION

[0038] 图1为现有的WinQx操作系统中截获端口数据的系统结构图; [0038] FIG 1 interception system configuration diagram of a conventional data port WinQx operating system;

[0039] 图2为本发明提供的WinQx操作系统中截获端口数据的方法流程图; Method [0039] FIG. 2 WinQx operating system of the present invention provides a flow chart of the intercepted data port;

[0040] 图3为本发明提供的WinQx操作系统中截获端口数据的系统结构图。 [0040] FIG. 3 WinQx operating system intercepts the present invention provides a system configuration diagram of the data ports.

具体实施方式 detailed description

[0041] 以下结合附图对本发明的原理和特征进行描述,所举实例只用于解释本发明,并非用于限定本发明的范围。 [0041] The following drawings in conjunction with the principles and features of this invention will be described, The examples are only for explaining the present invention and are not intended to limit the scope of the invention.

[0042] 图2为本发明提供的WinQx操作系统中截获端口数据的方法流程图。 Method [0042] FIG. 2 WinQx operating system of the present invention provides a flowchart intercepted data port. 如图2所示, 该方法包括: 2, the method comprising:

[0043] 步骤201 :在内核模式下,创建与端口相对应的日志文件。 [0043] Step 201: In the kernel mode, to create the port corresponding to the log file.

[0044] 这里,WinQx操作系统分为用户模式和内核模式,操作系统的核心代码运行在内核模式下,这些核心代码能够直接访问物理端口、物理内存等,而无需事先申请使用权,因而在端口访问结束之后也就不需释放使用权;非核心代码运行在用户模式下,这些非核心代码要访问物理端口,需要向内核模式下的核心代码提出请求,然后由核心代码来执行访问物理端口的操作,执行完毕后将执行结果返回给非核心代码。 [0044] Here, WinQx operating system is divided into user mode and kernel mode, the operating system kernel code running in kernel mode, the kernel code to directly access the physical port, the physical memory and the like, without the prior application to use the right, thus port after the end of the visit will release without the right to use; non-core code running in user mode, these non-core code to access the physical port, you need to submit a request to the core code in kernel mode, and then perform a physical port access from the core code operation and implementation of the results returned to the non-core code after completion. 由于现有技术中访问端口的应用程序、硬件设备等都运行在用户模式下,因此,这些应用程序、硬件设备在访问端口前, 必须向核心代码提交访问端口的申请,在端口访问结束之后,也必须释放端口使用权。 Due to the application of the prior art port access, hardware and so run in user mode, therefore, these applications, hardware devices before accessing the port, the port must be submitted to apply for access to the core code, after the port access, It must also release the right to use the port.

[0045] 本步骤在内核模式下创建与端口相对应的日志文件,步骤202至步骤205也在WinQx操作系统的内核模式下进行,因此,本发明是在内核模式下用软件访问端口的方式来实现端口数据截获的,因而无需在访问端口前申请端口的使用权,也无需再访问端口结束之后释放端口的使用权,这样,本发明可以方便快捷地用软件实现截获端口数据的功能。 [0045] This step creates the port corresponding to the log file in kernel mode, carried out at step 202 to step 205 are WinQx kernel mode of the operating system, therefore, the present invention is an access port software in kernel mode achieve intercepted data port, eliminating the need to apply for the right to use the port before access port, no longer need to access the right to use the port after the port is released, so that the invention can be easily and quickly realize the function of software to intercept data port.

[0046] 本发明中,要进行监控的端口的数量可以为一个,也可以为多个,每个端口都有自己的端口编号,不同端口的端口编号不同,在各种操作请求对某个端口进行访问时,需要区分出该操作请求所要执行的操作是针对哪个端口进行的,因而该操作请求中可以包含端口编号,用来指示自身所针对的端口。 [0046] In the present invention, the number of ports to be monitored may be one, or may be a plurality, each port has its own port number, port number different from different ports, various operation request for a port when accessed, it is necessary to distinguish the operation request for the operation to be performed is performed for which port, and thus the operation request may include a port number to indicate for the port itself.

[0047] 在需要进行监控的端口的数量为一个以上的情况下,针对每个端口,本发明都创建一个与该端口相对应的日志文件,用于存储从该端口读出或写入该端口的数据,对不同端口进行读/写的数据是存储到不同的日志文件中的。 [0047] When the number of ports needs to be monitored as one or more, for each port, the present invention creates a port corresponding to the log file, for storing the port read from or written to the port data on different ports read / write data is stored in a different log file.

[0048] 步骤202 :利用Wiri^c操作系统中的VxD驱动程序,截获针对端口的每一操作请求。 [0048] Step 202: using a VxD driver Wiri ^ c operating systems, each operating to intercept a request for a port.

[0049] 这里,截获针对端口的每一操作请求的方法为:利用Wiri^c操作系统中的VxD (Virtual Device Driver,虚拟设备驱动器)驱动程序,截获针对端口的每一操作请求。 [0049] Here, the intercepts for each port operation request methods are: use Wiri ^ c operating system VxD (Virtual Device Driver, the virtual device driver) driver intercepts requests for each port operation. 其中,VxD驱动程序是WinQx操作系统中特有的驱动程序,该驱动程序工作在内核模式下, 因而可以直接访问操作系统下的任何硬件、数据以及内存,这样,VxD驱动程序可以直接对端口进行访问,无需在访问前申请使用权,也无需在访问结束后释放使用权,因此,本发明利用VxD驱动程序,可以在无需独占端口使用权的前提下,实现截获端口数据的功能。 Wherein, the VxD driver is WinQx OS specific driver, the driver operating in kernel mode, which can be any hardware, data and memory in the direct access operating system, so, the VxD driver can port direct access without prior application access rights, the right to use and without release after the visit, therefore, the present invention utilizes a VxD driver, without the premise of the exclusive right to use the port, functional intercepted data port.

[0050] 对端口的操作请求多种多样,每一种操作请求都涉及一种对端口的操作,例如,读请求、写请求、打开请求、关闭请求等,分别实现从端口读出数据、向端口写入数据、打开端口以及关闭端口等功能,其中,只有写请求和读请求涉及输入输出数据,因此,本发明需要将针对端口的所有操作请求都截获,然后从中分辨出对端口进行读操作或写操作的请求, 从而实现对端口读写的数据的截获。 [0050] variety of requests to the port, each of which relates to an operation requests to the port, e.g., a read request, a write request, a request to open, close request or the like, respectively, to achieve read data from the port to write data port, the port opening and closing function ports, wherein only the write and read requests directed to data input and output, therefore, the present invention requires that all requests for port operations are intercepted, and then sort out the read operation of the port request or write operation, read and write ports to achieve intercepted data.

[0051] 步骤203 :判断该操作请求是否为读/写请求,如果是,则依次执行步骤204和205,否则,执行步骤205。 [0051] Step 203: determining whether the operation request is a read / write request, if yes, step 204 and 205 are sequentially executed, otherwise, step 205 is performed.

[0052] 这里,当步骤202截获针对端口的一项操作请求时,通过本步骤可以判断出该操作请求是否为读/写请求,如果是读请求或写请求,则依次执行步骤204的保存数据和步骤205的执行读/写请求的步骤,如果是读请求和写请求之外的其他操作请求,则直接执行步骤205执行该操作请求的步骤,这种在判断出该操作请求为读请求和写请求之外的其他操作请求之后,按照步骤205直接执行该操作请求的操作方式,称为I^ss-Through方式。 [0052] Here, when the step 202 when an operation request for interception port, the present step can be determined that the operation request is a read / write request, if the request is a read or write request, data is stored sequentially executes step 204 perform step 205 and a read / write request, if the requested operation other than read and write requests, executes step 205 directly to step the operation request, which determines that the request is a read request and the operation after the write operation request other than the request, in accordance with step 205, direct execution of the operation requested operation mode, referred to as I ^ ss-Through mode.

[0053] WinQx操作系统中,判断操作请求是否为读/写请求的方法可以为根据该操作请求是否包含读/写数据项来判断,也可以为根据各种操作请求的数据结构来判断。 Method [0053] WinQx operating system, it is determined whether the operation request is a read / write request may contain a read request according to the operation / write data items is determined, or may be determined according to various operations of the data structure of the request.

[0054] 步骤204 :将读/写请求所要读/写的数据保存到与该端口相对应的日志文件。 [0054] Step 204: The read / write requests to read / write data stored to the log file corresponding to the port.

[0055] 这里,步骤203对步骤202中截获的操作请求的判断结果为是读/写请求,故为了实现对端口输入输出数据的监控,在本步骤中将该读/写请求所要读/写的数据保存到步骤201创建的与该端口相对应的日志文件。 [0055] Here, the determination result of step 203 to step 202 to intercept operation request is a read / write request, so in order to realize the control to port data input and output, in this step the read / write requests to read / write step 201 to save the data created with the port corresponding to the log file.

[0056] 对于要从端口读出数据的读请求,本发明可以按照该读请求,将该读请求所要求读出的数据先送至特定的存储空间,例如内存中的缓冲区,或者硬盘中的特定文件,或者其他存储空间,然后从该特定的存储空间将这些数据发送到与该端口相对应的日志文件中进行保存,这样就在缓冲数据传输速度的同时,实现了对从该端口读出的数据的截获。 [0056] For a read request to read data from the ports, in accordance with the present invention the read request, the read request requested read data to the first specific storage space, such as buffer memory, hard disk or specific file, or other storage space, and then transmitted from the specific storage data to be saved to the port corresponding to the log file, so that at the same time buffered data transfer speed, to achieve a read from the port the intercepted data.

[0057] 当然,也可以在将读请求所涉及的数据从端口读出后,直接存入与该端口相对应的日志文件,中间不经缓冲装置的缓存。 Data [0057] Of course, the read request may be involved after the read port directly to the port corresponding to the stored log file, without intermediate cache buffer means.

[0058] 读出端口的数据在截获完成之后,即可执行步骤205。 [0058] Data read ports after completion intercepted, step 205 can be executed.

[0059] 对于要将数据写入端口的写请求,本发明是先截获该写请求以及要写入端口的数据,在把要写入端口的数据保存到该端口对应的日志文件、实现了对要写入端口的数据的截获之后,再执行步骤205,按照该写请求将数据写入端口。 [0059] To write data to the port for a write request, the present invention intercepts the request and the data of the write port to be written, saved to a log file corresponding to the port in the port data to be written, the realization of after the intercepted data to be written to the port, and then step 205 is executed, in accordance with the write request to write data to the port.

[0060] 将数据保存到日志文件中后,在用户模式下,利用应用程序或某些硬件设备就可以访问该日志文件,从而获知对该日志文件对应的端口所读/写过的数据,进而判断是否泄密。 After the [0060] data is saved to a log file, in the user mode, using some hardware device or application can access the log file, the log file so as to know the port corresponding to the read / written data, and further determine whether the leak.

[0061] 当然,也可以在应用层创建专门的虚拟过滤设备,用于作为内核模式下本发明所述的方法在用户模式下的虚拟对应实体,实现本发明所述的步骤201至步骤205的方法,同时,该虚拟过滤设备还可以进一步用于接收应用层的应用程序的请求,帮助这些应用程序实现对日志文件的访问。 [0061] Of course, the application layer can also create specialized virtual filtering device for a method according to the present invention corresponds to the kernel mode virtual entity in the user mode, the present invention is to achieve a step 201 to step 205 the method, while the virtual filtering apparatus may further receives a request for an application layer applications, these applications to help achieve access to the log file.

[0062] 步骤205 :执行该操作请求。 [0062] Step 205: perform the requested operation.

[0063] 这里,本步骤为按照操作请求对端口执行相应的操作,S卩,如果是在执行完步骤204所述的对读/写数据的截获之后,本步骤就按照读/写请求,完成数据的读/写;如果在步骤203中判断所截获的操作请求为读/写请求之外的其他操作请求后,直接执行本步骤, 则按照该操作请求执行相应的操作,例如,该操作请求为打开请求,则本步骤就执行打开端口的操作。 [0063] Here, according to the operation of this step is a request to perform a corresponding operation interface, S Jie, if it is performed at the completion of step 204, the read / write data after intercepted, this step according to the read / write request is complete data read / write; If the determination at step 203 the intercepted request is a read operation / write operation request other than the request, the direct implementation of this step, then the operation request according to the appropriate action, e.g., the operation request open request, the open operation of this step of the port. [0064] 其中,执行读/写请求的方法可以为:利用WinQx操作系统中的VxD驱动程序,执行读/写请求;同样,执行操作请求的方法为:利用WinQx操作系统中的VxD驱动程序,执行操作请求。 [0064] wherein the method of performing a read / write requests may be: using the VxD driver WinQx operating system, a read / write requests; Similarly, method of performing the requested operation: the use VxD driver WinQx operating system, perform the requested action. 与步骤202相同,本步骤同样是由于利用VxD驱动程序来执行操作请求,因此, 本步骤可以在无需独占端口使用权的前提下对端口进行访问。 Same as step 202, this step is the same since the VxD driver to perform the requested operation, therefore, the present step can be accessed in the port without the premise of the exclusive right to use the port.

[0065] 由此可见,本发明中,由于在内核模式下创建了与端口相对应的日志文件,在利用WinQx操作系统中的VxD驱动程序截获针对端口的每一操作请求之后,都判断该操作请求是否为读/写请求,对于读/写请求,则将其要读/写的数据保存到与该端口相对应的日志文件,然后再执行该读/写请求,而对于读/写请求之外的其他操作请求,则不进行处理,直接执行该操作请求即可,因此,本发明能够实现对从端口读取的数据和写入端口的数据的截获,从而有效地监控计算机的输入输出数据,保证数据的安全,同时,本发明所采用的端口数据截获方法完全是软件方法,只需将该软件加载到各待监控计算机而无需采用任何专门的硬件截获设备来实现数据截获功能,因此,本发明大大降低了端口数据截获的成本。 After [0065] Thus, the present invention, since the port corresponding to the log file is created in kernel mode, using the VxD driver in the operating system intercepts WinQx operation request for each port, are judged that the operation whether the request is a read / write requests for read / write requests, it is to read / write the data saved to the port corresponding to the log file, and then perform the read / write requests, and for read / write requests of other external operation request, the process is not performed, the request can directly execute the operation, therefore, the present invention enables the intercepted data write ports and read data from the port, effectively monitoring the input and output data from the computer , ensure data security, while interception port data used in the method of the present invention is a software method entirely, just the software is loaded into each computer to be monitored without using any special hardware device for data capture interception function, and therefore, the present invention greatly reduces the cost of the intercepted data port. 另夕卜,由于本发明是在内核模式下利用软件方法在内核模式下对端口进行的访问,因此,无需申请或释放端口的使用权。 Another Bu Xi, since the present invention utilizes a software method to access port in kernel mode in kernel mode, it is not necessary to apply or release the right to use the port. 综上所述,本发明能在无需申请和释放端口使用权的前提下,降低端口数据截获的成本。 In summary, the present invention can be provided in the port without the need to apply and release the right to use, cost data port intercepted.

[0066] 本发明中,由于无需申请和释放端口的使用权即可实现端口数据的截获,因此,在截获数据前无需申请端口的使用权,在截获数据完成之后,也无需再释放端口的使用权,相对于现有技术,本发明截获端口数据的速度大大提高。 [0066] In the present invention, since the need to apply and release the right to use the port can be realized intercepted data port, therefore, before the need to apply the right to use the data capture port, after the completion of data capture, no longer need to use the release port right, with respect to the prior art, the present invention is intercepted data port greatly increased the speed.

[0067] 步骤201中,在内核模式下创建与端口相对应的日志文件之前,该方法进一步包括:确定该端口是否可用,如果是,则在内核模式下创建与该端口相对应的日志文件,否则, 不对该端口的数据进行截获。 [0067] Step 201, prior to creating the port corresponding to the kernel mode log file, the method further comprising: determining whether the port is available, if so, create the port corresponding to the log file in kernel mode, otherwise, do not intercept the data port.

[0068] 这里,本发明首先确定端口是否可用,如果是,则执行本发明所述的步骤201至205,否则,该端口不可用,则无论是否有针对该端口的访问请求,该端口都无法读出或写入数据,也就不会通过该端口泄密,因此,本发明不对该端口的数据进行截获。 [0068] Here, the present invention first determines whether a port is available, if yes, performing the step of the present invention is from 201 to 205, otherwise the port is unavailable, regardless of whether there is a request for access to the port, the port can not read or write data, it will not, therefore, the present invention does not intercept the data ports through the port leaks.

[0069] 确定该端口是否可用的方法可以为通过端口注册的方式。 [0069] The method of determining whether the port is available can be registered by way of the port. 在WinQx操作系统中, 可以调用该操作系统中的VC0MM_Add_Port ()函数来注册各种端口,也可以编制新的端口注册函数,例如HookAddPortO函数来注册各种端口。 In WinQx operating system, you can call the operating system VC0MM_Add_Port () function to register various ports, may also prepare a new port register functions, such as HookAddPortO function to register various ports. 端口注册成功,意味着该端口可用, 则该函数返回真值(TRUE),端口注册失败则意味着该端口不可用,VC0MM_Add_POrt()函数返回假值(FALSE)。 Port registration is successful, means that the port is available, the function returns true value (TRUE), it means that the port registration failed port is not available, VC0MM_Add_POrt () function returns a false value (FALSE).

[0070] 在步骤203判断一个操作请求为读/写请求之后,该方法进一步包括:将读/写请求所要读/写的数据顺序保存到缓冲区; [0070] In step 203, after a determination operation request is a read / write request, the method further comprising: saving a read / write request to read / write data sequentially into a buffer;

[0071] 则步骤204所述的将读/写请求所要读/写的数据保存到与该端口相对应的日志文件,为:确定读/写请求所要读/写的数据保存在缓冲区中的首地址和数据长度; The read [0071] the step 204 / write request to read data written / stored to the port corresponding to the log file, to: determine a read / write request to read / write data stored in the buffer first address and data length;

[0072] 根据读/写请求所要读/写的数据保存在缓冲区中的首地址和数据长度,将首地址为缓冲区中的首地址、长度为数据长度的数据从缓冲区中取出,保存到与该端口相对应的日志文件。 [0072] The data read / write requests to read / write stored in the buffer and the data length of the first address, the first address is the first address buffer, the data length is the data length is taken out from the buffer, stored to correspond with the port log files.

[0073] 这里,由于在端口读或写数据的速度与数据在端口以外的线路中传输的速度是不同的,因此,本发明将读/写请求所要读/写的数据保存到缓冲区,可以使二者的速度达到匹配,同时也可以在步骤204将数据保存到日志文件中之后,无需重新从计算机取数据送出端口以实现对从端口读出数据或重新取数据送至端口以实现向端口写入数据,节约数据读/写的时间。 Save [0073] Here, since the transmission speed in the line other than the ports in a port read or write data speed and data are different, therefore, the present invention is a read / write request to read / write data to the buffer, can be after a match is that the speed of the two, but also can save 204 the data to a log file in step, without re-fetching data from the computer to the feed ports to allow for reading data from the port or ports to allow re-fetching data to a port writing data, save data read / write time.

[0074] 将要读/写的数据保存到缓冲区的方式为顺序保存,这样,可以在确定该数据保存在缓冲区中的首地址以及数据长度之后,方便地取出数据,否则,如果数据是以非顺序保存的方式保存到缓冲区的,则根据数据保存的首地址和数据长度,是无法全部取出数据的, 这样就增加了取出数据的难度,因此,本发明将数据采取顺序保存的方式保存到缓冲区中, 大大方便了从缓冲区中取出数据。 Save [0074] to be read / write data into the buffer storage as a sequential manner, so that the data stored may be determined after the first address buffer and a data length, data easily removed, otherwise, if the data is save to save non-sequential manner to the buffer, according to the stored first address data and data length, is unable to remove all of the data, thus increasing the difficulty of extraction data, therefore, the present invention will take the saved data stored in a sequential manner a buffer, which greatly facilitates the extraction of data from the buffer.

[0075] 在步骤203判断操作请求为读/写请求之后,该方法进一步包括: After [0075] In step 203 determines that the operation request is a read / write request, the method further comprising:

[0076] 将根据读/写请求进行数据读/写的时间与读/写请求所要读/写的数据相对应, 保存到与该端口相对应的日志文件; Data [0076] The data read / write time to the read / write request and a read / write request to read / write corresponding to, and saved to the port corresponding to the log file;

[0077] 将读/写请求标志与读/写请求所要读/写的数据相对应,保存到与该端口相对应的日志文件。 [0077] The read / write request flag and a read / write request to read / write data corresponds to the stored log file corresponding to the port.

[0078] 这里,读/写请求标志可以为读标志,也可以为写标志,其中,读标志意味着与该读标志相对应的数据为从端口读出的数据,写标志意味着与该写标志对应的数据为向端口写入的数据。 [0078] Here, the read / write request flag may be a flag read, it may be written as a flag, wherein the flag read means corresponding to the read flag data is read out from the data ports, and write flag of the write means flag data corresponding to the data written to the port.

[0079] 将根据读/写请求进行数据读/写的时间与读/写请求所要读/写的数据相对应,保存到与该端口相对应的日志文件,能进一步确定读/写这些数据的时间,从而使本发明对端口输入输出数据的监控更加有效和方便。 [0079] according to a read / write request for data read / write time and the read / write requests to read / write data corresponding to the saved that further determining the port corresponding to the log file read / write the data time, thereby monitoring data input and output ports of the present invention is more efficient and convenient.

[0080] 同样,将读/写请求标志与读/写请求所要读/写的数据相对应,保存到与该端口相对应的日志文件,也可以进一步确定所保存的数据是从端口读出的数据还是向端口写入的数据,从而使本发明对端口输入输出数据的监控更加有效和方便。 [0080] Similarly, the read / write request flag and a read / write request to read / write data corresponding to the saved to, may further determine whether the stored data to the port corresponding to the log file from the port read data or write data to the port, so that the monitoring of the input and output data ports of the present invention is more efficient and convenient.

[0081] 本发明中,端口可以为一个以上的端口,则: [0081] In the present invention, the port may be more than one port, then:

[0082] 步骤201中创建与端口相对应的日志文件的方法为:创建与每个端口相对应的日志文件; Create 201 [0082] Step a method corresponding to the port log file: creating a port corresponding to each log file;

[0083] 步骤202中截获针对端口的每一操作请求的方法为:截获针对每个端口的每一操作请求。 [0083] Step 202 intercepts a request for the operation of each port of the method: intercepting each operation request for each port.

[0084] 这里,利用本发明进行监控的端口的数量可以为一个,也可以为两个以上。 [0084] Here, with the present invention for monitoring the number of ports may be one, or may be two or more. 如果端口的数量为两个以上,则本发明可以同时对这些端口进行实时监控,当然,也可以不同时对这些端口进行监控。 If the number of ports is two or more, then the present invention to these ports can be simultaneously monitored in real time, of course, may not be simultaneously monitored ports.

[0085] 针对每个端口,本发明在步骤201中创建与每个端口分别对应的日志文件,步骤202中截获针对每个端口的每一操作请求,这样,本发明就可以实现对一个或两个以上的端口同时或不同时地进行数据截获和实时监控。 [0085] In the present invention, step 201 is created for each port with each port corresponding to the log file, the operation in step 202 to intercept each request for each port, so that the present invention can be implemented for one or two more than one port simultaneously or not to perform data capture and real-time monitoring.

[0086] 本发明中所述的端口可以为串行接口,也可以为并行接口,当然,还可以为其他端口,例如红外接口、蓝牙接口、USB接口等。 [0086] The present invention may be a serial port interface, a parallel interface may also, of course, other ports may also be, for example an infrared interface, a Bluetooth interface, USB interface and so on. 只要该端口能在WinQx操作系统下实现数据的端口输入或端口输出,就在本发明的保护范围之内。 The port can be achieved as long as the data in the operating system WinQx input port or output port, it is within the scope of the present invention.

[0087] 由于端口可以为串行接口,也可以为并行接口,还可以为其他接口,这些接口的驱动程序不同,这意味着对这些端口进行读/写,其读/写速度、读/写请求格式都有所不同, 而且各种端口的数量也可以多于一个,因此,在步骤201中创建与端口对应的日志文件之前,可以首先记录各端口的参数,形成记录各端口参数的配置文件,然后在步骤201中创建与端口相应的日志文件时,即可根据该配置文件,获得相应端口的参数信息,从而针对不同的端口创建不同的日志文件。 [0087] because the port may be a serial interface, may also be a parallel interface, you can also other different interfaces, drivers for these interfaces, which means that these ports read / write, its read / write speed, read / write request format are different, and the number of various ports may be more than one, therefore, before creating the log file corresponding to the port in step 201, the parameters of each port may be first recorded, each port forming a recording parameter configuration file and then when the creating step 201 corresponding to the port log files according to that profile, the corresponding parameter information of the port to different log files created by different ports.

[0088] 当虚拟过滤设备在应用层建立之后,将在WinQx操作系统的驱动设备管理中出现该虚拟过滤设备的名称,这样,用户模式下,应用层的应用程序就可以利用该虚拟过滤设备的名称找到该虚拟过滤设备,从而通过直接操作该虚拟过滤设备来查看日志文件中的数据了。 [0088] When a virtual filter device after the application layer is established, the name of the virtual filter device appears WinQx operating system drive apparatus management so that the user mode, the application of the application layer can use the virtual filter device find the name of the virtual filter device, thereby to view the data in a log file by directly manipulating the virtual filtration equipment.

[0089] 上述各方法是通过软件方式实现的,该软件可利用微软公司发行的Windows 98DDK驱动开发工具和Compuware公司开发的QuickVxD驱动开发工具开发得到,即利用这两种驱动开发工具,编制相应的VxD驱动程序,例如,可将该VxD驱动程序命名为hook, vxd, 这样,本发明提供的WinQx操作系统中截获端口数据的方法为: [0089] above method is implemented by means of software, the software can take advantage of Microsoft's release of Windows 98DDK QuickVxD driven development tool developed by Compuware and driver development tools get developed, namely the use of two driven development tools, the preparation of the corresponding VxD driver, for example, may be designated as the VxD driver hook, vxd, so that, WinQx operating system of the present invention provides a method for intercepting data port:

[0090] 第一步,执行hook, vxd程序中的HookAddPort ()函数,对端口进行注册; [0090] The first step, executed hook, vxd program HookAddPort () function, a port register;

[0091 ] 注册成功后该函数返回TRUE,意味着该端口可用,也就可以对该端口的输入和输出数据进行监控,如果注册不成功,则该函数返回FALSE,意味着该端口不可用,也就不需要对该端口的输入输出数据进行监控。 After [0091] The success of the registration function returns TRUE, means that the port is available, it can monitor the data input and output ports, if the registration is not successful, the function returns FALSE, means that the port is not available, too there is no need to monitor the input and output data ports.

[0092] 第二步,在端口注册成功后,读取配置文件,获取端口的参数信息; [0092] The second step, after the successful registration port, reads the configuration file, parameter information of the port;

[0093] 例如,如果该端口为串行接口,则读取配置文件后,可以获得包括如下信息在内的该端口的参数信息:该端口的端口编号Port = COMx,其中,COM意味着该端口为串行接口, χ可以为0-9中的一个确定的整数值,表示该端口为该计算机的χ号串行接口。 After [0093] For example, if the port is a serial interface, the configuration file is read, the following information may be obtained include parameter information including the port: the port of port number Port = COMx, wherein, means that the COM port serial interface, a [chi] may be determined in the integer value of 0-9, [chi] represents the number of serial interface ports for the computer.

[0094] 如果该端口为并行接口,则读取配置文件后,可以获得包括如下信息在内的该端口的参数信息:该端口的端口编号Port = LPTx,其中,LPT表示该端口为并行接口,χ可以为0-9中的一个确定的整数值,表示该端口为该计算机的χ号并行接口。 After [0094] If the port is a parallel interface, the configuration file is read, the following information may be obtained include parameter information including the port: the port of port number Port = LPTx, wherein, the LPT indicates that the port is a parallel interface, χ may be one determined integer value of 0-9, χ represents the port number for the computer's parallel port.

[0095] 第三步,hook, vxd程序中的端口打开函数HookPortOpenO打开端口,并创建与该端口相应的日志文件log. bin ;同时,在应用层创建与该hook, vxd程序相对应的虚拟过滤设备,用于与内核模式下的本发明所提供的方法相对应,并向其他应用程序或硬件设备提供访问日志文件log. bin的途径; [0095] The third step, hook, vxd program HookPortOpenO port opening function to open the port, and the port corresponding to the created log file log bin;. Meanwhile, in the application layer to create the virtual filter hook, vxd corresponding to the program the method of apparatus according to the present invention is used with the kernel mode corresponding to the supplied, and to provide access to the log file log other applications or hardware devices route the bin.;

[0096] 第四步,hook, vxd程序截获针对该端口的每一操作请求,判断该操作请求是否为读/写请求,如果是,则执行hook, vxd程序中的读端口函数HookPortRead ()或写端口函数HookPortfeite (),将该读/写请求所要读/写的数据保存到与该端口相对应的日志文件log. bin中,然后执行第五步,否则,直接执行第五步; [0096] The fourth step, hook, vxd intercepts requests for the operation of each port, the operation determines whether the request is a read / write request, if yes, performing Hook, read port function HookPortRead vxd program () or save the write port function HookPortfeite (), the read / write requests to read / write data to the port corresponding to the log file in the log bin, then performing the fifth step, otherwise go to step five.;

[0097] 第五步,执行第四步所截获的操作请求; [0097] The fifth step, the fourth step performs the requested operation intercepted;

[0098] 具体来讲,如果该操作请求为读/写操作请求,则执行WinQx操作系统中的vcomm. vxd程序中的读/写端口函数,对端口数据进行读/写;如果该操作请求为读/写操作请求之外的其他操作请求,则执行Wir^x操作系统中的vcomm. vxd程序中的相应函数,来响应该操作请求。 [0098] Specifically, if the operation request is a read / write operation request, the operating system WinQx vcomm vxd program performs the read / write port function, port data read / write; if the operation request is read / write operation request other than the operation request, Wir ^ x vcomm operating system is executed. VxD function program corresponding to the operation in response to the request.

[0099] 本本发明所提供的端口数据截获方案已在Windows 95/98操作系统下得到了验证,从而证明了该软件对于Wiri^c操作系统的可行性。 Port data interception scheme [0099] The invention provides the books have been verified under Windows 95/98 operating systems, which proves the feasibility of the software for the operating system Wiri ^ c.

[0100] 图3为本发明提供的WinQx操作系统中截获端口数据的系统结构图。 [0100] FIG. 3 WinQx operating system intercepts the present invention provides a system configuration diagram of the data ports. 该系统中的端口具有端口编号,如图3所示,该系统包括:日志创建与保存模块301、过滤模块302、操作请求执行模块303,其中: The port system having a port number, shown in Figure 3, the system comprising: a log creation and storage module 301, filtering module 302, module 303 performs the requested operation, wherein:

1[0101] 日志创建与保存模块301用于,在内核模式下,创建与端口相对应的日志文件;根据读/写请求所针对的端口的端口编号,确定读/写请求所针对的端口,将过滤模块302送来的读/写请求所要读/写的数据保存到与读/写请求所针对的端口相对应的日志文件, 将读/写请求发送到操作请求执行模块303 ; 1 [0101] log creation and storage module 301 is used, in kernel mode, creates a log file corresponding to the port; Number of the port in accordance with the read / write request for determining the read / write request for the port, save the filter module 302 sent from the read / write requests to read / write data to the read / write request for the log file corresponding to the port, the read / write request to the operation request execution module 303;

[0102] 过滤模块302用于,利用Wir^x操作系统中的VxD驱动程序,截获针对端口的每一操作请求,判断操作请求是否为读/写请求;将读/写请求所要读/写的数据和读/写请求所针对的端口的端口编号发送到日志创建与保存模块301 ;将读/写请求之外的其他操作请求发送到操作请求执行模块303 ; [0102] Filter module 302 for using a VxD driver Wir ^ x operating system, intercepting each request for port operation, the operation determines whether the request is a read / write request; read / write requests to read / write port port of data and read / write requests for the number sent to the log creation and preservation module 301; else read / write requests than the request to perform the requested operation module 303;

[0103] 操作请求执行模块303用于,利用WinQx操作系统中的VxD驱动程序,执行日志创建与保存模块301送来的读/写请求;利用WinQx操作系统中的VxD驱动程序,执行过滤模块302送来的读/写请求之外的其他操作请求。 [0103] module 303 for performing the operation request by the driver VxD WinQx operating system, the stored execution log creation module 301 sent from the read / write requests; WinQx using VxD driver in the operating system, performs a filtering module 302 sent the read / write request other than the operation request.

[0104] 这里,每个端口都具有自身的端口编号,该端口编号可以用于识别该端口,从而方便日志创建与保存模块301来创建与各端口相应的日志文件、确定包括读/写请求在内的各种操作请求所针对的端口,以及实现对端口的读写。 [0104] Here, each port has its own port number, the port number may be used to identify the port so as to facilitate storage and log creation module 301 creates the log file corresponding to each port, including determining a read / write request various operations in the port for which the request, and to read and write ports.

[0105] 该系统中,过滤模块302是利用VxD驱动程序来截获针对端口的每一操作请求的, 操作请求执行模块也是利用VxD驱动程序来执行日志创建与保存模块送来的读/写请求, 并利用VxD驱动程序来执行过滤模块送来的读/写请求之外的其他操作请求的。 [0105] In this system, the use of the filter module 302 to intercept the VxD driver operation request for each port, the operation request is performed using a VxD driver module performs log creation and storage module sent the read / write requests, and using the VxD driver to perform filtering module sent read / write operation request other than the request. 其中,VxD 驱动程序为内核模式下的驱动程序,该程序可直接访问端口,而无需在访问端口前申请该端口的使用权,在访问结束后释放该端口的使用权,因而本发明能够提高端口访问的速度。 Wherein, the VxD driver is a driver in the kernel mode, the program may directly access ports without applying the right to use the port before access port, the release of the right to use the port in the end of the visit, and thus the present invention can improve the port speed access.

[0106] 由于计算机的端口多种多样,可以为串行接口,也可以为并行接口,还可以为红外接口、蓝牙接口以及USB接口等,不同端口的数据读/写格式、速度不同,因此,通过端口编号可以方便地针对不同种类的端口进行相应的操作。 [0106] Since the variety of the computer port can be a serial interface may be a parallel interface, may also be an infrared interface, a Bluetooth interface and a USB interface, the data read / write ports of different formats, different speeds, and therefore, can easily perform a corresponding operation for different types of ports by port number. 例如,如果端口编号Port = C0M1,表示该端口为串行接口,且其端口编号为1,则日志创建与保存模块301就需要创建与该串行接口相应的日志文件,并根据过滤模块302发送的端口编号为COMl的读请求,确定该读请求针对的端口为该串行接口,然后将相应的数据保存到该串行接口对应的日志文件中,最后由操作请求执行模块303执行该读请求,将数据读出。 For example, if the port number Port = C0M1, indicating that the port is a serial interface, and the port number is 1, the log storage module 301 will create a need to have a serial interface to the log file, and send A filter module 302 the port number is the COMl read request, the read request is determined that the serial interface port for, and then save the corresponding data to the serial interface corresponding to the log file, the last by the execution module 303 performs the operation requested the read request , read out the data.

[0107] 包括端口编号在内的关于端口的各种参数可以记录在预先设定的配置文件中,这样,通过读取该配置文件,就可以方便地了解各端口的编号以及其他各种参数,从而进行相应的读/写端口、打开端口、关闭端口等操作。 [0107] including various parameters, including the port number port may be recorded on a preset profile, so that, by reading the configuration file, can easily understand the number of each port, and various other parameters, thereby performing corresponding read / write port, the port is opened, the closing operation of the port and the like.

[0108] 该系统中,由于日志创建与保存模块301在内核模式下创建了与端口相对应的日志文件,过滤模块302在利用WinQx操作系统中的VxD驱动程序,截获针对端口的每一操作请求之后,可以判断被截获的操作请求是否为读/写请求,对于读/写请求,则由日志创建与保存模块301将其要读/写的数据保存到与该端口相对应的日志文件,然后再由操作请求执行模块303利用WinQx操作系统中的VxD驱动程序,执行该读/写请求,而对于读/写请求之外的其他操作请求,则直接由操作请求执行模块303利用WinQx操作系统中的VxD 驱动程序执行该操作请求即可,因此,本发明能够实现对从端口读取的数据和写入端口的数据的截获,从而有效地监控计算机的输入输出数据,保证数据的安全,同时,本发明提出的端口数据截获系统中的各模块均为软件模块,只需将该软件加载到各待监控 [0108] In this system, since the log creation module 301 creates and stored in kernel mode and log files corresponding to the port, the filter module 302 using WinQx VxD driver in the operating system, each operating to intercept a request for port then, based on the operation request is intercepted and save module creates a read / write requests for the read / write request, the log 301 by saving it to the read / write data to the port corresponding to the log file, and then the execution module 303 by using the operation request VxD driver WinQx operating system, performing the read / write request, and for the read / write request other than the operation request, the operation request is performed directly by the module 303 using the operating system WinQx the VxD driver to perform the requested operation, therefore, the present invention enables interception of write ports and read data from the data port so as to effectively monitor the input and output data from the computer, data security, at the same time, port data interception system proposed in the present invention, each module is a software module, the software is loaded into each simply be monitored 计算机而无需采用任何专门的硬件截获设备来实现数据截获功能,因此,本发明大大降低了端口数据截获的成本。 Computer without using any special hardware device for data capture interception function, therefore, the present invention greatly reduces the cost of the intercepted data port. 另外,由于该系统中的各模块均为内核模式下的软件模块,该系统是在内核模式下用软件方式对端口进行访问的,因此,无需独占端口的使用权。 Further, since the software modules in each module in the system are a kernel mode, the system is accessed by the port in software in kernel mode, it is not necessary exclusive use of the port. 综上所述,本发明能在无需申请和释放端口使用权的前提下,降低端口数据截获的成本。 In summary, the present invention can be provided in the port without the need to apply and release the right to use, cost data port intercepted.

[0109] 该系统中,日志创建与保存模块301进一步用于,确定端口是否可用;将端口不可用的消息发送到过滤模块302 ; [0109] In this system, log creation and storage module 301 is further configured to determine whether a port is available; transmitting port unavailable message to the filter module 302;

[0110] 则过滤模块302进一步用于,根据端口不可用的消息,不截获针对该端口的操作请求。 [0110] Filter module 302 is further configured to, according to the message port is not available, the operation does not intercept requests for the port.

[0111] 这里,日志创建与保存模块301可以进一步确定端口是否可用,对于可用的端口, 过滤模块302可以对其输入输出数据进行监控,对于不可用的端口,即使有针对该端口的操作请求,该端口也不能输入或输出数据,因而过滤模块无需对该端口进行监控,这样,日志创建与保存模块301向过滤模块302发送端口不可用的消息,过滤模块302根据该端口不可用的消息,不截获针对该端口的操作请求。 [0111] Here, the log creation and storage module 301 may further determine whether a port is available for an available port, the filter module 302 may monitor their input and output data for the port is not available, even if the operation request for the port, this port can not be input or output data, and therefore without filtration module monitors the port, so that, with the saved log creation module 301 to the filter module 302 transmits a message port is not available, the message filtering module 302 according to the port is not available, not intercepts requests for the port's operation.

[0112] 该系统中,过滤模块302进一步用于,将读/写请求所要读/写的数据顺序保存到缓冲区; [0112] In this system, the filter module 302 is further configured to read / write requests to read / write data is sequentially stored in a buffer;

[0113] 则日志创建与保存模块301用于,确定读/写请求所要读/写的数据保存在缓冲区中的首地址和数据长度;根据读/写请求所要读/写的数据保存在缓冲区中的首地址和数据长度,将首地址为缓冲区中的首地址、长度为数据长度的数据从缓冲区中取出,保存到与读/写请求所针对的端口相对应的日志文件。 First address and a data length [0113] the log creation and storage module 301 for determining a read / write request to read / write data stored in the buffer; the read / write requests to read / write data stored in the buffer first address and a data length area, the first address to the first address buffer, the data length is the data length is taken out from the buffer, and stored into the read / write request for the log file corresponding to the port.

[0114] 这里,缓冲区可以起到对端口读/写速度和线路传输速度的匹配作用,同时,也起到数据缓存作用,节约了数据读写的时间,提高了计算机数据监控的速度。 [0114] Here, the matching can play a role of a buffer port read / write speed and the line transmission speed, but also play a role in the data cache, the read and write data to save time, improve the speed of data monitoring computer.

[0115] 缓冲区可以为内存中的缓冲区,也可以为硬盘中的某一特定存储空间,无需另外添加硬件存储设备,利用该计算机中的原有存储设备即可。 [0115] The buffer may be a buffer memory, may be for a particular hard disk storage space, without adding additional hardware storage devices, the use of existing storage device to the computer.

[0116] 过滤模块302将数据顺序保存到缓冲区,这样,日志创建与保存模块301就可以根据该数据在缓冲区中的首地址和数据长度,从缓冲区中取出该数据,否则,日志创建与保存模块301将无法根据数据在缓冲区中的首地址和数据长度将数据从缓冲区中读出,必须采用其他更复杂的方法。 [0116] Filter module 302 saves the data sequence to the buffer, so that, with the saved log creation module 301 can be taken out from the data buffer in accordance with the first address and the data length of the data in the buffer, otherwise, the log creation and the storing module 301 will be unable to read data from the buffer in accordance with the first address and the data length of the data in the buffer, it is necessary to use other more complicated methods.

[0117] 该系统中,日志创建与保存模块301进一步用于,将根据读/写请求进行数据读/ 写的时间与读/写请求所要读/写的数据相对应,保存到与该端口相对应的日志文件;和/ 或,将读/写请求标志与读/写请求所要读/写的数据相对应,保存到与该端口相对应的日志文件。 [0117] In this system, log creation and storage module 301 is further configured to perform data read / write time to the read / write request and a read / write request to read / write data corresponding to the saved to the port with corresponding to the log file; and / or the read / write request flags with the read / write requests to read / write data corresponds to the stored log file corresponding to the port.

[0118] 这里,将数据读/写的时间和读/写标志与数据相对应,保存在日志文件中,可以进一步这些数据是被读出端口还是写入端口,以及确定所读/写的时间,这样就可以使本发明对端口输入输出数据的监控更加有效和方便。 [0118] Here, the data read / write time and the read / write flag corresponding to the data stored in the log file, the data is further read ports or write port, and determines the read / write time , so that the monitor can input and output data ports of the present invention is more efficient and convenient.

[0119] 该系统中的端口可以为一个以上的端口,则: [0119] The port system may be more than one port, then:

[0120] 日志创建与保存模块301用于,创建与每个端口相对应的日志文件; [0120] with the saved log creation module 301 for creating a port corresponding to each log file;

[0121] 过滤模块302用于,截获针对每个端口的每一操作请求。 [0121] Filter module 302 for intercepting each request for the operation of each port.

[0122] 另外,本发明中的端口可以为串行接口,也可以为并行接口,还可以为其他种类的可在WinQx操作系统中实现数据的输入或输出的端口。 [0122] Further, in the present invention may be a serial interface port, the port may be other types of input or output data may be implemented in an operating system as WinQx parallel interface, can also.

[0123] 该系统中,过滤模块302可以根据操作请求中是否含有待写入或待读出的数据项来判断操作请求是否为读/写请求,也可以根据操作请求的数据结构来进行判断。 [0123] In this system, the filter module 302 may determine if the operation request is a read / write request, it may be determined according to the data structure of the operation request according to whether the operation request contains the data item to be written or to be read out. 只要能够将读/写请求与其他操作请求区分开来,都在本发明的保护范围之内。 As long as the read / write operation request to separate them from other regions, are within the scope of the present invention.

[0124] 过滤模块302只需要对读/写请求所涉及的数据进行截获,对其他的操作请求只需采用I^ss-Through方式,按照其对应的操作请求直接进行处理即可。 [0124] Filter module 302 needs to read / write data relates to the intercepted request, the request only to other operations using I ^ ss-Through mode, can be directly processed in accordance with the corresponding operation request.

[0125] 由此可见,本发明具有以下优点: [0125] Thus, the present invention has the following advantages:

[0126] (1)本发明中,由于在内核模式下创建了与端口相对应的日志文件,在利用Wiri^c 操作系统中的VxD驱动程序,截获针对端口的每一操作请求之后,都判断该操作请求是否为读/写请求,对于读/写请求,则将其要读/写的数据保存到与该端口相对应的日志文件,然后再执行该读/写请求,而对于读/写请求之外的其他操作请求,则不进行处理,直接执行该操作请求即可,因此,本发明能够实现对从端口读取的数据和写入端口的数据的截获,从而有效地监控计算机的输入输出数据,保证数据的安全,同时,本发明所采用的端口数据截获方法完全是软件方法,只需将该软件加载到各待监控计算机而无需采用任何专门的硬件截获设备来实现数据截获功能,因此,本发明大大降低了端口数据截获的成本。 After [0126] (1) of the present invention, since the port corresponding to the log file is created in kernel mode, using c Wiri ^ VxD driver in the operating system, a request for the operation to intercept each port are determined the operation request is a read / write requests for the read / write requests, it is to read data written / stored to the log file corresponding to the port, then perform the read / write request, and for the read / write other than the requested operation request is not processed, the request can directly execute the operation, therefore, the present invention enables the intercepted data write ports and read data from the ports, thereby effectively input to the computer monitor the output data, data security, while port data used in the present invention is a software method is completely intercept method, only the software is loaded into each computer to be monitored without using any special hardware device for data capture interception function, Accordingly, the present invention greatly reduces the cost of the intercepted data port. 另夕卜,由于本发明是在内核模式下利用软件方法在内核模式下对端口进行的访问,因此,无需申请或释放端口的使用权。 Another Bu Xi, since the present invention utilizes a software method to access port in kernel mode in kernel mode, it is not necessary to apply or release the right to use the port. 综上所述,本发明能在无需申请和释放端口使用权的前提下,降低端口数据截获的成本。 In summary, the present invention can be provided in the port without the need to apply and release the right to use, cost data port intercepted.

[0127] (2)本发明中,由于无需申请和释放端口的使用权即可实现端口数据的截获,因此,在截获数据前无需申请端口的使用权,在截获数据完成之后,也无需再释放端口的使用权,相对于现有技术,本发明截获端口数据的速度大大提高。 [0127] (2) of the present invention, the need to apply and release the right to use the port can be realized intercepted data port, therefore, before the need to apply the right to use the data capture port, after the completion of data capture, no longer need to release the right to use the port, with respect to the prior art, the present invention is intercepted data port greatly increased the speed.

[0128] (3)本发明中,将读/写请求所要读/写的数据采取顺序保存的方式保存到缓冲区中,大大方便了从缓冲区中取出数据。 [0128] (3) of the present invention, the read / write requests to read / write data stored in a sequential manner to take stored into the buffer, which greatly facilitates the extraction of data from the buffer.

[0129] (4)本发明中,将读/写数据的时间以及读/写请求标志与读/写请求所要读/写的数据相对应,保存到与该端口相对应的日志文件,能进一步确定读/写这些数据的时间, 从而使本发明对端口输入输出数据的监控更加有效和方便。 [0129] (4) according to the present invention, the read / write data of time and a read / write request flag and a read / write request to read / write data corresponding to the saved to the port corresponding to the log file can be further determining the read / write time of the data, so that the monitoring of the input and output data ports of the present invention is more efficient and convenient.

[0130] (5)本发明只需要在WinQx操作系统下安装相应的监控软件,即可实现对端口数据的截获,因此,相对于现有技术,本发明使用简单、安全、方便。 [0130] (5) The present invention requires an operating system installed in the corresponding WinQx monitoring software can be implemented intercepted data port, and therefore, with respect to the prior art, the present invention is simple to use, safe and convenient.

[0131] 以上所述仅为本发明的较佳实施例,并不用以限制本发明,凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。 [0131] The foregoing is only preferred embodiments of the present invention, not intended to limit the present invention within the spirit and principle of the present invention, any modification, equivalent replacement, or improvement, it should be included in the present within the scope of the invention.

Claims (12)

  1. 1. 一种WinQx操作系统中截获端口数据的方法,其特征在于,该方法包括: 在内核模式下,创建与端口相对应的日志文件;利用WinQx操作系统中的VxD驱动程序,截获针对端口的每一操作请求,判断所述操作请求是否为读/写请求,如果是,则将所述读/写请求所要读/写的数据保存到与该端口相对应的日志文件,然后执行所述读/写请求;否则,执行所述操作请求。 1. A method of operating a system WinQx intercepted data port, wherein the method comprises: in kernel mode, creates a log file corresponding to the port; WinQx using VxD driver in the operating system, the port for intercepting each storage operation request, determining whether the operation request is a read / write request, and if so, the read / write requests to read / write data to the log files corresponding to the port, and then performing the read / write request; otherwise, performing the operation request.
  2. 2.根据权利要求1所述的方法,其特征在于,在内核模式下,创建与端口相对应的日志文件之前,该方法进一步包括:确定所述端口是否可用,如果是,则在内核模式下创建与该端口相对应的日志文件,否则,不对该端口的数据进行截获。 2. The method according to claim 1, wherein, in kernel mode, corresponding to the port before the log file is created, the method further comprising: determining whether the port is available, and if so, then the kernel mode create, otherwise, not be intercepted and the port corresponding to the log file data port.
  3. 3.根据权利要求1所述的方法,其特征在于,在判断所述操作请求为读/写请求之后, 该方法进一步包括:将所述读/写请求所要读/写的数据顺序保存到缓冲区;则将所述读/写请求所要读/写的数据保存到与该端口相对应的日志文件,为: 确定所述读/写请求所要读/写的数据保存在所述缓冲区中的首地址和数据长度; 根据所述读/写请求所要读/写的数据保存在所述缓冲区中的首地址和数据长度,将首地址为所述缓冲区中的首地址、长度为所述数据长度的数据从所述缓冲区中取出,保存到与该端口相对应的日志文件。 After 3. The method of claim 1, wherein, in determining whether the operation request is a read / write request, the method further comprising: said read / write requests to read / write data is sequentially stored in the buffer region; then the read / write requests to read / write data stored to the log file corresponding to the port, to: determine that the read / write requests to read / write data stored in the buffer first address and a data length; the first address and a data length according to the read / write requests to read / write data stored in the buffer, the address is the first address of the first buffer, the length of the length taken from the data in the buffer, and stored into the log file corresponding to the port.
  4. 4.根据权利要求1、2或3所述的方法,其特征在于,在判断所述操作请求为读/写请求之后,该方法进一步包括:将根据所述读/写请求进行数据读/写的时间与所述读/写请求所要读/写的数据相对应,保存到与该端口相对应的日志文件; 和/或,将读/写请求标志与所述读/写请求所要读/写的数据相对应,保存到与该端口相对应的日志文件。 4. The method of claim 2 or claim 3, wherein, after determining that the operation request is a read / write request, the method further comprising: reading the data according to the read / write request / write the time and the read / write requests to read / write data corresponding to the saved to the port corresponding to the log file; and / or the read / write request flag of the read / write requests to read / write corresponding to the data, save it to the port corresponding to the log file.
  5. 5.根据权利要求1、2或3所述的方法,其特征在于,所述端口为一个以上的端口,则: 所述创建与端口相对应的日志文件为:创建与每个端口相对应的日志文件;所述截获针对端口的每一操作请求为:截获针对每个端口的每一操作请求。 5. The method of claim 2 or claim 3, wherein said port is more than one port, then: create the port corresponding to the log file: creating corresponding to each port log file; intercepting the operation request for each port are: intercept each operation request for each port.
  6. 6.根据权利要求1、2或3所述的方法,其特征在于,所述端口为串行接口,和/或,所述端口为并行接口。 6. The method according to claim 2 or 3, wherein said port is a serial interface, and / or, said port is a parallel interface.
  7. 7. —种WinQx操作系统中截获端口数据的系统,所述端口具有端口编号,其特征在于, 该系统包括:日志创建与保存模块、过滤模块、操作请求执行模块,其中:所述日志创建与保存模块用于,在内核模式下,创建与端口相对应的日志文件;根据所述读/写请求所针对的端口的端口编号,确定所述读/写请求所针对的端口,将所述过滤模块送来的读/写请求所要读/写的数据保存到与所述读/写请求所针对的端口相对应的日志文件,将所述读/写请求发送到所述操作请求执行模块;所述过滤模块用于,利用Win9x操作系统中的VxD驱动程序,截获针对端口的每一操作请求,判断所述操作请求是否为读/写请求;将读/写请求所要读/写的数据和所述读/写请求所针对的端口的端口编号发送到所述日志创建与保存模块;将读/写请求之外的其他操作请求发送到所述操作请求 7. - kind of operating system to intercept system WinQx data port, said port having a port number, characterized in that the system comprising: a log creation and storage module, a filtering module, the module performs the requested operation, wherein: said log creation and storage means for, in kernel mode, to create the log files corresponding to the port; according to the read / write port number of the port for the request, determining that the read / write request for the port, the filter storing module port sent the read / write requests to read / write data to the read / write request for which corresponding log file, the read / write request to the operation request execution module; the said means for filtering, using a VxD driver Win9x operating system, intercepts each port operation request for determining whether the operation request is a read / write request; read / write requests to read / write data and the said read / write request number for the port on which to send the log creation and storage module; read / write operation request other than the request to the operation request 执行模块;所述操作请求执行模块用于,利用Win9x操作系统中的VxD驱动程序,执行所述日志创建与保存模块送来的所述读/写请求;利用Win9x操作系统中的VxD驱动程序,执行所述过滤模块送来的所述读/写请求之外的其他操作请求。 Execution module; means for performing the operation request by the driver VxD Win9x operating system, the execution of the created log storage module and sent to a read / write request; using Win9x VxD driver in the operating system, the filter module executing the sent read / write operation request other than the request.
  8. 8.根据权利要求7所述的系统,其特征在于,所述日志创建与保存模块进一步用于,确定所述端口是否可用;将端口不可用的消息发送到所述过滤模块;则所述过滤模块进一步用于,根据所述端口不可用的消息,不截获针对该端口的操作请求。 8. The system according to claim 7, wherein said log creation and storage module is further configured to determine whether said port is available; transmitting port unavailable message to the filter module; then the filter module is further configured according to the message of the port is not available, the operation does not intercept requests for the port.
  9. 9.根据权利要求7所述的系统,其特征在于,所述过滤模块进一步用于,将所述读/写请求所要读/写的数据顺序保存到缓冲区; 则所述日志创建与保存模块用于,确定所述读/写请求所要读/写的数据保存在所述缓冲区中的首地址和数据长度;根据所述读/写请求所要读/写的数据保存在所述缓冲区中的首地址和数据长度,将首地址为所述缓冲区中的首地址、长度为所述数据长度的数据从所述缓冲区中取出,保存到与所述读/写请求所针对的端口相对应的日志文件。 9. The system according to claim 7, characterized in that the filter module is further configured, the read / write request for data is sequentially read / write stored in a buffer; if the log creation and storage module for determining the read / write request to be read / write head of the data storage address and data length of the buffer; according to the read / write requests to read / write data stored in the buffer first address and data length, the first address is the first address of the buffer, the length of the data length of the data is removed from the buffer, and stored into the read / write request for the port with corresponding log file.
  10. 10.根据权利要求7、8或9所述的系统,其特征在于,所述日志创建与保存模块进一步用于,将根据所述读/写请求进行数据读/写的时间与所述读/写请求所要读/写的数据相对应,保存到与该端口相对应的日志文件;和/或,将读/写请求标志与所述读/写请求所要读/写的数据相对应,保存到与该端口相对应的日志文件。 10. The system of claim 7, 8 or 9, wherein said log creation and storage module is further configured to perform data read / write time and the read according to the read / write request / write requests to read / write data corresponding to the saved to the port corresponding to the log file; and / or the read / write request flag of the read / write requests to read / write data corresponding to the saved to corresponding to the log file to the port.
  11. 11.根据权利要求7、8或9所述的系统,其特征在于,所述端口为一个以上的端口,则: 所述日志创建与保存模块用于,创建与每个端口相对应的日志文件;所述过滤模块用于,截获针对每个端口的每一操作请求。 11. The system of claim 7, 8 or 9, wherein said port is more than one port, then: with the saved log creation module for creating for each port corresponding to the log file ; the filter module for intercepting requests for each operation of each port.
  12. 12.根据权利要求7、8或9所述的系统,其特征在于,所述端口为串行接口,和/或,所述端口为并行接口。 12. The system of claim 7, 8 or claim 9, wherein said port is a serial interface, and / or, said port is a parallel interface.
CN 201010569720 2010-11-26 2010-11-26 Method and system for intercepting and capturing port data in Win9x operation system CN102479117A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201010569720 CN102479117A (en) 2010-11-26 2010-11-26 Method and system for intercepting and capturing port data in Win9x operation system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201010569720 CN102479117A (en) 2010-11-26 2010-11-26 Method and system for intercepting and capturing port data in Win9x operation system

Publications (1)

Publication Number Publication Date
CN102479117A true true CN102479117A (en) 2012-05-30

Family

ID=46091769

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201010569720 CN102479117A (en) 2010-11-26 2010-11-26 Method and system for intercepting and capturing port data in Win9x operation system

Country Status (1)

Country Link
CN (1) CN102479117A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101009699A (en) * 2006-01-25 2007-08-01 姜斌斌 Transparent local security environment system and its implementation method
US20080133615A1 (en) * 2006-12-04 2008-06-05 Microsoft Corporation Multi-level read caching for multiplexed transactional logging

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101009699A (en) * 2006-01-25 2007-08-01 姜斌斌 Transparent local security environment system and its implementation method
US20080133615A1 (en) * 2006-12-04 2008-06-05 Microsoft Corporation Multi-level read caching for multiplexed transactional logging

Similar Documents

Publication Publication Date Title
US6081664A (en) Method for monitoring a BIOS
US20080162800A1 (en) Computer, Control Method for Virtual Device, and Program Thereof
US20120278799A1 (en) Virtual Disk Storage Techniques
US7797585B1 (en) System and method for handling trace data for analysis
US20110246171A1 (en) Virtual Machine Fast Emulation Assist
US20130311434A1 (en) Method, apparatus and system for data deduplication
US20140149706A1 (en) Storage device and data transfering method thereof
US20100228934A1 (en) Zero Copy Transport for iSCSI Target Based Storage Virtual Appliances
US20070288937A1 (en) Virtual Device Driver
US20090307444A1 (en) Systems and Methods For Virtualizing Storage For WPAR Clients Using Node Port ID Virtualization
US7512743B2 (en) Using shared memory with an execute-in-place processor and a co-processor
US20070006235A1 (en) Task scheduling to devices with same connection address
CN1694081A (en) Implementing method of virtual intelligent controller in SAN system
US7975260B1 (en) Method of direct access and manipulation of debuggee memory from debugger
US20100280817A1 (en) Direct pointer access and xip redirector for emulation of memory-mapped devices
US20100138616A1 (en) Input-output virtualization technique
US7305526B2 (en) Method, system, and program for transferring data directed to virtual memory addresses to a device memory
US20110271014A1 (en) Direct i/o device access by a virtual machine with memory managed using memory disaggregation
US20110072209A1 (en) Processing Diagnostic Requests for Direct Block Access Storage Devices
US20110282963A1 (en) Storage device and method of controlling storage device
JP2007094994A (en) Raid system, and its rebuild/copy back processing method
CN102385523A (en) Method for installing and managing driver of cloud operating system
CN101616174A (en) Method for optimizing system performance by dynamically tracking IO processing path of storage system
JP2012212380A (en) System for inspecting information processing unit to which software updates are applied
CN1991775A (en) Protection method for caching data of memory system

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
C12 Rejection of a patent application after its publication