CN102693232A - Method and device for cancelling files - Google Patents
Method and device for cancelling files Download PDFInfo
- Publication number
- CN102693232A CN102693232A CN201110070717XA CN201110070717A CN102693232A CN 102693232 A CN102693232 A CN 102693232A CN 201110070717X A CN201110070717X A CN 201110070717XA CN 201110070717 A CN201110070717 A CN 201110070717A CN 102693232 A CN102693232 A CN 102693232A
- Authority
- CN
- China
- Prior art keywords
- file
- module
- file destination
- destination
- file system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a method and a device for cancelling files. The method comprises the following steps of: confirming that a target file is failed to be canceled by using the conventional method, and opening the target file so as to a cancel right; querying a device object created by an obtained file system, constructing an input/output request packet, and transmitting to the device object created by the file system; confirming that a function address distributed by the file system is correct so as to obtain address information of a f pre-modified in a guide list; and detecting the target file according to a function mapped by the obtained address information, and returning information identifying canceled target files and canceling the target files after a corresponding file object of the target file is detected to be a preset file to be canceled. According to the method and the device for canceling the files, disclosed by the invention, files which can not be cancelled by using the conventional method can be cancelled.
Description
Technical field
The present invention relates to the information processing technology, particularly a kind of method of deleted file and file delete device.
Background technology
The user use a computer or the process of mobile communication equipment in, can produce and store a large amount of files, thereby exhaust the storage space of computing machine or mobile communication equipment; Thereby; In order effectively to utilize the limited computing machine or the storage space of mobile communication equipment, need clear up timely to delete unwanted file, especially Malware files stored; But general Malware can not directly be removed, so need special method.
In the prior art, the file delete scheme adopts windows operating system API (Windows API, Windows Application Program Interface), generally is deleted file (DeleteFile).Specifically, check and treat the deleted file attribute to have read only attribute, then remove the read only attribute that this treats deleted file, delete then and get final product if treat deleted file.
Above-mentioned method through Windows API deleted file can be deleted the file that is not used.But in practical application, if file monopolized open or executable file just in commission, then above-mentioned deletion is handled and will be failed.For example, Malware is generally executable file, if Malware moves, perhaps, utilizes the mode of hook (hook) function or filtration drive to protect oneself, and then above-mentioned conventional delet method can not be deleted this Malware from disk; Again for example; After antivirus software scans virus document; If this virus document has been opened and share the authority of deleting, then because the user does not obtain the erase right of this virus document, thereby this virus document can not deleted through Windows API method yet.
By above-mentioned visible; The method of existing deleted file; Owing to can only delete the file that is not used; For the operating file of needs deletions, by the file of exclusive access, share the file of erase right and protect oneself file, also can't delete through conventional method through hook or filtration drive mode.
Summary of the invention
In view of this, fundamental purpose of the present invention is to propose a kind of method of deleted file, and deletion is through the unsuppressible file of conventional method.
Another object of the present invention is to propose a kind of file delete device, deletion is through the unsuppressible file of conventional method.
For achieving the above object, the invention provides a kind of method of deleted file, this method comprises:
Confirm to adopt the failure of conventional method deletion file destination, open this file destination, obtain erase right;
The device object that file system is created is obtained in inquiry, and structure I/O request package is sent to the device object that file system is created;
Confirm that file system distribution function address is correct, obtain the address information of the function of revising in advance in the importing table;
Function according to the mapping of the address information obtained detects file destination, detect file destination corresponding file object for be provided with in advance treat deleted file after, return the information that sign can be deleted file destination, the deletion file destination.
Said this file destination of opening, obtain erase right and specifically comprise:
Attempt opening this file destination with erase right,, obtain the erase right of this file destination if file destination can be opened; If file destination can not be opened, open file destination with the authority of sky, the erase right field that file destination corresponding file object is set is obtained the erase right of this file destination for deleting.
Said file destination can be opened, and the erase right that obtains is the minimal set of the Share Permissions of opening operation setting before this file destination.
Said affirmation file system distribution function address correctly specifically comprises:
During startup, file system module or Windows kernel module log file system distribution function address is set;
After receiving the I/O request package, whether confirm at file system module or Windows kernel module whether current file system distribution function address is correct through inquiry file system distribution function address.
Said file destination comprises: operating file, the file of by the file of exclusive access, sharing the file of erase right and protecting oneself through hook or filtration drive mode.
Said affirmation adopts the failure of conventional method deletion file destination specifically to comprise:
Obtain target file attributes, confirm that this target file attributes is read-only, removes read only attribute;
Calling application DLL deleted file is carried out deletion to this file destination and is handled, and confirms the deletion failure.
Said function is the MmFlushImageSection function.
A kind of file delete device, this device comprises: erase right acquisition module, I/O request package IRP constructing module, device object module, importing table module and detection module, wherein,
The erase right acquisition module is used for confirming to adopt the failure of conventional method deletion file destination, opens this file destination, obtains erase right, exports the IRP constructing module to;
The IRP constructing module is used to construct the I/O request package, and the device object that file system is created is obtained in inquiry, and the I/O request package of constructing is sent to the device object module;
The device object module is used for after confirming that current file system distribution function address is correct, from importing table module, obtaining the address information of the function of revising in advance, exports detection module to; The information that the sign of reception detection module output can be deleted file destination is closed file destination and deletion;
Import the table module, the address information that is used to store the function of revising in advance;
Detection module is used for the function according to the address information mapping of obtaining, and file destination is detected, and is confirming that file destination corresponding file object meets the deleted file of treating that is provided with in advance, returns the information that sign can be deleted file destination to the device object module.
Said erase right acquisition module obtains erase right according to the minimal set of the Share Permissions that is provided with in the file destination; Or; When opening file destination, obtain erase right through the value in the erase right field that file destination corresponding file object is set with the authority of sky.
During startup, file system module or Windows kernel module log file system distribution function address is set; Whether whether said device object module is after receiving the I/O request package, correct to confirm current file system distribution function address at file system module or Windows kernel module through inquiry file system distribution function address.
Visible by above-mentioned technical scheme, the method for a kind of deleted file provided by the invention and file delete device confirm to adopt the failure of conventional method deletion file destination, open this file destination, obtain erase right; The device object that file system is created is obtained in inquiry, and structure I/O request package is sent to the device object that file system is created; Confirm that file system distribution function address is correct, obtain the address information of the function of revising in advance in the importing table; Function according to the mapping of the address information obtained detects file destination, detect file destination corresponding file object for be provided with in advance treat deleted file after, return the information that sign can be deleted file destination, the deletion file destination.Like this; Through obtaining the deletion access rights of file destination; Address information in the importing table of revised file system, the function that is provided with in advance that makes its mapping detect the file destination object for be provided with in advance treat deleted file after, return the information that sign can be deleted file destination; Can delete through the unsuppressible file of conventional method, help timely defrag storage space.
Description of drawings
Fig. 1 is the method flow synoptic diagram of embodiment of the invention deleted file.
Fig. 2 is an embodiment of the invention file delete apparatus structure synoptic diagram.
Fig. 3 is the method idiographic flow synoptic diagram of embodiment of the invention deleted file.
Embodiment
For making the object of the invention, technical scheme and advantage clearer, will combine accompanying drawing and specific embodiment that the present invention is done to describe in detail further below.
The method of existing deleted file can not be to operating file, by the file of exclusive access, share the file of erase right and protect own file execution deletion action through hook or filtration drive mode, makes that the efficient of deleted file is lower.
Specifically, the method for existing deleted file is during the Malware file of protecting at the deletion executable file, through hook or filtration drive mode; Under the state of File Open, get access to the authority of file delete after, file system can be through the importing table that is provided with in advance; According to the operation (for example, deletion action) that the user carries out, call the api function MmFlushImageSection of Microsoft's definition of corresponding operating map addresses in the importing table; Whether can delete to this executable file of Windows operating system inquiry, if but Windows operating system inquires this executable file is deleted file, for example; This document is in non-operating state; Then, show and to delete this executable file, be in running status if inquire this executable file through the api function rreturn value being set for true (TRUE); Then, show and to delete this operating executable file through the api function rreturn value being set for false (FALSE).Thereby, in the embodiment of the invention, consider through the deletion action address in the importing table of revised file system; Realize hook to the api function MmFlushImageSection (the first function MmFlushImageSection) of existing deletion action map addresses; That is to say, through constructing the second function MmFlushImageSection in advance, the deletion action address in the importing table of revised file system; Make its this second function of mapping MmFlushImageSection; Like this, when the deletion executable file, the importing table of file system through being provided with in advance; Deletion action according to user's execution; Call the second function MmFlushImageSection of the deletion action map addresses of having revised in the importing table, the second function MmFlushImageSection detects whether this document object is the deleted file of treating that is provided with in advance, if; Automatically the rreturn value of revising this second function MmFlushImageSection is true (TRUE), thereby makes file system realize the deletion to executable file according to this second function MmFlushImageSection rreturn value.
Fig. 1 is the method flow synoptic diagram of embodiment of the invention deleted file.Referring to Fig. 1, this flow process comprises:
In this step, confirm to adopt the failure of conventional method deletion file destination specifically to comprise:
Obtain target file attributes, confirm that this target file attributes is read-only, removes read only attribute;
Call API DeleteFile this file destination is carried out the deletion processing, confirm the deletion failure.
Should explain be, in the embodiment of the invention, adopt conventional method deletion file destination to be not restricted to as stated, specifically also can introduce referring to the correlation technique document, repeat no more at this.
In this step; If can't delete this file destination through calling API DeleteFile, show this file destination be operating file, by the file of exclusive access, share the file of erase right or protect oneself file through hook or filtration drive mode.
In this step; Before the deletion file destination; Need this file destination is opened and obtained the erase right of this file destination; So that the erase right that file system is obtained according to this user obtains the function MmFlushImageSection of erase right operation address mapping through the importing table that is provided with in advance, to obtain corresponding access rights to the inquiry of Windows operating system.
Open this file destination, obtain erase right and specifically comprise:
Attempt opening this file destination with erase right,, obtain the erase right of this file destination if file destination can be opened; If file destination can not be opened, open file destination with the authority of sky, erase right (DeleteAccess) field that file destination corresponding file object is set is obtained the erase right of this file destination for deleting.
In this step; Erase right can go for when opening this file destination and ask, and the erase right that can ask occurs simultaneously to confirm according to the minimum of the Share Permissions that opening operation before this file destination is provided with, if the minimal set of Share Permissions comprises erase right; Then open this file destination; Obtain the erase right of this file destination simultaneously, otherwise refusing user's is opened this file destination.Specifically, when a file was opened, the user that request is opened at first obtained access rights, then Share Permissions can be set, and promptly allows other users to open the authority of this document, is used to control the authority of other users to same file.For example; If a user has obtained the access rights of reading and writing and deletion when opening file; Be the access rights that the initial Share Permissions of this document comprises reading and writing and deletion; Do not allow other users that this document is had the write access authority when this user is provided with then, only allow other users that this document is had the access rights of reading and deleting, then this document has only been shared the authority of reading and deleting for other users in follow-up; Thereby can prevent effectively that other users from carrying out write operation to this document, just the authority of the minimum of the Share Permissions of opening operation setting common factor for reading and deleting before this file destination.Thereby other users can only ask the authority of reading and deleting when opening file.That is to say when opening file, which kind of authority the user can ask, all open the common factor of the authority that the user of this document shares before depending on, therefore, the authority that user's reality can get access to be before the minimal set of all Share Permissions when opening this document.Again for example; Another follow-up user asks the authority of this identical file; Then can carry out and read and deletion action this document, and if this user is provided with and does not allow other users that this document is had the access rights of reading and deleting, among the then follow-up user; Just can not obtain the access rights of writing, reading or delete of this document again, promptly can not visit this document.
File object is after file is read internal memory, the management structure that Windows generates this document.Be provided with the access rights of this document in the file object, for example, authorities such as reading and writing, deletion are recorded in respectively in read right (ReadAccess) field, write permission (WriteAccess) field, erase right (DeleteAccess) field of file object.When opening file destination with the authority of sky, the access authority information that is provided with in the file object is for empty, thereby, can give the authority of deletion through the value in the DeleteAccess field that file object directly is set.
In this step, the real device object of file system, promptly the Windows system is at the virtual unit of Drive Layer foundation; The device object of just creating; Be used for managing file system, about obtaining the device object that file system is created, specifically can be referring to the correlation technique document; Repeat no more at this; The virtual unit that the Windows system sets up in Drive Layer can be used for distinguishing the device object that Malware is created, because Malware can be through intercepting and capturing user's IRP at other layer, and the device object that sends it to replacement is to reach various deception effects.Thereby; In the embodiment of the invention, obtain the real device object of file system through inquiry, virtual unit direct and that Drive Layer is set up communicates; Walking around middle hook driving or file system filter with this drives; Can prevent effectively that Malware from passing through the replacement equipment object, access rights protection oneself is set, make and to delete this Malware file.
In this step; Even the device object that the Windows system is created in Drive Layer is real; But the file system that comprises in device object distribution function address promptly is used to handle the function address of device object mapping of the IRP (for example, carrying requests such as opening of comprising among the IRP of file destination information, reading and writing, deletion) of reception; Also might be revised by Malware; If file system distribution function address had been revised by Malware, can be controlled by Malware calling all of file system so, thereby cause unsuppressible-suppression this document.
In the embodiment of the invention; The real file system distribution of record function promptly calls distributing list in internal memory, and the address information of not revised by Malware of calling in the distributing list that file system oneself is set up is only really; And if the address information in the distributing list is called in the Malware modification; Need be stored to other modules, and distributing list is put sky with recorded address information.Calling distributing list is one group of function address, is stored in the interior perhaps Windows kernel module of file system module.If confirm that file system module function address interior or Windows kernel module stored is empty, show that file system distribution function is by the hook mistake.Therefore, if obtain real function address, call over so and just can walk around Malware.
In the practical application; Because Malware is not also carried out associative operation when starting; Can be when terminal device starts; Be arranged in the file system module or log file system distribution function address in the Windows kernel module; After receiving IRP, confirm according to the file system distribution function address of file system module or Windows kernel module record whether current file system distribution function address is correct, promptly whether confirm in file system module or Windows kernel module through inquiry file system distribution function address whether current file system distribution function address is correct.
In this step; Through revising the deletion action address that imports in the table; Make it no longer shine upon foregoing api function MmFlushImageSection; The i.e. first function MmFlushImageSection, but make the second function MmFlushImageSection of its mapping embodiment of the invention, thus realize hook operation to the api function MmFlushImageSection of existing deletion action map addresses.That is to say that replacement imports the address information of the MmFlushImageSection that preserves in the table, the address information of preserving is modified as the address of second function, in second function, detect whether file object is file to be deleted.
In this step; The second function MmFlushImageSection detects whether file destination corresponding file object is the deleted file of treating that is provided with in advance; If the rreturn value of revising this second function MmFlushImageSection automatically is true (TRUE), thereby makes file system according to this second function MmFlushImageSection rreturn value; Close file destination, thereby realize deletion executable file.
By above-mentioned visible, the method for the deleted file of the embodiment of the invention confirms to adopt the failure of conventional method deletion file destination; Open this file destination, obtain erase right; The device object that file system is created is obtained in inquiry, and structure I/O request package is sent to the device object that file system is created; Confirm that file system distribution function address is correct, obtain the address information of the second function MmFlushImageSection that revises in advance in the importing table; The second function MmFlushImageSection detects whether file destination corresponding file object is the deleted file of treating that is provided with in advance, if return the information that sign can be deleted file destination.Like this; After adopting conventional method not delete file destination, through obtaining the deletion access rights of file destination, the deletion action address information in the importing table of revised file system; The second function MmFlushImageSection that its mapping is provided with in advance; The second function MmFlushImageSection detect file destination corresponding file object for be provided with in advance treat deleted file after, return the information that sign can be deleted file destination, thereby can delete through the unsuppressible file of conventional method; For example; Just at operating file, by the file of exclusive access, share the file of erase right and protect oneself Malware file through hook or filtration drive mode, improved the efficient of deleted file, help timely defrag storage space.
Fig. 2 is an embodiment of the invention file delete apparatus structure synoptic diagram.Referring to Fig. 2, this device comprises: erase right acquisition module, IRP constructing module, device object module, importing table module and detection module, wherein,
The erase right acquisition module is used for confirming to adopt the failure of conventional method deletion file destination, opens this file destination, obtains erase right, exports the IRP constructing module to;
The IRP constructing module is used to construct the I/O request package, and the device object that file system is created is obtained in inquiry, and the I/O request package of constructing is sent to the device object module;
The device object module is used for after confirming that current file system distribution function address is correct, from importing table module, obtaining the address information of second function of revising in advance, exports detection module to; The information that the sign of reception detection module output can be deleted file destination is closed file destination and deletion;
Import the table module, be used to store the address information of second function of deletion action map addresses;
Detection module; Be used for second function according to the address information mapping that receives; File destination is detected, confirming that file destination corresponding file object meets the deleted file of treating that is provided with in advance, returns the information that sign can be deleted file destination to the device object module.
In the embodiment of the invention, first function is the MmFlushImageSection function, the MmFlushImageSection function of second function for first function is made amendment and formed.
Preferably; The erase right acquisition module obtains erase right according to the minimal set of the Share Permissions that is provided with in the file destination; Or, when opening file destination, obtain erase right through the value in the DeleteAccess field that file destination corresponding file object is set with the authority of sky.
Preferably, during startup, file system module or Windows kernel module log file system distribution function address is set; Whether whether the device object module is after receiving the I/O request package, correct to confirm current file system distribution function address in file system module or Windows kernel module through inquiry file system distribution function address.
Lift a specific embodiment below, invention is described further.
Fig. 3 is the method idiographic flow synoptic diagram of embodiment of the invention deleted file.Referring to Fig. 3, this flow process comprises:
Step 301 is obtained target file attributes, judges whether this target file attributes is read-only, if, execution in step 302, otherwise, execution in step 303;
Step 302 is removed read only attribute, execution in step 303;
Step 303 is called API DeleteFile this file destination is carried out the deletion processing, if delete successfully, and process ends, if the deletion failure, execution in step 304;
Step 304 is opened file destination with the Delete authority, judges whether to open success, execution in step 307, if open failure, and execution in step 305;
Step 305 is opened file destination with the authority of sky;
Step 306 is provided with and obtains erase right, execution in step 307;
In this step, in file destination corresponding file object, the DeleteAccess field of file object directly is set, to obtain erase right.
So far, the flow process of this deleted file finishes.
The above is merely preferred embodiment of the present invention, is not to be used to limit protection scope of the present invention.All within spirit of the present invention and principle, any modification of being done, be equal to replacement and improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. the method for a deleted file is characterized in that, this method comprises:
Confirm to adopt the failure of conventional method deletion file destination, open this file destination, obtain erase right;
The device object that file system is created is obtained in inquiry, and structure I/O request package is sent to the device object that file system is created;
Confirm that file system distribution function address is correct, obtain the address information of the function of revising in advance in the importing table;
Function according to the mapping of the address information obtained detects file destination, detect file destination corresponding file object for be provided with in advance treat deleted file after, return the information that sign can be deleted file destination, the deletion file destination.
2. the method for claim 1 is characterized in that, said this file destination of opening obtains erase right and specifically comprises:
Attempt opening this file destination with erase right,, obtain the erase right of this file destination if file destination can be opened; If file destination can not be opened, open file destination with the authority of sky, the erase right field that file destination corresponding file object is set is obtained the erase right of this file destination for deleting.
3. method as claimed in claim 2 is characterized in that said file destination can be opened, and the erase right that obtains is the minimal set of the Share Permissions of opening operation setting before this file destination.
4. like each described method of claim 1 to 3, it is characterized in that said affirmation file system distribution function address correctly specifically comprises:
During startup, file system module or Windows kernel module log file system distribution function address is set;
After receiving the I/O request package, whether confirm at file system module or Windows kernel module whether current file system distribution function address is correct through inquiry file system distribution function address.
5. method as claimed in claim 4 is characterized in that, said file destination comprises: operating file, the file of by the file of exclusive access, sharing the file of erase right and protecting oneself through hook or filtration drive mode.
6. method as claimed in claim 5 is characterized in that, said affirmation adopts the failure of conventional method deletion file destination specifically to comprise:
Obtain target file attributes, confirm that this target file attributes is read-only, removes read only attribute;
Calling application DLL deleted file is carried out deletion to this file destination and is handled, and confirms the deletion failure.
7. method as claimed in claim 5 is characterized in that, said function is the MmFlushImageSection function.
8. a file delete device is characterized in that, this device comprises: erase right acquisition module, I/O request package IRP constructing module, device object module, importing table module and detection module, wherein,
The erase right acquisition module is used for confirming to adopt the failure of conventional method deletion file destination, opens this file destination, obtains erase right, exports the IRP constructing module to;
The IRP constructing module is used to construct the I/O request package, and the device object that file system is created is obtained in inquiry, and the I/O request package of constructing is sent to the device object module;
The device object module is used for after confirming that current file system distribution function address is correct, from importing table module, obtaining the address information of the function of revising in advance, exports detection module to; The information that the sign of reception detection module output can be deleted file destination is closed file destination and deletion;
Import the table module, the address information that is used to store the function of revising in advance;
Detection module is used for the function according to the address information mapping of obtaining, and file destination is detected, and is confirming that file destination corresponding file object meets the deleted file of treating that is provided with in advance, returns the information that sign can be deleted file destination to the device object module.
9. device as claimed in claim 8; It is characterized in that; Said erase right acquisition module obtains erase right according to the minimal set of the Share Permissions that is provided with in the file destination; Or, when opening file destination, obtain erase right through the value in the erase right field that file destination corresponding file object is set with the authority of sky.
10. like claim 8 or 9 described devices, it is characterized in that, during startup, file system module or Windows kernel module log file system distribution function address is set; Whether whether said device object module is after receiving the I/O request package, correct to confirm current file system distribution function address at file system module or Windows kernel module through inquiry file system distribution function address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110070717.XA CN102693232B (en) | 2011-03-23 | 2011-03-23 | Method and device for cancelling files |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110070717.XA CN102693232B (en) | 2011-03-23 | 2011-03-23 | Method and device for cancelling files |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102693232A true CN102693232A (en) | 2012-09-26 |
| CN102693232B CN102693232B (en) | 2014-05-21 |
Family
ID=46858689
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110070717.XA Active CN102693232B (en) | 2011-03-23 | 2011-03-23 | Method and device for cancelling files |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102693232B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105138565A (en) * | 2015-07-23 | 2015-12-09 | 浪潮(北京)电子信息产业有限公司 | File processing method and system |
| CN105718278A (en) * | 2014-12-05 | 2016-06-29 | 北京奇虎科技有限公司 | Method and device for unloading cracked-version application program |
| CN106169048A (en) * | 2016-06-29 | 2016-11-30 | 北京金山安全软件有限公司 | File deletion method and device and electronic equipment |
| CN110543452A (en) * | 2019-08-07 | 2019-12-06 | 浙江大华技术股份有限公司 | data acquisition method and equipment |
| CN111581165A (en) * | 2020-04-29 | 2020-08-25 | 华南理工大学 | Android application external memory quota monitoring tool and using method thereof |
| CN112685022A (en) * | 2020-12-30 | 2021-04-20 | 北京字节跳动网络技术有限公司 | Picture processing interface generation method, device, equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050234867A1 (en) * | 2002-12-18 | 2005-10-20 | Fujitsu Limited | Method and apparatus for managing file, computer product, and file system |
| JP2007156758A (en) * | 2005-12-02 | 2007-06-21 | Nihon Computer Graphic Co Ltd | File management device, file management method and file management program |
| CN101788944A (en) * | 2010-01-25 | 2010-07-28 | 浪潮电子信息产业股份有限公司 | Method for detecting failures of AIX system by means of mandatory access control |
-
2011
- 2011-03-23 CN CN201110070717.XA patent/CN102693232B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050234867A1 (en) * | 2002-12-18 | 2005-10-20 | Fujitsu Limited | Method and apparatus for managing file, computer product, and file system |
| JP2007156758A (en) * | 2005-12-02 | 2007-06-21 | Nihon Computer Graphic Co Ltd | File management device, file management method and file management program |
| CN101788944A (en) * | 2010-01-25 | 2010-07-28 | 浪潮电子信息产业股份有限公司 | Method for detecting failures of AIX system by means of mandatory access control |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105718278A (en) * | 2014-12-05 | 2016-06-29 | 北京奇虎科技有限公司 | Method and device for unloading cracked-version application program |
| CN105718278B (en) * | 2014-12-05 | 2019-02-12 | 北京奇虎科技有限公司 | Unloading cracks the method and device of edition application program |
| CN105138565A (en) * | 2015-07-23 | 2015-12-09 | 浪潮(北京)电子信息产业有限公司 | File processing method and system |
| CN105138565B (en) * | 2015-07-23 | 2018-05-01 | 浪潮(北京)电子信息产业有限公司 | A kind of document handling method and system |
| CN106169048A (en) * | 2016-06-29 | 2016-11-30 | 北京金山安全软件有限公司 | File deletion method and device and electronic equipment |
| CN106169048B (en) * | 2016-06-29 | 2019-03-12 | 珠海豹趣科技有限公司 | File delet method, device and electronic equipment |
| CN110543452A (en) * | 2019-08-07 | 2019-12-06 | 浙江大华技术股份有限公司 | data acquisition method and equipment |
| CN111581165A (en) * | 2020-04-29 | 2020-08-25 | 华南理工大学 | Android application external memory quota monitoring tool and using method thereof |
| CN111581165B (en) * | 2020-04-29 | 2023-04-21 | 华南理工大学 | Android application external memory limit monitoring tool and application method thereof |
| CN112685022A (en) * | 2020-12-30 | 2021-04-20 | 北京字节跳动网络技术有限公司 | Picture processing interface generation method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102693232B (en) | 2014-05-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7913252B2 (en) | Portable platform for executing software applications in a virtual environment | |
| US8856521B2 (en) | Methods and systems for performing secure operations on an encrypted file | |
| CN103842971B (en) | Monitor for indirect interface and the system and method for vertical line detection | |
| US20160359859A1 (en) | System For Secure File Access | |
| CN102693232A (en) | Method and device for cancelling files | |
| US10460131B2 (en) | Preventing access of a host device to malicious data in a portable device | |
| WO2015096695A1 (en) | Installation control method, system and device for application program | |
| CN102202062B (en) | Method and apparatus for realizing access control | |
| US7966490B2 (en) | Using mobility tokens to observe malicious mobile code | |
| CN104769604A (en) | Real-time module protection | |
| CN105393255A (en) | Process evaluation for malware detection in virtual machines | |
| CN107643940A (en) | Container creation method, relevant device and computer-readable storage medium | |
| CN103518196B (en) | The messaging device of management secret information and method | |
| CN104598823A (en) | Kernel level rootkit detection method and system in Andriod system | |
| CN102236768A (en) | Information flow tracking and protection | |
| US20190318107A1 (en) | System and Method for Secure File Access of Derivative Works | |
| CN105122260A (en) | Context based switching to a secure operating system environment | |
| CN103559231A (en) | File system quota managing method, device and system | |
| US20190095285A1 (en) | Backup and recovery of data files using hard links | |
| CN103679040B (en) | Data safe reading method and device | |
| US9219728B1 (en) | Systems and methods for protecting services | |
| TW201802722A (en) | Data processing system capable of securing files | |
| CN113467895B (en) | Docker operation method, docker operation device, server and storage medium | |
| Chen et al. | A cross-layer plausibly deniable encryption system for mobile devices | |
| CN112966094A (en) | Transaction data processing method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |