CN102819717A - Method and device for carrying out protection processing on file - Google Patents

Method and device for carrying out protection processing on file Download PDF

Info

Publication number
CN102819717A
CN102819717A CN2012102798197A CN201210279819A CN102819717A CN 102819717 A CN102819717 A CN 102819717A CN 2012102798197 A CN2012102798197 A CN 2012102798197A CN 201210279819 A CN201210279819 A CN 201210279819A CN 102819717 A CN102819717 A CN 102819717A
Authority
CN
China
Prior art keywords
catalogue
file
path
assigned operation
directed against
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2012102798197A
Other languages
Chinese (zh)
Other versions
CN102819717B (en
Inventor
李博
邹贵强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Qizhi Software Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd, Qizhi Software Beijing Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201210279819.7A priority Critical patent/CN102819717B/en
Priority to CN201510218806.2A priority patent/CN104834869A/en
Publication of CN102819717A publication Critical patent/CN102819717A/en
Application granted granted Critical
Publication of CN102819717B publication Critical patent/CN102819717B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries

Abstract

The invention discloses a method and a device for carrying out protection processing on a file. The method comprises the following steps of acquiring a path of the protected file and/or a protected directory; blocking a designated operation aiming at the file and/or the directory; extracting a path of the file and or the directory which the designated operation aims at; judging whether the path of the file and or the directory which the designated operation aims at is the path of the protected file and/or the protected directory; and if yes, intercepting the designated operation aiming at the file and/or the directory. According to the invention, the file can be prevented from being deleted by mistake and the stability of a system is ensured.

Description

The method and apparatus that a kind of file protection is handled
Technical field
The present invention relates to the file processing technology field, be specifically related to the method that a kind of file protection is handled, and, the device that a kind of file protection is handled.
Background technology
Along with computer popularizing in people's work and life; The file that stores in the computer is more and more; The user can manually delete some files usually in the management computer document; Or in certain software of unloading, need clear up some files; If but manual operation error or software can be deleted some important files when unloading, and can cause some not want to delete the file that maybe can not delete and deleted by mistake, deleted the file that to delete in the system and caused unstable or other harmful effects of system probably.
Therefore, those skilled in the art press for the technical matters of solution and are: how to prevent that file from being deleted by mistake.
Summary of the invention
In view of the above problems, the present invention has been proposed so that a kind of method of a kind of file protection processing that overcomes the problems referred to above or address the above problem at least in part is provided and the device that corresponding a kind of file protection is handled.
According to one aspect of the present invention, the method that provides a kind of file protection to handle comprises:
Obtain the path of agent-protected file and/or catalogue;
Clog needle is to the assigned operation of file and/or catalogue;
Extract the file that said assigned operation is directed against and/or the path of catalogue;
Whether judge the file that said assigned operation is directed against and/or the path of catalogue, be the path of agent-protected file and/or catalogue;
If tackle said assigned operation to file and/or catalogue.
Alternatively, the file that is directed against at said assigned operation and/or the path of catalogue allow the said assigned operation that is directed against file and/or catalogue during for the path of agent-protected file and/or catalogue.
Alternatively, said catalogue comprises catalogue itself, sub-directory in the catalogue and file.
Alternatively, said assigned operation comprises deletion and move operation, the move operation of catalogue itself and/or the deletion and the move operation of catalogue lining catalogue and file of file itself.
Alternatively, the path of said acquisition agent-protected file and/or catalogue is the DOS path of agent-protected file and/or catalogue, and said assigned operation to file and/or catalogue is blocked by filter Driver on FSD,
The step in the file that said extraction assigned operation is directed against and/or the path of catalogue comprises:
Said filter Driver on FSD is obtained the file that said assigned operation is directed against and/or the NT path of catalogue;
Said filter Driver on FSD converts said NT path to the DOS path.
Alternatively, whether the file that said judgement assigned operation is directed against and/or the path of catalogue are that the step in the path of agent-protected file and/or catalogue comprises:
Said filter Driver on FSD is mated the file that said assigned operation was directed against and/or the DOS path of catalogue with the DOS path of said agent-protected file and/or catalogue, and with the result notification user interface of coupling; Said matching result comprises, exists under the situation of occurrence, judges that the file that said assigned operation is directed against and/or the path of catalogue are the result in the path of agent-protected file and/or catalogue; And under the situation that does not have occurrence, the path of judging file that said assigned operation is directed against and/or catalogue is not the result in the path of agent-protected file and/or catalogue,
The said step that is directed against the assigned operation of file and/or catalogue of said interception comprises:
The file that said user interface is directed against according to said assigned operation and/or the path of catalogue are the result in the path of agent-protected file and/or catalogue, generate the information of the said assigned operation to file and/or catalogue of interception, and are sent to filter Driver on FSD;
Said filter Driver on FSD is according to the information and executing interception said operation that be directed against the assigned operation of file and/or catalogue of said interception to the assigned operation of file and/or catalogue.
Allow the step of said assigned operation to file and/or catalogue to comprise when alternatively, the path of said file that is directed against at assigned operation and/or catalogue is for the path of agent-protected file and/or catalogue:
The file that said user interface is directed against according to said assigned operation and/or the path of catalogue are not the result in the path of agent-protected file and/or catalogue, generate the information that allows said assigned operation to file and/or catalogue, and are sent to filter Driver on FSD;
Said filter Driver on FSD is according to the information and executing permission said operation that be directed against the assigned operation of file and/or catalogue of said permission to the assigned operation of file and/or catalogue.
Alternatively, said filter Driver on FSD is positioned at the 0th level of privilege Ring0, and said user interface is positioned at the 3rd level of privilege Ring3.
According to a further aspect in the invention, the device that provides a kind of file protection to handle comprises:
Acquisition module is used to obtain the path of agent-protected file and/or catalogue;
Block module, be used for the assigned operation of clog needle file and/or catalogue;
Extraction module is used to extract the file that said assigned operation is directed against and/or the path of catalogue;
Whether judge module is used to judge the file that said assigned operation is directed against and/or the path of catalogue, be the path of agent-protected file and/or catalogue; If then call blocking module;
Blocking module is used to tackle said assigned operation to file and/or catalogue.
Alternatively, the device of said a kind of file protection processing also comprises:
Allow module, the file that is used for being directed against at said assigned operation and/or the path of catalogue allow the said assigned operation that is directed against file and/or catalogue during for the path of agent-protected file and/or catalogue.
Alternatively, said catalogue comprises catalogue itself, sub-directory in the catalogue and file.
Alternatively, said assigned operation comprises deletion and move operation, the move operation of catalogue itself and/or the deletion and the move operation of catalogue lining catalogue and file of file itself.
Alternatively, the path of said agent-protected file and/or catalogue is the DOS path of agent-protected file and/or catalogue, and said assigned operation to file and/or catalogue is blocked by filter Driver on FSD,
Said extraction module comprises:
The NT path obtains submodule, is used for obtaining the file that said assigned operation is directed against and/or the NT path of catalogue by filter Driver on FSD;
Conversion submodule in path is used for converting said NT path to the DOS path by said filter Driver on FSD.
Alternatively, said judge module comprises:
The route matching submodule, mate with the DOS path of said agent-protected file and/or catalogue in the file that is used for by said filter Driver on FSD said assigned operation being directed against and/or the DOS path of catalogue, and with the result notification user interface of coupling; Said matching result comprises, exists under the situation of occurrence, judges that the file that said assigned operation is directed against and/or the path of catalogue are the result in the path of agent-protected file and/or catalogue; And under the situation that does not have occurrence, the path of judging file that said assigned operation is directed against and/or catalogue is not the result in the path of agent-protected file and/or catalogue,
Said blocking module comprises:
The intercept information that is positioned at user interface generates submodule; The file that is used for being directed against according to said assigned operation and/or the path of catalogue are the result in the path of agent-protected file and/or catalogue; Generate the said information that is directed against the assigned operation of file and/or catalogue of interception, and be sent to filter Driver on FSD;
Be positioned at the operation intercepting submodule of filter Driver on FSD, be used for according to the said operation that is directed against the assigned operation of file and/or catalogue of information and executing interception of said interception to the assigned operation of file and/or catalogue.
Alternatively, said permission module comprises:
The permission information that is positioned at user interface generates submodule; The file that is used for being directed against according to said assigned operation and/or the path of catalogue are not the result in the path of agent-protected file and/or catalogue; Generate and allow the said information that is directed against the assigned operation of file and/or catalogue, and be sent to filter Driver on FSD;
The operation that is positioned at filter Driver on FSD allows submodule, is used for allowing the said operation that is directed against the assigned operation of file and/or catalogue according to the said information and executing that is directed against the assigned operation of file and/or catalogue of said permission.
Alternatively, said filter Driver on FSD is positioned at the 0th level of privilege Ring0, and said user interface is positioned at the 3rd level of privilege Ring3.
The method that a kind of file protection according to the present invention is handled can be used window kernel file filtration drive the file of appointment and/or the file operation of catalogue and appointment are filtered; Satisfactory operation is blocked; Filter Driver on FSD through being positioned at the Ring0 layer is mutual with the user interface that is positioned at the Ring3 layer; Tackle the file of satisfactory appointment and/or the assigned operation of catalogue, solved thus and prevented that the problem that file is deleted by mistake from having obtained the beneficial effect that guarantees system stable operation.
Above-mentioned explanation only is the general introduction of technical scheme of the present invention; Understand technological means of the present invention in order can more to know; And can implement according to the content of instructions; And for let above and other objects of the present invention, feature and advantage can be more obviously understandable, below special lifts embodiment of the present invention.
Description of drawings
Through reading the hereinafter detailed description of the preferred embodiment, various other advantage and benefits will become cheer and bright for those of ordinary skills.Accompanying drawing only is used to illustrate the purpose of preferred implementation, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts with identical reference symbol.In the accompanying drawings:
Fig. 1 shows the flow chart of steps of a kind of according to an embodiment of the invention method embodiment 1 of file protection processing;
Fig. 2 shows the flow chart of steps of a kind of according to an embodiment of the invention method embodiment 2 of file protection processing;
Fig. 3 shows the structured flowchart of a kind of according to an embodiment of the invention device embodiment 1 of file protection processing;
Fig. 4 shows the structured flowchart of a kind of according to an embodiment of the invention device embodiment 2 of file protection processing.
Embodiment
Exemplary embodiment of the present disclosure is described below with reference to accompanying drawings in more detail.Though shown exemplary embodiment of the present disclosure in the accompanying drawing, yet should be appreciated that and to realize the disclosure and should do not limited with various forms by the embodiment that sets forth here.On the contrary, it is in order more thoroughly to understand the disclosure that these embodiment are provided, and can with the scope of the present disclosure complete convey to those skilled in the art.
One of core idea of the embodiment of the invention is; Through filter Driver on FSD the file of appointment and/or the file action of catalogue (user adds the file and/or the catalogue of protection) and appointment (deletion and mobile) are filtered; Satisfactory action is blocked, notify user interface from filter Driver on FSD then, user interface carries out logic determines; Generate to judge that action is the information of carrying out or tackling of should being allowed to; User interface will be judged information backspace file filtration drive, finally accomplished allowing and the operation of interception by filter Driver on FSD, prevent that through such process file and/or catalogue from being deleted by mistake.
Filter Driver on FSD is the filtration drive Technical Architecture based on the Windows NT file system that is provided by Microsoft; Filter Driver on FSD works in the kernel mode of operating system; Be between file system forms such as () FAT/NTFS and the I/O manager, IRP to file system (I/O Request Packet is the I/O request package) that interception I/O manager sends and Fast-I/O ask also before distribution, to carry out concrete filtration treatment.At present up-to-date filter Driver on FSD adopts the minifilter framework.
With reference to Fig. 1, show the flow chart of steps of a kind of according to an embodiment of the invention method embodiment 1 of file protection processing, specifically can may further comprise the steps:
Step 101: the path that obtains agent-protected file and/or catalogue;
Wherein, catalogue comprises catalogue itself, sub-directory in the catalogue and file, and the path that obtains agent-protected file and/or catalogue is the DOS path of agent-protected file and/or catalogue.
Wherein, said shielded file comprises the file with file type of directly following in disk drive back, for example: c:; Sub-directory in the said shielded catalogue or file comprise follow disk drive back be a directory name, directory name is the file of file type at the back, for example: def.txt.
Particularly, file and/or catalogue add respective rule and just form agent-protected file and/or catalogue in its DOS path.Said respective rule can be the rule that preestablishes and add up; A kind of preferred exemplary as present embodiment; Article one, respective rule can comprise a path and an action type; The rule that band forms for * number in the path is the rule of file itself, and/or the rule of catalogue lining catalogue and file, is not the rule of catalogue itself with the rule of * number formation in the path.Respective rule can be stored in the file, perhaps stores with other modes such as chained list or node trees, or is stored in the server, when needs are used rule, can from listed files, directly read, or from server, obtain the rule of real-time update.Rule can be notified filter Driver on FSD from user interface as a structure, for example:
(1) adds rule for catalogue
A catalogue, as abc
Then need add following rule
Abc RENAME
Abc DELETE
Abc RENAME
First is used for protecting catalogue itself
Latter two is used for protecting sub-directory and file in the catalogue
(2) add rule for file
A file, as def.txt
Then need add following rule
Abc DELETE
Abc RENAME
Be used for protected file.
Step 102: clog needle is to the assigned operation of file and/or catalogue;
Assigned operation to file and/or catalogue is used for identifying assigned operation in all operations of system's All Files here.A kind of preferred exemplary as present embodiment; Assigned operation mainly comprises deletion DELETE and two kinds of operations of mobile RENAME, can comprise deletion and move operation, the move operation of catalogue itself and/or the deletion and the move operation of catalogue lining catalogue and file of file itself.In concrete the realization, can comprise following four kinds of situation:
(1) user deletes a file, is divided into direct deleted file and arrives recycle bin to file delete.
User directly file of deletion can cause deleting the DELETE operation, file delete actual to recycle bin be that a mobile RENAME operates;
(2) user deletes a catalogue, if catalogue is not empty, can do deletion DELETE operation to each file under the catalogue, just catalogue is deleted the DELETE operation at last;
(3) user moves a file, if with drive, this shift action is a mobile RENAME operation; If different drives, copy files to the target location, be the file delete DELETE operation of original position then;
(4) user moves a catalogue, if with drive, this shift action is the mobile RENAME operation of of catalogue; If different drives, be the copy and the deletion DELETE operation of each file in the catalogue, be the mobile RENAME operation of catalogue at last.
A kind of preferred exemplary as present embodiment; Filter Driver on FSD is discerned assigned operation through following mode: filter Driver on FSD can be put into a chained list with the rule of band * in the path, does not put one into the rule of * and stretches in the tree, when a file action takes place in system; The type of action of just being brought with in the rule of agent-protected file and/or catalogue matees; If meet coupling, by filter Driver on FSD action is blocked, end the continuation of this action and carry out.
Step 103: extract the file that said assigned operation is directed against and/or the path of catalogue;
Because the assigned operation to file and/or catalogue is blocked by filter Driver on FSD, filter Driver on FSD works in the kernel mode of operating system, and what obtain is the NT path of file and/or catalogue; After filter Driver on FSD is obtained the NT path, need change, could compare with the DOS path; Wherein, the DOS path is exactly the path of usual application program, such as: MYFILE.CPP; The NT path is the kernel mode path; Be exactly that kernel is used for the path of real access means file, such as Device
In a kind of preferred embodiment of the application, said step 103 can comprise following substep:
Substep S11: said filter Driver on FSD is obtained the file that said assigned operation is directed against and/or the NT path of catalogue;
Substep S12: said filter Driver on FSD converts said NT path to the DOS path.
Particularly, said step 103 can be subdivided into following substep:
Substep S111: said filter Driver on FSD is obtained the volume information in corresponding device path according to said NT path after obtaining the NT path of file that said assigned operation is directed against and/or catalogue;
Substep S112: said filter Driver on FSD obtains the drive title in the corresponding DOS path of this volume according to the volume information in said corresponding device path;
Substep S113: said filter Driver on FSD is stitched together said drive title and obtains corresponding D OS path.
For example:
The NT path of file that the assigned operation that filter Driver on FSD is obtained is directed against and/or catalogue be Device; The volume information that obtains this corresponding equipment path, NT path be Device; Obtain according to DOS Device and the mapping relations of drive that the corresponding drive of this volume information is " C: ", thus its DOS path be MYFILE.CPP.
Whether step 104: judging the file that said assigned operation is directed against and/or the path of catalogue, is the path of agent-protected file and/or catalogue;
In a kind of preferred embodiment of the application, said step 104 can be judged in order to following method:
Mate with the DOS path of said agent-protected file and/or catalogue in the file that said filter Driver on FSD is directed against said assigned operation and/or the DOS path of catalogue, and with the result notification user interface of coupling; Said matching result can comprise, exists under the situation of occurrence, judges that the file that said assigned operation is directed against and/or the path of catalogue are the result in the path of agent-protected file and/or catalogue; And under the situation that does not have occurrence, the path of judging file that said assigned operation is directed against and/or catalogue is not the result in the path of agent-protected file and/or catalogue.
For example: abc just can match user be provided with abc.
Step 105: when the file that is directed against at said assigned operation and/or the path of catalogue are the path of agent-protected file and/or catalogue, tackle said assigned operation to file and/or catalogue.
In a kind of preferred embodiment of the application, said step 105 can comprise following substep:
Substep S21: the file that said user interface is directed against according to said assigned operation and/or the path of catalogue are the result in the path of agent-protected file and/or catalogue; Generate the said information that is directed against the assigned operation of file and/or catalogue of interception, and be sent to filter Driver on FSD;
Substep S22: said filter Driver on FSD is according to the information and executing interception said operation that be directed against the assigned operation of file and/or catalogue of said interception to the assigned operation of file and/or catalogue.
Wherein, said filter Driver on FSD is positioned at the 0th level of privilege Ring0, and said user interface is positioned at the 3rd level of privilege Ring3.
In all instructions of CPU, it is breakneck that some instructions are arranged, if misuse, will cause total system collapse, such as: clear internal memory, clock etc. is set.So CPU is divided into privileged instruction and nonprivileged instruction with instruction, for those dangerous instructions, only allow operating system and correlation module thereof to use, common application program can only use those can not cause the instruction of disaster.The CPU of Intel is divided into 4 rank: Ring0, Ring1, Ring2, Ring3 with privilege level.Windows only uses Ring0 and Ring3, and Ring0 layer operation system uses, and Ring3 layer user morphotype formula is used.
The message of the action that the filter Driver on FSD of Ring0 layer can be selected to block continues to be sent to the next stage filtration drive, accepts more that the filtration drive of subordinate continues to filter, and finally arrives at the filtration drive of the bottom, is and allows operation; Filter Driver on FSD also can stop to send the message of blocking action to the next stage filtration drive, and this secondary stricture is by the interception operation.
In reality, some deletion action is to delete along with closing of software or move, to these operations; Filter Driver on FSD allows; So it is a normal deletion and/or move operation or the operation that once possibly cause the mistake deletion that filter Driver on FSD after intercepting an operation, can be judged operation this time, if normal deletion and/or shift action then allow this action; Said normal deletion shift action comprises deletion and/or move operation to temporary file; And, to the deletion of empty list and/or move to the operation of recycle bin, and/or empty list is shifted out the operation of protection.
Modal deletion and/or move operation to temporary file is the temporary file that software produces when using, when software is closed, deleted and/or moved, for example:
Open the temporary file that the word program produces, temporary file is deleted automatically when closing the word program, and should allow this moment to this deletion.
Filter Driver on FSD also can be carried out analytic statistics to the result who intercepts, and utilizes analysis result that said respective rule is replenished, so that capture the mistake deletion action more accurately.
With reference to Fig. 2, show the flow chart of steps of a kind of according to an embodiment of the invention method embodiment 2 of file protection processing, specifically can may further comprise the steps:
Step 201: the path that obtains agent-protected file and/or catalogue;
Wherein, catalogue comprises catalogue itself, sub-directory in the catalogue and file, and the path that obtains agent-protected file and/or catalogue is the DOS path of agent-protected file and/or catalogue.
Particularly, file and/or catalogue add respective rule and just form agent-protected file and/or catalogue in its DOS path.Said respective rule can be the rule that preestablishes and add up; A kind of preferred exemplary as present embodiment; Article one, respective rule can comprise a path and an action type; The rule that band forms for * number in the path is the rule of file itself, and/or the rule of catalogue lining catalogue and file, is not the rule of catalogue itself with the rule of * number formation in the path.Respective rule can be stored in the file, perhaps stores with other modes such as chained list or node trees, or is stored in the server, when needs are used rule, can from listed files, directly read, or from server, obtain the rule of real-time update.Rule can be notified filter Driver on FSD from user interface as a structure.
Step 202: clog needle is to the assigned operation of file and/or catalogue;
Assigned operation to file and/or catalogue is used for identifying assigned operation in all operations of system's All Files here.A kind of preferred exemplary as present embodiment; Assigned operation mainly comprises deletion DELETE and two kinds of operations of mobile RENAME, can comprise deletion and move operation, the move operation of catalogue itself and/or the deletion and the move operation of catalogue lining catalogue and file of file itself.
Step 203: extract the file that said assigned operation is directed against and/or the path of catalogue;
In a kind of preferred embodiment of the application, said step 203 can comprise following substep:
Substep S31: said filter Driver on FSD is obtained the file that said assigned operation is directed against and/or the NT path of catalogue;
Substep S32: said filter Driver on FSD converts said NT path to the DOS path.
Whether step 204: judging the file that said assigned operation is directed against and/or the path of catalogue, is the path of agent-protected file and/or catalogue;
In a kind of preferred embodiment of the application, said step 204 can be judged in order to following method:
Mate with the DOS path of said agent-protected file and/or catalogue in the file that said filter Driver on FSD is directed against said assigned operation and/or the DOS path of catalogue, and with the result notification user interface of coupling; Said matching result can comprise, exists under the situation of occurrence, judges that the file that said assigned operation is directed against and/or the path of catalogue are the result in the path of agent-protected file and/or catalogue; And under the situation that does not have occurrence, the path of judging file that said assigned operation is directed against and/or catalogue is not the result in the path of agent-protected file and/or catalogue.
Step 205: the file that is directed against at said assigned operation and/or the path of catalogue allow the said assigned operation that is directed against file and/or catalogue during for the path of agent-protected file and/or catalogue.
In a kind of preferred embodiment of the application, said step 205 can comprise following substep:
Substep S41: the file that said user interface is directed against according to said assigned operation and/or the path of catalogue are not the result in the path of agent-protected file and/or catalogue; Generate and allow the said information that is directed against the assigned operation of file and/or catalogue, and be sent to filter Driver on FSD;
Substep S42: said filter Driver on FSD is according to the information and executing permission said operation that be directed against the assigned operation of file and/or catalogue of said permission to the assigned operation of file and/or catalogue.
Present embodiment and difference embodiment illustrated in fig. 1 are; What present embodiment carried out is the permission operation to assigned operation; The file that is directed against when said assigned operation and/or the path of catalogue are during for the path of agent-protected file and/or catalogue; Filter Driver on FSD allows the situation of said assigned operation to file and/or catalogue, and description embodiment illustrated in fig. 1 is the path of the file that is directed against at said assigned operation and/or catalogue when being the path of agent-protected file and/or catalogue, the situation of the said assigned operation to file and/or catalogue of filter Driver on FSD interception; All the other steps are basic identical with the step that Fig. 1 describes, and the present invention repeats no more to this.
Need to prove; For method embodiment, for simple description, so it all is expressed as a series of combination of actions; But those skilled in the art should know; The application does not receive the restriction of described sequence of movement, because according to the application, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in the instructions all belongs to preferred embodiment, and related action and module might not be that the application is necessary.
With reference to Fig. 3, show the structured flowchart of a kind of according to an embodiment of the invention device embodiment 1 of file protection processing, specifically can comprise with lower module:
Acquisition module 301 is used to obtain the path of agent-protected file and/or catalogue;
Block module 302, be used for the assigned operation of clog needle file and/or catalogue;
Extraction module 303 is used to extract the file that said assigned operation is directed against and/or the path of catalogue;
Whether judge module 304 is used to judge the file that said assigned operation is directed against and/or the path of catalogue, be the path of agent-protected file and/or catalogue; If then call blocking module 305;
Blocking module 305 is used to tackle said assigned operation to file and/or catalogue.
In a kind of preferred embodiment of the application, extraction module 303 can comprise:
The NT path obtains submodule, is used for obtaining the file that said assigned operation is directed against and/or the NT path of catalogue by filter Driver on FSD;
Conversion submodule in path is used for converting said NT path to the DOS path by said filter Driver on FSD.
In a kind of preferred embodiment of the application, judge module 304 can comprise:
The route matching submodule is used for by said filter Driver on FSD the file that said assigned operation was directed against and/or the DOS path of catalogue are mated with the DOS path of said agent-protected file and/or catalogue, and with the result notification user interface of coupling; Said matching result comprises, exists under the situation of occurrence, judges that the file that said assigned operation is directed against and/or the path of catalogue are the result in the path of agent-protected file and/or catalogue; And under the situation that does not have occurrence, the path of judging file that said assigned operation is directed against and/or catalogue is not the result in the path of agent-protected file and/or catalogue,
Said blocking module 305 comprises:
The intercept information that is positioned at user interface generates submodule, and the file that is used for being directed against according to said assigned operation and/or the path of catalogue are the result in the path of agent-protected file and/or catalogue, generates the information of the said assigned operation to file and/or catalogue of interception;
Be positioned at the operation intercepting submodule of filter Driver on FSD, be used for according to the said operation that is directed against the assigned operation of file and/or catalogue of information and executing interception of said interception to the assigned operation of file and/or catalogue.
With reference to Fig. 4, show the structured flowchart of a kind of according to an embodiment of the invention device embodiment 2 of file protection processing, specifically can comprise with lower module:
Acquisition module 401 is used to obtain the path of agent-protected file and/or catalogue;
Block module 402, be used for the assigned operation of clog needle file and/or catalogue;
Extraction module 403 is used to extract the file that said assigned operation is directed against and/or the path of catalogue;
Whether judge module 404 is used to judge the file that said assigned operation is directed against and/or the path of catalogue, be the path of agent-protected file and/or catalogue; If not, then call permission module 405;
Allow module 405, be used to allow said assigned operation to file and/or catalogue.
In a kind of preferred embodiment of the application, extraction module 403 can comprise:
The NT path obtains submodule, is used for obtaining the file that said assigned operation is directed against and/or the NT path of catalogue by filter Driver on FSD;
Conversion submodule in path is used for converting said NT path to the DOS path by said filter Driver on FSD.
In a kind of preferred embodiment of the application, judge module 404 can comprise:
The route matching submodule is used for by said filter Driver on FSD the file that said assigned operation was directed against and/or the DOS path of catalogue are mated with the DOS path of said agent-protected file and/or catalogue, and with the result notification user interface of coupling; Said matching result comprises, exists under the situation of occurrence, judges that the file that said assigned operation is directed against and/or the path of catalogue are the result in the path of agent-protected file and/or catalogue; And under the situation that does not have occurrence, the path of judging file that said assigned operation is directed against and/or catalogue is not the result in the path of agent-protected file and/or catalogue,
Said permission module 405 comprises:
The permission information that is positioned at user interface generates submodule; The file that is used for being directed against according to said assigned operation and/or the path of catalogue are not the result in the path of agent-protected file and/or catalogue; Generate and allow the said information that is directed against the assigned operation of file and/or catalogue, and be sent to filter Driver on FSD;
The operation that is positioned at filter Driver on FSD allows submodule, is used for by allowing the said operation that is directed against the assigned operation of file and/or catalogue according to the said information and executing that is directed against the assigned operation of file and/or catalogue of said permission.
For device embodiment, because it is similar basically with method embodiment, so description is fairly simple, relevant part gets final product referring to the part explanation of method embodiment.
Each embodiment in this instructions all adopts the mode of going forward one by one to describe, and what each embodiment stressed all is and the difference of other embodiment that identical similar part is mutually referring to getting final product between each embodiment.
Intrinsic not relevant at this algorithm that provides with any certain computer, virtual system or miscellaneous equipment with demonstration.Various general-purpose systems also can be used with the teaching that is based on this.According to top description, it is conspicuous constructing the desired structure of this type systematic.In addition, the present invention is not also to any certain programmed language.Should be understood that and to utilize various programming languages to realize content of the present invention described here, and the top description that language-specific is done is in order to disclose preferred forms of the present invention.
In the instructions that is provided herein, a large amount of details have been described.Yet, can understand, embodiments of the invention can be put into practice under the situation of these details not having.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly; Be to be understood that; In order to simplify the disclosure and to help to understand one or more in each inventive aspect, in the above in the description to exemplary embodiment of the present invention, each characteristic of the present invention be grouped together into sometimes single embodiment, figure, or the description to it in.Yet should this disclosed method be construed to the following intention of reflection: promptly the present invention for required protection requires the more characteristic of characteristic clearly put down in writing than institute in each claim.Or rather, as following claims reflected, inventive aspect was to be less than all characteristics of the disclosed single embodiment in front.Therefore, follow claims of embodiment and incorporate this embodiment thus clearly into, wherein each claim itself is all as independent embodiment of the present invention.
Those skilled in the art are appreciated that and can adaptively change and be arranged on them in one or more equipment different with this embodiment the module in the equipment among the embodiment.Can be the module among the embodiment or unit or the synthetic module of component groups or unit or assembly, and can be divided into a plurality of submodules or subelement or sub-component to them in addition.In such characteristic and/or process or unit at least some are each other repelling, and can adopt any combination to disclosed all characteristics in this instructions (comprising claim, summary and the accompanying drawing followed) and so all processes or the unit of disclosed any method or equipment make up.Only if clearly statement in addition, disclosed each characteristic can be by providing identical, being equal to or the alternative features of similar purpose replaces in this instructions (comprising claim, summary and the accompanying drawing followed).
In addition; Those skilled in the art can understand; Although some said embodiment comprise some characteristic rather than further feature included among other embodiment, the combination of features of different embodiment means and is within the scope of the present invention and forms various embodiment.For example, in the following claims, the one of any of embodiment required for protection can be used with array mode arbitrarily.
Each parts embodiment of the present invention can realize with hardware, perhaps realizes with the software module of on one or more processor, moving, and perhaps the combination with them realizes.It will be understood by those of skill in the art that and to use microprocessor or digital signal processor (DSP) to realize in practice according to some or all some or repertoire of parts in the file protection treatment facility of the embodiment of the invention.The present invention can also be embodied as part or all equipment or the device program (for example, computer program and computer program) that is used to carry out described method here.Such realization program of the present invention can be stored on the computer-readable medium, perhaps can have the form of one or more signal.Such signal can be downloaded from internet website and obtain, and perhaps on carrier signal, provides, and perhaps provides with any other form.It should be noted the foregoing description the present invention will be described rather than limit the invention, and those skilled in the art can design alternative embodiment under the situation of the scope that does not break away from accompanying claims.In claim, should any reference symbol between bracket be configured to the restriction to claim.Word " comprises " not to be got rid of existence and is not listed in element or step in the claim.Being positioned at word " " or " " before the element does not get rid of and has a plurality of such elements.The present invention can realize by means of the hardware that includes some different elements and by means of the computing machine of suitably programming.In having enumerated the unit claim of some devices, several in these devices can be to come imbody through same hardware branch.Any order is not represented in the use of word first, second and C grade.Can be title with these word explanations.

Claims (16)

1. the method that file protection is handled is characterized in that, comprising:
Obtain the path of agent-protected file and/or catalogue;
Clog needle is to the assigned operation of file and/or catalogue;
Extract the file that said assigned operation is directed against and/or the path of catalogue;
Whether judge the file that said assigned operation is directed against and/or the path of catalogue, be the path of agent-protected file and/or catalogue;
If tackle said assigned operation to file and/or catalogue.
2. the method for claim 1 is characterized in that, also comprises:
The file that is directed against at said assigned operation and/or the path of catalogue allow the said assigned operation that is directed against file and/or catalogue during for the path of agent-protected file and/or catalogue.
3. the method for claim 1 is characterized in that, said catalogue comprises catalogue itself, sub-directory in the catalogue and file.
4. the method for claim 1 is characterized in that, said assigned operation comprises deletion and move operation, the move operation of catalogue itself and/or the deletion and the move operation of catalogue lining catalogue and file of file itself.
5. like claim 1,2,3 or 4 described methods, it is characterized in that the path of said acquisition agent-protected file and/or catalogue is the DOS path of agent-protected file and/or catalogue, said assigned operation to file and/or catalogue is blocked by filter Driver on FSD,
The step in the file that said extraction assigned operation is directed against and/or the path of catalogue comprises:
Said filter Driver on FSD is obtained the file that said assigned operation is directed against and/or the NT path of catalogue;
Said filter Driver on FSD converts said NT path to the DOS path.
6. like claim 1,2,3 or 4 described methods, it is characterized in that whether the file that said judgement assigned operation is directed against and/or the path of catalogue are that the step in the path of agent-protected file and/or catalogue comprises:
Said filter Driver on FSD is mated the file that said assigned operation was directed against and/or the DOS path of catalogue with the DOS path of said agent-protected file and/or catalogue, and with the result notification user interface of coupling; Said matching result comprises, exists under the situation of occurrence, judges that the file that said assigned operation is directed against and/or the path of catalogue are the result in the path of agent-protected file and/or catalogue; And under the situation that does not have occurrence, the path of judging file that said assigned operation is directed against and/or catalogue is not the result in the path of agent-protected file and/or catalogue,
The said step that is directed against the assigned operation of file and/or catalogue of said interception comprises:
The file that said user interface is directed against according to said assigned operation and/or the path of catalogue are the result in the path of agent-protected file and/or catalogue, generate the information of the said assigned operation to file and/or catalogue of interception, and are sent to filter Driver on FSD;
Said filter Driver on FSD is according to the information and executing interception said operation that be directed against the assigned operation of file and/or catalogue of said interception to the assigned operation of file and/or catalogue.
7. method as claimed in claim 2 is characterized in that, the path of said file that is directed against at assigned operation and/or catalogue allows during for the path of agent-protected file and/or catalogue the step of said assigned operation to file and/or catalogue to comprise:
The file that said user interface is directed against according to said assigned operation and/or the path of catalogue are not the result in the path of agent-protected file and/or catalogue, generate the information that allows said assigned operation to file and/or catalogue, and are sent to filter Driver on FSD;
Said filter Driver on FSD is according to the information and executing permission said operation that be directed against the assigned operation of file and/or catalogue of said permission to the assigned operation of file and/or catalogue.
8. like claim 1 or 7 described methods, it is characterized in that said filter Driver on FSD is positioned at the 0th level of privilege Ring0, said user interface is positioned at the 3rd level of privilege Ring3.
9. the device that file protection is handled is characterized in that, comprising:
Acquisition module is used to obtain the path of agent-protected file and/or catalogue;
Block module, be used for the assigned operation of clog needle file and/or catalogue;
Extraction module is used to extract the file that said assigned operation is directed against and/or the path of catalogue;
Whether judge module is used to judge the file that said assigned operation is directed against and/or the path of catalogue, be the path of agent-protected file and/or catalogue; If then call blocking module;
Blocking module is used to tackle said assigned operation to file and/or catalogue.
10. device as claimed in claim 9 is characterized in that, also comprises:
Allow module, the file that is used for being directed against at said assigned operation and/or the path of catalogue allow the said assigned operation that is directed against file and/or catalogue during for the path of agent-protected file and/or catalogue.
11. device as claimed in claim 9 is characterized in that, said catalogue comprises catalogue itself, sub-directory in the catalogue and file.
12. device as claimed in claim 9 is characterized in that, said assigned operation comprises deletion and move operation, the move operation of catalogue itself and/or the deletion and the move operation of catalogue lining catalogue and file of file itself.
13., it is characterized in that the path of said agent-protected file and/or catalogue is the DOS path of agent-protected file and/or catalogue like claim 9,10,11 or 12 described devices, said assigned operation to file and/or catalogue is blocked by filter Driver on FSD,
Said extraction module comprises:
The NT path obtains submodule, is used for obtaining the file that said assigned operation is directed against and/or the NT path of catalogue by filter Driver on FSD;
Conversion submodule in path is used for converting said NT path to the DOS path by said filter Driver on FSD.
14., it is characterized in that said judge module comprises like claim 9,10,11 or 12 described devices:
The route matching submodule, mate with the DOS path of said agent-protected file and/or catalogue in the file that is used for by said filter Driver on FSD said assigned operation being directed against and/or the DOS path of catalogue, and with the result notification user interface of coupling; Said matching result comprises, exists under the situation of occurrence, judges that the file that said assigned operation is directed against and/or the path of catalogue are the result in the path of agent-protected file and/or catalogue; And under the situation that does not have occurrence, the path of judging file that said assigned operation is directed against and/or catalogue is not the result in the path of agent-protected file and/or catalogue,
Said blocking module comprises:
The intercept information that is positioned at user interface generates submodule; The file that is used for being directed against according to said assigned operation and/or the path of catalogue are the result in the path of agent-protected file and/or catalogue; Generate the said information that is directed against the assigned operation of file and/or catalogue of interception, and be sent to filter Driver on FSD;
Be positioned at the operation intercepting submodule of filter Driver on FSD, be used for according to the said operation that is directed against the assigned operation of file and/or catalogue of information and executing interception of said interception to the assigned operation of file and/or catalogue.
15. device as claimed in claim 10 is characterized in that, said permission module comprises:
The permission information that is positioned at user interface generates submodule; The file that is used for being directed against according to said assigned operation and/or the path of catalogue are not the result in the path of agent-protected file and/or catalogue; Generate and allow the said information that is directed against the assigned operation of file and/or catalogue, and be sent to filter Driver on FSD;
The operation that is positioned at filter Driver on FSD allows submodule, is used for allowing the said operation that is directed against the assigned operation of file and/or catalogue according to the said information and executing that is directed against the assigned operation of file and/or catalogue of said permission.
16., it is characterized in that said filter Driver on FSD is positioned at the 0th level of privilege Ring0 like claim 9 or 15 described devices, said user interface is positioned at the 3rd level of privilege Ring3.
CN201210279819.7A 2012-08-07 2012-08-07 Method and device for carrying out protection processing on file Active CN102819717B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201210279819.7A CN102819717B (en) 2012-08-07 2012-08-07 Method and device for carrying out protection processing on file
CN201510218806.2A CN104834869A (en) 2012-08-07 2012-08-07 Method and device for carrying out protective treatment on files

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210279819.7A CN102819717B (en) 2012-08-07 2012-08-07 Method and device for carrying out protection processing on file

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN201510218806.2A Division CN104834869A (en) 2012-08-07 2012-08-07 Method and device for carrying out protective treatment on files

Publications (2)

Publication Number Publication Date
CN102819717A true CN102819717A (en) 2012-12-12
CN102819717B CN102819717B (en) 2015-07-22

Family

ID=47303827

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201510218806.2A Pending CN104834869A (en) 2012-08-07 2012-08-07 Method and device for carrying out protective treatment on files
CN201210279819.7A Active CN102819717B (en) 2012-08-07 2012-08-07 Method and device for carrying out protection processing on file

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN201510218806.2A Pending CN104834869A (en) 2012-08-07 2012-08-07 Method and device for carrying out protective treatment on files

Country Status (1)

Country Link
CN (2) CN104834869A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104008343A (en) * 2014-05-14 2014-08-27 北京奇虎科技有限公司 Data shattering method and device
CN104036191B (en) * 2014-06-11 2016-08-24 上海睿海信息技术有限公司 A kind of based on filter Driver on FSD with the control method of file format condition code
CN110084057A (en) * 2019-03-13 2019-08-02 浙江大华技术股份有限公司 Safety access method, device, equipment and the storage medium of vital document
CN110334538A (en) * 2019-06-03 2019-10-15 阿里巴巴集团控股有限公司 A kind of method and device for the risk of missing for prompting block chain to deposit card source file

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109784041B (en) * 2018-12-29 2020-10-16 360企业安全技术(珠海)有限公司 Event processing method and device, storage medium and electronic device
CN112395536A (en) * 2019-08-15 2021-02-23 奇安信安全技术(珠海)有限公司 Website attack defense method and device, storage medium and electronic device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1877594A (en) * 2006-06-23 2006-12-13 北京飞天诚信科技有限公司 Electronic file automatic protection method and system
CN101256570A (en) * 2008-02-22 2008-09-03 山东中创软件工程股份有限公司 File protection technique based on Windows system files filtering drive
CN101916349A (en) * 2010-07-30 2010-12-15 中山大学 File access control method based on filter driving, system and filer manager

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1877594A (en) * 2006-06-23 2006-12-13 北京飞天诚信科技有限公司 Electronic file automatic protection method and system
CN101256570A (en) * 2008-02-22 2008-09-03 山东中创软件工程股份有限公司 File protection technique based on Windows system files filtering drive
CN101916349A (en) * 2010-07-30 2010-12-15 中山大学 File access control method based on filter driving, system and filer manager

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104008343A (en) * 2014-05-14 2014-08-27 北京奇虎科技有限公司 Data shattering method and device
CN104036191B (en) * 2014-06-11 2016-08-24 上海睿海信息技术有限公司 A kind of based on filter Driver on FSD with the control method of file format condition code
CN110084057A (en) * 2019-03-13 2019-08-02 浙江大华技术股份有限公司 Safety access method, device, equipment and the storage medium of vital document
CN110334538A (en) * 2019-06-03 2019-10-15 阿里巴巴集团控股有限公司 A kind of method and device for the risk of missing for prompting block chain to deposit card source file

Also Published As

Publication number Publication date
CN102819717B (en) 2015-07-22
CN104834869A (en) 2015-08-12

Similar Documents

Publication Publication Date Title
US10866791B2 (en) Transforming non-Apex code to Apex code
US10102374B1 (en) Method of remediating a program and system thereof by undoing operations
US11573776B1 (en) Extensible data transformation authoring and validation system
CN102819717A (en) Method and device for carrying out protection processing on file
CN104699423B (en) The method and apparatus that drive is bound in linux system
US10810224B2 (en) Computerized methods and programs for ingesting data from a relational database into a data lake
EP4095724B1 (en) Method of remediating operations performed by a program and system thereof
US20070130145A1 (en) User activity based document analysis
CN103020524A (en) Computer virus monitoring system
US11347723B2 (en) Automated suspension and rebuilding of database indices
CN103473501B (en) A kind of Malware method for tracing based on cloud security
CN103765430A (en) Data leak prevention system and method
CN104598823A (en) Kernel level rootkit detection method and system in Andriod system
CN103559447B (en) A kind of detection method, checkout gear and detection system based on Virus Sample feature
CN102882875B (en) Active defense method and device
CN103049695A (en) Computer virus monitoring method and device
CN102857519B (en) Active defensive system
CN101950339A (en) Security protection method and system of computer
CN111949849B (en) Fish information acquisition method and device, electronic equipment and readable storage medium
CN103699604A (en) Method and device for protecting private file
CN103713945A (en) Game identifying method and device
CN102945343A (en) Method and device for enumerating system process
CN105893846A (en) Method and device for protecting target application program and electronic equipment
CN102446252A (en) Method and device for showing off-limit files
CN102945346A (en) Method and device for enumerating system process

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220711

Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015

Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Patentee before: Qizhi software (Beijing) Co., Ltd