The content of the invention
The purpose of the embodiment of the present invention is the deployment method and device for providing a kind of driver, is to improve
The security of system.
To reach above-mentioned purpose, the embodiment of the invention discloses a kind of deployment method of driver, the side
Method includes:
For the process file of the trust process of target drives program, processed with preset algorithm in advance, obtained
To the first processing data;
By first processing data addition in the corresponding scope of head preset length of the process file;
When target process is intended to open the target drives program, for the process file of the target process,
Processed with preset algorithm, obtained second processing data;
Data in the corresponding scope of head preset length of the process file for obtaining the target process;
Judge whether the second processing data are identical with the data for being obtained;
If it is, representing the trust process that the target process is the target drives program, open described
Target drives program.
Optionally, process file is processed with preset algorithm, obtains processing data, including:
The code segment data of process file is read, wherein, the code segment data is the data in code segment;
The code segment data for being read is encrypted using predetermined encryption algorithm, obtains encryption data;
The encryption data is calculated using the preset data digest algorithm, obtains processing data.
Optionally, the preset data digest algorithm is any one in following algorithm,
CRC algorithm, Message Digest 5, Secure Hash Algorithm, the verification of RACE raw integrities
Message Digest 5.
Optionally, the length of first processing data is identical with the preset length;The second processing number
According to length it is identical with the preset length.
To reach above-mentioned purpose, the embodiment of the invention discloses a kind of device for opening of driver, including:
First processing module, add module, Second processing module, acquisition module, judge module and opening module,
Wherein,
The first processing module, for the process file of the trust process for target drives program, in advance
Processed with preset algorithm, obtained the first processing data;
The add module, for first processing data addition to be preset in the head of the process file
In the corresponding scope of length;
The Second processing module, for when target process is intended to open the target drives program, for institute
The process file of target process is stated, is processed with preset algorithm, obtain second processing data;
The acquisition module, it is corresponding for obtaining the head preset length of process file of the target process
In the range of data;
The judge module, for judge the second processing data with it is described acquisition module obtain data be
It is no identical;
The opening module, for being in the case of being, to open the mesh in the judge module judged result
Mark driver, wherein, in the judge module judged result in the case of being, the expression target is entered
Journey is the trust process of the target drives program.
Optionally, the first processing module, specifically for:
For the process file of the trust process of target drives program, the code segment data of the process file is read;
The code segment data of the process file of the trust process is encrypted using predetermined encryption algorithm, is obtained
To the first encryption data;
First encryption data is calculated using the preset data digest algorithm, obtains the first treatment
Data;
The Second processing module, specifically for:
When target process is intended to open the target drives program, for the process file of the target process,
Read the code segment data of the process file;
The code segment data of the process file of the target process is encrypted using predetermined encryption algorithm, is obtained
To and two encryption datas;
Second encryption data is calculated using the preset data digest algorithm, obtains second processing
Data.
Optionally, the preset data digest algorithm is any one in following algorithm,
CRC algorithm, Message Digest 5, Secure Hash Algorithm, the verification of RACE raw integrities
Message Digest 5.
Optionally, the length of first processing data is identical with the preset length;The second processing number
According to length it is identical with the preset length.
As seen from the above technical solutions, the embodiment of the invention provides a kind of deployment method of driver
And device, method includes:For the process file of the trust process of target drives program, in advance imputing in advance
Method is processed, and obtains the first processing data;By first processing data addition in the process file
In the corresponding scope of head preset length;When target process is intended to open the target drives program, for institute
The process file of target process is stated, is processed with preset algorithm, obtain second processing data;Obtain described
Data in the corresponding scope of head preset length of the process file of target process;Judge the second processing
Whether data are identical with the data for being obtained;If it is, representing that the target process is the target drives
The trust process of program, opens the target drives program.
The technical scheme provided using the embodiment of the present invention, in an identical manner to trusting process and mesh
The process file of mark process is processed, and the processing data of the process file for trust process is added
It is added in the corresponding scope of head preset length of the process file, from the process file of target process
Data are obtained in the corresponding scope of head preset length, when the treatment of the process file for target process
When data are identical with the data obtained from its corresponding scope of head preset length, target process is represented
To trust process, then driver is opened.Assuming that the number for trusting process is M, preset length is N
(N is the digit of 2 systems), then for the process file process treatment of target process, the treatment for obtaining
Data must be 0 to 2N- 1 (totally 2NNumber) in one, then target process is the probability of trust process
It is M/2N, it is not (2 to trust the probability of processN-M)/2N;And in the case where M is constant, with
The increase of N, does not also increase therewith to trust the probability of process.Therefore and if only if target process for trust into
Cheng Shi, could open driver.Even if hacker creates the process of target drives program to be opened, also very
Difficulty makes the process file of created process by verification, so as to improve the security of system.
Certainly, implementing any product of the invention or method must be not necessarily required to while reaching above-described institute
There is advantage.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clearly
Chu, it is fully described by, it is clear that described embodiment is only a part of embodiment of the invention, rather than
Whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creation
Property work under the premise of the every other embodiment that is obtained, belong to the scope of protection of the invention.
In order to solve prior art problem, the embodiment of the invention provides a kind of driver deployment method and
Device.A kind of deployment method of driver provided in an embodiment of the present invention is described in detail first below.
Fig. 1 is a kind of schematic flow sheet of the deployment method of driver provided in an embodiment of the present invention, can be with
Including:
S101:For the process file of the trust process of target drives program, in advance with preset algorithm at
Reason, obtains the first processing data;
S102:First processing data is added into the corresponding model of head preset length in the process file
In enclosing;
S103:When target process is intended to open the target drives program, for the process of the target process
File, is processed with preset algorithm, obtains second processing data;
S104:Data in the corresponding scope of head preset length of the process file for obtaining the target process;
S105:Judge whether the second processing data are identical with the data for being obtained, if it is, performing S106;
Wherein, if the second processing data are identical with the data for being obtained, then it represents that target process is mesh
Mark the trust process of driver.
S106:Open the target drives program.
Specifically, in actual applications, being processed process file with preset algorithm, processing data is obtained,
The code segment data of process file can be read, wherein, the code segment data is the data in code segment;
The code segment data for being read is encrypted using predetermined encryption algorithm, obtains encryption data;Using described
Preset data digest algorithm is calculated the encryption data, obtains processing data.
Processed to process file process, it is necessary to obtain process file before obtaining processing data.Entered
Journey file can obtain the routing information of process file, and process file is obtained according to routing information.
In actual applications, the length of the first above-mentioned processing data is identical with preset length, second processing number
According to length it is also identical with preset length.
Exemplary, it is assumed that preset length is 128 (2 binary form), and target drives program name is A
(hereinafter referred to as driver A), the process file that it trusts process x is x.exe, wherein, x.exe's
Path is:C:\Windows\System32\x.exe.
Obtain the routing information of the process file x.exe of trust process x:C:\Windows\System32\x.exe;
The routing information for obtaining file is prior art, and the present invention is not repeated it herein.
After the routing information of process file x.exe of trust process x is obtained, just name can be searched under the path
The referred to as process file of x.exe;Obtain process file x.exe;During process file x.exe read into internal memory.
Specifically, in actual applications, process file is loaded into after internal memory, process file correspondence internal memory
Included in 5 kinds of different data fields, commonly referred to as BSS sections, data segment, code segment, stack
And heap, wherein,
BSS sections (bss segment):Typically refer to of the global variable of no initializtion in storage program
Block region of memory.BSS is the abbreviation of English Block Started by Symbol.BSS sections belongs to static memory
Distribution.
Data segment (data segment):Typically refer to of the initialized global variable in storage program
Block region of memory.Data segment belongs to static memory distribution.
Code segment (code segment/text segment):Typically refer to for deposit program execution code one
Block region of memory.The size of this subregion is before program operation just it has been determined that and region of memory is usual
Belong to read-only.
Heap (heap):Typically refer to for depositing one piece of region of memory being dynamically allocated in process operation, it
Size do not fix, can dynamically be expanded or reduced as.When process calls the function storage allocation such as malloc,
Newly assigned internal memory is just added dynamically on heap (heap is expanded);When using function releasing memories such as free,
The internal memory being released is removed (heap is contracted by) from heap.
Stack (stack):Stack typically refers to a piece of the local variable that user's storage program is created temporarily also known as storehouse
Region of memory.
Therefore, it can be obtained from internal memory the data (code segment data) in the code segment of process file x.exe,
Assuming that the code segment data for obtaining is 0101010101111100001010101.Using predetermined encryption algorithm to generation
Code segment data 0101010101111100001010101 is encrypted, and obtains the first encryption data, it is assumed that obtain
The first encryption data be 101010101010101.Wherein, the embodiment of the present invention is not carried out to AES
Limit.
After the first encryption data 101010101010101 is obtained, using preset data digest algorithm to first
Encryption data is calculated, and obtains the first processing data.
In actual applications, preset data digest algorithm can for CRC (Cyclic Redundancy Check,
CRC) algorithm, the CRC algorithm can be CRC8, CRC16, CRC32.
In actual applications, preset data digest algorithm can also (Message-Digest, message be plucked for MD
Will) algorithm, the MD algorithms can be MD2, MD4, MD5.
In actual applications, preset data digest algorithm can also for SHA (Secure Hash Algorithm,
Secure Hash Algorithm) algorithm, the SHA algorithms can be SHA1, SHA256, SHA384, SHA512.
In actual applications, preset data digest algorithm can also be RIPEMD (RACE Integrity
Primitives Evaluation Message Digest, RACE raw integrities verification message is made a summary) algorithm etc.
Deng.
Assuming that the preset data digest algorithm for using is MD5 (Message Digest 5 version 5).Then add to first
The result of calculation of ciphertext data 101010101010101 is:
EFD28A15E24BDCEBE49C899D16AED8B8 (16 systems are represented).
Then by EFD28A15E24BDCEBE49C899D16AED8B8 (16 systems are represented) additions in x.exe
In head 16 bytes (128) corresponding scope of file.
As target process y driver A to be opened, the path letter of the process file of target process y is obtained
Breath;The routing information of the process file according to target process y, obtains the process file of target process;Should
Process file is loaded into internal memory, obtains the code segment data of the process file, and obtains process file head
Data in 16, portion byte (128) corresponding scope, it is assumed that the data of the process file head of acquisition
It is 3D2172418CE305C7D16D4B05597C6A59 (16 bytes);Using above-mentioned AES pair
The code segment data of the process file is encrypted, and obtains the second encryption data;Encrypted to second using MD5
Data are calculated, and obtain second processing data, it is assumed that second processing data are:
87BE96790EA277C50F980CE4DF0B4412;Judge second processing data with the process text for obtaining
The data of part head are differed, then it represents that target process y is non-trusted process, and driver A is not opened.
If obtained in head 16 bytes (128) corresponding scope of the process file of target process y
Data be EFD28A15E24BDCEBE49C899D16AED8B8, enter by target process y
The code segment data of journey file is encrypted and to being calculated using MD5 in the data after encryption, obtained
Data also be EFD28A15E24BDCEBE49C899D16AED8B8, then processing data now with
The data of acquisition are identical, represent that target process y is trust process, open driver A.Target now
Process y is also trust process x.
Only in the case where target process is trust process, should could open driver A with the aforedescribed process.
It should be noted that above-mentioned (disappeared with driver A, trust process x, target process y and MD5
Breath digest algorithm version 5) as a example by illustrate, an instantiation only of the invention is not constituted to this hair
Bright restriction.
Using embodiment illustrated in fig. 1 of the present invention, trust process and target process are entered in an identical manner
Journey file is processed, and will be added in the process for the processing data of the process file of trust process
In the corresponding scope of head preset length of file, from the default length of the head of the process file of target process
Spend and data obtained in corresponding scope, when the process file for target process processing data with from its
When the data obtained in the corresponding scope of head preset length are identical, expression target process is trust process,
Then open driver.Assuming that the number for trusting process is M, preset length is that (N is 2 systems to N
Digit), then for target process process file process process, the processing data for obtaining must be 0
To 2N- 1 (totally 2NNumber) in one, then target process be trust process probability be M/2N,
Not for the probability of trust process is (2N-M)/2N;And in the case where M is constant, with the increase of N,
Not for the probability of trust process also increases therewith.Therefore when and if only if target process is trust process, ability
Open driver.Even if hacker creates the process of target drives program to be opened, it is also difficult to make to be created
Process process file by verification, so as to improve the security of system.
Corresponding with above-mentioned embodiment of the method, the embodiment of the present invention also provides a kind of opening dress of driver
Put.
Fig. 2 is a kind of structural representation of the device for opening of driver provided in an embodiment of the present invention, can be wrapped
Include:First processing module 201, add module 202, Second processing module 203, acquisition module 204, judgement
Module 205 and opening module 206, wherein,
First processing module 201, for the process file of the trust process for target drives program, in advance with
Preset algorithm is processed, and obtains the first processing data;
Add module 202, the first processing data for the first processing module 201 to be obtained is added in institute
State in the corresponding scope of head preset length of process file;
Second processing module 203, for when target process is intended to open the target drives program, for described
The process file of target process, is processed with preset algorithm, obtains second processing data;
Obtain module 204, the corresponding model of head preset length of the process file for obtaining the target process
Enclose interior data;
Judge module 205, for judging second processing data and acquisition module that Second processing module 203 is obtained
Whether 204 data for obtaining are identical;
Module 206 is opened, for being in the case of being, to open the target in the judged result of judge module 205
Driver, wherein, it is in the case of being, to represent the target process in the judged result of judge module 205
The trust process of the target drives program.
In actual applications, the first processing module 201 described in the embodiment of the present invention, specifically can be used for:
For the process file of the trust process of target drives program, the code segment data of the process file is read;
The code segment data of the process file of the trust process is encrypted using predetermined encryption algorithm, is obtained
To the first encryption data;
First encryption data is calculated using the preset data digest algorithm, obtains the first treatment
Data;
Second processing module 203 described in the embodiment of the present invention, specifically can be used for:
When target process is intended to open the target drives program, for the process file of the target process,
Read the code segment data of the process file;
The code segment data of the process file of the target process is encrypted using predetermined encryption algorithm, is obtained
To and two encryption datas;
Second encryption data is calculated using the preset data digest algorithm, obtains second processing
Data.
Wherein, the preset data digest algorithm is any one in following algorithm,
CRC algorithm, Message Digest 5, Secure Hash Algorithm, the verification of RACE raw integrities
Message Digest 5.
Wherein, the length of first processing data is identical with the preset length;The second processing data
Length it is identical with the preset length.
Using embodiment illustrated in fig. 2 of the present invention, in an identical manner to trust process and the process of target process
File is processed, and will be literary in the process for the addition of the processing data of the process file of trust process
In the corresponding scope of head preset length of part, from the head preset length of the process file of target process
Data are obtained in corresponding scope, when the process file for target process processing data with from its head
When the data obtained in the corresponding scope of portion's preset length are identical, expression target process is trust process,
Then open driver.Assuming that the number for trusting process is M, preset length is that (N is 2 systems to N
Digit), then the process file process for target process is processed, and the processing data for obtaining must be 0 to 2N-1
(totally 2NNumber) in one, then target process be trust process probability be M/2N, it is not trust
The probability of process is (2N-M)/2N;And it is not trust with the increase of N in the case where M is constant
The probability of process also increases therewith.Therefore when and if only if target process is trust process, driving could be opened
Program.Even if hacker creates the process of target drives program to be opened, it is also difficult to make created process
Process file passes through verification, so as to improve the security of system.
It should be noted that herein, such as first and second or the like relational terms be used merely to by
One entity or operation make a distinction with another entity or operation, and not necessarily require or imply these
There is any this actual relation or order between entity or operation.And, term " including ", "comprising"
Or any other variant thereof is intended to cover non-exclusive inclusion, so that a series of mistake including key elements
Journey, method, article or equipment not only include those key elements, but also other including being not expressly set out
Key element, or it is this process, method, article or the intrinsic key element of equipment also to include.Do not having
In the case of more limitations, the key element limited by sentence "including a ...", it is not excluded that wanted including described
Also there is other identical element in process, method, article or the equipment of element.
Each embodiment in this specification is described by the way of correlation, identical phase between each embodiment
As part mutually referring to what each embodiment was stressed is the difference with other embodiment.
For especially for device embodiment, because it is substantially similar to embodiment of the method, so the comparing of description
Simply, the relevent part can refer to the partial explaination of embodiments of method.
One of ordinary skill in the art will appreciate that realizing all or part of step in above method implementation method
Program be can be by instruct the hardware of correlation to complete, described program can be stored in computer-readable
In taking storage medium, storage medium designated herein, such as:ROM/RAM, magnetic disc, CD etc..
Presently preferred embodiments of the present invention is the foregoing is only, is not intended to limit the scope of the present invention.
All any modification, equivalent substitution and improvements made within the spirit and principles in the present invention etc., are all contained in
In protection scope of the present invention.