CN106951326B - File unlocking method and electronic equipment - Google Patents
File unlocking method and electronic equipment Download PDFInfo
- Publication number
- CN106951326B CN106951326B CN201710158157.0A CN201710158157A CN106951326B CN 106951326 B CN106951326 B CN 106951326B CN 201710158157 A CN201710158157 A CN 201710158157A CN 106951326 B CN106951326 B CN 106951326B
- Authority
- CN
- China
- Prior art keywords
- file
- unlocked
- handle
- memory mapping
- target file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5005—Allocation of resources, e.g. of the central processing unit [CPU] to service a request
- G06F9/5011—Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals
- G06F9/5022—Mechanisms to release resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2209/00—Indexing scheme relating to G06F9/00
- G06F2209/50—Indexing scheme relating to G06F9/50
- G06F2209/503—Resource availability
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a file unlocking method and electronic equipment, wherein the method comprises the following steps: detecting an unlocking instruction aiming at a target file to be unlocked from a list containing at least one file to be unlocked; at least enumerating a memory mapping file handle of the target file to be unlocked based on the system type of the electronic equipment, and generating occupation information aiming at the target file to be unlocked based on the memory mapping file handle obtained by enumeration; and based on the occupation information of the target file to be unlocked, carrying out occupation state removal operation on the target file to be unlocked.
Description
Technical Field
The present invention relates to file management technologies in the field of information processing, and in particular, to a file unlocking method and an electronic device.
Background
At present, the process of removing the occupied state of a file mainly includes the following processing flows: enumerating occupation information of files, and checking whether the selected files are occupied; and when the selected file is occupied, acquiring the occupation information corresponding to the occupied file, and finally unlocking the occupied file according to the occupation information.
In the above processing flow, when enumerating the occupancy information of the file, the following aspects are included: enumerating a file handle, enumerating a module and enumerating a memory mapping file. However, the enumeration occupation information still cannot adapt to a more comprehensive file unlocking scenario.
Disclosure of Invention
The embodiment of the invention provides a file unlocking method and electronic equipment, which can at least solve the problems in the prior art.
The embodiment of the invention provides a file unlocking method, which comprises the following steps:
detecting an unlocking instruction aiming at a target file to be unlocked from a list containing at least one file to be unlocked;
at least enumerating a memory mapping file handle for the target file to be unlocked based on the system type of the electronic equipment, and generating occupation information aiming at the target file to be unlocked based on the memory mapping file handle obtained by enumeration;
and based on the occupation information of the target file to be unlocked, carrying out occupation state removal operation on the target file to be unlocked.
An embodiment of the present invention provides an electronic device, including:
the file acquisition unit is used for detecting an unlocking instruction aiming at a target file to be unlocked from a list containing at least one file to be unlocked;
the enumeration unit is used for acquiring the system type of the electronic equipment, enumerating the target file to be unlocked based on the system type of the electronic equipment to obtain a memory mapped file handle, and generating occupation information aiming at the target file to be unlocked based on the memory mapped file handle;
and the unlocking unit is used for carrying out the releasing operation of the occupied state on the target file to be unlocked based on the occupied information aiming at the target file to be unlocked.
According to the file unlocking method and the electronic device provided by the embodiment of the invention, the memory mapping file handle can be enumerated, and the unlocking operation of the file to be unlocked is carried out based on the memory mapping file handle; therefore, the occupation condition of the files to be unlocked can be comprehensively enumerated, the operation success rate of the files to be unlocked is ensured, and the use experience of a user is improved.
Drawings
Fig. 1-1 is a schematic flow chart diagram 1 of a file unlocking method according to an embodiment of the present invention;
fig. 1-2 is a schematic flow chart diagram 2 of a file unlocking method according to an embodiment of the invention;
2-7 are schematic views of a file unlocking operation interface according to an embodiment of the invention;
FIG. 8 is a schematic diagram of processing logic of FIG. 1 according to an embodiment of the present invention;
FIG. 9 is a schematic diagram of processing logic according to an embodiment of the present invention, FIG. 2;
FIG. 10 is a flowchart illustrating a file unlocking method according to an embodiment of the present invention, schematically shown in FIG. 3;
FIG. 11 is a flowchart illustrating a file unlocking method according to an embodiment of the present invention, schematically shown in FIG. 4;
FIG. 12 is a diagram illustrating enumeration information processing according to an embodiment of the present invention;
FIG. 13 is a schematic view of an unlocking operation procedure according to an embodiment of the present invention;
fig. 14 is a schematic structural diagram of an electronic device according to an embodiment of the invention.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and do not limit the invention.
An embodiment of the present invention provides a file unlocking method, which is applied to an electronic device, and as shown in fig. 1-1, the file unlocking method includes:
step 101: detecting an unlocking instruction aiming at a target file to be unlocked from a list containing at least one file to be unlocked;
step 102: acquiring a system type of the electronic equipment, enumerating the target file to be unlocked based on the system type of the electronic equipment to obtain a memory mapping file handle, and generating occupation information aiming at the target file to be unlocked based on the memory mapping file handle;
step 103: and based on the occupation information of the target file to be unlocked, carrying out occupation state removal operation on the target file to be unlocked.
The specific processing flow of the file unlocking method provided by the present invention is further explained with reference to fig. 1-2:
firstly, a file to be unlocked needs to be determined, and the specific processing mode may be as follows: traversing a file list in one or more folders; further judging whether a certain target object in the file list is a folder or not, if so, further traversing all subfiles in the folder, and adding the subfiles into a queue to be traversed;
sequentially detecting files in the file list, trying to open the files in an exclusive mode, and if the files cannot be opened, adding the files into the file list to be unlocked;
then selecting a target file to be unlocked, wherein the specific processing mode can be that the target file to be unlocked is selected by clicking from a list of files to be unlocked;
the program provided by the embodiment detects the occupation information of the target file to be unlocked and displays the occupation information of the target file to be unlocked;
unlocking the target file to be unlocked based on the occupation information, judging whether the unlocking is successful, and prompting the unlocking failure if the unlocking is failed, wherein the method needs to be understood that after the unlocking is failed, the processing can be returned to continue to detect whether one file to be unlocked is clicked, so that the processing flow of the target file to be unlocked is obtained;
if the unlocking is successful, prompting that the unlocking is successful, and then moving the target file to be unlocked out of the file to be unlocked;
and finally, judging whether the file to be unlocked exists in the file list to be unlocked, if so, returning to the process flow of detecting whether one file to be unlocked is clicked to obtain the target file to be unlocked, and if not, ending the process flow.
First, a list composed of at least one file to be unlocked may be: at least one file to be unlocked listed in the explorer.
The file to be unlocked can be understood as a file which cannot normally respond to the operation instruction. Each file to be unlocked can be stored in the resource manager as a file to be unlocked when a user needs to close a file and a system prompt cannot be closed or the system prompt is occupied; it should be noted that there may be other ways to determine whether a certain file is a file to be unlocked, and the way provided in this embodiment is not used as a limiting way to determine that a certain file is a file to be unlocked. As shown in fig. 2, the processing method in the figure can be adopted: opening a PPT file by using the WPS in a resource manager, and executing deletion operation under the condition of not closing the WPS; for example, optimize the file for the "C + + program" in the double-click graph; then a dialog box as shown in the figure can pop up to prompt the user of the information that the file is in use; the file is the file to be unlocked.
In addition, the unlocking instruction of the file to be unlocked, which is obtained in step 101 from the at least one file to be unlocked, may be to right click a certain file to be unlocked, for example, referring to fig. 3, the file to be unlocked may be right clicked, the "unlocked file" is selected from a "file shredding" sub-menu of the computer administrator, and at this time, a target file to be unlocked is selected.
In step 102, the enumerating at least a memory mapped file handle of the target file to be unlocked based on the system type of the electronic device includes:
when the system type of the electronic equipment is a 64-bit operating system, calling an auxiliary process to at least enumerate a memory mapped file handle of the target file to be unlocked;
correspondingly, the removing operation of the occupation state of the target file to be unlocked based on the occupation information of the target file to be unlocked further includes:
after acquiring the occupation information, the auxiliary process sends the occupation information to the main program; wherein the main program characterizes a program that performs a decommissioning operation for a 32-bit operating system type;
and the main program carries out the operation of releasing the occupation state of the target file to be unlocked based on the memory mapping file handle contained in the occupation information of the target file to be unlocked.
At present, in the prior art, a file unlocking program with a 32-bit version is usually adopted, and the module occupation information of a 64-bit process cannot be enumerated, the memory mapping file information of the 64-bit process cannot be completely enumerated, the file handle protection of the 64-bit process cannot be cleared, and the memory mapping of the 64-bit process cannot be released. In the process of enumerating the file occupation information, file handles, opened modules, the memory mapping files and the memory mapping file handles are enumerated respectively. Among them, the scenario of the file and the module in the user mode is that the file is occupied by a certain program or a certain module (such as dll or exe file) is running. The memory mapping file and the memory mapping file handle are mapped to a virtual memory of a process in a user mode scene, and a physical storage space is mapped to a logical address space of the process. The 32-bit system is enumerated by using a 32-bit process, and the 64-bit system is enumerated by using a 64-bit auxiliary process, so that the condition that incomplete enumeration is caused because the 32-bit process cannot access a memory address space more than 4GB is prevented. When the 64-bit auxiliary process is used, the auxiliary process uses the WM _ COPYDATA + self-defined structure body to communicate with the main thread, if the main thread is actively quitted by a user, the handle of the auxiliary process can be automatically released, and resource leakage cannot be caused.
The main program is a 32-bit program, and can process a file unlocking task of a 32-bit system, a single 64-bit program is required to complete the same operation under a 64-bit system, and because the memory address space which can be accessed by the 32-bit program is only 4GB, handle enumeration is incomplete when the 32-bit program is used for unlocking on the 64-bit system. The 64-bit auxiliary process is essentially a 64-bit program and is also an exe file. The 32-bit program, which contains the unlock logic and all GUI graphical interfaces under the 32-bit system, uses the original main program to display the interface when running on the 64-bit system, and runs the 64-bit program to communicate with the process through WM _ COPYDATA when executing the file unlock task.
Further, while the step 102 is executed, more dimensional processing may be performed, specifically, the method further includes:
enumerating at least one dimension of the target file to be unlocked based on the system type of the electronic equipment, and adding information of the at least one dimension obtained by enumeration to occupation information of the target file to be unlocked;
wherein the at least one dimension comprises at least one of: file handle, loading module, memory mapping file.
The operation of releasing the occupation state of the target file to be unlocked based on the occupation information of the target file to be unlocked comprises the following steps:
clearing handle marks aiming at the memory mapping file handle and/or the file handle contained in the occupation information of the target file to be unlocked to obtain the memory mapping file handle and/or the file handle after the handle marks are cleared;
and carrying out handle closing operation on the memory mapping file handle and/or the file handle after the handle mark is removed so as to complete the release of the occupied state of the target file to be unlocked.
The following describes the interface for performing contact in the occupied state with reference to fig. 4-7, first, the main program for unlocking the computer manager file is pulled up to display the interface for acquiring the file occupied information, as shown in fig. 4, the user can prompt the user to acquire the prompt information of the file occupied information on the operation interface, and at this time, the user only needs to wait;
the acquisition of the file occupation information needs about 3-5 seconds, after the acquisition of the occupation information is completed, an unlocking interface is automatically displayed, the file needing to be unlocked is selected, and the file is unlocked by clicking, wherein the operation mode is shown in fig. 5;
at this time, there is a risk warning, as shown in fig. 6, since the file unlocking involves an operation on the process handle table, it is necessary to inform the user of the risk: finally, as shown in FIG. 7, the file unlocking is prompted to be completely successful.
Based on the above interface operations, how to perform the processing at the bottom layer of the electronic device is further described below with reference to fig. 8 and 9, which illustrate the code logic of the unlocking target file. In the program execution process, the graphical representation of the call stack vividly shows the actual execution situation of the program when two key steps are executed, and the statements in fig. 8 and 9 are explained as follows:
updateinformation: since the file to be unlocked selected by the user is scanned for the first time, the hash table of the file occupation information is not obtained yet, that is, no value exists in the hash table at this time, the function is called to update the hash table of the file occupation information. StartEnum and EnumFileHandles are then performed simultaneously.
StartEnum: selecting to execute a StartEnum function or a StartEnumUnder64 function according to the system is 32 bits or 64 bits, wherein the task completed by the StartEnum function is to traverse the module information loaded by each process and the opened memory mapping file information; startEnumUnder64 is a 64-bit version of this function, the same function, except that a new 64-bit process will be launched to do the same. The function calls an implementation class named CModuleManager, which contains an enumeration module and implementation codes of the memory mapping file.
EnumFileHandles: the function calls a class named CHandlemanager which includes a code for realizing the task.
BOOL: each function returns a boolean value, TRUE indicating successful execution and FALSE indicating failed execution. The link can be skipped when the execution fails, even if the occupation information of a certain file cannot be detected, the program can be normally executed, and the error exit cannot be caused. Ring3UnlockFile: when the Ring3 layer completes the entry function of file unlocking, other functions are called to sequentially complete the unlocking process. The file to be unlocked is stored in a list in the code, and the function calls an InternalUnlockOneFile function for each file to be unlocked.
InternalUnlockOneFile: and unlocking the single file, and similarly, calling other functions to complete the process of unlocking the single file.
GetModuleBaseFromname: and acquiring the module object handle according to the file name of the single file.
Unmap ViewOfProcessSection: the memory file mapping of the module is canceled and the function has a version that is executed by the Under 64-bit system, which pulls up a 64-bit new process on the 64-bit system to complete the operation.
GetHandleBaseFromName the module file handle is obtained according to the file name of a single file.
ClearHandleProtect: the handle protection for the process is cleared in preparation for subsequent closing of the handle. What this function needs to do is, in the process of occupying the file to be unlocked, open up a segment of memory space, inject a segment of assembly code (the assembly code will be provided at the end of the document), then execute this segment of assembly code, and the work that this segment of assembly code completes is to call the system API in the target process: the sethandlelnformation (HANDLE _ FLAG _ process _ FROM _ CLOSE) function CLOSEs the HANDLE to the file occupied by the process.
remoteCloseHandle: calling a system API: the duplicate handle function copies the handle of the occupied module to the main program and then calls the system API: the CloseHandle function closes the handle.
The main flow chart of file unlocking is shown in fig. 10 and 11, and is specifically described as follows:
as shown in fig. 10, an initialization procedure is first executed, specifically: displaying an initialization interface for a user, simultaneously starting an initialization control, and enumerating all occupation information in a system of the electronic equipment through the initialization control; wherein, the occupation information comprises enumerated memory mapping file handles, loading modules and memory mapping files; a list of locked files (i.e. the aforementioned list of at least one file to be unlocked) is then displayed.
After initialization is completed, detecting whether a list item is clicked or not, and taking the clicked list item as a target file to be unlocked;
judging whether the occupation information of the clicked file can be searched or not from the obtained occupation information (the step can be realized by searching the table);
if the occupation information of the clicked file is found successfully, displaying the occupation information;
detecting that an unlocking button corresponding to a clicked file is clicked, namely detecting an unlocking instruction aiming at a target file to be unlocked;
then, executing the processing of unlocking the file, and displaying the information of successful unlocking when the unlocking is successful; and when the unlocking fails, informing the user that the clicked file cannot be unlocked.
Fig. 11 further illustrates a process of selecting a file unlock by a user at a right button of a designated directory, and detecting an unlock instruction for a target file to be unlocked from a list including at least one file to be unlocked, where: starting an unlocking program, then obtaining a file list selected by a user by the unlocking program, wherein the file list at the moment can be all lists contained in a certain folder; displaying an initialization UI interface, and displaying information of acquiring file occupation information in the interface; meanwhile, traversing a file list queue;
further, whether the currently traversed target is a folder or a file is judged, when the traversed target is the folder, all subfiles in the folder are further acquired, and then the subfiles are added into the queue to be traversed;
when the traversed target is a file, trying to open the file in an exclusive mode, judging whether the opening is successful, and if so, judging the next file; if the file is not successful, determining that the file is an occupied file, namely the file to be unlocked, and adding the occupied file into a file list to be unlocked.
After the user clicks the unlock file, enumerating a flow chart of occupied information of the file, as shown in fig. 12, a first sub-flow is as follows: enumerating occupied ordinary file handles; the second sub-process: enumerating occupied loaded modules; the third sub-process: enumerating a memory mapping file; the fourth sub-process: and enumerating the memory mapping file handle.
In addition, the results obtained correspond to the following:
the first sub-process: and acquiring the occupied common file name and the handle value, and storing the handle into a hash table storing all occupied module information by taking the file name as a key.
The second sub-process: and obtaining the file name and the module handle value of the file on the hard disk corresponding to the loaded module, and saving the module handle into the hash table by taking the file name as a key.
The third sub-process: similarly, the file name of the file on the hard disk corresponding to the occupied memory mapping file is taken as a key, and the memory address of the memory mapping file is stored in the hash table.
The fourth sub-process: similarly, the file name of the file on the hard disk corresponding to the memory mapping file handle is key, and the memory mapping file handle is stored in the hash table.
After the occupation information is obtained, formally removing the file occupation state, as shown in fig. 13, when the user operates, a single file can be selected, the right key is used for opening the file unlocking function, a folder containing a plurality of files can also be selected, the right key is used for opening the file unlocking function, and the file to be unlocked is processed; traversing files to be unlocked, namely traversing a list formed by at least one file to be unlocked;
the program detects whether each file to be unlocked (when detecting, the currently detected file to be unlocked can be regarded as the target file to be unlocked) is in an occupied state (the file is attempted to be opened in an exclusive mode);
the files in the state to be unlocked are unlocked one by one, and whether the target file to be unlocked is in a neglected list or not can be judged in the process of removing the occupied state of the files, so that the files of a computer manager or key files of a system are eliminated, and the system is prevented from being damaged accidentally;
then, processing for removing HANDLE protection is carried out, wherein the method for removing the HANDLE protection is to inject a section of Shellcode assembly code into a remote thread (which can be a thread of other programs), and the function of the section of code is to call an API (advanced _ FLAG _ process _ CLOSE) of SetHandleInformation to CLOSE the HANDLE protection;
calling an API (application program interface) of DuplicateHandle in a local thread to copy a target handle;
calling the CloseHandle API in the local thread to close the handle, and finally achieving the purpose of knowing the occupied state of the file. In the process of closing the handle, if the target file to be unlocked belongs to the memory mapping file, unlocking can call the UnmapViewOfProcessSection API provided by the system to cancel mapping, namely unlocking the memory mapping file; and if the target file to be unlocked is the process mapped by the executable file, directly ending the process.
Overview of code structure and function of file unlocking:
the enumerating at least the memory mapped file handle of the target file to be unlocked further comprises:
querying at least one memory mapping file handle one by one aiming at the target file to be unlocked by adopting a first type of function;
detecting the time length consumed by the first type of function for inquiring the current memory mapping file handle of the target file to be unlocked;
and when the time length exceeds a preset threshold value, controlling the first type of function to finish the memory mapping file handle query, and skipping to the next memory mapping file handle for query.
Invoking the system's NtQueryObject function may cause infinite latency in querying file paths using handles. The technical scheme provides overtime limitation to prevent the program from being permanently stuck in a place waiting for the completion of the execution of the function. And (3) the housekeeper file unlocking program calls a system API: when the NtQueryObject function is used, a new thread is independently started to complete the call, the main thread waits for the new thread to finish execution, and the maximum waiting time is 20 seconds. If the execution is not completed within 20 seconds, the query is skipped and the query is continued to the next handle.
When the file occupation information is enumerated in the prior art, file handles, module handles, memory mapping files and memory mapping file handles are enumerated; handles occupying bits in the information may be stored in the hash table, and the complete path of the handles is queried, that is, the NtQueryObject function may be stuck when querying the information. At this time, we can skip the query and directly ignore the file.
The related programs are mostly file crushing programs, the file crushing operation is directly executed regardless of whether the file is occupied or not, the application range is narrow, and the file crushing operation must be realized in a kernel state (ring 0). The technical scheme is realized in a user mode (ring 3), the weight is light, after the file is in a state of being occupied, the user can select to copy, move or delete the file, and the application range is wide.
In the above-described configuration, a SYSTEM _ portable _ TABLE _ ENTRY _ INFO _ EX struct may be used to enumerate processes with high PIDs. Wherein, SYSTEM _ portable _ TABLE _ ENTRY _ INFO _ EX defines PID as short type integer. Can be an unsenged long type integer. When the PID is high, taking the value of the PID in short type results in the process of high PID not being enumerated. Our correct definition of the structure avoids this problem.
Therefore, by adopting the scheme, the memory mapped file handle can be enumerated, and the unlocking operation of the file to be unlocked can be carried out based on the memory mapped file handle; therefore, the occupation condition of the files to be unlocked can be comprehensively enumerated, the operation success rate of the files to be unlocked is ensured, and the use experience of a user is improved.
An embodiment of the present invention provides an electronic device, as shown in fig. 14, including:
the file obtaining unit 141 is configured to detect an unlocking instruction for a target file to be unlocked from a list including at least one file to be unlocked;
an enumeration unit 142, configured to at least perform enumeration on a handle of a memory mapped file for the target file to be unlocked based on a system type, and generate occupation information for the target file to be unlocked based on the handle of the memory mapped file obtained through enumeration;
the unlocking unit 143 is configured to perform a release operation of an occupied state on the target file to be unlocked based on the occupation information of the target file to be unlocked.
Firstly, from a list including at least one file to be unlocked, a processing mode of detecting an unlocking instruction for a target file to be unlocked may be as follows: and extracting one file to be unlocked in the list from the list formed by at least one file to be unlocked according to the sequence.
Further, the list of at least one file to be unlocked may be: at least one file to be unlocked listed in the explorer. When a user needs to close a file, and a system prompt cannot be closed or is occupied, each file to be unlocked can be stored in the resource manager as a file to be unlocked; it should be noted that there may be other ways to determine whether a certain file is a file to be unlocked, and the way provided in this embodiment is not used as a limiting way to determine that a certain file is a file to be unlocked. As shown in fig. 2, the processing method in the figure can be adopted: opening a PPT file by using the WPS in a resource manager, and executing deletion operation under the condition of not closing the WPS; for example, optimize the file for the "C + + program" in the double-click graph; then a dialog box as shown in the figure can pop up to prompt the user of the information that the file is in use; the file is the file to be unlocked.
In addition, an unlocking instruction for a target file to be unlocked is detected from a list containing at least one file to be unlocked from at least one file to be unlocked, and one file to be unlocked can be selected by right-clicking one file to be unlocked, for example, referring to fig. 3, right-clicking the file to be unlocked, selecting the "unlocked file" from a "file crushing" sub-menu of a computer administrator.
The enumeration unit is used for calling an auxiliary process to at least enumerate the memory mapping file handle of the target file to be unlocked when the system type of the electronic equipment is a 64-bit operating system;
correspondingly, the unlocking unit is used for sending the occupation information to the main program after the auxiliary process obtains the occupation information; wherein the main program characterizes a program that performs a decommissioning operation for a 32-bit operating system type;
and the main program carries out the releasing operation of the occupied state on the target file to be unlocked based on the occupied information of the target file to be unlocked.
At present, in the prior art, a file unlocking program with a 32-bit version is usually adopted, and the module occupation information of a 64-bit process cannot be enumerated, the memory mapping file information of the 64-bit process cannot be completely enumerated, the file handle protection of the 64-bit process cannot be cleared, and the memory mapping of the 64-bit process cannot be released. In the process of enumerating the file occupation information, file handles, opened modules, the memory mapping files and the memory mapping file handles are enumerated respectively. Among them, the scenario of the file and the module in the user mode is that the file is occupied by a certain program or a certain module (such as dll or exe file) is running. In the user mode scene, the memory mapping file and the memory mapping file handle map the file to be unlocked into the virtual memory of a certain process, and map the physical storage space into the logical address space of the process. A32-bit process is used for enumeration on a 32-bit system, and a 64-bit auxiliary process is used for enumeration on a 64-bit system, so that the condition that incomplete enumeration is caused because the 32-bit process cannot access a memory address space more than 4GB is prevented. When the 64-bit auxiliary process is used, the auxiliary process uses the WM _ COPYDATA + self-defined structure body to communicate with the main thread, if the main thread is actively quitted by a user, the handle of the auxiliary process can be automatically released, and resource leakage cannot be caused.
Further, more dimensions may be processed, and specifically, the enumeration unit is configured to enumerate at least one dimension of the target file to be unlocked based on a system type of the electronic device, and add information of the at least one dimension obtained by enumeration to occupation information of the target file to be unlocked;
wherein the at least one dimension comprises at least one of: file handle, loading module, memory mapping file.
The unlocking unit is used for clearing handle marks aiming at the memory mapping file handle and/or the file handle which are/is included by the occupation information of the target file to be unlocked, and obtaining the memory mapping file handle and/or the file handle after the handle marks are cleared;
and carrying out handle closing operation on the memory mapping file handle and/or the file handle after the handle mark is removed so as to complete the removal of the occupied state of the target file to be unlocked.
The following describes the interface for performing occupation state contact with reference to fig. 4 to 7, where first the main program for unlocking the file of the computer steward is pulled up to display the interface for acquiring the file occupation information, as shown in fig. 4, the user can prompt the user to acquire the prompt information of the file occupation information on the operation interface, and at this time, the user only needs to wait;
the acquisition of the file occupation information needs about 3-5 seconds, after the acquisition of the occupation information is completed, an unlocking interface is automatically displayed, the file needing to be unlocked is selected, and the unlocking is performed by clicking, wherein the operation mode is shown in figure 5;
at this time, there is a risk warning, as shown in fig. 6, since the file unlocking involves an operation on the process handle table, the user needs to be informed of the risk: finally, as shown in FIG. 7, the file unlocking is prompted to be completely successful.
Based on the above interface operations, how to perform the processing at the bottom layer of the electronic device is further described below with reference to fig. 8 and 9, which illustrate the code logic of the unlocking target file. In the program execution process, the graphical representation of the call stack shows the actual execution of the program when two key steps are executed, and the statements in fig. 8 and 9 are explained as follows:
updateinformation: since the file to be unlocked selected by the user is scanned for the first time, the hash table of the file occupation information is not obtained yet, that is, no value exists in the hash table at this time, the function is called to update the hash table of the file occupation information. StartEnum and EnumFileHandles are then performed simultaneously.
StartEnum: selecting to execute a StartEnum function or a StartEnumUnder64 function according to the system is 32 bits or 64 bits, wherein the task completed by the StartEnum function is to traverse the module information loaded by each process and the opened memory mapping file information; startEnumUnder64 is a 64-bit version of this function, the same function, except that a new 64-bit process will be launched to do the same. The function calls an implementation class named CModuleManager, which contains an enumeration module and implementation codes of the memory mapping file.
EnumFileHandles: the function calls a class named CHandLomManager which contains codes for realizing the task.
BOOL: each function returns a boolean value, TRUE indicating successful execution and FALSE indicating failed execution. The link can be skipped when the execution fails, even if the occupation information of a certain file cannot be detected, the program can be normally executed, and the error exit cannot be caused. Ring3UnlockFile: when the Ring3 layer completes the entry function of file unlocking, other functions are called to sequentially complete the unlocking process. The file to be unlocked is stored in a list in the code, and the function calls an InternalUnlockOneFile function for each file to be unlocked.
Lnnaluncockonefile: and unlocking the single file, and similarly, calling other functions to complete the process of unlocking the single file.
GetModuleBaseFromname: and acquiring the module object handle according to the file name of the single file.
Unmap ViewOfProcessSection: the memory file mapping of the module is removed and the function has a version that is executed by the Under 64-bit system, which pulls up a 64-bit new process on the 64-bit system to complete the operation.
GetHandleBaseFromName the module file handle is obtained according to the file name of a single file.
ClearHandleProtect: the handle protection for the process is cleared in preparation for subsequent closing of the handle. What this function needs to do is, in the process of occupying the file to be unlocked, open up a segment of memory space, inject a segment of assembly code (the assembly code will be provided at the end of the document), then execute this segment of assembly code, and the work that this segment of assembly code completes is to call the system API in the target process: the sethandlelnformation (HANDLE _ FLAG _ process _ FROM _ CLOSE) function CLOSEs the HANDLE to the file occupied by the process.
remoteCloseHandle: calling a system API: the DuplicateHandle function copies the handle of the occupied module to the main program and then calls the system API: the CloseHandle function closes the handle.
As shown in fig. 10 and 11, a user selects a right key in a designated directory to unlock a file, and detects a flow of an unlocking instruction for a target file to be unlocked from a list including at least one file to be unlocked, where an initialization interface is entered first, and at this time, a control enumerates all occupation conditions in a system; then, based on the information obtained by enumeration, the occupation information is formed, namely, a locked file list starts to be displayed; when detecting that a user clicks the list, displaying the occupation information of the clicked file; and when receiving the unlocking operation of the user (namely clicking an unlocking button), starting unlocking the file until the unlocking is successful.
After the user clicks the unlock file, enumerating a flow chart of occupied information of the file, as shown in fig. 12, a first sub-flow is as follows: enumerating occupied ordinary file handles; the second sub-process: enumerating occupied loaded modules; the third sub-process: enumerating a memory mapping file; a fourth sub-process: enumerating the memory mapped file handle.
In addition, the results obtained correspond to the following:
the first sub-process: and acquiring the occupied common file name and the handle value, and storing the handle into a hash table storing all occupied module information by taking the file name as a key.
The second sub-process: and obtaining the file name and the module handle value of the file on the hard disk corresponding to the loaded module, and saving the module handle into the hash table by taking the file name as a key.
The third sub-process: similarly, the file name of the file on the hard disk corresponding to the occupied memory mapping file is taken as a key, and the memory address of the memory mapping file is stored in the hash table.
A fourth sub-process: similarly, the file name of the file on the hard disk corresponding to the memory mapping file handle is key, and the memory mapping file handle is stored in the hash table.
After the occupation information is obtained, the file occupation state is formally released, as shown in fig. 13, when the user operates, the user may select a single file, right-click to open the file unlocking function, or may select a folder containing a plurality of files, and right-click to open the file unlocking function. The program will detect whether each file is in an occupied state (it is sufficient to attempt to open the file in an exclusive manner). And then, unlocking the files in the state to be unlocked one by one. In the process of removing the occupied state of the file, the file of a computer manager or a key file of a system is removed at first, so that the system is prevented from being damaged accidentally. The HANDLE protection is then cleared by injecting a section of Shellcode assembly code into the remote thread, which acts to call the API sethandlelnformation (HANDLE _ FLAG _ process _ FROM _ CLOSE) to clear the HANDLE protection FLAG. And then completing the work of closing the handle, wherein the method for closing the handle is to call the API of DuplicateHandle in the local thread to copy a target handle, and then call the API of CloseHandle in the local thread to close the handle, thereby finally achieving the purpose of knowing the occupied state of the file.
The enumeration unit is used for querying at least one memory mapping file handle one by one aiming at the target file to be unlocked by adopting a first class function;
detecting the time length consumed by the first class function for inquiring the current memory mapping file handle of the target file to be unlocked;
and when the time length exceeds a preset threshold value, controlling the first type of function to finish the inquiry of the memory mapped file handle, and skipping to the next memory mapped file handle for inquiry.
Invoking the system's NtQueryObject function may cause infinite latency in querying file paths using handles. The technical scheme provides overtime limitation to prevent the program from being permanently stuck in a place waiting for the completion of the execution of the function. And (3) the manager file unlocking program calls a system API: when the NtQueryObject function is used, a new thread is independently started to complete the call, the main thread waits for the new thread to finish execution, and the maximum waiting time is 20 seconds. If the execution is not completed within 20 seconds, the query is skipped and the query is continued to the next handle.
The related programs are mostly of a file crushing type, file crushing is performed directly regardless of whether files are occupied or not, the application range is narrow, and the file crushing needs to be realized in a kernel state (ring 0). The technical scheme is realized in a user mode (ring 3), the weight is light, after the file is in a state of being occupied, the user can select to copy, move or delete the file, and the application range is wide.
Therefore, by adopting the scheme, the memory mapping file handle can be enumerated, and the unlocking operation of the file to be unlocked is carried out based on the memory mapping file handle; therefore, the occupation condition of the files to be unlocked can be comprehensively enumerated, the operation success rate of the files to be unlocked is ensured, and the use experience of a user is improved.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: a mobile storage device, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Alternatively, the integrated unit of the present invention may be stored in a computer-readable storage medium if it is implemented in the form of a software functional module and sold or used as a separate product. Based on such understanding, the technical solutions of the embodiments of the present invention may be essentially implemented or a part contributing to the prior art may be embodied in the form of a software product stored in a storage medium, and including several instructions for enabling a computer device (which may be a personal computer, an electronic device, or a network device) to execute all or part of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: a removable storage device, a ROM, a RAM, a magnetic or optical disk, or various other media that can store program code.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.
Claims (10)
1. A file unlocking method is applied to electronic equipment and is characterized by comprising the following steps:
detecting an unlocking instruction aiming at a target file to be unlocked from a list containing at least one file to be unlocked;
acquiring the system type of the electronic equipment, calling an auxiliary process to at least enumerate a memory mapping file handle of the target file to be unlocked when the system type of the electronic equipment is a 64-bit operating system, and generating occupation information aiming at the target file to be unlocked based on the memory mapping file handle;
sending the occupation information to a main program through the auxiliary process; wherein the main program characterizes a program that performs a decommissioning operation for a 32-bit operating system type;
and the main program carries out the removal operation of the occupation state on the file to be unlocked based on the memory mapping file handle contained in the occupation information of the file to be unlocked.
2. The method of claim 1, further comprising:
enumerating at least one dimension of the target file to be unlocked, and adding information of the at least one dimension obtained by enumeration to occupation information of the target file to be unlocked;
wherein the at least one dimension comprises at least one of: file handle, loading module, memory mapping file.
3. The method according to claim 2, wherein the performing, based on the memory-mapped file handle included in the occupation information of the target file to be unlocked, a release operation of the occupation state of the target file to be unlocked includes:
clearing handle marks aiming at the memory mapping file handle and/or the file handle contained in the occupation information of the target file to be unlocked to obtain the memory mapping file handle and/or the file handle after the handle marks are cleared;
and carrying out handle closing operation on the memory mapping file handle and/or the file handle after the handle mark is removed so as to complete the removal of the occupied state of the target file to be unlocked.
4. The method of claim 1, further comprising:
querying the target file to be unlocked by adopting a first type function one by one aiming at least one memory mapping file handle;
detecting the time length consumed by the first class function for inquiring the current memory mapping file handle of the target file to be unlocked;
and when the time length exceeds a preset threshold value, controlling the first type of function to finish the memory mapping file handle query, and skipping to the next memory mapping file handle for query.
5. An electronic device, characterized in that the electronic device comprises:
the file acquisition unit is used for detecting an unlocking instruction aiming at a target file to be unlocked from a list containing at least one file to be unlocked;
an enumeration unit, configured to obtain a system type of the electronic device, call an auxiliary process to perform enumeration on a memory mapped file handle for at least the target file to be unlocked when the system type of the electronic device is a 64-bit operating system, and generate occupation information for the target file to be unlocked based on the memory mapped file handle;
the unlocking unit is used for sending the occupation information to the main program through the auxiliary process; wherein the main program characterizes a program that performs a decommissioning operation for a 32-bit operating system type; and the main program carries out the operation of releasing the occupation state of the target file to be unlocked based on the memory mapping file handle contained in the occupation information of the target file to be unlocked.
6. The electronic device according to claim 5, wherein the enumeration unit is further configured to enumerate at least one dimension of the target file to be unlocked, and add information of the enumerated at least one dimension to occupancy information for the target file to be unlocked;
wherein the at least one dimension comprises at least one of: file handle, loading module, memory mapping file.
7. The electronic device according to claim 6, wherein the unlocking unit is further configured to perform handle mark removal processing on a memory mapped file handle and/or a file handle included in the occupation information of the target file to be unlocked, so as to obtain the memory mapped file handle and/or the file handle after the handle mark is removed; and carrying out handle closing operation on the memory mapping file handle and/or the file handle after the handle mark is removed so as to complete the release of the occupied state of the target file to be unlocked.
8. The electronic device according to claim 5, wherein the enumeration unit is further configured to query the target file to be unlocked for at least one memory mapped file handle one by one using a first type of function; detecting the time length consumed by the first type of function for inquiring the current memory mapping file handle of the target file to be unlocked; and when the time length exceeds a preset threshold value, controlling the first type of function to finish the memory mapping file handle query, and skipping to the next memory mapping file handle for query.
9. An electronic device comprising a memory, a processor, and computer-executable instructions stored on the memory and executable on the processor, wherein the processor implements the method steps of any of claims 1-4 when executing the computer-executable instructions.
10. A computer-readable storage medium having computer-executable instructions stored thereon which, when executed by a processor, perform the method steps of any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710158157.0A CN106951326B (en) | 2017-03-16 | 2017-03-16 | File unlocking method and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710158157.0A CN106951326B (en) | 2017-03-16 | 2017-03-16 | File unlocking method and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106951326A CN106951326A (en) | 2017-07-14 |
| CN106951326B true CN106951326B (en) | 2023-01-06 |
Family
ID=59472555
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710158157.0A Active CN106951326B (en) | 2017-03-16 | 2017-03-16 | File unlocking method and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106951326B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109522179B (en) * | 2018-10-12 | 2022-05-27 | 网易(杭州)网络有限公司 | Server running state monitoring method and device, processor and server |
| CN109976764A (en) * | 2019-03-28 | 2019-07-05 | 深圳市创联时代科技有限公司 | A kind of handle conversion method |
| CN112631999A (en) * | 2020-12-25 | 2021-04-09 | 珠海豹趣科技有限公司 | Software moving method and device, electronic equipment and storage medium |
| CN113641365B (en) * | 2021-07-22 | 2022-06-17 | 深圳市华力宇电子科技有限公司 | Chip programming control method, terminal and storage medium |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060070065A1 (en) * | 2004-09-29 | 2006-03-30 | Zimmer Vincent J | Memory support for heterogeneous virtual machine guests |
| CN102214088B (en) * | 2010-04-07 | 2015-07-01 | 腾讯科技(深圳)有限公司 | Document unlocking method and device |
| CN102467622B (en) * | 2010-11-08 | 2014-06-25 | 腾讯科技(深圳)有限公司 | Method and device for monitoring opened file |
| CN102567323A (en) * | 2010-12-14 | 2012-07-11 | 腾讯科技(深圳)有限公司 | Application program file moving method and application program file moving system |
| CN102693397B (en) * | 2011-03-23 | 2015-01-14 | 腾讯科技(深圳)有限公司 | Method and device for scanning file |
| CN102902765B (en) * | 2012-09-25 | 2015-12-09 | 北京奇虎科技有限公司 | A kind of for removing the method and device that file takies |
| EP2951705A4 (en) * | 2013-01-29 | 2016-11-02 | Hewlett Packard Development Co | Assigning processors to memory mapped configuration |
-
2017
- 2017-03-16 CN CN201710158157.0A patent/CN106951326B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN106951326A (en) | 2017-07-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106951326B (en) | File unlocking method and electronic equipment | |
| JP5945074B2 (en) | Method, device, and mobile terminal for API intercept related applications | |
| US9098520B2 (en) | Apparatus and methods for restoring data objects | |
| US9830454B2 (en) | Web application security access method, server, and client | |
| US7774783B2 (en) | Method and apparatus for detecting deadlocks | |
| KR20090080079A (en) | Virtual deletion in merged file system directories | |
| CN109873804A (en) | Service identification method, device, equipment and the readable storage medium storing program for executing of Behavior-based control | |
| US10551996B2 (en) | Method and apparatus for starting an application in a screen-locked state | |
| CN102567667B (en) | Intelligent information equipment and operation system thereof | |
| US20080109466A1 (en) | Virtual Deletion In Merged Registry keys | |
| US9898603B2 (en) | Offline extraction of configuration data | |
| WO2008002551A2 (en) | Merging file system directories | |
| GB2499277A (en) | Checking write access to shared resources in a multithreaded processor | |
| JP2007148805A (en) | Information processor, information processing method and program | |
| WO2017008415A1 (en) | Apparatus and method for launching mobile applications from a lock screen | |
| RU2645265C2 (en) | System and method of blocking elements of application interface | |
| US11720607B2 (en) | System for lightweight objects | |
| CN111125688A (en) | Process control method and device, electronic equipment and storage medium | |
| US20130268503A1 (en) | Database navigation of changes at commit time | |
| US10277615B2 (en) | Maintenance of distributed computing systems | |
| KR101595936B1 (en) | Optimization method, optimization server and computer readable recording medium for providing service with vaccine and optimization functions | |
| JP2007141013A (en) | User interface program, computer and information providing method | |
| WO2014161328A1 (en) | Application program display method, apparatus, and terminal | |
| US20100250507A1 (en) | Enumeration of a concurrent data structure | |
| WO2009048158A1 (en) | File check device, file check program, and file check method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |