CN110879775A - System and method for intercepting and opening user file based on Windows10 system - Google Patents
System and method for intercepting and opening user file based on Windows10 system Download PDFInfo
- Publication number
- CN110879775A CN110879775A CN201811037130.7A CN201811037130A CN110879775A CN 110879775 A CN110879775 A CN 110879775A CN 201811037130 A CN201811037130 A CN 201811037130A CN 110879775 A CN110879775 A CN 110879775A
- Authority
- CN
- China
- Prior art keywords
- address
- function
- symbol
- file
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3438—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment monitoring of user actions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
Abstract
The invention discloses a system and a method for intercepting and capturing user file opening based on Windows10 system, which finds out a key function called when a user actively opens a file through a dynamic debugging means, then dynamically calculates the memory address of the key function through Microsoft symbol, cannot dynamically acquire the memory address of the function through conventional methods such as LoadLibrary and GetProcAddress because the key function is an internal function of a system dynamic library, and finds out the address of the key function through a function feature code matching method; in order to ensure the stability of the product function, another more stable and reliable mode is used in research, the function address of the internal function is acquired through the official debugging symbol PDB file of microsoft, then the function address and the module information are cached for standby, and automatic re-acquisition and adaptation are performed under the condition that the function address is possibly changed when the version of the system is upgraded and the like, so that the stability of the product function and the system is ensured.
Description
Technical Field
The invention relates to the technical field of computer networks, in particular to a system and a method for intercepting and opening user files based on a Windows10 system.
Background
The resource manager calls a SHShellEecuteExW function interface derived by an operating system when a Windows NT early version (XP system and below) user opens a file through double clicking of a mouse or through a keyboard, so that the action of intercepting and capturing the active file opening of the user can be realized only by firstly injecting the active file opening action into a resource manager process of the system through a DLL injection technology and then through a SHShellEecuteExW function interface of the process of Hook. However, when the resource manager opens the file in the Windows operating system after Win7 and Win7, the API function is not called any more, so that the developer cannot intercept the action of the user actively opening the file by this method.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a system and a method for intercepting and opening user files based on a Windows10 system, which solve the problem of accuracy of the full path of the acquired and opened files, and realize the process of intercepting and actively opening files by a user under the Windows10 system and have stable functions on the premise of ensuring that the system function of a resource manager is not destroyed.
(II) technical scheme
In order to achieve the purpose, the invention is realized by the following technical scheme: a system for intercepting user file opening based on Windows10 system comprises:
the transmission module is used for transmitting the symbol address formed by splicing the domain name of the Microsoft official symbol and the local path into symbol initialization for initialization operation to obtain an initialization address;
the acquisition module acquires the symbolic file by calling the symbolic function in the initialization address;
the calculation module is used for obtaining a key function address and a related module base address by calling an enumeration function in the initialization address, and then adding the obtained related module base address and the function offset to obtain an absolute memory address of the key function;
the cache module is used for obtaining an absolute path of the obtained file by calling the obtained file module file in the initialization address, then obtaining an MD5 value through the absolute path and the function offset obtained by the calculation module, caching and recording an MD5 value into a registry, wherein the MD5 value takes MD5 as a key value;
the operation module is used for injecting the hook module into a resource manager of the operation system, obtaining the full path of the hook module by obtaining the full file function, calculating the MD5 value of the file through the full path, matching the file with the obtained MD5 value in the cache module, obtaining the function address of the key function and the related module base address after matching is successful, obtaining the actual address of the key function through the calculation module, and then performing hook operation on the actual address, so that the path opened by the user file is intercepted.
Preferably, in the obtaining module, when the symbolic function in the initialization address is called, the debugging symbolic file is downloaded by creating the symsrc.
Preferably, the obtaining module obtains the symbol file in two ways: obtaining a symbol file in a directory of a symbol cache spliced by local paths; the symbol file is obtained through the download address of the microsoft official symbol, and the symbol initialization specifies a directory of the symbol cache formed by the download address of the microsoft official symbol and the local path.
Preferably, in the cache module, when the md5 value changes, the hook module automatically downloads the symbol of the new module again.
Preferably, the function offset is obtained by subtracting a base address of a related module from an address of a key function, the address of the key function is enumerated by a function in a symen symbols, and then the address of the key function and the base address of the related module are matched by a function name, and the base address of the related function is also obtained by a getmodulewhandle function.
A method for intercepting user file opening based on Windows10 system is characterized by comprising the following steps:
transmitting a symbol address formed by splicing a domain name of a Microsoft official symbol and a local path into symbol initialization for initialization operation to obtain an initialization address;
calling a symbol function in the initialization address to obtain a symbol file;
calling an enumeration function in the initialization address to obtain a key function address and a related module base address, and then adding the obtained related module base address and the function offset to obtain an absolute memory address of the key function;
calling the acquired file module file in the initialization address to obtain an absolute path of the acquired file, then obtaining an MD5 value through the absolute path and function offset, caching and recording the MD5 value into a registry, wherein the MD5 value takes MD5 as a key value;
injecting a hook module into a resource manager of an operating system, obtaining a full path of the hook module by obtaining a full file function, calculating an MD5 value of the file through the full path, matching the MD5 value with an MD5 value obtained from a cache module, obtaining a function address of a key function and a related module base address after matching is successful, obtaining an actual address of the key function through a calculation module, and then performing hook operation on the actual address, thereby intercepting a path opened by a user file.
Preferably, when the symbolic function in the initialization address is called, the debugging symbolic file is downloaded by creating the symsrc.
Preferably, there are two ways to obtain the symbol file: obtaining a symbol file in a directory of a symbol cache spliced by local paths; the symbol file is obtained through the download address of the microsoft official symbol, and the symbol initialization specifies a directory of the symbol cache formed by the download address of the microsoft official symbol and the local path.
Preferably, when the md5 value changes, the hook module will automatically re-download the symbol of the new module.
Preferably, the function offset is obtained by subtracting a base address of a related module from an address of a key function, the address of the key function is enumerated by a function in a symen symbols, and then the address of the key function and the base address of the related module are matched by a function name, and the base address of the related function is also obtained by a getmodulewhandle function.
(III) advantageous effects
The invention has the following beneficial effects:
1. the method is more stable and reliable than the traditional method by positioning the address of the internal function of the operating system based on the Microsoft official symbol;
2. the method has the advantages that perfect detection and relocation processing are carried out on the condition that the change of the api address possibly occurs due to the upgrading of the operating system, and the like, so that the safety problems such as the crash of a resource manager and the like can be avoided;
3. the whole interception process is transparent to the user and has no influence on the conventional user operation.
Drawings
FIG. 1 is a flow chart of a system for intercepting user file open based on Windows10 system;
FIG. 2 is a flowchart of a method for intercepting user file open based on Windows10 system;
FIG. 3 is a flow diagram of a cache module and an operational module;
FIG. 4 is a flow chart of the overall intercepted user action of opening a file.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
API: application Programming Interface is a function predefined by some operating systems, and related functions are realized by calling the functions.
DLL dynamic library: the Windows system provides the program set of API interface, and most of the API in the Windows system is provided through DLL dynamic library.
And (4) DLL injection, namely loading the DLL dynamic library by other processes through a certain technical means, namely running the DLL dynamic library in other processes.
API Hook is a technology for acquiring and intercepting API parameters to change the execution result of an API by inserting assembly codes into API functions.
PDB: the symbol file is an independent symbol file provided by microsoft and used for debugging, and comprises debugging information such as a function name, a function address, a class name and a class address of the executable program.
MD 5: a widely used cryptographic hash function can generate a 128-bit (16-byte) hash value (hashvalue) to ensure the integrity and consistency of information transmission.
JSON: JSON (JS Object Notation) is a lightweight data exchange format that stores and represents data in a text format completely independent of programming languages, based on a subset of the JS specifications set by the ECMAScript european computer association.
url: the Uniform Resource Locator, also called a web address, is an address of a standard Resource on the internet.
hook: one system mechanism provided in Windows to replace the "interrupt" under DOS, chinese translates to a "hook" or "hook", and after a hook is made for a particular system event, once the hook event occurs, the program that made the hook event will be notified by the system, and the program can respond to the event at the first time.
LoadLibrary: a function for loading a DLL.
GetProcAddress: a function is used to obtain the address of a function.
Yes: an indispensable function for downloading a debugging symbol file.
Shshelleexexw: the API function may run an executable file.
Sym initializew: the interface is initialized.
SymEnumSymbols: the function is enumerated.
GetModuleHandle: a function is obtained.
GetModuleFileName: and acquiring a module file function.
windows. Windows system controls.
Embodiments of the invention: referring to fig. 1, fig. 3 and fig. 4, a system for intercepting user file opening based on the Windows10 system includes:
the initialization module loads a debugging library of Microsoft, acquires a symbol initialization interface and calls the interface to carry out initialization operation;
the system comprises a creating module, a debugging module and a debugging module, wherein the creating module creates a symsrc.
The transmission module is used for transmitting a domain name of a Microsoft official symbol and a symbol address spliced by a local path into symbol initialization to carry out initialization operation so as to obtain an initialization address, the symbol initialization designates a downloading address of the Microsoft official symbol and a directory of a symbol cache spliced by the local path, the domain name of the Microsoft official symbol and the symbol address spliced by the local path can be transmitted into SymInitializeW to carry out initialization operation, an address character string is as follows srv h: \\\ mysymbols http:// msdl.microsoft.com/download/symbols, the interface designates a url address downloaded by the Microsoft symbol and a directory of the symbol local symbol cache, the search module symbol can be searched in a local directory firstly, and the remote download is not carried out from the url address through a network;
the acquisition module is used for acquiring a symbol file in a directory of a symbol cache spliced by a local path by calling a symbol function in an initialization address, or acquiring the symbol file by a download address of a Microsoft official symbol and acquiring a related symbol file by a SymGetSymbolFileW function, wherein the function firstly searches a PDB file of a related module in a local working directory, tries to download from a Microsoft server if the PDB file is not locally available, and loads the downloaded symbol file by a SymLoadModule64 after the correct symbol file is searched;
the calculation module is used for obtaining a key function address and a related module base address by calling an enumeration function in an initialization address, adding the obtained related module base address and function offset to obtain an absolute memory address of the key function, matching the analyzed internal function address by a function in a SymEnumSymbols enumeration symbol through a function name, obtaining the function address of the internal function and the related module base address after successful matching, and obtaining the function offset by subtracting the related module base address from the function address, wherein the different addresses of the key function may cause the different addresses of the key function, but the loaded address related module base address is unchanged, and the related module base address is obtained through a GetModuleHandle function, so that the absolute memory address of the key function can be accurately calculated by adding the function offset to the related module base address after the related module base address is obtained;
the cache module is used for obtaining an absolute path of an obtained file by calling an obtained file module file in an initialized address, then obtaining an MD5 value through the absolute path and a function offset, caching and recording an MD5 value into a registry, wherein the MD5 value takes MD5 as a key value, obtaining the absolute path of the module file through GetModuleFileName, calculating an MD5 value of the file through the absolute path, and then forming a module description character string in a Json format together with the obtained function offset, wherein the format of the character string is approximately as follows:
the absolute memory address of the function in the dynamic library is found by combining the PDB symbolic file provided by Microsoft with the memory base address of the module where the function is located, then the internal function is read through the address hook, the MD5 value of the system DLL is recorded and cached in a registry, and the record form takes MD5 as the key value of the registry, and the content is in the above character string Json format. Of course, if the md5 value of the module is found to be changed, for example, due to an upgrade of the operating system, the hook module will automatically re-download the symbol of the new module, match the address of the function in the new module, and re-cache the information of the new module in the registry;
the operation module is used for injecting the hook module into a resource manager of the operation system, obtaining the full path of the hook module by obtaining the full file function, calculating the MD5 value of the file through the full path, matching the file with the MD5 in the cache module, obtaining the function address and the related module base address of the key function after the matching is successful, obtaining the absolute memory address of the key function through the calculation module, then performing hook operation on the absolute memory address, so as to intercept the path opened by the user file, injecting the hook module into the resource manager of the operation system, firstly judging the version number of the system in the operation process, and directly returning the version number if the version number is not the version number of the Windows10 system. If the file is a file, a handle of the windows. storage. dll is acquired through GetModuleHandle, then the full path of the module is acquired through GetModuleFileNameExW, and the MD5 value of the file is calculated through the path. Firstly, whether module information corresponding to the MD5 exists in a cache module in a program is searched, if not, the module information corresponding to the MD5 is searched from a registry record, if not, an independent symbol downloading process is started to try to download a Microsoft symbol, the offset of a key function relative to a module base address is extracted after the module information is searched, the actual address of the key function is calculated in a mode of adding the function offset to the module base address, and then hook operation is carried out on the address, so that the opening of a user file is intercepted.
Embodiments of the invention: referring to fig. 2-4, a method for intercepting user file opening based on the Windows10 system includes:
the method comprises the steps that a symbol address formed by splicing a domain name of a Microsoft official symbol and a local path is transmitted to symbol initialization for initialization operation, so that an initialization address is obtained, and the symbol initialization specifies a downloading address of the Microsoft official symbol and a directory of a symbol cache formed by splicing the local path;
calling a symbol function in the initialization address, and acquiring a symbol file in a directory of a symbol cache spliced by a local path, or acquiring the symbol file through a download address of a Microsoft official symbol;
calling an enumeration function in the initialization address to obtain a key function address and a related module base address, and adding the obtained related module base address and the function offset to obtain an absolute memory address of the key function;
calling the acquired file module file in the initialization address to obtain an absolute path of the acquired file, then obtaining an MD5 value through the absolute path and function offset, caching and recording the MD5 value into a registry, wherein the MD5 value takes MD5 as a key value;
injecting a hook module into a resource manager of an operating system, obtaining a full path of the hook module by obtaining a full file function, calculating an MD5 value of the file through the full path, matching the MD5 value with an MD5 value in a cache module, obtaining a function address of a key function and a related module base address after matching is successful, obtaining an actual address of the key function through a calculation module, and then performing hook operation on the actual address, thereby intercepting a path opened by a user file.
In addition to this, it should also be preferable to create a syssrc.
For example: one requirement in the project is to replace a picture viewer of the system with a developed picture viewer, the action of opening the picture by the resource manager can be firstly intercepted and captured through a scheme, the picture viewer is started to load and open the picture after the path of the picture file is acquired, and then the original operation flow is interrupted by modifying the return value of the system API, so that the action of opening the picture by the operating system is successfully taken over.
Claims (10)
1. A system for intercepting user file opening based on Windows10 system, comprising:
the transmission module is used for transmitting the symbol address formed by splicing the domain name of the Microsoft official symbol and the local path into symbol initialization for initialization operation to obtain an initialization address;
the acquisition module acquires the symbolic file by calling the symbolic function in the initialization address;
the calculation module is used for obtaining a key function address and a related module base address by calling an enumeration function in the initialization address, and then adding the obtained related module base address and the function offset to obtain an absolute memory address of the key function;
the cache module is used for obtaining an absolute path of the obtained file by calling the obtained file module file in the initialization address, then obtaining an MD5 value through the absolute path and the function offset obtained by the calculation module, caching and recording an MD5 value into a registry, wherein the MD5 value takes MD5 as a key value;
the operation module is used for injecting the hook module into a resource manager of the operation system, obtaining the full path of the hook module by obtaining the full file function, calculating the MD5 value of the file through the full path, matching the file with the obtained MD5 value in the cache module, obtaining the function address of the key function and the related module base address after matching is successful, obtaining the actual address of the key function through the calculation module, and then performing hook operation on the actual address, so that the path opened by the user file is intercepted.
2. The system for intercepting user file open based on Windows10 system of claim 1, wherein: in the acquisition module, when a symbol function in an initialization address is called, a symsrc.
3. The system for intercepting user file open based on Windows10 system of claim 1, wherein: in the acquisition module, there are two ways for acquiring the symbol file: obtaining a symbol file in a directory of a symbol cache spliced by local paths; the symbol file is obtained through the download address of the microsoft official symbol, and the symbol initialization specifies a directory of the symbol cache formed by the download address of the microsoft official symbol and the local path.
4. The system for intercepting user file open based on Windows10 system of claim 1, wherein: in the cache module, when the md5 value changes, the hook module automatically downloads the symbol of the new module again.
5. The system for intercepting user file open based on Windows10 system of claim 1, wherein: the function offset is obtained by subtracting a relevant module base address from a key function address, the key function address is obtained through a function in a SymEnumSymbols enumeration symbol, then the key function address and the relevant module base address are matched through a function name, and the relevant function base address can also be obtained through a GetModuleHandle function.
6. A method for intercepting user file opening based on Windows10 system is characterized by comprising the following steps:
transmitting a symbol address formed by splicing a domain name of a Microsoft official symbol and a local path into symbol initialization for initialization operation to obtain an initialization address;
calling a symbol function in the initialization address to obtain a symbol file;
calling an enumeration function in the initialization address to obtain a key function address and a related module base address, and then adding the obtained related module base address and the function offset to obtain an absolute memory address of the key function;
calling the acquired file module file in the initialization address to obtain an absolute path of the acquired file, then obtaining an MD5 value through the absolute path and function offset, caching and recording the MD5 value into a registry, wherein the MD5 value takes MD5 as a key value;
injecting a hook module into a resource manager of an operating system, obtaining a full path of the hook module by obtaining a full file function, calculating an MD5 value of the file through the full path, matching the MD5 value with an MD5 value obtained from a cache module, obtaining a function address of a key function and a related module base address after matching is successful, obtaining an actual address of the key function through a calculation module, and then performing hook operation on the actual address, thereby intercepting a path opened by a user file.
7. The method for intercepting user file open based on Windows10 system according to claim 6, wherein: when a symbol function in the initialization address is called, a debugging symbol file is downloaded by creating a symsrc.
8. The method for intercepting user file open based on Windows10 system according to claim 6, wherein: there are two ways to obtain symbol files: obtaining a symbol file in a directory of a symbol cache spliced by local paths; the symbol file is obtained through the download address of the microsoft official symbol, and the symbol initialization specifies a directory of the symbol cache formed by the download address of the microsoft official symbol and the local path.
9. The method for intercepting user file open based on Windows10 system according to claim 6, wherein: when the md5 value changes, the hook module will automatically re-download the symbol of the new module.
10. The method for intercepting user file open based on Windows10 system according to claim 6, wherein: the function offset is obtained by subtracting a relevant module base address from a key function address, the key function address is obtained through a function in a SymEnumSymbols enumeration symbol, then the key function address and the relevant module base address are matched through a function name, and the relevant function base address can also be obtained through a GetModuleHandle function.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811037130.7A CN110879775A (en) | 2018-09-06 | 2018-09-06 | System and method for intercepting and opening user file based on Windows10 system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811037130.7A CN110879775A (en) | 2018-09-06 | 2018-09-06 | System and method for intercepting and opening user file based on Windows10 system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110879775A true CN110879775A (en) | 2020-03-13 |
Family
ID=69727009
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811037130.7A Pending CN110879775A (en) | 2018-09-06 | 2018-09-06 | System and method for intercepting and opening user file based on Windows10 system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110879775A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5257381A (en) * | 1992-02-28 | 1993-10-26 | Intel Corporation | Method of intercepting a global function of a network operating system and calling a monitoring function |
| US6728964B1 (en) * | 1998-06-13 | 2004-04-27 | Intel Corporation | Monitoring function |
| US20110145924A1 (en) * | 2009-12-11 | 2011-06-16 | Mitja Kolsek | Method for detection and prevention of loading executable files from the current working directory |
| US20120016847A1 (en) * | 2009-09-30 | 2012-01-19 | Michael A Provencher | File Management System And Method |
| WO2018121501A1 (en) * | 2016-12-29 | 2018-07-05 | 北京国双科技有限公司 | Method and apparatus for monitoring network visitor behavior |
-
2018
- 2018-09-06 CN CN201811037130.7A patent/CN110879775A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5257381A (en) * | 1992-02-28 | 1993-10-26 | Intel Corporation | Method of intercepting a global function of a network operating system and calling a monitoring function |
| US6728964B1 (en) * | 1998-06-13 | 2004-04-27 | Intel Corporation | Monitoring function |
| US20120016847A1 (en) * | 2009-09-30 | 2012-01-19 | Michael A Provencher | File Management System And Method |
| US20110145924A1 (en) * | 2009-12-11 | 2011-06-16 | Mitja Kolsek | Method for detection and prevention of loading executable files from the current working directory |
| WO2018121501A1 (en) * | 2016-12-29 | 2018-07-05 | 北京国双科技有限公司 | Method and apparatus for monitoring network visitor behavior |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11829186B2 (en) | System and methods for integration of an application runtime environment into a user computing environment | |
| US11461111B2 (en) | Method for running applets, and electronic device | |
| US9602347B2 (en) | Method, system and program for browser to switch IE kernel | |
| US8701104B2 (en) | System and method for user agent code patch management | |
| US8806649B2 (en) | Generating vulnerability reports based on application binary interface/application programming interface usage | |
| US9363310B2 (en) | Standard commands for native commands | |
| US9436482B2 (en) | Input content to application via web browser | |
| US20120246630A1 (en) | System and Method for Automating Installation and Updating of Third Party Software | |
| US20070143379A1 (en) | Metadata driven deployment of applications | |
| WO2019019668A1 (en) | Application startup method and device, computer apparatus, and storage medium | |
| US11144292B2 (en) | Packaging support system and packaging support method | |
| US11475135B2 (en) | Orchestration of vulnerability scanning and issue tracking for version control technology | |
| CN113391874A (en) | Virtual machine detection countermeasure method and device, electronic equipment and storage medium | |
| JP5736335B2 (en) | Application analysis apparatus, application analysis system, and program | |
| CN112468611A (en) | Application program starting method, terminal device and computer storage medium | |
| JP2015132942A (en) | Connection destination information determination device, connection destination information determination method and program | |
| CN110879775A (en) | System and method for intercepting and opening user file based on Windows10 system | |
| US11615338B2 (en) | System and method for generating a file execution record of address tuples | |
| US11785039B2 (en) | Scanning web applications for security vulnerabilities | |
| US11568130B1 (en) | Discovering contextualized placeholder variables in template code | |
| WO2019040048A1 (en) | Reducing remote procedure calls for multimedia content delivery | |
| JP6378808B2 (en) | Connection destination information determination device, connection destination information determination method, and program | |
| CN113709154B (en) | Browser security processing method and device, computer equipment and storage medium | |
| CN116484360B (en) | RASP-based injection method, RASP-based injection device, RASP-based injection medium and RASP-based injection equipment | |
| CN117540385B (en) | Script file monitoring method, system and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |