CN111414603A - Application based on communication mechanism between named pipelines - Google Patents
Application based on communication mechanism between named pipelines Download PDFInfo
- Publication number
- CN111414603A CN111414603A CN202010184460.XA CN202010184460A CN111414603A CN 111414603 A CN111414603 A CN 111414603A CN 202010184460 A CN202010184460 A CN 202010184460A CN 111414603 A CN111414603 A CN 111414603A
- Authority
- CN
- China
- Prior art keywords
- program
- communication
- named
- authority
- upgrading
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 51
- 230000007246 mechanism Effects 0.000 title claims abstract description 25
- 238000000034 method Methods 0.000 claims abstract description 72
- 230000008569 process Effects 0.000 claims abstract description 65
- 230000005540 biological transmission Effects 0.000 claims abstract description 15
- 238000012545 processing Methods 0.000 claims abstract description 9
- 238000012544 monitoring process Methods 0.000 claims description 6
- 230000008859 change Effects 0.000 claims description 4
- 230000009467 reduction Effects 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000009365 direct transmission Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/42—User authentication using separate channels for security data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/546—Message passing systems or structures, e.g. queues
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2209/00—Indexing scheme relating to G06F9/00
- G06F2209/54—Indexing scheme relating to G06F9/54
- G06F2209/548—Queue
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention belongs to the technical field of communication among named pipelines, in particular to an application based on a communication mechanism among the named pipelines, which comprises the following steps: starting login of a portal process, completing self-checking of a self program, finding that upgrading is needed, starting an upgrading program non-interception program UnalbeIntecreptFileSync process, and upgrading a non-interception file; switching program running accounts, completing complex business processing logic between processes, completing named pipe communication between the current running program and the Windows service process, and switching program running identities; the mechanism of the named pipeline among the processes is established, so that the authority of the program is improved and the authority of the program is reduced, the program can be improved to operate and reduce the authority in a direction-changing manner, the transmission of the encrypted information is carried out through the communication of the named pipeline, and the distribution and the transmission of the encrypted information among the service and each process are completed; allocating memory space according to the process communication request; and storing the communication data into the memory space.
Description
Technical Field
The invention relates to the technical field of communication among named pipelines, in particular to application based on a communication mechanism among the named pipelines.
Background
In the running process of software, data transmission among processes is inevitably needed, and the general mode is that corresponding data is stored in a local file through one process, and the other process reads the corresponding local file to acquire the data or stores the data in a database for transfer; moreover, data operations among different Windows USERs cannot be performed, for example, if the current account is a USER account, a risk that a local file cannot be written may be encountered, so that data transmission is blocked from a source, and since the running process is under the current account, data interaction with a high-permission account, such as a service process running with a SYSTEM account, is difficult to perform, when the permission of the current process is to be improved to execute the SYSTEM-level permission, such as operating a registry, performing file registration, reading and updating a SYSTEM file, and the like, are limited. The data transmission is completed by opening named pipe communication, so that the direct transmission of data between the processes can be realized, and a synchronization mechanism similar to data between Socket communication is provided. Data communication can be carried out through direct and local services, the promotion and reduction of the inter-process permission are completed, and the promotion permission and the reduction permission operation of the program are facilitated.
The current application based on the communication mechanism between named pipes has the following problems:
1. the existing named pipe communication mechanism based on named pipe communication has high coupling degree to programs.
2. The current communication mechanism based on named pipes is not direct data transmission, risks data stealing, and may cause deadlock and efficiency reduction.
3. The existing communication mechanism based on named pipes is easy to generate abnormity in the operation process.
4. The current communication mechanism based on named pipes cannot be expanded.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides the application of a named-pipe-based communication mechanism, and solves the problems that the existing named-pipe-based communication mechanism has higher coupling degree to a program, faces the risk of data stealing, possibly causes deadlock and reduces efficiency.
(II) technical scheme
In order to achieve the purpose, the invention provides the following technical scheme: an application based on communication mechanism between named pipes includes the following operation procedures,
s1: the method comprises the steps of starting login of a portal process, completing self-checking of a program, finding that upgrading is needed, starting an upgrading program non-interception program UnalbeInterceptFileSync process, upgrading a non-interception file, establishing communication among named pipelines, simulating an operation identity in named pipeline connection, ensuring input and output of multithread monitoring data among the named pipeline communication, and ensuring the number of threads of the opened threads to be fixed under multithread monitoring and synchronization of the threads among the processes;
s2: switching program running accounts, completing complex business processing logic between processes, completing named pipeline communication between the current running program and the Windows service process, switching program running identities, sending a command to complete related operations after complex authority is promoted, and switching back to the current running account after running is completed;
s3: and a mechanism for naming the pipeline among the processes is established, so that the program can be controlled to improve the authority and reduce the authority. The program can be enabled to promote program operation and lower the authority by direction change, and the transmission of encrypted information is carried out through named pipe communication, so that the distribution and transmission of the encrypted information between the service and each process are completed;
s4: allocating memory space according to the process communication request; storing the communication data into the memory space; writing the logic address of the memory space into a message queue; and accessing the communication data through the logic address read from the message queue.
(III) advantageous effects
Compared with the prior art, the invention provides an application based on a communication mechanism between named pipelines, which has the following beneficial effects:
1. the application based on the communication mechanism between the named pipelines improves the safety of data transmission and protects the leakage of sensitive information such as passwords and the like.
2. The application based on the communication mechanism between the named pipelines improves the execution range and the control capability of the program, and enables logic operations which cannot be done to be done.
3. The application based on the communication mechanism between the named pipelines solves the problem of abnormal operation of products and enables clients to be unaware of the abnormal operation.
4. The communication mechanism based on named pipes is applied to greatly expand the transmission mode among data, and the processing mode is wide, reproducible and expandable.
Drawings
FIG. 1 is a schematic diagram of the process path of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Examples
Referring to fig. 1, the present invention provides the following technical solutions: an application based on communication mechanism between named pipes includes the following operation procedures,
s1: the method comprises the steps of starting login of a portal process, completing self-checking of a program, finding that upgrading is needed, starting an upgrading program non-interception program UnalbeInterceptFileSync process, upgrading a non-interception file, establishing communication among named pipelines, simulating an operation identity in named pipeline connection, ensuring input and output of multithread monitoring data among the named pipeline communication, and ensuring the number of threads of the opened threads to be fixed under multithread monitoring and synchronization of the threads among the processes;
s2: switching program running accounts, completing complex business processing logic between processes, completing named pipeline communication between the current running program and the Windows service process, switching program running identities, sending a command to complete related operations after complex authority is promoted, and switching back to the current running account after running is completed;
s3: and a mechanism for naming the pipeline among the processes is established, so that the program can be controlled to improve the authority and reduce the authority. The program can be enabled to promote program operation and lower the authority by direction change, and the transmission of encrypted information is carried out through named pipe communication, so that the distribution and transmission of the encrypted information between the service and each process are completed;
s4: allocating memory space according to the process communication request; storing the communication data into the memory space; writing the logic address of the memory space into a message queue; and accessing the communication data through the logic address read from the message queue.
The invention solves the problem of communication among processes through the named pipeline, completes the related operation which cannot be completed and the business processing logic through establishing the named pipeline among the programs, and completes the improvement of the efficiency and the function through establishing the multi-thread concurrent operation.
Specifically, the method comprises the following steps:
1. the method comprises the steps of starting login of a portal process, completing self-checking of a program per se, finding that upgrading is needed, starting an UnalbeInterceptFileSync process of a non-intercepted program of an upgrading program, upgrading a non-intercepted file, possibly operating a corresponding registry, registering a file, replacing a system file, modifying a local file, modifying system authority and the like in the upgrading process, wherein the operations can be carried out only by needing high-level Windows authority, connecting a named pipeline with a created Windows service process in the process, and sending a corresponding message to the Windows service process (SmartClient) after the connection is established; the Windows service process runs under a SYSTEM-level authority account number (SYSTEM), directly receives and processes specific service logic after receiving an operation command transmitted by an FI end at the other end of a command pipeline, thereby completing the operation which can not be completed by running the account number by the USER possibly.
2. Switching program operation accounts, wherein the part in fig. 1 introduces the establishment of a named pipeline and completes complex service processing logic among processes, but related service processing is completed based on the fact that the processes operate under a SYSTEM account, if a command is sent to a service process at this time, the service process starts a corresponding portal process, the portal process operates under the SYSTEM account after being started, the program process operating under the SYSTEM account has difference between environment variables for accessing the SYSTEM and the current account.
The program running in the SYSTEM identity is different from the ordinary user mainly in the following points:
2.1. the registry paths are different, and the registry paths taken by HKEY _ CURRENT _ USER are different.
2.2 environmental variables are different, there are many variables under the SYSTEM user that do not.
2.3. The paths of network mappings are different, for example, a common user maps a network hard disk, but the partition is invisible to SYSTEM, and the like, for example, the SYSTEM opens a local desktop folder and sees different contents from a desktop folder seen by a current Windows account, and when uploading and downloading of a file are performed, it is very troublesome to access the specific path that the user wants to access.
How to switch the operation identity, a specific operation circuit diagram is given on the upper part of fig. 1, when a portal logs in, a specific thread is started to start a dataexchange pipconnect operation process, the started dataexchange pipconnect process creates an acceptance (FI) end of a named pipeline, and the receiving end waits for receiving sent data at any time. At this time, the Windows service process Smartclient opens a connection (FO) end for creating a naming pipeline with the DataExhangePipconnect, and directly sends a message to the corresponding DataExhangePipconnect process through the created naming pipeline, thereby finishing FIFO operation. The application program has the starting portal process starting, so the application program still runs in the current login account of the Windows operating system, and the started portal process or the current login account of the Windows operating system. Through the data transmission among the named pipelines, the operation which cannot be completed by the specific current account is completed, and the switching of the Windows accounts is completed through the establishment of the named pipelines. And the upgraded program is still operated under the environment variable of the Windows operating system login account. The processing of specific services and the reading of the parameters of the system are not influenced.
3. And a mechanism for naming the pipeline among the processes is established, so that the program can be controlled to improve the authority and reduce the authority. The direction change can enable the program to improve the program operation and lower the authority, such as the execution logic of the program in the lower half part of fig. 1, and improve the program from the running state under the current Windows login account to the authority of the SYSTEM level. The authority of program execution can be reduced by establishing a named pipeline, for example, the upper part of the execution logic in fig. 1 switches back to the current Windows login account through the SYSTEM high-level operation authority of the Windows service, so that the authority is weakened and reduced, and misoperation and the like caused by overhigh authority are avoided. On one hand, the account personnel with lower authority use the program execution fluency endowed by high authority, and the specific security setting of the operating system level is not possibly damaged.
4. The portal is started by transmitting corresponding passwords and encrypted Token information, the sensitive information is prevented from being directly exposed outside by establishing a command pipeline, the sensitive information is directly transmitted through a bridge established between processes, namely the pipeline, the portal is restarted, and the data security is protected.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that changes may be made in the embodiments and/or equivalents thereof without departing from the spirit and scope of the invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (1)
1. An application based on a communication mechanism between named pipes is characterized in that: comprises the following steps of the following operation flow,
s1: the method comprises the steps of starting login of a portal process, completing self-checking of a program, finding that upgrading is needed, starting an upgrading program non-interception program UnalbeInterceptFileSync process, upgrading a non-interception file, establishing communication among named pipelines, simulating an operation identity in named pipeline connection, ensuring input and output of multithread monitoring data among the named pipeline communication, and ensuring the number of threads of the opened threads to be fixed under multithread monitoring and synchronization of the threads among the processes;
s2: switching program running accounts, completing complex business processing logic between processes, completing named pipeline communication between the current running program and the Windows service process, switching program running identities, sending a command to complete related operations after complex authority is promoted, and switching back to the current running account after running is completed;
s3: and a mechanism for naming the pipeline among the processes is established, so that the program can be controlled to improve the authority and reduce the authority. The program can be enabled to promote program operation and lower the authority by direction change, and the transmission of encrypted information is carried out through named pipe communication, so that the distribution and transmission of the encrypted information between the service and each process are completed;
s4: allocating memory space according to the process communication request; storing the communication data into the memory space; writing the logic address of the memory space into a message queue; and accessing the communication data through the logic address read from the message queue.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010184460.XA CN111414603A (en) | 2020-03-17 | 2020-03-17 | Application based on communication mechanism between named pipelines |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010184460.XA CN111414603A (en) | 2020-03-17 | 2020-03-17 | Application based on communication mechanism between named pipelines |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111414603A true CN111414603A (en) | 2020-07-14 |
Family
ID=71493009
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010184460.XA Pending CN111414603A (en) | 2020-03-17 | 2020-03-17 | Application based on communication mechanism between named pipelines |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111414603A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111898158A (en) * | 2020-07-23 | 2020-11-06 | 百望股份有限公司 | Encryption method for OFD (office file format) document |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1811717A (en) * | 2006-01-10 | 2006-08-02 | 杭州东信灵通电子实业公司 | Universal interprocess communication achieving method |
CN101359355A (en) * | 2007-08-02 | 2009-02-04 | 芯微技术(深圳)有限公司 | Method for raising user's authority for limitation account under Windows system |
CN101593121A (en) * | 2009-06-23 | 2009-12-02 | 中兴通讯股份有限公司 | The method of on-line software updating, Apparatus and system |
CN101751287A (en) * | 2008-12-03 | 2010-06-23 | 北京天融信科技有限公司 | Method for executing operation under Windows without limitation of user right |
CN103425538A (en) * | 2012-05-24 | 2013-12-04 | 深圳市腾讯计算机系统有限公司 | Process communication method and process communication system |
CN104268025A (en) * | 2014-09-30 | 2015-01-07 | 珠海市君天电子科技有限公司 | Interprocess communication method and system, and server |
CN105205412A (en) * | 2015-09-25 | 2015-12-30 | 北京北信源软件股份有限公司 | Inter-process communication intercepting method and device |
CN106201747A (en) * | 2016-07-22 | 2016-12-07 | 浪潮软件集团有限公司 | Method for accessing intelligent password equipment under limited user of WINDOWS system |
CN108833578A (en) * | 2018-06-30 | 2018-11-16 | 武汉斗鱼网络科技有限公司 | The method and relevant device of duplex communication are carried out based on FIFO name pipeline |
-
2020
- 2020-03-17 CN CN202010184460.XA patent/CN111414603A/en active Pending
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1811717A (en) * | 2006-01-10 | 2006-08-02 | 杭州东信灵通电子实业公司 | Universal interprocess communication achieving method |
CN101359355A (en) * | 2007-08-02 | 2009-02-04 | 芯微技术(深圳)有限公司 | Method for raising user's authority for limitation account under Windows system |
CN101751287A (en) * | 2008-12-03 | 2010-06-23 | 北京天融信科技有限公司 | Method for executing operation under Windows without limitation of user right |
CN101593121A (en) * | 2009-06-23 | 2009-12-02 | 中兴通讯股份有限公司 | The method of on-line software updating, Apparatus and system |
CN103425538A (en) * | 2012-05-24 | 2013-12-04 | 深圳市腾讯计算机系统有限公司 | Process communication method and process communication system |
CN104268025A (en) * | 2014-09-30 | 2015-01-07 | 珠海市君天电子科技有限公司 | Interprocess communication method and system, and server |
CN105205412A (en) * | 2015-09-25 | 2015-12-30 | 北京北信源软件股份有限公司 | Inter-process communication intercepting method and device |
CN106201747A (en) * | 2016-07-22 | 2016-12-07 | 浪潮软件集团有限公司 | Method for accessing intelligent password equipment under limited user of WINDOWS system |
CN108833578A (en) * | 2018-06-30 | 2018-11-16 | 武汉斗鱼网络科技有限公司 | The method and relevant device of duplex communication are carried out based on FIFO name pipeline |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111898158A (en) * | 2020-07-23 | 2020-11-06 | 百望股份有限公司 | Encryption method for OFD (office file format) document |
CN111898158B (en) * | 2020-07-23 | 2023-09-26 | 百望股份有限公司 | Encryption method of OFD (optical frequency division) document |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106201566B (en) | Benefit wins the hot upgrade method of big special software and equipment | |
CN101196974B (en) | Method and system for auto-configuratoin of software application program | |
US8230394B2 (en) | Managing data settings in a computer operating system | |
CN108681662B (en) | Method and device for installing program | |
JPH0922392A (en) | Method and device for conspiracy between objects | |
US9342388B1 (en) | Dynamic queue alias | |
US9858136B2 (en) | Resource manager failure handling in a multi-process transaction environment | |
CN103714287A (en) | Method and device for obtaining temporary Root authority | |
US20220276878A1 (en) | Method and apparatus for generating image file and computer-readable storage medium | |
US20140164842A1 (en) | Role-oriented testbed environments for use in test automation | |
CN106708842B (en) | Method for loading data by application system, database and application system | |
CN113765701A (en) | Gateway control method based on permanent memory cache | |
CN111414603A (en) | Application based on communication mechanism between named pipelines | |
EP3975499A1 (en) | Authentication method and device, computing equipment and medium | |
CN113448643A (en) | Configuration data management system and method | |
JP2000194631A (en) | Communication agent between manager of information processing system and at least single resource | |
CN113268450A (en) | File access method and device, electronic equipment and storage medium | |
CN115495289A (en) | Equipment state switching control method, device, equipment and computer storage medium | |
JP7217376B2 (en) | BLOCKCHAIN SYSTEM STARTUP METHOD, DEVICE, DEVICE AND STORAGE MEDIUM | |
CA2997302C (en) | Application migration | |
EP1145136A2 (en) | Method and apparatus for dynamic command extensibility in an intelligent agent | |
GB2584346A (en) | Data-exchange between blockchains | |
CN108563475A (en) | Operation method, device and the storage medium of application program | |
WO2020239436A1 (en) | Data-exchange between blockchains | |
CN107544854B (en) | Method and system for synchronously accessing cross-process data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200714 |
|
RJ01 | Rejection of invention patent application after publication |