CN1117322C - Dynamic monitoring and controlling method for files system - Google Patents
Dynamic monitoring and controlling method for files system Download PDFInfo
- Publication number
- CN1117322C CN1117322C CN99102482A CN99102482A CN1117322C CN 1117322 C CN1117322 C CN 1117322C CN 99102482 A CN99102482 A CN 99102482A CN 99102482 A CN99102482 A CN 99102482A CN 1117322 C CN1117322 C CN 1117322C
- Authority
- CN
- China
- Prior art keywords
- monitoring
- file
- controlling method
- file system
- dynamic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The present invention relates to a dynamic monitoring method for a file system, which comprises: (i) file types are analyzed; (ii) an associated dynamic link base is utilized for monitoring condition detecting, if the monitoring condition is consistent with a user requirement, then go to next step, if the monitoring is not needed, then go to step (vii); (iii) associated processes are carried out; (iv) whether the monitoring is needed is enquired automatically, if the monitoring is needed, then go to next step, else go to step (viii); (v)the associated information of an application program is recorded, then go to next step; (vi) the program is changed into a prepare stage; (vii) if condition test result is not consistent with the detection condition of the user requirement, then give up monitoring and go to next step; (Viii) a next clasp joint function is invoked.
Description
Technical field
The present invention relates to a kind of dynamic monitoring and controlling method of file system.
Background technology
At present, in order to realize that file system is dynamically monitored, analyze the operation of user to file system, so that the system failure that reduces to greatest extent even avoid user misoperation to cause, the common instrument that adopts, Cybermedia Uninstaller for example, Norton Uninstall, C1ean Sweep and Magic Folder (to encrypted directory) etc., the common ground of the technology that monitoring is adopted is: before installation and after installing system is carried out snapshot (snapshot) respectively and handle, the state that register system is current, compare then, after finding difference, produce record report, its shortcoming is:
1. with the whole records of current all systems, without analyse and accept or reject, such as the user has carried out the operation of the other types beyond the policer operation during this period, its operating process also can be got off by above-mentioned tool records, so, promptly waste the time, wasted a large amount of system resources again;
2. prior art compare operation record statically just, by the processing of mode such as compare of the difference of forward and backward twice snapshot of policer operation relatively, therefore operation does not possess instantaneity, and the running time is long, misregister, even system had side effects.
Summary of the invention
The object of the present invention is to provide a kind of dynamic monitoring and controlling method of file system, it can be dynamically, immediately file system is carried out policer operation, and speed is fast and take seldom system resource.
Another object of the present invention is to provide a kind of dynamic monitoring and controlling method of file system, its monitoring at file system provides the filter interface of a standard, and the user can realize the orientation of file system monitoring function is expanded by public interface.
The object of the present invention is achieved like this, and a kind of dynamic monitoring and controlling method of file system promptly is provided, and comprises the following steps: (i) file request according to application program, calls corresponding filtrator, file carried out monitoring condition detect; (ii) whether inquiry needs to monitor automatically, if the customer requirements monitoring then proceeds to next step, otherwise proceeds to step (vi); (iii) write down the relevant information of this application program; (iv) next program transfers the preparatory stage to, the next application program of preparation monitoring; If (v) the result of condition detection does not meet the testing conditions of user's request, then abandons monitoring, and proceeds to step (vi); And (vi) call next clasp joint function.
The present invention also provides a kind of dynamic monitoring and controlling method of file system, comprise the following steps: after some application programs are sent file operation requests, operating system nucleus in storer is docked with the supervisory routine of installable file system with it, call first documentor by its inner chained list then, file is monitored, spread all over whole chained list then successively, to finish the monitor service of application programs.
The extremely wonderful monitoring performance that utilization of the present invention provided, have only when the user relates to predefined responsive place (sensitive) to the operation of file system, just can start this monitoring processing procedure, and handled file request will take is that system assignment is given in order to produce the resource of this requestor, need not the extra resource of system assignment, therefore less for taking of system resource, its operation is also simple, only is identification and judgement and relevant treatment to user's operation.
Description of drawings
Below in conjunction with accompanying drawing, describe embodiments of the invention in detail, wherein:
Fig. 1 is the functional block diagram of the dynamic monitoring of file system of the present invention;
Fig. 2 is the process flow diagram of the filtrator of the dynamic monitoring of file system of the present invention;
Fig. 3 is the process flow diagram of the dynamic monitoring of file system of the present invention;
Fig. 4 is the process flow diagram of the SFP of the dynamic monitoring of file system of the present invention;
The process flow diagram that Fig. 5 differentiates for the monitoring condition of the dynamic monitoring of file system of the present invention.
Embodiment
See also Fig. 1, it illustrates functional module of the present invention (module) figure, wherein, comprises in order to the module of the dynamic monitoring and controlling method of realizing file system of the present invention: operation OS kernel 10, watchdog routine 12 and filter interface 14.When the some application programs among several application programs (APP) 5a, 5b, the 5c produce a file request, the management system 11 (Installable File System Manager) of the installable file system of kernel (kemel) the meeting call operation internal system of operating system (OS) is finished service by this management system to file request then.But the present invention had added a watchdog routine 12 before this request of response (respond), before being implemented in file request response execution, and earlier detected purpose.Watchdog routine 12 is called the filter interface 14 of standard after be activated (activate).After file detects with filtrator 18 by watchdog routine 12, if satisfy the condition that detects, the system that then is output as (default) decided at the higher level but not officially announced file 16.
Corresponding to filter interface 14; the user can peg graft (plug in) reach the filtrator 18 of various objectives, as shown in Figure 1, for example in order to realize the filtrator 18a of SFP; reach filtrator 18b for anti-installation the (uninstall) record, or the filtrator 18c of other purposes etc.
Above-mentioned filtrator 18 is to cooperate software to be realized that its process flow diagram comprises the following steps: (i) step 20 as shown in Figure 2, at first by the monitor call filter interface with computer in the present embodiment; (ii) step 22 is followed associated dynamic link storehouse DLL file is discerned; (iii) step 24 judges whether this document satisfies monitored condition, if satisfy, then proceeds to next step, otherwise gets back to step 20, calls out program response service thereafter, until finishing this requested service; (iv) step 26 is provided with sign and record current information, gets back to step 20 then, and in the original file management circulation of the system that turns back to, and the above-mentioned file that satisfies condition will be handled according to user's requirement.
See also Fig. 3, techniqueflow of the present invention comprises the following steps: (i) step 32, at first carries out the file type analysis, for example the analysis of filename; (ii) step 34 is then utilized relevant dynamic link library (DLL), carries out monitoring condition and detects, and sees the demand condition that whether meets the user, if meet, then proceeds to next step, if the user does not need monitoring, then proceeds to step 44; (iii) step 36; Carry out relevant treatment, comprise sign is set, start monitoring; (iv) step 38, whether inquiry needs to monitor automatically, if the customer requirements monitoring then proceeds to next step, otherwise proceeds to step 46; (v) step 40 writes down the relevant information of this application program, proceeds to step 42 then; (vi) step 42, next program transfers the preparatory stage to, the next application program of preparation monitoring; (vii) step 44 if the result that condition detects does not meet the testing conditions of user's request, is then abandoned monitoring, and is proceeded to step 46; (viii) step 46 is called next clasp joint function (HOOK).
That is to say, after some application programs are sent file operation requests, operating system nucleus is docked with the supervisory routine of installable file system with it, call first documentor by its inner chained list (chained list) then, spread all over whole chained list then successively, finish the monitor service of application programs, in this process, the watchdog routine that is inserted into is after obtaining administrative power, at first, by calling a dynamic link library, to the file request of importing into, if satisfied monitoring condition then correlating markings be set, carry out relevant treatment, for example, if file has installation procedure filename (file name) feature, then watchdog routine starts the installation writing function, if filename satisfies executable program file name characteristic condition, then watchdog routine starts, and will be under an embargo at write operation, whether the system that can know is satisfied this request by the dynamic link library rreturn value, if response request is then noted current processing procedure record mark is set, begin this application program is monitored, after finishing the desired task of monitoring, change the file request of going to handle other.
In order to specify technology implementation method of the present invention; below especially exemplified by the example of SFP; in monitor procedure to SFP; need to judge whether file is executable file or system file; because the file of this two type is the sensitive document type of SFP; in case deletion or change above two types file, even can cause the parameter transmission of file system to damage.Therefore the user is when calling certain file system, in order to prevent to be revised or the malicious sabotage file system by other people, and sets watchdog routine, by the password form to limit user's modification authority, to reach the protection of file system.
As shown in Figure 4, it is the motion flow of SFP VXD, comprises the following steps: (i) step 52, by the systems communicate parameter; (ii) step 54 is called out (call) outer 16 dynamic link libraries (DLL); (iii) step 56, the content in the file table compares, and judges whether to be system file, if then carry out next step, otherwise proceed to step 62; (iv) step 58 judges whether, then to proceed to next step, otherwise proceed to step 62 if desire is revised system file into the property revised operation; (v) step 60, watchdog routine will not respond, and confirms that file operation is illegal, returns beginning; (vi) step 62 is transmitted parameter downwards, calls out next program.
See also Fig. 5, it is the flow process of outer 16 dynamic link libraries action, whether satisfies monitoring condition in order to judge file request, comprise the following steps: (i) step 72, after receiving a file request, call standard filter provided by the present invention, import parameter into; (ii) step 74, the locating file table; (iii) whether step 76 is differentiated this file request and is listed in the table, if in table, monitoring condition is satisfied in then definite this document request, proceeds to next step, otherwise proceeds to step 86; (iv) step 78 continues to judge whether this document request is write operation, if then proceed to next step, otherwise proceed to step 86; (v) step 80 ejects the warning dialog box automatically, the web-privilege password Web of inquiry file modification; (vi) step 82 confirms whether password is correct, if password is correct, then proceeds to step 84, otherwise proceeds to step 88; (vii) step 84; Allow operation (deletion, modification etc.), and continue next file request of response; (viii) step 86, retrieval system is transferred control to next supervisory routine; (ix) step 88, interrupt response, and return.
Above-mentioned steps 76, file request are that monitoring condition is not satisfied in the request of expression this document not in the file table, thus need retrieval system, and transfer control to next supervisory routine.And in the step 78, when this document request is not write operation, can not have influence on the safety of file system, thus monitoring also need not be continued, and only need retrieval system, transfer control to next supervisory routine.
Claims (8)
1. the dynamic monitoring and controlling method of a file system is characterized in that, comprises the following steps:
(i) according to the file request of application program, call corresponding filtrator, file is carried out monitoring condition detect;
(ii) whether inquiry needs to monitor automatically, if the customer requirements monitoring then proceeds to next step, otherwise proceeds to step (vi);
(iii) write down the relevant information of this application program;
(iv) next transfer the preparatory stage to, the next application program of preparation monitoring;
If (v) the result of condition detection does not meet the testing conditions of user's request, then abandons monitoring, and proceeds to step (vi); And
(vi) call the clasp joint function.
2. the dynamic monitoring and controlling method of file system as claimed in claim 1 is characterized in that, the flow process that described filtrator is monitored comprises the following steps:
(1) carries out the file type analysis;
(2) utilize relevant dynamic link library, carry out monitoring condition and detect, see the demand condition that whether meets the user,, then proceed to next step,, then proceed to above-mentioned steps (v) if the user does not need monitoring if meet;
(3) sign is set, starts monitoring.
3. the dynamic monitoring and controlling method of file system as claimed in claim 1 is characterized in that, described filtrator comprises the filtrator of implementation system file protection, for the anti-filtrator that record is installed, or the filtrator of other purposes etc.
4. the dynamic monitoring and controlling method of file system as claimed in claim 2 is characterized in that, is the analysis of carrying out filename in the described step (i).
5. the dynamic monitoring and controlling method of file system as claimed in claim 1, it is characterized in that, also comprise the following steps: after some application programs are sent file operation requests, operating system nucleus in storer is docked with the supervisory routine of installable file system with it, call first documentor by its inner chained list then, file is monitored, and the whole chained list of overvoltage successively then is to finish the monitor service of application programs.
6. the dynamic monitoring and controlling method of file system as claimed in claim 5, it is characterized in that, in the described inferior process that file is monitored, the watchdog routine that is inserted into is after obtaining administrative power, at first, by calling a dynamic link library, to the file request of importing into,, carry out relevant treatment if satisfied monitoring condition then correlating markings is set, whether the system that can know is satisfied this request by the dynamic link library rreturn value, if response request is then noted current processing procedure record mark is set, begin this application program is monitored, after finishing the desired task of monitoring, change the file request of going to handle other.
7. the dynamic monitoring and controlling method of file system as claimed in claim 6 is characterized in that, described relevant treatment is when file has installation procedure filename feature, and then watchdog routine starts the installation writing function.
8. the dynamic monitoring and controlling method of file system as claimed in claim 6 is characterized in that, described relevant treatment is when filename satisfies executable program file name characteristic condition, and then watchdog routine starts, and will be under an embargo to write operation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN99102482A CN1117322C (en) | 1999-03-04 | 1999-03-04 | Dynamic monitoring and controlling method for files system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN99102482A CN1117322C (en) | 1999-03-04 | 1999-03-04 | Dynamic monitoring and controlling method for files system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1266228A CN1266228A (en) | 2000-09-13 |
CN1117322C true CN1117322C (en) | 2003-08-06 |
Family
ID=5270836
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN99102482A Expired - Fee Related CN1117322C (en) | 1999-03-04 | 1999-03-04 | Dynamic monitoring and controlling method for files system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN1117322C (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100442301C (en) * | 2004-11-12 | 2008-12-10 | 国际商业机器公司 | Method and system for monitoring content |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100367230C (en) * | 2004-01-19 | 2008-02-06 | 中国人民解放军理工大学 | Action control method based on LSM programme |
CN100388234C (en) * | 2005-12-09 | 2008-05-14 | 中兴通讯股份有限公司 | Method for monitoring internal memory varible rewrite based on finite-state-machine |
CN101866407A (en) * | 2010-06-18 | 2010-10-20 | 北京九合创胜网络科技有限公司 | Method and device for realizing security of operating system platform |
CN108573596B (en) * | 2012-12-28 | 2020-10-16 | 松下电器(美国)知识产权公司 | Control method |
CN107958152A (en) * | 2017-12-04 | 2018-04-24 | 山东中创软件商用中间件股份有限公司 | Tamper resistant method, device and equipment based on Virtual File System |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1046620A (en) * | 1990-04-05 | 1990-10-31 | 杨筑平 | Protecting mechanism for stored information |
-
1999
- 1999-03-04 CN CN99102482A patent/CN1117322C/en not_active Expired - Fee Related
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1046620A (en) * | 1990-04-05 | 1990-10-31 | 杨筑平 | Protecting mechanism for stored information |
Non-Patent Citations (1)
Title |
---|
《华中理工大学学报》第22卷第1期 1994-01-01 洪帆 付小青 宋善德 《基于完整性的文件保护》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100442301C (en) * | 2004-11-12 | 2008-12-10 | 国际商业机器公司 | Method and system for monitoring content |
Also Published As
Publication number | Publication date |
---|---|
CN1266228A (en) | 2000-09-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7185335B2 (en) | Programmatic application installation diagnosis and cleaning | |
US7512778B2 (en) | Method for sharing host processor for non-operating system uses by generating a false remove signal | |
US8341648B1 (en) | Automatic virtualization based on user-defined criteria | |
CN111813646B (en) | Method and device for injecting application probe in docker container environment | |
WO2003107220B1 (en) | Layered computing systems and methods for insecure environments | |
CA2614267A1 (en) | Per-user and system granular audit policy implementation | |
US7058563B1 (en) | Device driver auto-load | |
CN1117322C (en) | Dynamic monitoring and controlling method for files system | |
US6519637B1 (en) | Method and apparatus for managing a memory shortage situation in a data processing system | |
CN111813774B (en) | Method for monitoring and acquiring traceability information based on sysdig system | |
US20100049749A1 (en) | System of synchronizing data between storage devices and method thereof | |
FR2902254A1 (en) | PILOTAGE OF A MULTIFUNCTION DEVICE | |
US7979238B2 (en) | System, method and computer program product for evaluating a test of an alternative system | |
CN112948170B (en) | Method for realizing system power-down protection by using snapshot function of equipment mapping | |
CN1173269C (en) | Monitor method for reverse mounting | |
CN113127816A (en) | Method for preventing Linux command line key from being leaked | |
CN1310395A (en) | Register base dynamic monitoring method | |
CN114546717A (en) | Method and device for starting android intelligent terminal, intelligent terminal and storage medium | |
US20070130379A1 (en) | Method for data processing based on an operation route in peripheral equipment | |
WO2021072877A1 (en) | Secure starting method and apparatus for cloud host, and computer device and storage medium | |
CN111680296A (en) | Method, device and equipment for identifying malicious program in industrial control system | |
CN1180869A (en) | Apparatus and method for controlling computer system having hot-swapping function | |
CN111859468A (en) | Container webpage tamper-proofing method, device, equipment and medium | |
JPH0962493A (en) | Software installation system | |
CN112115451B (en) | Method for identifying hot plug hardware USB dongle in Docker container of ARM architecture |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C06 | Publication | ||
PB01 | Publication | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C17 | Cessation of patent right | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20030806 Termination date: 20110304 |