TW583585B - A module of safe execution program under Windows operating system and method thereof - Google Patents

A module of safe execution program under Windows operating system and method thereof Download PDF

Info

Publication number
TW583585B
TW583585B TW91111262A TW91111262A TW583585B TW 583585 B TW583585 B TW 583585B TW 91111262 A TW91111262 A TW 91111262A TW 91111262 A TW91111262 A TW 91111262A TW 583585 B TW583585 B TW 583585B
Authority
TW
Taiwan
Prior art keywords
module
program
execution
call
operating system
Prior art date
Application number
TW91111262A
Other languages
Chinese (zh)
Inventor
Tian-Jang Luo
Original Assignee
Netasp Internat Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Netasp Internat Co Ltd filed Critical Netasp Internat Co Ltd
Priority to TW91111262A priority Critical patent/TW583585B/en
Application granted granted Critical
Publication of TW583585B publication Critical patent/TW583585B/en

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention relates to module of safe execution program under Windows operating system (OS) and method thereof are adapted to secure user's program execution under Windows OS that won't cause the protected file system, networking system and registry tree from being changed or devastated as a result of exceptional event and are characterized by executing the safe execution module of the invention under the Windows OS to ensure correct operation of user's program under the Windows OS.

Description

583585 五、發明說明(1) 【發明領域】 本發明係關於在視窗作業系統下安全執行程式的模組 與方法,其適用於確保使用者程式於視窗作業系統下執行 ,不至於因例外事件而導致受保護的檔案系統,網路相關 系統,與註冊樹,受到更動或破壞,其特徵在於該視窗作 業系統下執行安裝本發明的安全執行模組,以控制使用者 程式於視窗作業系統下正確執行無誤。 【發明背景】 本發明係關於在視窗作業系統下安全執行程式的模組 與方法,其適用於確保使用者程式於視窗作業系統下執行 ,不至於因例外事件而導致受保護的檔案系統,網路相關 系統,與註冊樹,受到更動或破壞,其特徵在於該視窗作 業系統下執行本發明的安全執行模組,以控制使用者程式 於視窗作業系統下正確執行無誤。 於2 0 0 2年四月二日公開的美國專利案第6,3 6 6,9 6 6號 ,π自動執行程式的方法與系統π,其主要功能為當偵測 到有一儲存程式的媒體被放入磁碟機時,該方法與系統會 將被儲存的該程式自動執行。主要原理為作業系統週期性 地詢_問該磁碟機,關於該磁碟機目前的狀態,而由該作業 系統負責決定該磁碟機目前的狀態是否已經改變。倘若該 磁碟機目前的_狀態已經改變,該作業系統廣播該磁碟機目 前的狀態已經改變的訊息出去。 而一旦殼層(s h e 1 1 )收到從作業系統傳來的訊息,該583585 V. Description of the invention (1) [Field of the invention] The present invention relates to a module and method for safely executing programs under a Windows operating system, and is suitable for ensuring that user programs are executed under a Windows operating system, so as not to be caused by exceptional events. The protected file system, network related system, and registration tree are changed or destroyed, which is characterized in that the windows operating system is implemented to install the security execution module of the present invention to control the user program to correctly operate in the windows operating system. Performed without error. [Background of the Invention] The present invention relates to a module and method for safely executing programs under a Windows operating system, and is suitable for ensuring that a user program runs under a Windows operating system without causing a protected file system due to exceptional events. The road-related system and the registration tree have been changed or destroyed, which is characterized in that the security operating module of the present invention is executed under the window operating system to control the user program to execute correctly under the window operating system without errors. U.S. Patent No. 6,36,96,96, published on April 2, 2002, a method and system for automatically executing a program π, whose main function is to detect a medium that stores a program When put into the drive, the method and system will automatically execute the stored program. The main principle is that the operating system periodically inquires and asks the drive about the current state of the drive, and the operating system is responsible for determining whether the current state of the drive has changed. If the current state of the drive has changed, the operating system broadcasts a message that the current state of the drive has changed. Once the shell (s h e 1 1) receives a message from the operating system, the

第4頁 583585 五、發明說明 訊思拍不該磁碟機 碟機目前的狀態已 被放入β磁碟機。 體已被放入該磁碟 媒體上的稽案。該 的檔案程式自動執 該知式自動執行, 目前的狀態已經改變 經改變的事件,是否 若該磁碟機目前狀態 機,该殼層將搜尋一 殼層隨後將一事先定 行。由此,該方法與 其間不需要使用者任 ,殼層會決定該磁 表示一儲存媒體已 改變顯示該儲存媒 事先定義於該儲存 義於該儲存媒體上 系統會將被儲存的 何動作的參與。Page 4 583585 V. Description of the invention Xun Si should not take the drive. The current state of the drive has been placed in the beta drive. The volume has been placed on the disk media. The file program is automatically executed. The knowledge type is automatically executed. The current state has changed. After the changed event, if the drive is currently in the state machine, the shell will search for a shell and then perform a predetermined operation. Therefore, the method does not require any user action, and the shell layer will determine that the magnetic indicates that a storage medium has been changed to show that the storage medium is defined in the storage in advance, and that the system will participate in any action that the system will store .

何謂殼層(She 1 1) ?殼層(She 1 1)在作業系統中的職 責是:當作指令解譯器和程式語言的工具。作業系統安排 使用者在每一個電腦工作之始即和殼層對話,在此工作期 間,使用者可重覆的和殼層交談,對殼層發出命令以指揮 系統替使用者工作。 事貫上,使用者對作業系統所作的任何事情乃是透過 殼層,故可以將殼層想成是環繞在核心程式(kernel)之 外的指令解釋器。殼層的特性如下: 1 ·父談式的命令處理:使用者與作業系統間的通信透 過殼層1作交談式的對話。 2 ·背景式的工作處理。What is She 1 (She 1 1)? She 1 (She 1 1) 's role in the operating system is: as a tool of instruction interpreter and programming language. The operating system arranges that the user talks to the shell at the beginning of each computer job. During this work, the user can repeatedly talk to the shell and issue commands to the shell to instruct the system to work for the user. In fact, anything the user does to the operating system is through the shell, so the shell can be thought of as a command interpreter that surrounds the kernel. The characteristics of the shell are as follows: 1. Parental command processing: The communication between the user and the operating system is conducted through the shell 1 for a conversation. 2 Background work processing.

3·重新的輸出入導向:為達目的的命令可以由輪出入 轉向( <、>、<<、 >>)便利的完成。 4 ·管線處理(p i pe):可以將數個簡單的指令連接在 一起成為較複雜的工作。 5 ·廣義識別字的此對(?、*):透過簡單的一組字串 ,可以—次挑選一個或多個檔案來加以處理,免去重複3. Re-input-output orientation: The order for the purpose can be changed from wheel-in / turn-out (<, >, < <, > >) conveniently. 4 · Pipeline processing (pipe): Several simple instructions can be connected together to become a more complex task. 5 · This pair of generalized identifiers (?, *): Through a simple set of strings, one or more files can be selected at a time for processing, avoiding repetition

583585 五、發明說明(3) 輸入指令的麻煩。 6. 殼層命令稿(Shell sc r i p t) ··將殼層命令集中鍵 入在一個檔案,執行該檔案就會由該檔案依序讀出每一 道殼層命令,並一一執行’如同一批次作業。 7. 殼層變數:藉著將資料存入變數中,使殼層可以自 由的存取該變數,增加殼層程式的發揮空間。 美國專利案第6,3 6 6,9 6 6號能自動將指定檔案載入執 行,然而美國專利案第6,3 6 6,9 6 6號案不能提供對所要求 的檔案系統,網路相關系統,與註冊樹,作出應有的保護 。請參見在未加入本發明安全執行程式模組之前的,其視 窗作業系統之軟體執行環境,顯示在圖一(a )。圖一(a ) 的視窗作業系統1 1 0可以直接處理由使用者程式1 2 0傳來的 直接呼叫要求,進行處理,相對地,視窗作業系統1 1 0若 因使用者程式1 2 0傳來的呼叫要求產生錯誤,系統混亂與 失序的機會也升高。 ~~ 【發明概要】 本發明主要目的係提供一個在視窗作業系統下安全執 行的模組與方法·,以提供並確保使用者程式於視窗作業系 統下~執行,再者,本發明能確保受指定保護的檔案系統, 網路相關系統,與註冊樹,不至於因意外事件而導致非允 許的更動或破壞,第三,有效減少使用者程式於視窗作業 系統下安全熱行,所需耗用的主記Τϋ量。583585 V. Description of the invention (3) The trouble of inputting instructions. 6. Shell script (Shell script) ·· Shell commands are typed in a file, and the file will be read out sequentially from the file and executed one by one, such as the same batch operation. 7. Shell variable: By storing data in the variable, the shell can freely access the variable and increase the space for the shell program. U.S. Patent No. 6,3 6 6,9 6 6 can automatically load the specified file for execution, but U.S. Patent No. 6, 3 6 6, 9 6 6 cannot provide the required file system, network Related systems, and registration trees, give due protection. Please refer to Fig. 1 (a) for the software execution environment of the window operating system before the safe execution program module of the present invention is added. The window operating system 1 1 in FIG. 1 (a) can directly process and process the direct call request from the user program 120. In contrast, the window operating system 1 1 0 Incoming calls require errors, and the chances of system confusion and disorder increase. [Summary of the Invention] The main purpose of the present invention is to provide a module and method for safe execution under the Windows operating system to provide and ensure that the user program runs under the Windows operating system. Furthermore, the present invention can ensure that Designated protected file systems, network related systems, and registration trees, so as not to cause unauthorized changes or destruction due to accidents. Third, it can effectively reduce the user program's security hotspot under the Windows operating system. The amount of the master's record.

第6頁 583585Page 6 583585

【發明詳細說明】 ^ 本發明使用—種安全執行程式模組,該安全執行程 模組在一個執行視窗作業系統的電腦内執行,以便摘^二 隔離及處理一新增執行程式對該視窗作業系統的呼叫、 (ca 11 )’確保該電腦的檔案系統模組,網路系統模組,與 註冊樹模組。不受該新增執行程式的執行結果而遭受破壞 以微軟公司的視窗作業系統作說明,圖一(b )為 Windows 2 0 0 Ο/χρ本身的系統架構圖,服務程序和應用程 式可,過子系統動態連結程式庫(subsystein DLLs)17(^ 系統交換資料。子系統動態連結程式庫(subsystem DUd 1 7 0的作用就是將檔案化函數(公開的使用介面)轉換為適 當的Windows 2 0 0 0 /χρ内部系統使用,這種轉換可能會向 正在為使用者的應用程式1 6 〇提供服務的環境子系統1 8 〇發 出請求,也可能不會。 又 圖一(c ),顯示依據本發明所形成之軟體執行環境 圖’圖 (c )的視窗作業系統1 1 〇不一定可以直接處理由使 用者程式1 2 0傳來的直接呼叫要求進行處理,若在啟動本 發明安全執行程式模組1 3 〇的情形下,事先選取的使用者 糕式’其呼叫要求會被本發明安全執行程式模組攔截,經 碟認無害後才交由視窗作業系統π 〇處理。因此,系統混 亂與失序的機會也大大降低。 - 圖 (d)為以微軟公司的Windows2 0 00/X Ρ於執行本發 明安全執行程式模組的系統架構圖,服務程序,未受監控[Detailed description of the invention] ^ The present invention uses a secure execution module, which is executed in a computer running a Windows operating system, so as to isolate and process a new execution program for this window operation. System call, (ca 11) 'Ensure the computer's file system module, network system module, and registration tree module. Not affected by the results of the execution of the newly added program. The Windows operating system of Microsoft Corporation is used as an illustration. Figure 1 (b) is the system architecture diagram of Windows 2000 / χρ itself. Service procedures and applications are available. Subsystem dynamic link libraries (subsystein DLLs) 17 (^ System exchange data. The role of the subsystem dynamic link libraries (subsystem DUd 1 70) is to convert filed functions (public use interface) into the appropriate Windows 2 0 0 0 / χρ internal system use, this conversion may or may not be requested to the environmental subsystem 1 800, which is providing services to the user's application 160, and Figure 1 (c) shows the basis of this The software operating environment diagram 'c (c)' s window operating system 1 1 0 formed by the invention may not be able to directly process the direct call request from the user program 120. If the safe execution program mode of the present invention is activated, In the case of group 130, the user's call request selected in advance will be intercepted by the security execution program module of the present invention, and will be delivered to the window after it is recognized as harmless. Industry system π 〇. Therefore, the chance of system chaos and disorder is also greatly reduced.-Figure (d) is a system architecture diagram of the Microsoft Windows 2000 / X P to execute the safe execution program module of the present invention, the service program , Not monitored

583585 五、發明說明(5) 應用程式1 8 3,和受監控應用程式1 8 5,都可透過子系統動 悲連結程式庫(subsystem DLLs) 1 70和系統交換資料。該 新增執行程式包含置放於一特殊目錄下之執行檔,在本實 施例該特殊目錄為” C : \Lmz”,因為置於該特殊目錄 C.XLmz’下的應用程式會被自動載入執行,因此又可稱為 叉監控的應用程式,該受監控的應用程式為執行槽,該 執行擋的附檔名格式可為.COM,,或,’ .ΕΧΕΠ。583585 5. Description of the invention (5) The application programs 183 and the monitored applications 185 can exchange data with the system through the subsystem DLLs 1 70. The new execution program includes an execution file placed in a special directory. In this embodiment, the special directory is "C: \ Lmz", because the application program placed in the special directory C.XLmz 'will be automatically loaded. It can also be called a fork monitoring application. The monitored application is an execution slot. The extension file format of the execution file can be .COM, or, '.ΕΧΕΠ.

在圖一(d )中,本發明安全執行程式模組的功能必須 在開啟狀態,則此時受監控應用程式1 8 5所發出的呼叫要 求’會先透過子系統動態連結程式庫(subsystem DLLs) 1 7 0 ’再經由本發明安全執行程式模組1 3 〇先過滤不當的呼 叫要求,防止系統混亂與失序,過濾後無虞的呼叫要求, 可和系統交換資料。In Figure 1 (d), the function of the security execution program module of the present invention must be turned on. At this time, the call request issued by the monitored application program 18.5 will first dynamically link the subsystem DLLs through the subsystems. ) 1 70 ', and then through the security execution program module 130 of the present invention, first filter improper call requests to prevent system confusion and disorder. After filtering, call requests can be exchanged with the system.

若是本發明安全執行程式模組的功能在關閉狀態,則 此時受監控應用程式1 8 5所發出的呼叫要求,所走的路徑 會如同未受監控應用程式1 8 3,可透過子系統動態連結程 式庫(subsystem DLLs) 1 70直接和系統交換資料,不具保 護功能,較易產生系統混亂與失序的機會。上述所稱的子 系統動態連結程式庫(s u b s y s t e m D L L s ),其為應用程式編 程介i (API )的具體例。 圖二’表示一個更詳細的更詳細的本發明安全執行粒 式模組與相關模組的架構圖。在圖二,視窗作業系統11 0 ,本發明安全執行程式主程式1 3 5,與受監控應用程式1 8 5 ,進行交互作用的場所都是在記憶體2 1 0中,其中安裝本If the function of the security execution program module of the present invention is turned off, the call request issued by the monitored application 1 8 5 at this time will follow the path as the unmonitored application 1 8 3, which can be dynamically transmitted through the subsystem. Subsystem DLLs 1 70 exchange data directly with the system. It has no protection function and is more likely to cause system chaos and disorder. The above-mentioned sub-system dynamic link library (s u b s y s t e m D L L s) is a specific example of an application programming interface (API). Figure 2 'shows a more detailed and detailed architecture diagram of the security execution granular module and related modules of the present invention. In FIG. 2, the window operating system 11 0, the present invention safely executes the program main program 1 3 5, and the monitored application program 1 8 5, and the interaction place is all in the memory 2 1 0, in which the installation of this

第8頁 583585 五、發明說明(6) 發明安全執行程式模組1 3 0時,會在视窗作業系統1 1 〇安 裝,額外的檔案系統保護驅動模組2 2 1,網路系統保護驅 動模組2 2 3,與註冊樹(R e g i s t r y )保護驅動模組2 2 5。 檔案系統保護驅動模組2 2 1,主要用以攔截、隔離及 處理該新增執行程式對該視窗作業系統關於執行開檔 (open)的應用程式編程介面(API)、寫檔(write)的應用 程式編程介面(API ),删除(delete)檔案的應用程式編程 介面(A P I )。 網路系統保護驅動模組2 2 3,主要用以攔截、隔離及 處理該新增執行程式對該視窗作業系統關於傳輸控制協定 TCP( Transmission Control Protocol)應用程式編程介 面使用者資料元協疋UDP(User Datagram Protocol)應 用程式編程介面、及網路基本輸入/輸出系統 (NetBIOS)應用程式編程介面。 註冊樹(Registry)保護驅動模組2 2 5,主要用以攔截 、隔離及處理該新增執行程式對該視窗作業系統關於註冊 寫入(Regjnte)應用程式編程介面與註冊刪除 . (Reg一Delete)應用程式編程介面。 一名人使本發明女全執行程式模組1 3 〇發生作用。首先必 須經過安裝的步驟。安裝後,檔案系統保護驅動模組 221,網路系統保護驅動模組2 23,註冊樹(Regi stry)保 護驅動模組2 2 5,與安全執行程式模組i 3 〇主程式會被加在 視窗作業系統1 1 0的檔案總管中。 詳細安裝步驟如本文以下所述:首先取得安全執行程Page 8 5853585 V. Description of the invention (6) When the safe execution program module 130 is invented, it will be installed in the Windows operating system 1 10, and the additional file system protection drive module 2 2 1 and the network system protection drive module Group 2 2 3, and the registration tree (R egistry) protect the driving module 2 2 5. The file system protection driver module 2 2 1 is mainly used to intercept, isolate, and process the newly-added execution program to the Windows operating system's application programming interface (API) and write file (open). Application Programming Interface (API), Application Programming Interface (API) for deleting files. The network system protection driver module 2 2 3 is mainly used to intercept, isolate and process the newly-added program to the Windows operating system regarding the Transmission Control Protocol (TCP) Transmission Control Protocol application programming interface user data element agreement UDP (User Datagram Protocol) application programming interface, and the Net Basic Input / Output System (NetBIOS) application programming interface. Registration tree (Registry) protection driver module 2 2 5, mainly used to intercept, isolate and process the newly-added program to the Windows operating system regarding the Regjnte application programming interface and registration deletion. (Reg-Delete ) Application programming interface. One person made the female full execution program module 130 of the present invention work. You must first go through the installation steps. After installation, the file system protection driver module 221, the network system protection driver module 2 23, the registration tree (Regi stry) protection driver module 2 2 5 and the secure execution program module i 3 〇 The main program will be added in Windows Explorer 1 10 in File Explorer. The detailed installation steps are as follows in this article: first obtain a secure execution process

第9頁 583585 五、發明說明(7) 式模組130的壓縮槽nSafeRun020403 ",如圖三(a)所示。 對壓縮檔’’ S a f e R u η 0 2 0 4 0 3 π進行開啟π,如圖三(b )所示。 由於nSafeRun020403 ”是壓縮樓,因此自然會浮起winzip 解壓縮程式的晝面,如圖三(c )所示。W i nz i p解壓縮程式 會開啟壓縮檔n Saf εΓίιιη0 2 04 0 3’^所有内含檔案,畫面如 圖三(d)所示。此時請選取壓縮檔” Safe Run 0 2 0 4 0 3,,的所有 内含檐案,晝面如圖三(e )所示。W i n z i p解壓縮程式會詢 問你要將這些選取的内含檔案,解壓縮到那個目錄,在本 實施例中選到n sample”的目錄,如圖三(f)所示。 n sample”的目錄底下的子目錄"Disk Γ會產生所有被 解壓縮内含檔案,如圖三(g)所示。在子目錄"Diskr會產 生所有被解壓縮内含檔案中,選擇"set up"檔案,準備進 行安裝如圖三(h )所示。安裝的最初過程如圖三(i )所示。 安裝最初過程中的歡迎晝面,如圖三(]·)所示。安裝時會 詢問欲安裝於那個目的地資料夾底下,如圖三(k )所示。 安裝本發明安全執行程式模組於該目的地資料夾底下,其 比例達5 7 %,如圖三(丨)所示。安裝本發明安全執行程式模 組於該目的地資料夾底下,其比例達9 8 %,如圖三(m )所 示 〇 安裝完畢後,桌面上自動出現本發明安全執行程式模 組的捷控小圖像π捷徑:S a f e R u ηπ ,如圖四(a )所示。檢查 子目錄nC:/Lmz”底下是否放置好要監控的應用程式,如圖 四(b)所示」本實施例放入打磚塊程式” FlashNG,,。完成後 執行本發明安全執行程式模組,出現浮出的可移動圖像Page 9 583585 V. Description of the invention (7) The compression tank nSafeRun020403 " of the type module 130 is shown in Figure 3 (a). The compressed file ′ ′ S a f e R u η 0 2 0 4 0 3 π is opened π, as shown in FIG. 3 (b). Since “nSafeRun020403” is a compression building, the daytime surface of the winzip decompression program will naturally float, as shown in Figure 3 (c). The Wiz nz decompression program will open the compressed file n Saf εΓίιη0 2 04 0 3 '^ All The file is included, and the screen is shown in Fig. 3 (d). At this time, please select the compressed file "Safe Run 0 2 0 4 0 3", all the eaves cases are included, and the daytime surface is shown in Fig. 3 (e). The W inzip decompression program will ask you to extract the selected contained files to that directory. In this embodiment, select the “n sample” directory, as shown in Figure 3 (f). The “n sample” directory The subdirectory "Disk Γ" will generate all the decompressed files, as shown in Figure 3 (g). In the subdirectory " Diskr will generate all the decompressed contained files, select the " set up " file and prepare for installation as shown in Figure 3 (h). The initial process of installation is shown in Figure 3 (i). The welcome surface during the initial installation is shown in Figure 3 () ·). During installation, you will be asked to install under the destination folder, as shown in Figure 3 (k). The security execution program module of the present invention is installed under the destination folder, and its proportion reaches 57%, as shown in FIG. 3 (丨). The safe execution program module of the present invention is installed under the destination folder, and its proportion reaches 98%, as shown in FIG. 3 (m). After installation, the shortcut of the safe execution program module of the present invention automatically appears on the desktop. Small image π shortcut: Safe R u ηπ, as shown in Figure 4 (a). Check whether the application to be monitored is placed under the sub-directory nC: / Lmz, as shown in Figure 4 (b). Group, floating image appears

第10頁 583585 五、發明說明(8) n S a f e T u ηπ,如圖四(c )所示,表示,本發明安全執行程式 模組功能開啟。可檢查所有受監控的應用程式1 8 5,如圖 四(d )所示。此時自動載入執行打磚塊程式n F 1 a s h N Gπ,如 圖四(e )所示,視窗作業系統1 1 0.的檔案系統,網路系統, 與註冊樹(Reg is try)都受到本發明安全執行程式模組的保 護。 當受監控應用程式1 8 5結束時,受監控應用程式1 8 5會 自動移出記憶體2 1 0。 欲結束(禁能)本安全執行程式模組1 3 0,只要選擇π結束π 本安全執行程式模組1 3 0的執行即可。 圖五為本發明方法的流程圖,說明本發明安全執行程 式模組1 3 0的執行流程。首先要判斷是否已安裝本發明安 全執行程式模組5 1 0,若未安裝,則必須安裝5 2 0,詳細步 驟如圖三(a), (b), (c), (d), (e), (f), (g), (h), (i),(j),(k),(1),與(m)所示。若已安裝,接著檢查 子目錄n C: / Lmzn是否放置好檔案5 3 0,這些檔案是要將受 監控的應用程式。若是,執行本發明5 4 0安全執行程式模 組,接著會自動執行受監控的應用程式550,當受監控的 應用程式結束5 6 0執行後,可選擇結束本發明5 7 0安全執行 程式模組。 雖然文中已應用較佳實施例說明本發明,但嫺熟本技 術者需了解可對上述實施例加以更改及變更,而不偏離本 發明的精神及觀點,以上所述僅為本發明之較佳具體實施 例,凡依本發明申請專利範圍所做之均等變化及修飾,皆Page 10 583585 V. Description of the invention (8) n Saf e T u ηπ, as shown in Fig. 4 (c), shows that the safe execution program module function of the present invention is turned on. You can check all the monitored applications 1 8 5 as shown in Figure 4 (d). At this time, the brick-breaking program n F 1 ash N Gπ is automatically loaded and executed, as shown in Figure 4 (e). The file system, network system, and registration tree (Reg is try) of the window operating system 1 1 0. It is protected by the safe execution program module of the present invention. When the monitored application 1 8 5 ends, the monitored application 1 8 5 will be automatically removed from the memory 2 1 0. To end (disable) the safe execution program module 1 3 0, simply select π to end the execution of the safe execution program module 1 3 0. FIG. 5 is a flowchart of the method of the present invention, illustrating the execution flow of the secure execution module 130 of the present invention. First of all, it is necessary to determine whether the safe execution program module 5 1 0 of the present invention is installed. If it is not installed, 5 2 0 must be installed. The detailed steps are shown in Figure 3 (a), (b), (c), (d), ( e), (f), (g), (h), (i), (j), (k), (1), and (m). If it is installed, then check whether the sub-directory n C: / Lmzn has placed files 5 3 0, which are the applications to be monitored. If it is, execute the safe execution program module of the present invention 540, and then automatically execute the monitored application program 550. After the execution of the monitored application program is finished, the safe execution program module of the present invention may be terminated. group. Although the preferred embodiments have been used to describe the present invention, those skilled in the art need to understand that the above embodiments can be modified and changed without departing from the spirit and viewpoints of the present invention. The above description is only the preferred specifics of the present invention. In the examples, all equivalent changes and modifications made in accordance with the scope of patent application of the present invention are

583585 五、發明說明(9) 應屬本發明申請專利之涵蓋範圍。 第12頁 583585 圖式簡單說明 【圖式簡單說明】 圖一(a)為習知系統架構圖。 圖一(b)為習知windows 2 0 0 0/XP的系統架構圖。 圖一(c )為與本發明的相關系統架構圖。 圖一(d)為find〇ws 2000/XP於執行本發明安全執行程式模 組的系統架構圖。 圖二為更詳細的本發明安全執行程式模組與相關模組的架 構圖。 圖三(a)顯示取得壓縮檔"SafeRιln020403,,。 圖三(b)顯示開啟壓縮檔” Saf eRun0 2040 3,,。 圖三(c)顯示winzi p解壓縮程式的畫面。 圖三(d )顯示W i n z i p解壓縮程式會開啟壓縮檔 "SafeRun0 2 040 3 ”的所有内含檔案。 圖三(e)顯示選取壓縮檔” Saf eRun0 2 040 3,,的所有内含檔 案。 * 圖三(f)顯示將選取的内含檔案,解壓縮到,,sample"的目 錄。 圖三(g)顯示子目錄nDi ski”產生所有被解壓縮内含檔案。 圖三(h)顯示選擇"setup”檔案,準備進行安裝。 圖三(i)顯示安裝的最初過程。 圖三(j )顯示安裝最初過程中的歡迎畫面。 圖三(k)顯示詢問欲安裝於那個目的地資料夾。583585 V. Description of invention (9) It should be covered by the patent application for this invention. Page 12 583585 Schematic description [Schematic description] Figure 1 (a) is a diagram of a conventional system architecture. Figure 1 (b) is a system architecture diagram of the conventional Windows 2000 / XP. FIG. 1 (c) is a system architecture diagram related to the present invention. Figure 1 (d) is a system architecture diagram of findOWS 2000 / XP for executing the safe execution program module of the present invention. Figure 2 is a more detailed architecture diagram of the security execution program module and related modules of the present invention. Figure 3 (a) shows the obtained compressed file "SafeRιln020403". Figure 3 (b) shows the open compressed file Saf eRun0 2040 3 ,. Figure 3 (c) shows the screen of winzi p decompression program. Figure 3 (d) shows the W inzip decompression program will open the compressed file " SafeRun0 2 040 3 ”all contained files. Figure 3 (e) shows all the files contained in the selected compressed file "Saf eRun0 2 040 3,". * Figure 3 (f) shows the directory containing the extracted files, extracted to the sample " directory. Figure 3 ( g) Display the subdirectory "nDi ski" to generate all decompressed files. Figure 3 (h) shows the "setup" file selected and ready for installation. Figure 3 (i) shows the initial installation process. Figure 3 (j) shows the welcome screen during the initial installation process. Figure 3 (k) shows the query Installed in that destination folder.

第13頁 583585 圖式簡單說明 圖三(1)顯示安裝本發明安全執行程式模組比例達5 7%。 圖三(m )顯示安裝本發明安全執行程式模組比例達比例達 9 8%° 圖四(a)顯示本發明的捷徑小圖像n捷徑:S a i e R u η ’’。 圖四(b)顯示檢查子目錄π C: /1^2”是否放置要監控的應用 程式。 圖四(c)顯示出現浮出的可移動圖像” Safe Tunπ。 圖四(d )顯示可檢查所有受監控的應用程式。 圖四(e )顯示自動載入執行打磚塊程式” F 1 a s h N G"。 圖五為本發明安全執行程式模組的流程圖。 【圖式編號說明】 11 0 視窗作業系統 12 0 使用者程式 · 130 安全執行程式模組 135 本發明安全執行程式主程式 160 應用程式 170 子泰統動態連結程式庫 180 環境子系統 183 未受監控應用程式Page 13 583585 Brief description of the drawings Figure 3 (1) shows that the proportion of installing the safe execution program module of the present invention reaches 5 7%. Figure 3 (m) shows that the proportion of installing the safe execution program module of the present invention reaches 98%. Figure 4 (a) shows the shortcut small image n shortcut of the present invention: S a i e R u η ′ ′. Figure 4 (b) shows checking whether the sub-directory π C: / 1 ^ 2 "has placed the application to be monitored. Figure 4 (c) shows floating movable images" Safe Tunπ. Figure 4 (d) shows that all monitored applications can be checked. Figure 4 (e) shows the automatic loading and execution of the brick-breaking program "F 1 ash N G ". Figure 5 is a flowchart of the safe execution program module of the present invention. [Illustration of drawing number] 11 0 Windows operating system 12 0 use User program 130 Safe execution program module 135 Safe execution program main program of the present invention 160 Application program 170 Subsystem dynamic link library 180 Environment subsystem 183 Unmonitored application program

第14頁 583585 圖式簡單說明 185 受 監 控 應 用程 式 210 記 憶 體 221 檔 案 系 統 保護 驅動模 組 223 網 路 系 統 保護 驅動模 組 225 註 冊 樹 (Regi s 丨t r y )保 護驅動模組Page 14 583585 Schematic description of 185 application program under monitoring 210 memory 221 file system protection drive module group 223 network system protection drive module group 225 registration tree (Regis s 丨 t r y) protection drive module

第15頁Page 15

Claims (1)

583585583585 ^IrTTu 六、申請專利範圍 1 . 一種安全執 4 係在一個執杆雜^式核/且,包括一安全執行保護模組, _ . 心 111作業系統的電腦内執行,用以攔截、隔 ^ 又a控應用程式對該視窗作業系統的呼叫 (call),確保該雷聰τa .^ ^ ^ 电細不文該新增執行程式的執行結果而遭 受破壞,其中該安令勃4 一 / 文王執订保濩模組包含: & 案系統保護驅動模組,係用以攔截、隔離及處理 該又'^控應用私式對該視窗作業系統關於執行開檔(open) 呼叫i f檔/(Write)呼叫,刪除(delete)檔案呼叫; ◊ >網路系統保護驅動模組,係用以攔截、隔離及處理 該文監控應用程式對該視窗作業系統關於傳輸控制協定 TCP ( Transmission Control Protocol)呼叫、使用者資 料元協疋UDP( User Datagram Protocol)呼叫、及網路基 本輸入 /輸出系統(NetBIOS)呼叫; 一註冊樹(Reg is try)保護驅動模組,係用以攔截、隔 離及處理該受監控應用程式對該視窗作業系統關於註冊寫 入(Reg — Write)呼叫與註冊刪除(Reg —Delete)呼叫。 2 ·如申請專利範圍第1項所述之安全執行程式模組,其中 該呼叫係為一應用程式編程介面API(Application Program Interface)〇 3 ·如申請專利範圍第1項所述之安全執行程式模組,進一 步包含一致能/禁能開關模組,其係在該電腦内執行,用 以開啟該安全執行保護模組的功能,或是關閉該安全執行^ IrTTu 6. Scope of patent application 1. A security enforcement 4 is implemented in a lever hybrid core / and includes a security execution protection module, _. Executed in the computer of the core 111 operating system, used to intercept and block ^ A control application calls to the Windows operating system to ensure that Lei Cong τa. ^ ^ ^ The details of the execution of the new execution program should be damaged, and the An Lingbo 4 I / Wen Wang The subscription security module includes: & Case system protection driver module, which is used to intercept, isolate, and process the application of the control system privately to the Windows operating system about performing an open file (if file) / ( Write) call, delete (delete) file call; ◊ > Network system protection driver module, which is used to intercept, isolate and process the article monitoring application to the Windows operating system regarding the Transmission Control Protocol TCP (Transmission Control Protocol) Call, User Datagram Protocol (UDP) call, and NetBIOS input / output system (NetBIOS) call; a registration tree (Reg is try) protects the driver module, which is used to intercept , Isolate and process the monitored application's Reg-Write call and Reg-Delete call to the Windows operating system. 2 · The secure execution program module described in item 1 of the scope of patent application, wherein the call is an application program interface API (Application Program Interface) 0 3 · The secure execution program described in item 1 of the scope of patent application The module further includes a uniform enable / disable switch module, which is executed in the computer to enable the function of the secure execution protection module or to close the secure execution 583585 ,今评 六、申請專利範圍 保護模組的功能。 4.如申請專利範圍第1項所述之安全執行程式模組,其中 該視窗作業系統係為微軟公司的視窗作業系統。 5 .如申請專利範圍第1項所述之安全執行程式模組,其中 該受監控應用程式係包含置放於一特殊目錄下之執行檔。 6 .如申請專利範圍第5項所述之安全執行程式模組,其中 該執行檔的附檔名格式可為' COMπ。 7 .如申請專利範圍第5項所述之安全執行程式模組,其中 該執行檔的附檔名格式可為' EXE”。 8.—種安全執行程式的方法,其適用於一個執行視窗作業 系統的電腦,使得確保該電腦不受一受監控應用程式的執 行結果而遭受破壞,該方法包括: 編寫(coding)—個安全執行保護模組,其中該安全執行保 護模組包含: 一檔案系統保護驅動模組,係用以攔截、隔離及處理 該受監控應用程式對該視窗作業系統關於執行開檔(open) 呼叫、寫槽(write)呼叫,刪除(delete)槽案呼叫; 一網路系統保護驅動模組,係用以用以攔截、隔離及 處理該受監控應用程式對該視窗作業系統關於傳輸控制協583585, this review VI. Patent application scope Protection module function. 4. The secure execution program module according to item 1 of the scope of patent application, wherein the Windows operating system is a Microsoft Windows operating system. 5. The secure execution program module as described in item 1 of the scope of patent application, wherein the monitored application program includes an execution file placed in a special directory. 6. The secure execution program module as described in item 5 of the scope of patent application, wherein the format of the extension name of the execution file may be 'COMπ. 7. The safe execution program module as described in item 5 of the scope of the patent application, wherein the format of the extension name of the execution file may be 'EXE'. 8. A method for safely executing the program, which is applicable to an execution window operation The computer of the system ensures that the computer is not damaged by the execution result of a monitored application. The method includes: coding (coding) a security execution protection module, wherein the security execution protection module includes: a file system The protection driving module is used for intercepting, isolating and processing the monitored application to execute an open call, a write call, and a delete slot call to the window operating system; a network The system protection driver module is used to intercept, isolate and process the monitored application program. 第17頁 583585Page 17 583585 六、申請專利範圍 定 TCP( Transmission Control Protocol)呼叫、使用者 資料元協定UDP(User Datagram Protocol)呼叫、及網路 基本輸入 /輸出系統 (N e t B I 0 S )哞叫; 一註冊樹(Reg i s try )保護驅動模組,係用以攔截、隔 離及處理該受監控應用程式對該視窗作業系統關於註冊寫 入(Reg— Wri te)呼叫與註冊刪除(Reg_Delete)呼叫; 執行該安全執行保護模組於該電腦。 9 ·如申請專利範圍第8項所述之安全執行程式的方法,其 中該呼叫係為一應用程式編程介面API(Application Program Interface)。 10·如申請專利範圍第8項所述之安全執行程式的方法’進 一步包含: ^編寫一致能/禁能開關模組,其用以開啟該安全執行 保護模組的功能,或是關閉該安全執行保護模組的功能; 執行該致能/禁能開關模組於該電腦。 11 ·如申請專利範圍第8項所述之安全執行程式的方法,其 中該視窗作業系統係為微.軟公司的視窗作業系統。 1 2 ·如申睛專利範圍第8項所述之安全執行程式的方法, 其中該受監控應用程式係包含置放於一特殊目錄下之執行6. The scope of patent application is determined by TCP (Transmission Control Protocol) call, User Datagram Protocol (UDP) call, and network basic input / output system (Net BI 0 S) call; a registration tree (Reg is try) protection driver module, which is used to intercept, isolate and process the monitored application program's Reg-Write call and Reg_Delete call to the Windows operating system; execute the security execution protection Module on the computer. 9. The method for safely executing a program as described in item 8 of the scope of patent application, wherein the call is an Application Program Interface (API). 10 · The method for safely executing a program as described in item 8 of the scope of the patent application 'further includes: ^ Writing a consistent / disabled switch module to enable the function of the secure execution protection module or to disable the security Execute the function of the protection module; execute the enable / disable switch module on the computer. 11 · The method for safely executing a program as described in item 8 of the scope of patent application, wherein the window operating system is a window operating system of a micro-soft company. 1 2 · The method for safely executing a program as described in item 8 of Shenyan's patent scope, wherein the monitored application program includes an execution program placed in a special directory 583585 rj^r /,^ ;r\Ψ!>η ^ ^;::Ί 六、申請專利範圍 1 3.如申請專利範圍第1 2項所述之安全執行程式的方法, 其中該執行檔的附檔名格式可為".COM"。 1 4.如申請專利範圍第1 2項所述之安全執行程式的方法, 其中該執行檔的附檔名格式可為π . ΕΧΕ"。 I 赞 1 Q 百583585 rj ^ r /, ^; r \ Ψ! ≫ η ^ ^; :: Ί 6. Application for Patent Scope 1 3. The method for safely executing a program as described in Item 12 of the Patent Scope, where the execution file The extension file format can be " .COM ". 1 4. The method for safely executing a program as described in Item 12 of the scope of patent application, wherein the file name format of the executable file can be π. ΕΕΕ ". I like 1 Q hundred
TW91111262A 2002-05-28 2002-05-28 A module of safe execution program under Windows operating system and method thereof TW583585B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW91111262A TW583585B (en) 2002-05-28 2002-05-28 A module of safe execution program under Windows operating system and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW91111262A TW583585B (en) 2002-05-28 2002-05-28 A module of safe execution program under Windows operating system and method thereof

Publications (1)

Publication Number Publication Date
TW583585B true TW583585B (en) 2004-04-11

Family

ID=34057727

Family Applications (1)

Application Number Title Priority Date Filing Date
TW91111262A TW583585B (en) 2002-05-28 2002-05-28 A module of safe execution program under Windows operating system and method thereof

Country Status (1)

Country Link
TW (1) TW583585B (en)

Similar Documents

Publication Publication Date Title
US8473941B2 (en) Dynamic file system restriction for portable storage devices
US8732220B2 (en) Virtualized file system
US8843451B2 (en) Block level backup and restore
US20180129666A1 (en) Multi-layer merge in a storage virtualization system
CN111782416B (en) Data reporting method, device, system, terminal and computer readable storage medium
US5832513A (en) Detecting significant file system alterations during execution of a storage media software utility
US7631357B1 (en) Detecting and removing rootkits from within an infected computing system
US8407700B2 (en) Methods and systems for merging virtualization sublayers
WO2015062389A1 (en) Method and apparatus for uninstalling system application on terminal device
US10228993B2 (en) Data dump for a memory in a data processing system
US10783041B2 (en) Backup and recovery of data files using hard links
EP2274674A1 (en) Linking virtualized application namespaces at runtime
US20070005659A1 (en) Data deletion method, storage device, and computer system
US10157120B2 (en) Role-oriented testbed environments for use in test automation
CN107463369A (en) The access device control method and device of a kind of virtual desktop
US20140046902A1 (en) Method for a cloning process to enable cloning a larger System drive to a smaller system
CN103617039B (en) Method and device for accessing user space file system
US8612994B1 (en) Methods and systems for activating and deactivating virtualization layers
TW583585B (en) A module of safe execution program under Windows operating system and method thereof
US8892952B2 (en) Preserve status parameter for testing in computing system
US20210216659A1 (en) Protecting device and protecting method
US20160266800A1 (en) Collaborative release of a virtual disk
CN112597492A (en) Binary executable file change monitoring method based on Windows kernel
US6950916B2 (en) Dynamically setting the optimal base addresses of process components
CN108509252A (en) Virtual machine starter, method and host

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees