WO2013034006A1 - 文件打开方法、装置及终端 - Google Patents
文件打开方法、装置及终端 Download PDFInfo
- Publication number
- WO2013034006A1 WO2013034006A1 PCT/CN2012/076874 CN2012076874W WO2013034006A1 WO 2013034006 A1 WO2013034006 A1 WO 2013034006A1 CN 2012076874 W CN2012076874 W CN 2012076874W WO 2013034006 A1 WO2013034006 A1 WO 2013034006A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- file system
- file
- original file
- distribution function
- original
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 60
- 238000005315 distribution function Methods 0.000 claims abstract description 86
- 230000009471 action Effects 0.000 claims abstract description 35
- 230000008676 import Effects 0.000 claims description 27
- 238000001914 filtration Methods 0.000 abstract description 19
- 230000002155 anti-virotic effect Effects 0.000 abstract description 16
- 241000700605 Viruses Species 0.000 abstract description 11
- 230000035515 penetration Effects 0.000 abstract description 5
- 238000005516 engineering process Methods 0.000 abstract description 2
- 230000003252 repetitive effect Effects 0.000 abstract 1
- 230000006870 function Effects 0.000 description 67
- 230000008569 process Effects 0.000 description 13
- 238000010586 diagram Methods 0.000 description 3
- 230000000149 penetrating effect Effects 0.000 description 3
- 238000005192 partition Methods 0.000 description 2
- 230000003213 activating effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/11—File system administration, e.g. details of archiving or snapshots
Definitions
- the present invention relates to the field of data processing technologies, and in particular, to a file opening method, apparatus, and terminal. Background technique
- file opening methods are implemented through the conventional Windows API (Appliable Programming Interface) mechanism, and file opening operations are captured and controlled by the file filtering driver.
- the file filter driver is a Windows driver attached to the file system, which can intercept the system access to files and provide filtering control.
- a virus scan is activated after the file open action is captured by the file filter driver.
- the virus scan activated when the file is opened is unnecessary in most cases, and the system burden is increased; in addition, in the case where multiple antivirus software coexist, one of the antivirus software files is opened.
- the operation will cause another anti-virus software to scan the virus, the scan will open the file, another anti-virus will be activated, and then scan, which causes the file to open repeatedly, resulting in compatibility problems.
- the embodiment of the present invention provides a file opening method, device and terminal.
- the technical solution is as follows:
- a file opening method comprising:
- the original file system distribution function performs a file open operation.
- the method further includes:
- the method when the file opening operation is performed by the original file system distribution function, the method specifically includes:
- the file open function is performed by the original file system distribution function in accordance with the replaced preset function address.
- the method further includes:
- the method when the file opening operation is performed by the original file system distribution function, the method specifically includes:
- the file open function is performed by the original file system distribution function in accordance with the recorded parameters.
- the obtaining the corresponding original file system device object includes:
- the corresponding original file system device object is searched for in the VPB structure in which the file system device object is recorded by a pre-written driver.
- the obtaining the corresponding original file system distribution function address includes:
- the pre-written driver is started in a boot BOOT mode, and the corresponding original file system distribution function address is obtained by the pre-written driver.
- the method specifically includes: using the IoCreateFi leSpecifyDeviceObjectHint function, and sending the file open request directly to the device by using the original file system device object as a parameter The file system where the original file system device object is located.
- a document opening device comprising:
- a capture module configured to capture a file open action
- a first acquiring module configured to acquire a corresponding original file system device object after the capturing module captures a file opening action
- a second obtaining module configured to obtain a corresponding original file system distribution function address after the capturing module captures the file opening action
- a sending module configured to send a file open request to the file system where the original file system device object acquired by the first acquiring module is located, and the file system sends the file open request to the second acquiring module by the file system Obtaining the original file system distribution function corresponding to the original file system distribution function address; Opening a module for performing a file open operation by the original file system distribution function.
- the device further includes:
- a replacement module configured to search an import table of a 32-bit dynamic link library file, and replace a function address saved in the import table with a preset function address;
- the opening module is specifically configured to perform a file opening operation by the original file system distribution function according to a preset function address replaced by the replacement module.
- the device further includes:
- a recording module configured to record a parameter corresponding to a file opening action captured by the capturing module
- the opening module is specifically configured to perform a file opening operation by the original file system distribution function according to parameters recorded by the recording module.
- the first obtaining module is specifically configured to search for a corresponding original file system device object in a VPB structure in which a file system device object is recorded by using a pre-written driver.
- the second obtaining module is specifically configured to start a pre-written driver in a BOOT manner, and obtain a corresponding original file system distribution function address by using the pre-written driver.
- the sending module is specifically configured to use the IoCreateFi leSpecifyDeviceObjectHint function to send the file open request directly to the file system where the original file system device object is located, with the original file system device object as a parameter.
- a terminal comprising: any one of the file opening devices described above.
- a file open request is directly sent to the file system where the corresponding original file system device object is located, and the file opening operation is performed by the corresponding original file system distribution function, thereby achieving penetration of the file filtering driver, thereby reducing the Unnecessary operation of virus scanning every time you open a file, and when installing multiple anti-virus software, the system burden caused by scanning repeatedly for opening files can be reduced, thereby improving system compatibility.
- FIG. 1 is a flowchart of a file opening method according to Embodiment 1 of the present invention.
- FIG. 2 is a flowchart of a file opening method according to Embodiment 2 of the present invention
- 3 is a flow chart of a process of opening a file according to Embodiment 2 of the present invention
- FIG. 4 is a schematic structural diagram of a file opening apparatus according to Embodiment 3 of the present invention.
- FIG. 5 is a schematic structural diagram of another file opening apparatus according to Embodiment 3 of the present invention.
- FIG. 6 is a schematic structural diagram of still another file opening device according to Embodiment 3 of the present invention. detailed description
- the embodiment provides a file opening method, which directly transmits a file opening request to a file system to perform an opening operation by penetrating a file filtering driving operation in an original file opening mode, thereby reducing the cause
- the system load caused by the control of the file filter driver improves the compatibility of the system.
- the file open operation is performed by the original file system distribution function.
- the method further includes:
- the file open function is performed by the original file system distribution function in accordance with the replaced default function address.
- the import table of the 32-bit dynamic link library file records the address of the system API function that the executable file needs to use.
- the address of the API function is the function address saved in the import table, for example, functions such as NtCreateFile and NtOpenFile. address.
- the function address saved in the import table is replaced by the preset function address in order to pass through the intermediate filter driver before the file filter driver captures and controls the file open operation, thereby directly transferring the file open request to the original file system device object.
- the file system, and the original file system distribution function performs file opening operations, thereby avoiding unnecessary operations for virus scanning every time the file is opened, and avoiding duplicates when installing multiple anti-virus software.
- the system burden is increased and compatibility issues caused by opening files for scanning.
- the address of the function saved in the import table may be replaced by the address of the preset function MyNtCreateFi le.
- preset functions may also be used. This embodiment does not limit the specific preset function address, and can implement Penetrate the file filter driver.
- the method further includes:
- the specific includes:
- the file open function is performed by the original file system distribution function in accordance with the recorded parameters.
- the obtaining the corresponding original file system device object includes:
- VPB Volume Parameter Block
- the pre-written driver is started in BOOT mode, and the corresponding original file system distribution function address is obtained through a pre-written driver.
- Sending a file open request directly to the file system where the original file system device object is located including: using the IoCreateFi leSpecifyDeviceObjectHint function, and sending the file open request directly to the file system where the original file system device object is located, using the original file system device object as a parameter. .
- the method provided in this embodiment sends a file open request to the file system where the corresponding original file system device object is located by capturing a file opening action, and the file opening operation is performed by the corresponding original file system distribution function, thereby implementing file filtering driving.
- Penetration which reduces the unnecessary operation of virus scanning every time you open a file, and when installing multiple anti-virus software, can reduce the system burden caused by repeated open file scanning, thereby improving system compatibility. .
- the embodiment provides a file opening method, which provides a file opening operation by directly transmitting a file opening request to a file system by penetrating the file filtering driver in the original file opening mode, thereby providing the file opening operation.
- the method is explained in further detail, which reduces the system burden caused by the control of the file filtering driver, thereby improving the compatibility of the system. Referring to FIG. 2, the process of the method provided in this embodiment is specifically as follows:
- the import table of the 32-bit dynamic link library file is the import table of the kernel32. dl l necessary for the executable file, which records the address of the system API function that the file needs to use.
- Searching the import table of the 32-bit dynamic link library file the process of replacing the function address saved in the import table with the preset function address is a process of implementing a hook.
- the file can be opened first, etc. The operation is controlled so that after the address is replaced, when the original function is called, the flow enters the replaced default function.
- the original function address and the replaced address saved in the import table are not limited.
- the function of the hook may be a function such as NtCreateFi le and NtOpenFi le, and the preset function address after the replacement may be set as needed.
- the address of the function saved in the import table may be replaced by the address of the preset function MyNtCreateFi le.
- the specific preset function address is not limited, and the implementation can be implemented. Penetrate the file filter driver.
- the file opening process is modified from the flow indicated by the original dashed arrow to the flow indicated by the solid arrow, thereby penetrating the file filtering driver that may exist in the original process. .
- the specific manner of capturing the file opening action is not limited in this embodiment. Since the existing file opening mode also has the operation of capturing the file opening action, it can be implemented by the existing implementation.
- the embodiment does not specifically limit this, including but not limited to the file name, the permission of the application, and the like. Record the parameters corresponding to the opening action, and save the parameters corresponding to the opening action to the memory, in order to perform the opening operation according to the recorded parameters.
- the file system refers to a disk or partition for storing files
- the file system device object may be a certain disk, or a partition
- different files correspond to different file system device objects, for example, if the file to be opened is located C disk, you can use the C disk as the file system device object corresponding to the file.
- the file system distribution function is used to perform file open operations, and for different file system device objects, it can call multiple file system distribution functions. When the file system device object receives a file open request, the corresponding file system distribution function can be called.
- the file system device object corresponding to the file that is not modified by the file filtering driver is referred to as an original file system device object, and the original file is
- the file system distribution function called by the system device object is called the original file system distribution function.
- This embodiment does not limit the manner in which the original file system device object and the original file system distribution function address are obtained.
- a driver for obtaining the original file system device object and the original file system distribution function address may be pre-written, and the pre-written driver is used to obtain the original file system device object and the original file system distribution function address.
- the corresponding original file system device object can be found in the VPB structure in which the file system device object is recorded by a pre-written driver.
- the pre-written driver since the pre-written driver is started in BOOT mode, the information recorded by the system is unmodified and trusted, and the file system distribution function address obtained when the driver starts in BOOT mode is Distribute function addresses for the original file system. Therefore, the pre-written driver can be started in BOOT mode, and the corresponding original file system distribution function address is obtained by the pre-written driver.
- this embodiment does not limit the specific sending mode.
- the IoCreateFi leSpecifyDeviceObjectHint function may be used, and the original file system device object is used as a parameter. , Send the file open request directly to the file system where the original file system device object is located.
- the IoCreateFi leSpecifyDeviceObjectHint function is an existing API function used by the Windows system. By using this function, the file open request can be directly sent to the file system where the original file system device object is located; when the file open request is sent to the original file system device After the file system where the object is located, the original file system distribution function corresponding to the original file system device object call is triggered, so that the file system sends the file open request to the original file system distribution function corresponding to the address of the original file system distribution function.
- the file opening operation is performed by the original file system distribution function, thereby bypassing the intermediate file filtering driver.
- the file opening function is performed by the original file system distribution function according to the replaced preset function address and the recorded parameter.
- the original file opening process has been modified.
- the flow indicated by the virtual arrow is the original file. Open the process, its existing NtCreateFi le function is replaced by the MyNtCreateFi le function, the file opening process is also the original.
- the process indicated by the virtual arrow becomes the process indicated by the real arrow, thereby bypassing the file filtering driver that may exist in the middle, and avoiding unnecessary operations such as scanning the file caused by the filtering driver intercepting the access to the file.
- the purpose of the file open function by the original file system distribution function in accordance with the recorded parameters is to conform to the original file open mode. For example, if the parameter corresponding to the original file opening action indicates that it only has read permission, when the parameter is recorded and the file is opened according to the parameter, it still has only the read permission, so that the permission requirement of the original open file is consistent. Meet the original user's original need to open the file.
- the method provided in this embodiment sends a file open request to the file system where the corresponding original file system device object is located by capturing a file opening action, and the file opening operation is performed by the corresponding original file system distribution function, thereby implementing file filtering driving.
- Penetration which reduces the unnecessary operation of virus scanning every time you open a file, and when installing multiple anti-virus software, can reduce the system burden caused by repeated open file scanning, thereby improving system compatibility.
- the embodiment provides a file opening device, which is used to execute the file opening method provided in the first embodiment and the second embodiment.
- the device includes:
- a capture module 401 configured to capture a file open action
- the first obtaining module 402 is configured to acquire a corresponding original file system device object after the capturing module 401 captures the file opening action;
- the second obtaining module 403 is configured to obtain a corresponding original file system distribution function address after the capturing module 401 captures the file opening action;
- the sending module 404 is configured to send a file open request to the file system where the original file system device object acquired by the first acquiring module 402 is located, and transmit the file open request to the original file system distribution function acquired by the second obtaining module 403.
- the original file system distribution function corresponding to the address;
- the module 405 is opened for performing a file open operation by the original file system distribution function.
- the first acquisition module 402 acquires the corresponding original file system device object
- the second acquisition module 403 obtains the corresponding original.
- the sending module 404 directly sends the file to the file system where the original file system device object is obtained by the first obtaining module 402.
- the related description of step 204 in the second embodiment refers to the related description of step 204 in the second embodiment, and open the module 405.
- the manner of performing the file opening operation by the original file system distribution function is described in detail in the description of step 205 in the second embodiment, and details are not described herein again.
- the apparatus further includes: a replacement module 406, configured to search an import table of a 32-bit dynamic link library file, and replace the import with a preset function address. The address of the function saved in the table;
- the module 405 is opened, specifically for performing a file opening operation by the original file system distribution function according to the preset function address replaced by the replacement module 406.
- the device further includes: a recording module 407, configured to record a parameter corresponding to the file opening action captured by the capturing module 401;
- the module 405 is opened, specifically for performing a file opening operation by the original file system distribution function according to the parameters recorded by the recording module 407.
- the first obtaining module 402 is specifically configured to search for a corresponding original file system device object in a VPB structure in which a file system device object is recorded by using a pre-written driver.
- the second obtaining module 403 is specifically configured to start a pre-written driver in a BOOT manner, and obtain a corresponding original file system distribution function address by using a pre-written driver.
- the sending module 404 is specifically configured to use the IoCreateFi leSpecifyDeviceObjectHint function, and send the file open request directly to the file system where the original file system device object is located, with the original file system device object as a parameter.
- the device provided in this embodiment sends a file open request directly to the file system where the corresponding original file system device object is located by capturing a file opening action, and the file opening operation is performed by the corresponding original file system distribution function, thereby implementing file filtering driving.
- Penetration which reduces the unnecessary operation of virus scanning every time you open a file, and when installing multiple anti-virus software, can reduce the system burden caused by repeated open file scanning, thereby improving system compatibility.
- the embodiment provides a terminal, and the terminal includes the file opening device provided in the third embodiment.
- the terminal may specifically be a mobile phone terminal, or may be a computer terminal or other terminal.
- This embodiment does not limit the specific product form of the terminal.
- the terminal provided by the embodiment sends a file open request to the file system where the corresponding original file system device object is located, and the file open operation is performed by the corresponding original file system distribution function, and the terminal is implemented.
- the file filtering driver penetrates, which reduces the unnecessary operation of virus scanning every time you open a file, and when installing multiple anti-virus software, it can reduce the system burden caused by repeatedly opening files for scanning, thereby improving the system. Compatibility.
- the file opening device when the file opening device is provided in the above embodiment, only the division of each functional module is described as an example. In actual applications, the function distribution may be completed by different functional modules as needed. The internal structure of the device is divided into different functional modules to perform all or part of the functions described above.
- the file opening device, the terminal, and the file opening method are provided in the same embodiment. For details, refer to the method embodiment, and details are not described herein.
- each functional unit/module can be integrated into one processing unit/module, or each unit/module can exist physically separately, or two or more units/modules can be integrated into one unit/module.
- the above integrated unit/module can be implemented in the form of hardware or in the form of a software functional unit/module.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Stored Programmes (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/342,482 US20140207833A1 (en) | 2011-09-05 | 2012-06-14 | File opening method, apparatus, and terminal |
AU2012306979A AU2012306979C1 (en) | 2011-09-05 | 2012-06-14 | File opening method, apparatus and terminal |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201110260036.X | 2011-09-05 | ||
CN201110260036.XA CN102982031B (zh) | 2011-09-05 | 2011-09-05 | 文件打开方法及装置 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2013034006A1 true WO2013034006A1 (zh) | 2013-03-14 |
Family
ID=47831493
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2012/076874 WO2013034006A1 (zh) | 2011-09-05 | 2012-06-14 | 文件打开方法、装置及终端 |
Country Status (5)
Country | Link |
---|---|
US (1) | US20140207833A1 (zh) |
CN (1) | CN102982031B (zh) |
AU (1) | AU2012306979C1 (zh) |
HK (1) | HK1182495A1 (zh) |
WO (1) | WO2013034006A1 (zh) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10356237B2 (en) | 2016-02-29 | 2019-07-16 | Huawei Technologies Co., Ltd. | Mobile terminal, wearable device, and message transfer method |
TWI599905B (zh) * | 2016-05-23 | 2017-09-21 | 緯創資通股份有限公司 | 惡意碼的防護方法、系統及監控裝置 |
CN106202290A (zh) * | 2016-06-30 | 2016-12-07 | 北京金山安全软件有限公司 | 一种文件的访问方法及终端 |
CN113220380A (zh) * | 2021-05-25 | 2021-08-06 | 北京小米移动软件有限公司 | 本地原生程序的调用方法、装置、电子设备及存储介质 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070101435A1 (en) * | 2005-10-14 | 2007-05-03 | Check Point Software Technologies, Inc. | System and Methodology Providing Secure Workspace Environment |
CN101101622A (zh) * | 2007-07-10 | 2008-01-09 | 北京鼎信高科信息技术有限公司 | 一种构造透明编码环境的方法 |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6026402A (en) * | 1998-01-07 | 2000-02-15 | Hewlett-Packard Company | Process restriction within file system hierarchies |
WO1999042934A2 (en) * | 1998-02-20 | 1999-08-26 | Storm Systems, Llc | File system performance enhancement |
US6874139B2 (en) * | 2000-05-15 | 2005-03-29 | Interfuse Technology Corporation | Method and system for seamless integration of preprocessing and postprocessing functions with an existing application program |
GB2415517B (en) * | 2004-06-24 | 2010-03-03 | Symbian Software Ltd | File management in a computing device |
US7676508B2 (en) * | 2004-11-10 | 2010-03-09 | Microsoft Corporation | Method and system for recording and replaying input-output requests issued by a user-mode program |
AU2007200606A1 (en) * | 2006-03-03 | 2007-09-20 | Pc Tools Technology Pty Limited | Scanning files using direct file system access |
-
2011
- 2011-09-05 CN CN201110260036.XA patent/CN102982031B/zh active Active
-
2012
- 2012-06-14 AU AU2012306979A patent/AU2012306979C1/en active Active
- 2012-06-14 WO PCT/CN2012/076874 patent/WO2013034006A1/zh active Application Filing
- 2012-06-14 US US14/342,482 patent/US20140207833A1/en not_active Abandoned
-
2013
- 2013-08-22 HK HK13109831.9A patent/HK1182495A1/zh unknown
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070101435A1 (en) * | 2005-10-14 | 2007-05-03 | Check Point Software Technologies, Inc. | System and Methodology Providing Secure Workspace Environment |
CN101101622A (zh) * | 2007-07-10 | 2008-01-09 | 北京鼎信高科信息技术有限公司 | 一种构造透明编码环境的方法 |
Non-Patent Citations (2)
Title |
---|
PENG, JUXIANG: "System Design and Implementation of File System Filter Layer Pass-through", CHINA MASTER'S THESES FULL-TEXT DATABASE, 2010, 15 May 2010 (2010-05-15), pages 20 - 38 * |
WANG, LANYING ET AL.: "Realization on Operation for Windows Device Drivers Based on IRP", JOURNAL OF SICHUAN UNIVERSITY OF SCIENCE & ENGINEERING (NATURAL SICENCE EDITION), vol. 23, no. 1, 28 February 2010 (2010-02-28) * |
Also Published As
Publication number | Publication date |
---|---|
CN102982031A (zh) | 2013-03-20 |
AU2012306979B2 (en) | 2015-05-21 |
AU2012306979A1 (en) | 2014-03-27 |
HK1182495A1 (zh) | 2013-11-29 |
AU2012306979C1 (en) | 2015-10-22 |
US20140207833A1 (en) | 2014-07-24 |
CN102982031B (zh) | 2015-04-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8220053B1 (en) | Shadow copy-based malware scanning | |
EP2811404B1 (en) | Virtual desktop implementation method, device and system | |
CN109388538B (zh) | 一种基于内核的文件操作行为监控方法及装置 | |
CN101458754B (zh) | 一种监控应用程序行为的方法及装置 | |
JP5808395B2 (ja) | マルウェアスキャニング | |
US9785770B2 (en) | Method, apparatus, and system for triggering virtual machine introspection | |
US20150113653A1 (en) | Scanning method and device, and client apparatus | |
WO2013034006A1 (zh) | 文件打开方法、装置及终端 | |
JP2012014429A (ja) | 情報処理装置及びその制御方法、プログラム | |
WO2013044785A1 (zh) | 一种用户数据备份方法及装置 | |
WO2022036865A1 (zh) | 日志文件自动抓取方法、装置和计算机设备 | |
WO2011095036A1 (zh) | 软件包生成方法及系统 | |
WO2014206183A1 (zh) | 宏病毒查杀方法及系统 | |
CN108255542A (zh) | 一种虚拟机的串口并口管控方法与装置 | |
CN111988292B (zh) | 一种内网终端访问互联网的方法、装置及系统 | |
JPWO2019013033A1 (ja) | コールスタック取得装置、コールスタック取得方法、および、コールスタック取得プログラム | |
WO2016086782A1 (zh) | 卸载破解版应用程序的方法及装置 | |
Chailytko et al. | Defeating sandbox evasion: how to increase the successful emulation rate in your virtual environment | |
CN111159789A (zh) | 一种监控文件的方法及装置、设备、存储介质 | |
CN107665157A (zh) | 一种提高无盘速度体验的方法 | |
WO2010006514A1 (zh) | 一种对文件虚拟化处理方法及装置 | |
CN109120595A (zh) | 一种实现kvm功能的usb设备通信方法与装置 | |
CN114448929B (zh) | 数据链路转接方法、装置和系统,以及计算设备 | |
CN111796989B (zh) | Linux系统下防止截屏的方法及计算机可读存储介质 | |
AU2021209167A1 (en) | System and method for generating a minimal forensic image of a dataset of interest |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 12829320 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14342482 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2012306979 Country of ref document: AU Date of ref document: 20120614 Kind code of ref document: A |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 05/08/2014) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 12829320 Country of ref document: EP Kind code of ref document: A1 |