WO2019000736A1 - File encryption method and device, computer readable storage medium and apparatus - Google Patents

File encryption method and device, computer readable storage medium and apparatus Download PDF

Info

Publication number
WO2019000736A1
WO2019000736A1 PCT/CN2017/107612 CN2017107612W WO2019000736A1 WO 2019000736 A1 WO2019000736 A1 WO 2019000736A1 CN 2017107612 W CN2017107612 W CN 2017107612W WO 2019000736 A1 WO2019000736 A1 WO 2019000736A1
Authority
WO
WIPO (PCT)
Prior art keywords
file
function
encrypted
target
handle
Prior art date
Application number
PCT/CN2017/107612
Other languages
French (fr)
Chinese (zh)
Inventor
周志刚
张文明
陈少杰
Original Assignee
武汉斗鱼网络科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to CN201710525749.1A priority Critical patent/CN107480538A/en
Priority to CN201710525749.1 priority
Application filed by 武汉斗鱼网络科技有限公司 filed Critical 武汉斗鱼网络科技有限公司
Publication of WO2019000736A1 publication Critical patent/WO2019000736A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment

Abstract

A file encryption method, device, computer readable storage medium and device, the method comprising: acquiring a first hook function and a second hook function; in the process of opening an object file, first calling the first hook function to determine the target file Whether it is located in the file list to be encrypted, and then calling the open file function to open the target file. If the target file is located in the file to be encrypted list, the file handle of the target file is saved to the file handle list to be encrypted (102); In the process of writing the target file, the second hook function is first used to determine whether the file handle of the target file is located in the file handle list to be encrypted. If the file handle of the target file is located in the file handle list to be encrypted, the target file is The encryption operation is performed, and then the write file function is called to write the target file (103), thereby realizing automatic encryption of the file at the bottom of the system.

Description

File encryption method, device, computer readable storage medium and device Technical field

The present invention relates to the field of information processing technologies, and in particular, to a file encryption method, apparatus, computer readable storage medium, and device.

Background technique

At present, software development usually adopts modular development, that is, modularizes the functions of software, different modules are responsible for different functions, and at the same time, when designing modules, the modules are loosely coupled as much as possible, that is, the modules can Used independently, and allows different developers to develop different modules. However, since different modules are developed by different developers, it is very likely that a file is not encrypted because of a person's negligence, and the file content is obtained by others. However, once the file content is leaked, it may be exploited by the hacker as an attack. Software tools, therefore, there is a need in the art for a method of encrypting files.

Summary of the invention

In view of the above problems, the present invention has been made in order to provide a file encryption method, apparatus, computer readable storage medium and apparatus that overcome the above problems or at least partially solve the above problems.

The present invention provides a file encryption method, the method comprising:

Obtaining a first hook function for hooking the open file function and a second hook function for hooking the write file function;

In the process of performing the opening operation on the target file, first calling the first hook function to determine whether the target file is located in the file list to be encrypted, and then calling the open file function to open the target file, where If the target file is located in the file to be encrypted list, save the file handle of the target file to the file handle list to be encrypted;

In the process of performing a write operation on the target file, first calling the second hook function to determine whether a file handle of the target file is located in the file handle list to be encrypted, if the file handle of the target file is located And in the list of file handles to be encrypted, performing an encryption operation on the target file, and then calling the write file function to perform a write operation on the target file.

Preferably, the method further includes:

Obtaining a third hook function for hooking off the file function;

In the process of performing the closing operation on the target file, first calling the third hook function to determine whether the file handle of the target file is located in the file handle list to be encrypted, and then calling the close file function to The target file performs a shutdown operation, wherein if the file handle of the target file is located in the file handle list to be encrypted, deleting the directory in the file handle list to be encrypted The file handle of the target file.

Preferably, the compiled script of the first hook function and the second hook function is a Lua script.

Preferably, the method further includes:

Integrated Lua scripting engine.

Preferably, the obtaining the first hook function for hooking the open file function and the second hook function for hooking the write file function include:

The first hook function and the second hook function are obtained from a server.

Preferably, the parameter type of the first hook function is the same as the parameter type of the open file function, and the parameter type of the second hook function is the same as the parameter type of the write file function.

The invention also provides a file encryption device, the device comprising:

An obtaining module, configured to obtain a first hook function for hooking an open file function and a second hook function for hooking a write file function;

a first calling module, configured to: in the process of performing an opening operation on the target file, first calling the first hook function to determine whether the target file is located in a file list to be encrypted, and then calling the open file function to the target The file is opened, wherein if the target file is located in the file to be encrypted list, the file handle of the target file is saved in the file handle list to be encrypted;

a second calling module, configured to: in the process of performing a write operation on the target file, first calling the second hook function to determine whether a file handle of the target file is located in the file handle list to be encrypted, if The file handle of the target file is located in the file handle list to be encrypted, and then the target file is encrypted, and the write file function is called to perform a write operation on the target file.

Preferably, the device further comprises:

a second obtaining module, configured to acquire a third hook function for hooking a closed file function;

a third calling module, configured to: in the process of performing a closing operation on the target file, first calling the third hook function to determine whether a file handle of the target file is located in the file handle list to be encrypted, and then calling the The closing file function performs a closing operation on the target file, wherein if the file handle of the target file is located in the file handle list to be encrypted, deleting the file of the target file in the file handle list to be encrypted Handle.

The present invention also provides a computer readable storage medium having stored thereon a computer program that, when executed by a processor, implements the following steps:

Obtaining a first hook function for hooking the open file function and a second hook function for hooking the write file function;

In the process of performing the opening operation on the target file, first calling the first hook function to determine whether the target file is located in the file list to be encrypted, and then calling the open file function to the target file. Open an operation, wherein if the target file is located in the file to be encrypted list, save the file handle of the target file to the file handle list to be encrypted;

In the process of performing a write operation on the target file, first calling the second hook function to determine whether a file handle of the target file is located in the file handle list to be encrypted, if the file handle of the target file is located And in the list of file handles to be encrypted, performing an encryption operation on the target file, and then calling the write file function to perform a write operation on the target file.

The present invention also provides a computer device comprising a memory, a processor, and a computer program stored on the memory and operable on the processor, the processor implementing the program to implement the following steps:

Obtaining a first hook function for hooking the open file function and a second hook function for hooking the write file function;

In the process of performing the opening operation on the target file, first calling the first hook function to determine whether the target file is located in the file list to be encrypted, and then calling the open file function to open the target file, where If the target file is located in the file to be encrypted list, save the file handle of the target file to the file handle list to be encrypted;

In the process of performing a write operation on the target file, first calling the second hook function to determine whether a file handle of the target file is located in the file handle list to be encrypted, if the file handle of the target file is located And in the list of file handles to be encrypted, performing an encryption operation on the target file, and then calling the write file function to perform a write operation on the target file.

One or more technical solutions in the embodiments of the present invention have at least the following technical effects or advantages:

The first hook function for hooking the open file function and the second hook function for hooking the write file function, in the process of opening the target file, first calling the first hook function to determine the target file Whether it is located in the file list to be encrypted, and then call the open file function to open the target file, wherein if the target file is located in the file to be encrypted list, the file handle of the target file is saved to the file handle list to be encrypted, and In the process of writing the target file, the second hook function is first called to determine whether the file handle of the target file is located in the file handle list to be encrypted. If the file handle of the target file is located in the file handle list to be encrypted, the target is The file is encrypted, and then the write file function is called to write the target file, thereby realizing automatic encryption of the file at the bottom of the system, thereby improving the security of the file.

DRAWINGS

Various other advantages and benefits will become apparent to those skilled in the art from a The drawings are only for the purpose of illustrating the preferred embodiments and are not to be construed as limiting. Further, the same components are denoted by the same reference numerals throughout the drawings. In the drawing:

1 is a flow chart showing a file encryption method in an embodiment of the present invention;

2 is a structural diagram of a file encryption apparatus in an embodiment of the present invention;

FIG. 3 is a diagram showing the physical structure of a computer device in an embodiment of the present invention.

Detailed ways

Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While the embodiments of the present invention have been shown in the drawings, the embodiments Rather, these embodiments are provided so that this disclosure will be more fully understood and the scope of the disclosure will be fully disclosed.

An embodiment of the present application provides a file encryption method, where the file encryption method is applied to a client. As shown in FIG. 1 , the method includes:

Step 101: Acquire a first hook function for hooking the open file function and a second hook function for hooking the write file function.

Step 102: In the process of performing an open operation on the target file, first calling the first hook function to determine whether the target file is located in a file list to be encrypted, and then calling the open file function to open the target file. And, if the target file is located in the file to be encrypted list, save the file handle of the target file to the file handle list to be encrypted.

Step 103: In the process of performing a write operation on the target file, first calling the second hook function to determine whether a file handle of the target file is located in the file handle list to be encrypted, if the target file is The file handle is located in the file handle list to be encrypted, and then the target file is encrypted, and the write file function is called to perform a write operation on the target file.

Specifically, in the present application, the first hook function is used to hook the open file function, the second hook function is used to hook the write file function, and the compiled script of the first hook function and the second hook function is a Lua script. Thereby, real-time update can be implemented, the first hook function and the second hook function are stored in the server, and in step 101, the client obtains the first hook function and the second hook function from the server.

Further, in the present application, to implement the execution of the Lua script, the method further includes:

Integrated Lua scripting engine.

This application can implement the Lua script by integrating the Lua script engine. Since the Lua engine is open source, you only need to integrate the Lua engine code into the client code, you can call the Lua engine interface to call Lua. The script performs the function functions in it.

The first hook function and the second hook function and the process of executing the first hook function and the second hook function will be described in detail below.

For the first hook function, this application uses Detours to hook up the open file function (CreateFile) of Windows, so that all open files in the main program can be realized. The technical effect of monitoring the operation. Specifically, in the process of opening the target file, using Detours to implement the HOOK of the CreateFile function is as follows:

DetourAttach(&(PVOID&)CreateFile, MY_CreateFile);

Among them, the function prototype of the CreateFile function is as follows:

Figure PCTCN2017107612-appb-000001

The parameter IpFileName indicates the name of the open file, the parameter dwDesiredAccess indicates whether to open the file for reading or writing, the parameter dwShareMode indicates the sharing mode of the file, the parameter IpSecurityAttributes indicates the security attribute of the file, and the parameter dwCreationDisposition indicates the operation of opening the file, whether it is created or Open an existing file, the parameter dwFlagsAndAttributes specifies the file's attributes and flags, and the parameter hTemplateFile specifies the template file.

Among them, the function of the first hook function (MY_CreateFile) is implemented as follows:

Figure PCTCN2017107612-appb-000002

Figure PCTCN2017107612-appb-000003

The parameter type of the first hook function is the same as the parameter type of the open file function.

In the specific implementation process, in the process of opening the target file, the first hook function is first called to determine whether the target file is located in the file list to be encrypted, and then the open file function is called to open the target file. The server stores a file list to be encrypted, and the file name of the file to be encrypted is stored in the file list to be encrypted, and the client obtains the file to be encrypted list from the server, and determines, on the client side, whether the file name of the target file is located to be encrypted. In the file list. If the file name of the target file exists in the file list to be encrypted, the file handle of the target file is saved in the file handle list to be encrypted, and the file handle corresponding to the file to be encrypted is saved in the file handle list to be encrypted.

It should be noted that, in the process of writing a file, the name of the file does not exist. Therefore, the present application first judges the file name, and then saves the file handle to implement the subsequent judgment process.

For the second hook function, the present application uses Detours to hook the Windows write file function (WriteFile,), thereby realizing the technical effect of monitoring the operation of all the write files in the main program. Specifically, in the process of writing the target file, using Detours to WriteFile, the function HOOK is implemented as follows:

DetourAttach(&(PVOID&)WriteFile, MY_WriteFile);

Among them, the first parameter in the above formula is the memory address of the WriteFile function, and the second parameter in the above formula is the HOOK function MY_WriteFile.

Among them, the function prototype of the WriteFile function is as follows:

BOOL WriteFile(

HANDLE hFile,

LPCVOID IpBuffer,

DWORD nNumberOfBytesToWrite,

LPDWORD IpNumberOfBytesWritten,

LPOVERLAPPED IpOverlapped

);

Among them, the parameter hFile is the handle of the file, the parameter IpBuffer is the content written to the file, the parameter nNumberOfBytesToWrite indicates the number of bytes to be written to the file, the parameter IpNumberOfBytesWritten indicates the number of bytes actually written, and the parameter IpOverlapped indicates the file. Asynchronous write operation.

Among them, the function of the second hook function (MY_WriteFile) is implemented as follows:

Figure PCTCN2017107612-appb-000004

The parameter type of the second hook function is the same as the parameter type of the write file function.

In the specific implementation process, in the process of writing the target file, the second hook function is first called to determine whether the file handle of the target file is located in the file handle list to be encrypted, if the target file The file handle is located in the file handle list to be encrypted, then the target file is encrypted, and then the write file function is called to write the target file, thereby ensuring that the target file is encrypted before the write operation is performed. The content is encrypted before the write operation is performed.

In the specific implementation process, the written file content is stored in the IpBuffer, and the file size written therein is stored in nNumberOfBytesToWrite. The application uses an encryption algorithm to encrypt the written data. Specifically, the following Lua encryption algorithm can be used. :

LUA.encrypt(IpBuffer, nNumberOfBytesToWrite, KEY)

Further, in the present application, in order to avoid the occupation of the client resources by the file handle saved locally on the client, the method further includes:

Obtaining a third hook function for hooking off the file function;

In the process of performing the closing operation on the target file, first calling the third hook function to determine whether the file handle of the target file is located in the file handle list to be encrypted, and then calling the close file function to The target file performs a shutdown operation, wherein if the file handle of the target file is located in the file handle list to be encrypted, the file handle of the target file is deleted in the file handle list to be encrypted.

For the third hook function, the present application uses Detours to perform HOOK on the Windows closed file function (CloseHandle), so that after the file is written, the file is closed and the saved handle is deleted, and the Detours function is implemented as follows :

DetourAttach(&(PVOID&)CloseHandle, MY_CloseHandle);

Among them, the prototype of the CloseHand l e function is as follows:

BOOL CloseHandle(HANDLE hObject);

Among them, the function of the third hook function is implemented as follows:

Figure PCTCN2017107612-appb-000005

The function code corresponding to each step of the present application is written in the main program, so that when the main program is initialized, each function code is called, and the effect of encrypting the file at the bottom layer is realized, so that other module developers do not need to understand. The encryption function of the file, thus avoiding the module developer from missing the encryption operation and generating an error.

The embodiment of the invention further provides a file encryption device. As shown in FIG. 2, the device includes:

a first obtaining module 201, configured to acquire a first hook function for hooking an open file function, and Hooking a second hook function of the write file function;

The first calling module 202 is configured to: in the process of performing an opening operation on the target file, first calling the first hook function to determine whether the target file is located in a file list to be encrypted, and then calling the open file function to The target file is opened, wherein if the target file is located in the file to be encrypted list, the file handle of the target file is saved in the file handle list to be encrypted;

The second invoking module 203 is configured to: in the process of performing a write operation on the target file, first calling the second hook function to determine whether a file handle of the target file is located in the file handle list to be encrypted, if The file handle of the target file is located in the file handle list to be encrypted, and then the target file is encrypted, and the write file function is called to perform a write operation on the target file.

Preferably, the device further comprises:

a second obtaining module, configured to acquire a third hook function for hooking a closed file function;

a third calling module, configured to: in the process of performing a closing operation on the target file, first calling the third hook function to determine whether a file handle of the target file is located in the file handle list to be encrypted, and then calling the The closing file function performs a closing operation on the target file, wherein if the file handle of the target file is located in the file handle list to be encrypted, deleting the file of the target file in the file handle list to be encrypted Handle.

Preferably, the compiled script of the first hook function and the second hook function is a Lua script.

Preferably, the device further comprises:

Integration module for integrating the Lua scripting engine.

Preferably, the first obtaining module 201 is specifically configured to:

The first hook function and the second hook function are obtained from a server.

Preferably, the parameter type of the first hook function is the same as the parameter type of the open file function, and the parameter type of the second hook function is the same as the parameter type of the write file function.

The embodiment of the invention further provides a computer readable storage medium, on which a computer program is stored, and when the program is executed by the processor, the following steps are implemented:

Obtaining a first hook function for hooking the open file function and a second hook function for hooking the write file function;

In the process of performing the opening operation on the target file, first calling the first hook function to determine whether the target file is located in the file list to be encrypted, and then calling the open file function to open the target file, where If the target file is located in the file to be encrypted list, save the file handle of the target file to the file handle list to be encrypted;

In the process of performing a write operation on the target file, first calling the second hook function to determine Whether the file handle of the target file is located in the file handle list to be encrypted, and if the file handle of the target file is located in the file handle list to be encrypted, encrypting the target file, and then calling the The write file function writes the target file.

The embodiment of the present invention further provides a computer device. As shown in FIG. 3, for the convenience of description, only parts related to the embodiment of the present invention are shown. If the specific technical details are not disclosed, please refer to the method part of the embodiment of the present invention. . The computer device may be any terminal device including a mobile phone, a tablet computer, a PDA (Personal Digital Assistant), a POS (Point of Sales), an in-vehicle computer, and the like, and the computer device is used as a mobile phone as an example:

3 is a block diagram showing a portion of the structure associated with a computer device provided by an embodiment of the present invention. Referring to FIG. 3, the computer device includes a memory 301 and a processor 302. Those skilled in the art will appreciate that the computer device architecture illustrated in FIG. 3 does not constitute a limitation to a computer device, and may include more or fewer components than those illustrated, or some components may be combined, or different component arrangements.

The specific components of the computer device will be specifically described below with reference to FIG. 3:

The memory 301 can be used to store software programs and modules, and the processor 302 executes various functional applications and data processing by running software programs and modules stored in the memory 301. The memory 301 can mainly include a storage program area and a storage data area, wherein the storage program area can store an operating system, an application required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area can store data. (such as audio data, phone book, etc.). Further, the memory 301 may include a high speed random access memory, and may also include a nonvolatile memory such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.

The processor 302 is a control center of a computer device that performs various functions and processing data by running or executing software programs and/or modules stored in the memory 301, and recalling data stored in the memory 301. Optionally, the processor 302 may include one or more processing units; preferably, the processor 302 may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, and the like. The modem processor primarily handles wireless communications.

In the embodiment of the present invention, the processor 302 included in the computer device may have the following functions:

Obtaining a first hook function for hooking the open file function and a second hook function for hooking the write file function;

In the process of performing the opening operation on the target file, first calling the first hook function to determine whether the target file is located in the file list to be encrypted, and then calling the open file function to open the target file, where If the target file is located in the file to be encrypted list, save the file handle of the target file to the file handle list to be encrypted;

In the process of performing a write operation on the target file, first calling the second hook function to determine whether a file handle of the target file is located in the file handle list to be encrypted, if the target text The file handle of the piece is located in the file handle list to be encrypted, and the object file is encrypted, and the write file function is called to perform a write operation on the target file.

The algorithms and displays provided herein are not inherently related to any particular computer, virtual system, or other device. Various general purpose systems can also be used with the teaching based on the teachings herein. The structure required to construct such a system is apparent from the above description. Moreover, the invention is not directed to any particular programming language. It is to be understood that the invention may be embodied in a variety of programming language, and the description of the specific language has been described above in order to disclose the preferred embodiments of the invention.

In the description provided herein, numerous specific details are set forth. However, it is understood that the embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures, and techniques are not shown in detail so as not to obscure the understanding of the description.

Similarly, the various features of the invention are sometimes grouped together into a single embodiment, in the above description of the exemplary embodiments of the invention, Figure, or a description of it. However, the method disclosed is not to be interpreted as reflecting the intention that the claimed invention requires more features than those specifically recited in the claims. Rather, as the following claims reflect, inventive aspects reside in less than all features of the single embodiments disclosed herein. Therefore, the claims following the specific embodiments are hereby explicitly incorporated into the embodiments, and each of the claims as a separate embodiment of the invention.

Those skilled in the art will appreciate that the modules in the devices of the embodiments can be adaptively changed and placed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and further they may be divided into a plurality of sub-modules or sub-units or sub-components. In addition to such features and/or at least some of the processes or units being mutually exclusive, any combination of the features disclosed in the specification, including the accompanying claims, the abstract and the drawings, and any methods so disclosed, or All processes or units of the device are combined. Each feature disclosed in this specification (including the accompanying claims, the abstract and the drawings) may be replaced by alternative features that provide the same, equivalent or similar purpose.

In addition, those skilled in the art will appreciate that although some embodiments herein include certain features included in other embodiments and not other features, combinations of features of different embodiments are intended to be within the scope of the present invention. And different embodiments are formed. For example, in the following claims, any one of the claimed embodiments can be used in any combination.

The various component embodiments of the present invention may be implemented in hardware, or in a software module running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or digital signal processor (DSP) can be used in practice to implement the present invention. Some or all of the functionality of a gateway, proxy server, some or all of the components of the embodiment. The invention can also be implemented as a device or device program (e.g., a computer program and a computer program product) for performing some or all of the methods described herein. Such a program implementing the invention may be stored on a computer readable medium or may be in the form of one or more signals. Such signals may be downloaded from an Internet website, provided on a carrier signal, or provided in any other form.

It is to be noted that the above-described embodiments are illustrative of the invention and are not intended to be limiting, and that the invention may be devised without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as a limitation. The word "comprising" does not exclude the presence of the elements or steps that are not recited in the claims. The word "a" or "an" The invention can be implemented by means of hardware comprising several distinct elements and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means can be embodied by the same hardware item. The use of words, second, third, etc. does not indicate any order. These words can be interpreted as names.

Claims (10)

  1. A file encryption method, the method comprising:
    Obtaining a first hook function for hooking the open file function and a second hook function for hooking the write file function;
    In the process of performing the opening operation on the target file, first calling the first hook function to determine whether the target file is located in the file list to be encrypted, and then calling the open file function to open the target file, where If the target file is located in the file to be encrypted list, save the file handle of the target file to the file handle list to be encrypted;
    In the process of performing a write operation on the target file, first calling the second hook function to determine whether a file handle of the target file is located in the file handle list to be encrypted, if the file handle of the target file is located And in the list of file handles to be encrypted, performing an encryption operation on the target file, and then calling the write file function to perform a write operation on the target file.
  2. The method of claim 1 wherein the method further comprises:
    Obtaining a third hook function for hooking off the file function;
    In the process of performing the closing operation on the target file, first calling the third hook function to determine whether the file handle of the target file is located in the file handle list to be encrypted, and then calling the close file function to The target file performs a shutdown operation, wherein if the file handle of the target file is located in the file handle list to be encrypted, the file handle of the target file is deleted in the file handle list to be encrypted.
  3. The method of claim 1 wherein the compiled script of the first hook function and the second hook function is a Lua script.
  4. The method of claim 3, wherein the method further comprises:
    Integrated Lua scripting engine.
  5. The method of claim 1, wherein the obtaining a first hook function for hooking an open file function and a second hook function for hooking a write file function comprises:
    The first hook function and the second hook function are obtained from a server.
  6. The method according to claim 1, wherein a parameter type of said first hook function is the same as a parameter type of said open file function, and a parameter type of said second hook function is associated with said write file function The parameter types are the same.
  7. A file encryption device, characterized in that the device comprises:
    a first obtaining module, configured to acquire a first hook function for hooking the open file function and a second hook function for hooking the write file function;
    a first calling module, configured to: in the process of performing an opening operation on the target file, first calling the first hook function to determine whether the target file is located in a file list to be encrypted, and then calling the open file Open a file operation to the target file, wherein if the target file is located in the file to be encrypted list, save the file handle of the target file to the file handle list to be encrypted;
    a second calling module, configured to: in the process of performing a write operation on the target file, first calling the second hook function to determine whether a file handle of the target file is located in the file handle list to be encrypted, if The file handle of the target file is located in the file handle list to be encrypted, and then the target file is encrypted, and the write file function is called to perform a write operation on the target file.
  8. The device of claim 7 wherein said device further comprises:
    a second obtaining module, configured to acquire a third hook function for hooking a closed file function;
    a third calling module, configured to: in the process of performing a closing operation on the target file, first calling the third hook function to determine whether a file handle of the target file is located in the file handle list to be encrypted, and then calling the The closing file function performs a closing operation on the target file, wherein if the file handle of the target file is located in the file handle list to be encrypted, deleting the file of the target file in the file handle list to be encrypted Handle.
  9. A computer readable storage medium having stored thereon a computer program, wherein the program, when executed by the processor, implements the following steps:
    Obtaining a first hook function for hooking the open file function and a second hook function for hooking the write file function;
    In the process of performing the opening operation on the target file, first calling the first hook function to determine whether the target file is located in the file list to be encrypted, and then calling the open file function to open the target file, where If the target file is located in the file to be encrypted list, save the file handle of the target file to the file handle list to be encrypted;
    In the process of performing a write operation on the target file, first calling the second hook function to determine whether a file handle of the target file is located in the file handle list to be encrypted, if the file handle of the target file is located And in the list of file handles to be encrypted, performing an encryption operation on the target file, and then calling the write file function to perform a write operation on the target file.
  10. A computer device comprising a memory, a processor, and a computer program stored on the memory and operable on the processor, wherein the processor performs the following steps when executing the program:
    Obtaining a first hook function for hooking the open file function and a second hook function for hooking the write file function;
    In the process of performing the opening operation on the target file, first calling the first hook function to determine whether the target file is located in the file list to be encrypted, and then calling the open file function to open the target file, where If the target file is located in the list of files to be encrypted, The file handle of the target file is saved in the file handle list to be encrypted;
    In the process of performing a write operation on the target file, first calling the second hook function to determine whether a file handle of the target file is located in the file handle list to be encrypted, if the file handle of the target file is located And in the list of file handles to be encrypted, performing an encryption operation on the target file, and then calling the write file function to perform a write operation on the target file.
PCT/CN2017/107612 2017-06-30 2017-10-25 File encryption method and device, computer readable storage medium and apparatus WO2019000736A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201710525749.1A CN107480538A (en) 2017-06-30 2017-06-30 File encryption method and device, computer readable storage medium and equipment
CN201710525749.1 2017-06-30

Publications (1)

Publication Number Publication Date
WO2019000736A1 true WO2019000736A1 (en) 2019-01-03

Family

ID=60596036

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/107612 WO2019000736A1 (en) 2017-06-30 2017-10-25 File encryption method and device, computer readable storage medium and apparatus

Country Status (2)

Country Link
CN (1) CN107480538A (en)
WO (1) WO2019000736A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101901313A (en) * 2010-06-10 2010-12-01 中科方德软件有限公司 Linux file protection system and method
US7945586B1 (en) * 2007-03-29 2011-05-17 Trend Micro Incorporated Methods and apparatus to protect data
CN103150499A (en) * 2012-12-27 2013-06-12 中华电信股份有限公司 Protection method capable of preventing files from leaking in encryped manner
CN104331644A (en) * 2014-11-24 2015-02-04 北京邮电大学 Transparent encryption and decryption method for intelligent terminal file
CN105303073A (en) * 2015-11-26 2016-02-03 北京深思数盾科技有限公司 Protecting method for software codes

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100446024C (en) * 2007-01-26 2008-12-24 北京飞天诚信科技有限公司 Protection method and system of electronic document
US8959639B2 (en) * 2007-06-18 2015-02-17 Symantec Corporation Method of detecting and blocking malicious activity
CN103605930B (en) * 2013-11-27 2016-04-13 湖北民族学院 Dual anti-leak method and file system filter driver based on the hook and
CN103995990A (en) * 2014-05-14 2014-08-20 江苏敏捷科技股份有限公司 Method for preventing electronic documents from divulging secrets
CN106203130B (en) * 2016-06-26 2019-03-08 厦门天锐科技股份有限公司 A kind of transparent encipher-decipher method based on Intelligent Dynamic driving layer

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7945586B1 (en) * 2007-03-29 2011-05-17 Trend Micro Incorporated Methods and apparatus to protect data
CN101901313A (en) * 2010-06-10 2010-12-01 中科方德软件有限公司 Linux file protection system and method
CN103150499A (en) * 2012-12-27 2013-06-12 中华电信股份有限公司 Protection method capable of preventing files from leaking in encryped manner
CN104331644A (en) * 2014-11-24 2015-02-04 北京邮电大学 Transparent encryption and decryption method for intelligent terminal file
CN105303073A (en) * 2015-11-26 2016-02-03 北京深思数盾科技有限公司 Protecting method for software codes

Also Published As

Publication number Publication date
CN107480538A (en) 2017-12-15

Similar Documents

Publication Publication Date Title
US7870610B1 (en) Detection of malicious programs
CN104246788B (en) Detect and prevent malicious mobile application install
US8161556B2 (en) Context-aware real-time computer-protection systems and methods
KR101626429B1 (en) Method and system for executing applications using native code modules
US20110219449A1 (en) Malware detection method, system and computer program product
US20120084864A1 (en) System and method for a mobile cross-platform software system
US8850572B2 (en) Methods for handling a file associated with a program in a restricted program environment
US20130246038A1 (en) Emulator updating system and method
US8849957B1 (en) Installable web applications
US9390255B2 (en) Privileged account manager, dynamic policy engine
US20130159394A1 (en) Safe Browser Plugins Using Native Code Modules
CN103617382B (en) Privacy protection method and apparatus
Zdziarski iPhone forensics: recovering evidence, personal data, and corporate assets
CN100489767C (en) Communicating device
US8087017B1 (en) Trace-assisted prefetching of virtual machines in a distributed system
WO2015055074A1 (en) Method and device for dynamically loading and invoking program
CN103875003A (en) System and method for whitelisting applications in a mobile network environment
CN1849773A (en) Displaying a security element with a browser window
CN101959193A (en) Information safety detection method and a mobile terminal
JP5830102B2 (en) Reputation check of the acquisition file
JP6166839B2 (en) System and method for replacing the run-time application method of
US20040205354A1 (en) System and method for detecting malicious applications
US9483644B1 (en) Methods for detecting file altering malware in VM based analysis
US7167872B2 (en) Efficient file interface and method for providing access to files using a JTRS SCA core framework
US9563488B2 (en) Sharing extension points to allow an application to share content via a sharing extension

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17915636

Country of ref document: EP

Kind code of ref document: A1