Nothing Special   »   [go: up one dir, main page]

WO2019000737A1 - File decryption method and device, computer readable storage medium and apparatus - Google Patents

File decryption method and device, computer readable storage medium and apparatus Download PDF

Info

Publication number
WO2019000737A1
WO2019000737A1 PCT/CN2017/107619 CN2017107619W WO2019000737A1 WO 2019000737 A1 WO2019000737 A1 WO 2019000737A1 CN 2017107619 W CN2017107619 W CN 2017107619W WO 2019000737 A1 WO2019000737 A1 WO 2019000737A1
Authority
WO
WIPO (PCT)
Prior art keywords
file
function
target file
decrypted
target
Prior art date
Application number
PCT/CN2017/107619
Other languages
French (fr)
Chinese (zh)
Inventor
周志刚
张文明
陈少杰
Original Assignee
武汉斗鱼网络科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 武汉斗鱼网络科技有限公司 filed Critical 武汉斗鱼网络科技有限公司
Publication of WO2019000737A1 publication Critical patent/WO2019000737A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Definitions

  • the present invention relates to the field of information processing technologies, and in particular, to a file decryption method, apparatus, computer readable storage medium, and device.
  • the present invention has been made in order to provide a file decrypting method, apparatus, computer readable storage medium and apparatus that overcome the above problems or at least partially solve the above problems.
  • the present invention provides a file decryption method, the method comprising:
  • the obtaining the decryption key comprises:
  • the decryption key is obtained from the server.
  • the decrypting operation on the target file includes:
  • the target file is decrypted using the TEA algorithm.
  • the parameter type of the first hook function is the same as the parameter type of the open file function
  • the parameter type of the second hook function is the same as the parameter type of the read file function
  • the invention also provides a file decryption device, the device comprising:
  • An obtaining module configured to obtain a first hook function for hooking the open file function and a second hook function for hooking the read file function;
  • a first calling module configured to: in the process of performing an opening operation on the target file, first calling the first hook function to determine whether the target file is located in a file list to be decrypted, and then calling the open file function to the target The file is opened, wherein if the target file is located in the list of files to be decrypted, the file handle of the target file is saved in the file handle list to be decrypted;
  • a second calling module configured to: in the process of performing a read operation on the target file, first calling the second hook function to determine whether a file handle of the target file is located in the file handle list to be decrypted, if The file handle of the target file is located in the file handle list to be decrypted, then the decryption key is obtained, and the target file is decrypted by using the decryption key, and the read file function is called to the target file. Read it.
  • the first calling module includes:
  • An obtaining unit configured to acquire the decryption key from a server.
  • the second calling module comprises:
  • a decryption unit configured to perform a decryption operation on the target file by using a TEA algorithm.
  • the parameter type of the first hook function is the same as the parameter type of the open file function
  • the parameter type of the second hook function is the same as the parameter type of the read file function
  • the embodiment of the invention further provides a computer readable storage medium, on which a computer program is stored, and when the program is executed by the processor, the following steps are implemented:
  • the present invention also provides a computer device comprising a memory, a processor, and a computer program stored on the memory and operable on the processor, the processor implementing the program to implement the following steps:
  • the first hook function for hooking the open file function and the second hook function for hooking the read file, in the process of opening the target file first calling the first hook function to determine whether the target file is located In the list of files to be decrypted, the open file function is called to open the target file, wherein if the target file is located in the file list to be decrypted, the file handle of the target file is saved to the file handle list to be decrypted, and the target file is During the read operation, the second hook function is first called to determine whether the file handle of the target file is located in the file handle list to be decrypted, and if the file handle of the target file is located in the file handle list to be decrypted, the decryption key is obtained, and The decryption key is used to decrypt the target file, and then the read file function is called to read the target file, thereby automatically decrypting the target file at the bottom of the system, ensuring that the encrypted file can be correctly decrypted, and at the same time, each module Developer
  • FIG. 1 is a flow chart showing a method for decrypting a file in an embodiment of the present invention
  • FIG. 2 is a structural diagram of a file decryption apparatus in an embodiment of the present invention.
  • FIG. 3 is a diagram showing the physical structure of a computer device in an embodiment of the present invention.
  • the embodiment of the present application provides a file decryption method, where the file decryption method is applied to a client. As shown in FIG. 1, the method includes:
  • Step 101 Acquire a first hook function for hooking the open file function and a second hook function for hooking the read file function.
  • Step 102 In the process of performing an open operation on the target file, first calling the first hook function to determine whether the target file is located in a file list to be decrypted, and then calling the open file function to open the target file. And, if the target file is located in the to-be-decrypted file list, save the file handle of the target file to the file handle list to be decrypted.
  • Step 103 In the process of performing a read operation on the target file, first calling the second hook function to determine whether a file handle of the target file is located in the file handle list to be decrypted, if the file of the target file The handle is located in the file handle list to be decrypted, then obtains a decryption key, and decrypts the target file by using the decryption key, and then invokes the read file function to perform a read operation on the target file.
  • the first hook function is used to hook the open file function
  • the second hook function is used to hook the read file function
  • the first hook function and the second hook function are executed and the first hook is executed.
  • the process of the function and the second hook function is described in detail.
  • the present application uses Detours to hook up (HOOK) the Windows open file function (CreateFile), thereby realizing the technical effect of monitoring the operation of all open files in the main program.
  • HOOK the Windows open file function
  • CreateFile the Windows open file function
  • the first parameter in the above formula is the memory address of the CreateFile function
  • the second parameter in the above formula is the first hook function (MY_CreateFile).
  • MY_CreateFile In the process of opening the target file, call MY_CreateFile and call the CreateFile function.
  • the parameter IpFileName indicates the name of the open file
  • the parameter dwDesiredAccess indicates whether to open the file for reading or writing
  • the parameter dwShareMode indicates the sharing mode of the file
  • the parameter IpSecurityAttributes indicates the security attribute of the file
  • the parameter dwCreationDisposition indicates the operation of opening the file, whether it is created or Open an existing file
  • the parameter dwFlagsAndAttributes specifies the file's attributes and flags
  • the parameter hTemplateFile specifies the template file.
  • MY_CreateFile the function of the first hook function
  • the parameter type of the first hook function is the same as the parameter type of the open file function.
  • the first hook function is first called to determine whether the target file is located in the file list to be decrypted, and then the open file function is called to open the target file.
  • the server stores a list of files to be decrypted, and the file name of the file to be decrypted is stored in the file list to be decrypted, and the client obtains the list of files to be decrypted from the server, and locally determines whether the file name of the target file is to be decrypted. In the file list.
  • the file handle of the target file is saved in the file handle list to be decrypted, and the file handle corresponding to the decrypted file is saved in the file handle list to be decrypted.
  • the present application first judges the file name, and then saves the file handle to implement the subsequent judgment process.
  • the present application uses Detours to hook the Windows write file function (ReadFile), thereby realizing the technical effect of monitoring the operation of all the read files in the main program.
  • ReadFile Windows write file function
  • the implementation of the HOOK of the ReadFile function using Detours is as follows:
  • the first parameter in the above formula is the memory address of the ReadFile function
  • the second parameter in the above formula is the second hook function (MY_ReadFile).
  • the parameter hFile is the handle of the file
  • the parameter IpBuffer is the place where the read file is stored
  • the parameter nNumberOfBytesToRead indicates the number of bytes that need to be read
  • the parameter IpNumberOfBytesRead indicates the number of bytes actually read
  • the parameter IpOverlapped indicates the file.
  • the parameter type of the second hook function is the same as the parameter type of the write file function.
  • the second hook function is first called to determine whether the file handle of the target file is located in the file handle list to be decrypted, if the file handle of the target file is located in the file handle list to be decrypted.
  • the decryption key is obtained, and the decryption key is used to decrypt the target file, and then the read file function is called to read the target file, thereby ensuring that the target file is decrypted before performing the read operation, and the content of the file is used in the present application. Read after decryption.
  • the content of the read file is stored in the IpBuffer, and the file size read by the file is stored in the nNumberOfBytesToRead.
  • the present application uses the TEA decryption algorithm to decrypt the data. Specifically, the code corresponding to the decryption operation is as follows:
  • the KEY is a decryption key, and the decryption key is stored in the server.
  • the application obtains the decryption key by initiating a request to the server.
  • the function code corresponding to each step of the present application is written in the main program, so that when the main program is initialized, each function code is called, and the effect of decrypting the file at the bottom layer is realized, so that the other Module developers do not need to understand the decryption function of the file, thus avoiding the module developer missing the decryption operation and generating errors.
  • the embodiment of the invention further provides a file decryption device. As shown in FIG. 2, the device includes:
  • the obtaining module 201 is configured to obtain a first hook function for hooking the open file function and a second hook function for hooking the read file function;
  • the first calling module 202 is configured to: in the process of performing an opening operation on the target file, first calling the first hook function to determine whether the target file is located in a file list to be decrypted, and then calling the open file function to The target file is opened, wherein if the target file is located in the to-be-decrypted file list, the file handle of the target file is saved to the file handle list to be decrypted;
  • the second invoking module 203 is configured to: in the process of performing a read operation on the target file, first calling the second hook function to determine whether a file handle of the target file is located in the file handle list to be decrypted, if The file handle of the target file is located in the file handle list to be decrypted, and then the decryption key is obtained, and the target file is decrypted by using the decryption key, and the read file function is called to the target.
  • the file is read.
  • the first calling module 202 includes:
  • An obtaining unit configured to acquire the decryption key from a server.
  • the second invoking module 203 comprises:
  • a decryption unit configured to perform a decryption operation on the target file by using a TEA algorithm.
  • the parameter type of the first hook function is the same as the parameter type of the open file function
  • the parameter type of the second hook function is the same as the parameter type of the read file function
  • the embodiment of the invention further provides a computer readable storage medium, on which a computer program is stored, and when the program is executed by the processor, the following steps are implemented:
  • the embodiment of the present invention further provides a computer device.
  • a computer device As shown in FIG. 3, for the convenience of description, only parts related to the embodiment of the present invention are shown. If the specific technical details are not disclosed, please refer to the method part of the embodiment of the present invention.
  • the computer device may be any terminal device including a mobile phone, a tablet computer, a PDA (Personal Digital Assistant), a POS (Point of Sales), an in-vehicle computer, and the like, and the computer device is used as a mobile phone as an example:
  • FIG. 3 is a block diagram showing a portion of the structure associated with a computer device provided by an embodiment of the present invention.
  • the computer device includes a memory 301 and a processor 302.
  • the computer device architecture illustrated in FIG. 3 does not constitute a limitation to a computer device, and may include more or fewer components than those illustrated, or some components may be combined, or different component arrangements.
  • the memory 301 can be used to store software programs and modules, and the processor 302 executes various functional applications and data processing by running software programs and modules stored in the memory 301.
  • the memory 301 can mainly include a storage program area and a storage data area, wherein the storage program area can store an operating system, an application required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area can store data. (such as audio data, phone book, etc.).
  • the memory 301 may include a high speed random access memory, and may also include a nonvolatile memory such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
  • the processor 302 is a control center of a computer device that performs various functions and processing data by running or executing software programs and/or modules stored in the memory 301, and recalling data stored in the memory 301.
  • the processor 302 may include one or more processing units; preferably, the processor 302 may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, and the like.
  • the modem processor primarily handles wireless communications.
  • the processor 302 included in the computer device may have the following functions:
  • the present application firstly calls the first hook function to determine the target file in the process of opening the target file by using the first hook function for hooking the open file function and the second hook function for hooking the read file. Whether it is located in the list of files to be decrypted, and then call the open file function to open the target file, wherein if the target file is located in the file list to be decrypted, the file handle of the target file is saved to the file handle list to be decrypted, in the pair
  • the second hook function is first used to determine whether the file handle of the target file is located in the file handle list to be decrypted.
  • the decryption key is obtained. And decrypting the target file by using the decryption key, and then calling the read file function to read the target file, thereby automatically decrypting the target file at the bottom of the system, ensuring that the encrypted file can be correctly decrypted, and at the same time, Developers of each module no longer need to care about the decryption of files .
  • modules in the devices of the embodiments can be adaptively changed and placed in one or more devices different from the embodiment.
  • the modules or units or components of the embodiments may be combined into one module or unit or component, and further they may be divided into a plurality of sub-modules or sub-units or sub-components.
  • any combination of the features disclosed in the specification, including the accompanying claims, the abstract and the drawings, and any methods so disclosed, or All processes or units of the device are combined.
  • Each feature disclosed in the specification (including the accompanying claims, the abstract and the drawings) may be replaced by an alternative feature that provides the same, equivalent or similar purpose, unless stated otherwise. To replace.
  • the various component embodiments of the present invention may be implemented in hardware, or in a software module running on one or more processors, or in a combination thereof.
  • a microprocessor or digital signal processor may be used in practice to implement some or all of the functionality of some, or all, of the gateways, proxy servers, systems in accordance with embodiments of the present invention.
  • the invention can also be implemented as a device or device program (e.g., a computer program and a computer program product) for performing some or all of the methods described herein.
  • a program implementing the invention may be stored on a computer readable medium or may be in the form of one or more signals. Such signals may be downloaded from an Internet website, provided on a carrier signal, or provided in any other form.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The present invention relates to the technical field of information processing. Disclosed are a file decryption method and device, computer readable storage medium and apparatus. The method comprises: acquiring a first hook function for hooking a file opening function and a second hook function for hooking a file reading function (101); in the process of performing an opening operation on a target file, calling the first hook function to determine whether the target file is in a list of files under decryption, then calling the file opening function to perform the opening operation on the target file, and if the target file is in the list of files under decryption, storing a file handle of the target file to a list of file handles under decryption (102); in the process of performing a reading operation on the target file, calling the second hook function to determine whether the file handle of the target file is in the list of file handles under decryption, if the file handle of the target file is in the list of file handles under decryption, acquiring a decryption key and performing a decryption operation on the target file using the decryption key, and calling the file reading function to perform the reading operation on the target file (103), thereby enabling automatic decryption of a target file at a low level of a system.

Description

文件解密方法、装置、计算机可读存储介质及设备File decryption method, device, computer readable storage medium and device 技术领域Technical field
本发明涉及信息处理技术领域,尤其涉及文件解密方法、装置、计算机可读存储介质及设备。The present invention relates to the field of information processing technologies, and in particular, to a file decryption method, apparatus, computer readable storage medium, and device.
背景技术Background technique
目前,软件开发通常会采用模块化开发,即,将软件的功能进行模块化拆分,不同的模块负责不同的功能,同时,在设计模块时尽可能的使得模块松耦合,也就是使模块能够独立使用,并且可以使得不同的开发人员去开发不同的模块。然而,由于不同的模块由不同的开发人员开发,因此很有可能因为某个人的疏忽导致文件没有进行解密,从而读取的内容错误,因此,现有技术亟需一种对文件进行解密的方法。At present, software development usually adopts modular development, that is, modularizes the functions of software, different modules are responsible for different functions, and at the same time, when designing modules, the modules are loosely coupled as much as possible, that is, the modules can Used independently, and allows different developers to develop different modules. However, since different modules are developed by different developers, it is very likely that the file is not decrypted due to a person's negligence, and thus the read content is wrong. Therefore, the prior art needs a method for decrypting the file. .
发明内容Summary of the invention
鉴于上述问题,提出了本发明以便提供一种克服上述问题或者至少部分地解决上述问题的文件解密方法、装置、计算机可读存储介质及设备。In view of the above problems, the present invention has been made in order to provide a file decrypting method, apparatus, computer readable storage medium and apparatus that overcome the above problems or at least partially solve the above problems.
本发明提供一种文件解密方法,所述方法包括:The present invention provides a file decryption method, the method comprising:
获取用于钩取打开文件函数的第一钩子函数和用于钩取读文件函数的第二钩子函数;Obtaining a first hook function for hooking the open file function and a second hook function for hooking the read file function;
在对目标文件进行打开操作的过程中,先调用所述第一钩子函数判断所述目标文件是否位于待解密文件列表中,再调用所述打开文件函数对所述目标文件进行打开操作,其中,若所述目标文件位于所述待解密文件列表中,则将所述目标文件的文件句柄保存到待解密文件句柄列表中;In the process of performing the opening operation on the target file, first calling the first hook function to determine whether the target file is located in the file list to be decrypted, and then calling the open file function to open the target file, where If the target file is located in the to-be-decrypted file list, save the file handle of the target file to the file handle list to be decrypted;
在对所述目标文件进行读操作的过程中,先调用所述第二钩子函数判断所述目标文件的文件句柄是否位于所述待解密文件句柄列表中,若所述目标文件的文件句柄位于所述待解密文件句柄列表中,则,获取解密秘钥,并利用所述解密秘钥对所述目标文件进行解密操作,再调用所述读文件函数对所述目标文件进行读操作。In the process of performing the read operation on the target file, first calling the second hook function to determine whether the file handle of the target file is located in the file handle list to be decrypted, if the file handle of the target file is located in the In the case of the decrypted file handle list, the decryption key is obtained, and the target file is decrypted by using the decryption key, and the read file function is called to perform a read operation on the target file.
优选的,所述获取解密秘钥,包括:Preferably, the obtaining the decryption key comprises:
从服务器中获取所述解密秘钥。The decryption key is obtained from the server.
优选的,所述对所述目标文件进行解密操作,包括:Preferably, the decrypting operation on the target file includes:
利用TEA算法对所述目标文件进行解密操作。The target file is decrypted using the TEA algorithm.
优选的,所述第一钩子函数的参数类型与所述打开文件函数的参数类型相同,所述第二钩子函数的参数类型与所述读文件函数的参数类型相同。 Preferably, the parameter type of the first hook function is the same as the parameter type of the open file function, and the parameter type of the second hook function is the same as the parameter type of the read file function.
本发明还提供一种文件解密装置,所述装置包括:The invention also provides a file decryption device, the device comprising:
获取模块,用于获取用于钩取打开文件函数的第一钩子函数和用于钩取读文件函数的第二钩子函数;An obtaining module, configured to obtain a first hook function for hooking the open file function and a second hook function for hooking the read file function;
第一调用模块,用于在对目标文件进行打开操作的过程中,先调用所述第一钩子函数判断所述目标文件是否位于待解密文件列表中,再调用所述打开文件函数对所述目标文件进行打开操作,其中,若所述目标文件位于所述待解密文件列表中,则将所述目标文件的文件句柄保存到待解密文件句柄列表中;a first calling module, configured to: in the process of performing an opening operation on the target file, first calling the first hook function to determine whether the target file is located in a file list to be decrypted, and then calling the open file function to the target The file is opened, wherein if the target file is located in the list of files to be decrypted, the file handle of the target file is saved in the file handle list to be decrypted;
第二调用模块,用于在对所述目标文件进行读操作的过程中,先调用所述第二钩子函数判断所述目标文件的文件句柄是否位于所述待解密文件句柄列表中,若所述目标文件的文件句柄位于所述待解密文件句柄列表中,则,获取解密秘钥,并利用所述解密秘钥对所述目标文件进行解密操作,再调用所述读文件函数对所述目标文件进行读操作。a second calling module, configured to: in the process of performing a read operation on the target file, first calling the second hook function to determine whether a file handle of the target file is located in the file handle list to be decrypted, if The file handle of the target file is located in the file handle list to be decrypted, then the decryption key is obtained, and the target file is decrypted by using the decryption key, and the read file function is called to the target file. Read it.
优选的,所述第一调用模块包括:Preferably, the first calling module includes:
获取单元,用于从服务器中获取所述解密秘钥。An obtaining unit, configured to acquire the decryption key from a server.
优选的,所述第二调用模块包括:Preferably, the second calling module comprises:
解密单元,用于利用TEA算法对所述目标文件进行解密操作。And a decryption unit, configured to perform a decryption operation on the target file by using a TEA algorithm.
优选的,所述第一钩子函数的参数类型与所述打开文件函数的参数类型相同,所述第二钩子函数的参数类型与所述读文件函数的参数类型相同。Preferably, the parameter type of the first hook function is the same as the parameter type of the open file function, and the parameter type of the second hook function is the same as the parameter type of the read file function.
本发明实施例还提供一种计算机可读存储介质,其上存储有计算机程序,该程序被处理器执行时实现以下步骤:The embodiment of the invention further provides a computer readable storage medium, on which a computer program is stored, and when the program is executed by the processor, the following steps are implemented:
获取用于钩取打开文件函数的第一钩子函数和用于钩取读文件函数的第二钩子函数;Obtaining a first hook function for hooking the open file function and a second hook function for hooking the read file function;
在对目标文件进行打开操作的过程中,先调用所述第一钩子函数判断所述目标文件是否位于待解密文件列表中,再调用所述打开文件函数对所述目标文件进行打开操作,其中,若所述目标文件位于所述待解密文件列表中,则将所述目标文件的文件句柄保存到待解密文件句柄列表中;In the process of performing the opening operation on the target file, first calling the first hook function to determine whether the target file is located in the file list to be decrypted, and then calling the open file function to open the target file, where If the target file is located in the to-be-decrypted file list, save the file handle of the target file to the file handle list to be decrypted;
在对所述目标文件进行读操作的过程中,先调用所述第二钩子函数判断所述目标文件的文件句柄是否位于所述待解密文件句柄列表中,若所述目标文件的文件句柄位于所述待解密文件句柄列表中,则,获取解密秘钥,并利用所述解密秘钥对所述目标文件进行解密操作,再调用所述读文件函数对所述目标文件进行读操作。In the process of performing the read operation on the target file, first calling the second hook function to determine whether the file handle of the target file is located in the file handle list to be decrypted, if the file handle of the target file is located in the In the case of the decrypted file handle list, the decryption key is obtained, and the target file is decrypted by using the decryption key, and the read file function is called to perform a read operation on the target file.
本发明还提供一种计算机设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述程序时实现以下步骤:The present invention also provides a computer device comprising a memory, a processor, and a computer program stored on the memory and operable on the processor, the processor implementing the program to implement the following steps:
获取用于钩取打开文件函数的第一钩子函数和用于钩取读文件函数的第 二钩子函数;Get the first hook function for hooking the open file function and the first function for hooking the read file function Two hook function;
在对目标文件进行打开操作的过程中,先调用所述第一钩子函数判断所述目标文件是否位于待解密文件列表中,再调用所述打开文件函数对所述目标文件进行打开操作,其中,若所述目标文件位于所述待解密文件列表中,则将所述目标文件的文件句柄保存到待解密文件句柄列表中;In the process of performing the opening operation on the target file, first calling the first hook function to determine whether the target file is located in the file list to be decrypted, and then calling the open file function to open the target file, where If the target file is located in the to-be-decrypted file list, save the file handle of the target file to the file handle list to be decrypted;
在对所述目标文件进行读操作的过程中,先调用所述第二钩子函数判断所述目标文件的文件句柄是否位于所述待解密文件句柄列表中,若所述目标文件的文件句柄位于所述待解密文件句柄列表中,则,获取解密秘钥,并利用所述解密秘钥对所述目标文件进行解密操作,再调用所述读文件函数对所述目标文件进行读操作。In the process of performing the read operation on the target file, first calling the second hook function to determine whether the file handle of the target file is located in the file handle list to be decrypted, if the file handle of the target file is located in the In the case of the decrypted file handle list, the decryption key is obtained, and the target file is decrypted by using the decryption key, and the read file function is called to perform a read operation on the target file.
本发明实施例中的一个或多个技术方案,至少具有如下技术效果或优点:One or more technical solutions in the embodiments of the present invention have at least the following technical effects or advantages:
本申请通过用于钩取打开文件函数的第一钩子函数和用于钩取读文件的第二钩子函数,在对目标文件进行打开操作的过程中,先调用第一钩子函数判断目标文件是否位于待解密文件列表中,再调用打开文件函数对目标文件进行打开操作,其中,若目标文件位于待解密文件列表中,则将目标文件的文件句柄保存到待解密文件句柄列表中,在对目标文件进行读操作的过程中,先调用第二钩子函数判断目标文件的文件句柄是否位于待解密文件句柄列表中,若目标文件的文件句柄位于待解密文件句柄列表中,则,获取解密秘钥,并利用解密秘钥对目标文件进行解密操作,再调用读文件函数对目标文件进行读操作,从而实现了在系统底层自动对目标文件进行解密,确保被加密的文件能够被正确解密,同时,各模块的开发人员无需再去关心文件的解密操作。The first hook function for hooking the open file function and the second hook function for hooking the read file, in the process of opening the target file, first calling the first hook function to determine whether the target file is located In the list of files to be decrypted, the open file function is called to open the target file, wherein if the target file is located in the file list to be decrypted, the file handle of the target file is saved to the file handle list to be decrypted, and the target file is During the read operation, the second hook function is first called to determine whether the file handle of the target file is located in the file handle list to be decrypted, and if the file handle of the target file is located in the file handle list to be decrypted, the decryption key is obtained, and The decryption key is used to decrypt the target file, and then the read file function is called to read the target file, thereby automatically decrypting the target file at the bottom of the system, ensuring that the encrypted file can be correctly decrypted, and at the same time, each module Developers no longer need to care about the decryption of files.
附图说明DRAWINGS
通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本发明的限制。而且在整个附图中,用相同的参考图形表示相同的部件。在附图中:Various other advantages and benefits will become apparent to those skilled in the art from a The drawings are only for the purpose of illustrating the preferred embodiments and are not to be construed as limiting. Further, the same components are denoted by the same reference numerals throughout the drawings. In the drawing:
图1示出了本发明实施例中的文件解密方法的流程图;1 is a flow chart showing a method for decrypting a file in an embodiment of the present invention;
图2示出了本发明实施例中的文件解密装置的结构图;2 is a structural diagram of a file decryption apparatus in an embodiment of the present invention;
图3示出了本发明实施例中的计算机设备的实体结构图。FIG. 3 is a diagram showing the physical structure of a computer device in an embodiment of the present invention.
具体实施方式Detailed ways
下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被 这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although the exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be implemented in various forms and should not be The embodiments set forth herein are limited. Rather, these embodiments are provided so that this disclosure will be more fully understood and the scope of the disclosure will be fully disclosed.
本申请实施例提供一种文件解密方法,该文件解密方法应用于客户端中,如图1所示,所述方法包括:The embodiment of the present application provides a file decryption method, where the file decryption method is applied to a client. As shown in FIG. 1, the method includes:
步骤101:获取用于钩取打开文件函数的第一钩子函数和用于钩取读文件函数的第二钩子函数。Step 101: Acquire a first hook function for hooking the open file function and a second hook function for hooking the read file function.
步骤102:在对目标文件进行打开操作的过程中,先调用所述第一钩子函数判断所述目标文件是否位于待解密文件列表中,再调用所述打开文件函数对所述目标文件进行打开操作,其中,若所述目标文件位于所述待解密文件列表中,则将所述目标文件的文件句柄保存到待解密文件句柄列表中。Step 102: In the process of performing an open operation on the target file, first calling the first hook function to determine whether the target file is located in a file list to be decrypted, and then calling the open file function to open the target file. And, if the target file is located in the to-be-decrypted file list, save the file handle of the target file to the file handle list to be decrypted.
步骤103:在对所述目标文件进行读操作的过程中,先调用所述第二钩子函数判断所述目标文件的文件句柄是否位于所述待解密文件句柄列表中,若所述目标文件的文件句柄位于所述待解密文件句柄列表中,则,获取解密秘钥,并利用所述解密秘钥对所述目标文件进行解密操作,再调用所述读文件函数对所述目标文件进行读操作。Step 103: In the process of performing a read operation on the target file, first calling the second hook function to determine whether a file handle of the target file is located in the file handle list to be decrypted, if the file of the target file The handle is located in the file handle list to be decrypted, then obtains a decryption key, and decrypts the target file by using the decryption key, and then invokes the read file function to perform a read operation on the target file.
具体来讲,在本申请中,第一钩子函数用于钩取打开文件函数,第二钩子函数用于钩取读文件函数,下面将对第一钩子函数和第二钩子函数以及执行第一钩子函数和第二钩子函数的过程进行详细描述。Specifically, in the present application, the first hook function is used to hook the open file function, and the second hook function is used to hook the read file function, and the first hook function and the second hook function are executed and the first hook is executed. The process of the function and the second hook function is described in detail.
针对第一钩子函数而言,本申请使用Detours对Windows的打开文件函数(CreateFile)进行钩取(HOOK),从而能够实现对主程序中所有的打开文件的操作进行监控的技术效果。具体的,在对目标文件进行打开操作的过程中,使用Detours对CreateFile函数进行HOOK的实现如下:For the first hook function, the present application uses Detours to hook up (HOOK) the Windows open file function (CreateFile), thereby realizing the technical effect of monitoring the operation of all open files in the main program. Specifically, in the process of opening the target file, using Detours to implement the HOOK of the CreateFile function is as follows:
DetourAttach(&(PVOID&)CreateFile,MY_CreateFile);DetourAttach(&(PVOID&)CreateFile, MY_CreateFile);
其中,上式中第一个参数为CreateFile函数的内存地址,上式中第二个参数为第一钩子函数(MY_CreateFile)。在对目标文件进行打开操作的过程中,向调用MY_CreateFile,再调用CreateFile函数。The first parameter in the above formula is the memory address of the CreateFile function, and the second parameter in the above formula is the first hook function (MY_CreateFile). In the process of opening the target file, call MY_CreateFile and call the CreateFile function.
其中,CreateFile函数其函数原型如下:Among them, the function prototype of the CreateFile function is as follows:
HANDLE CreateFile(HANDLE CreateFile(
LPCTSTR IpFileName,LPCTSTR IpFileName,
DWORD dwDesiredAccess,DWORD dwDesiredAccess,
DWORD dwShareMode,DWORD dwShareMode,
LPSECURITY_ATTRIBUTES IpSecurityAttributes,LPSECURITY_ATTRIBUTES IpSecurityAttributes,
DWORD dwCreationDisposition,DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes, DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile);HANDLE hTemplateFile);
其中,参数IpFileName表示打开文件的名字,参数dwDesiredAccess表示是打开文件进行读还是进行写,参数dwShareMode表示文件的共享模式,参数IpSecurityAttributes标示文件的安全属性,参数dwCreationDisposition标示打开文件的操作,是否是创建或者打开已经存在的文件,参数dwFlagsAndAttributes指定文件的属性和标志,参数hTemplateFile指定模板文件。The parameter IpFileName indicates the name of the open file, the parameter dwDesiredAccess indicates whether to open the file for reading or writing, the parameter dwShareMode indicates the sharing mode of the file, the parameter IpSecurityAttributes indicates the security attribute of the file, and the parameter dwCreationDisposition indicates the operation of opening the file, whether it is created or Open an existing file, the parameter dwFlagsAndAttributes specifies the file's attributes and flags, and the parameter hTemplateFile specifies the template file.
其中,第一钩子函数(MY_CreateFile)的函数实现如下:Among them, the function of the first hook function (MY_CreateFile) is implemented as follows:
Figure PCTCN2017107619-appb-000001
Figure PCTCN2017107619-appb-000001
Figure PCTCN2017107619-appb-000002
Figure PCTCN2017107619-appb-000002
其中,第一钩子函数的参数类型与打开文件函数的参数类型相同。The parameter type of the first hook function is the same as the parameter type of the open file function.
在具体实施过程中,在对目标文件进行打开操作的过程中,先调用第一钩子函数判断目标文件是否位于待解密文件列表中,再调用打开文件函数对目标文件进行打开操作。其中,服务器中存储有待解密文件列表,待解密文件列表中存储有待解密的文件的文件名称,客户端从服务器中获取该待解密文件列表,在客户端本地判断目标文件的文件名是否位于待解密文件列表中。若待解密文件列表中存在目标文件的文件名,则将目标文件的文件句柄保存到待解密文件句柄列表中,待解密文件句柄列表中保存有解加密的文件所对应的文件句柄。In the specific implementation process, in the process of opening the target file, the first hook function is first called to determine whether the target file is located in the file list to be decrypted, and then the open file function is called to open the target file. The server stores a list of files to be decrypted, and the file name of the file to be decrypted is stored in the file list to be decrypted, and the client obtains the list of files to be decrypted from the server, and locally determines whether the file name of the target file is to be decrypted. In the file list. If the file name of the target file exists in the file list to be decrypted, the file handle of the target file is saved in the file handle list to be decrypted, and the file handle corresponding to the decrypted file is saved in the file handle list to be decrypted.
需要说明的是,在文件的读过程中,并不会存在文件的名称,因此,本申请先对文件名称进行判断,继而通过保存文件句柄以实现后续的判断过程。It should be noted that, in the process of reading the file, the name of the file does not exist. Therefore, the present application first judges the file name, and then saves the file handle to implement the subsequent judgment process.
针对第二钩子函数而言,本申请使用Detours对Windows的写入文件函数(ReadFile)进行钩取,从而能够实现对主程序中所有的读文件的操作进行监控的技术效果。具体地,在对目标文件进行读操作的过程中,使用Detours对ReadFile函数进行HOOK的实现如下:For the second hook function, the present application uses Detours to hook the Windows write file function (ReadFile), thereby realizing the technical effect of monitoring the operation of all the read files in the main program. Specifically, in the process of reading the target file, the implementation of the HOOK of the ReadFile function using Detours is as follows:
DetourAttach(&(PVOID&)ReadFile,MY_ReadFile);DetourAttach(&(PVOID&)ReadFile, MY_ReadFile);
其中,上式中第一个参数是ReadFile函数的内存地址,上式中第二个参数是第二钩子函数(MY_ReadFile)。Among them, the first parameter in the above formula is the memory address of the ReadFile function, and the second parameter in the above formula is the second hook function (MY_ReadFile).
其中,ReadFile函数其函数原型如下:Among them, the function prototype of the ReadFile function is as follows:
BOOL ReadFile(BOOL ReadFile(
HANDLE hFile,HANDLE hFile,
LPVOID IpBuffer,LPVOID IpBuffer,
DWORD nNumberOfBytesToRead,DWORD nNumberOfBytesToRead,
LPDWORD IpNumberOfBytesRead,LPDWORD IpNumberOfBytesRead,
LPOVERLAPPED IpOverlapped);LPOVERLAPPED IpOverlapped);
其中,参数hFile则是文件的句柄,参数IpBuffer则是读取的文件存放的地方,参数nNumberOfBytesToRead标示需要读取文件的字节数,参数IpNumberOfBytesRead标示实际读取的字节数,参数IpOverlapped标示文件的异步读取操作。 Among them, the parameter hFile is the handle of the file, the parameter IpBuffer is the place where the read file is stored, the parameter nNumberOfBytesToRead indicates the number of bytes that need to be read, the parameter IpNumberOfBytesRead indicates the number of bytes actually read, and the parameter IpOverlapped indicates the file. Asynchronous read operation.
其中,第二钩子函数(MY_ReadFile)的函数实现如下:Among them, the function of the second hook function (MY_ReadFile) is implemented as follows:
Figure PCTCN2017107619-appb-000003
Figure PCTCN2017107619-appb-000003
其中,第二钩子函数的参数类型与写入文件函数的参数类型相同。The parameter type of the second hook function is the same as the parameter type of the write file function.
在具体实施过程中,在对目标文件进行读操作的过程中,先调用第二钩子函数判断目标文件的文件句柄是否位于待解密文件句柄列表中,若目标文件的文件句柄位于待解密文件句柄列表中,则,获取解密秘钥,并利用解密秘钥对目标文件进行解密操作,再调用读文件函数对目标文件进行读操作,从而保证目标文件执行读操作之前进行解密,本申请将文件的内容解密后再执行读操作。In the specific implementation process, in the process of reading the target file, the second hook function is first called to determine whether the file handle of the target file is located in the file handle list to be decrypted, if the file handle of the target file is located in the file handle list to be decrypted. In the middle, the decryption key is obtained, and the decryption key is used to decrypt the target file, and then the read file function is called to read the target file, thereby ensuring that the target file is decrypted before performing the read operation, and the content of the file is used in the present application. Read after decryption.
在具体实施过程中,读取的文件内容存储在IpBuffer中,其读取的文件大小存储在nNumberOfBytesToRead,本申请使用TEA解密算法来对数据进行解密操作,具体地,解密操作对应的代码如下:In the specific implementation process, the content of the read file is stored in the IpBuffer, and the file size read by the file is stored in the nNumberOfBytesToRead. The present application uses the TEA decryption algorithm to decrypt the data. Specifically, the code corresponding to the decryption operation is as follows:
TEA.decrypt(IpBuffer,IpNumberOfBytesRead,KEY)TEA.decrypt(IpBuffer, IpNumberOfBytesRead, KEY)
其中,KEY为解密秘钥,解密秘钥存储于服务器中,本申请通过向服务器发起请求来获取解密秘钥。The KEY is a decryption key, and the decryption key is stored in the server. The application obtains the decryption key by initiating a request to the server.
本申请与各步骤对应的功能代码编写在主程序中,从而,在主程序初始化时,对各功能代码进行调用,实现了在底层对文件进行解密的效果,使得其他 模块开发者不需要去了解文件的解密功能,从而避免了模块开发者漏掉解密操作,产生错误。The function code corresponding to each step of the present application is written in the main program, so that when the main program is initialized, each function code is called, and the effect of decrypting the file at the bottom layer is realized, so that the other Module developers do not need to understand the decryption function of the file, thus avoiding the module developer missing the decryption operation and generating errors.
本发明实施例还提供一种文件解密装置,如图2所示,所述装置包括:The embodiment of the invention further provides a file decryption device. As shown in FIG. 2, the device includes:
获取模块201,用于获取用于钩取打开文件函数的第一钩子函数和用于钩取读文件函数的第二钩子函数;The obtaining module 201 is configured to obtain a first hook function for hooking the open file function and a second hook function for hooking the read file function;
第一调用模块202,用于在对目标文件进行打开操作的过程中,先调用所述第一钩子函数判断所述目标文件是否位于待解密文件列表中,再调用所述打开文件函数对所述目标文件进行打开操作,其中,若所述目标文件位于所述待解密文件列表中,则将所述目标文件的文件句柄保存到待解密文件句柄列表中;The first calling module 202 is configured to: in the process of performing an opening operation on the target file, first calling the first hook function to determine whether the target file is located in a file list to be decrypted, and then calling the open file function to The target file is opened, wherein if the target file is located in the to-be-decrypted file list, the file handle of the target file is saved to the file handle list to be decrypted;
第二调用模块203,用于在对所述目标文件进行读操作的过程中,先调用所述第二钩子函数判断所述目标文件的文件句柄是否位于所述待解密文件句柄列表中,若所述目标文件的文件句柄位于所述待解密文件句柄列表中,则,获取解密秘钥,并利用所述解密秘钥对所述目标文件进行解密操作,再调用所述读文件函数对所述目标文件进行读操作。The second invoking module 203 is configured to: in the process of performing a read operation on the target file, first calling the second hook function to determine whether a file handle of the target file is located in the file handle list to be decrypted, if The file handle of the target file is located in the file handle list to be decrypted, and then the decryption key is obtained, and the target file is decrypted by using the decryption key, and the read file function is called to the target. The file is read.
优选的,第一调用模块202包括:Preferably, the first calling module 202 includes:
获取单元,用于从服务器中获取所述解密秘钥。An obtaining unit, configured to acquire the decryption key from a server.
优选的,第二调用模块203包括:Preferably, the second invoking module 203 comprises:
解密单元,用于利用TEA算法对所述目标文件进行解密操作。And a decryption unit, configured to perform a decryption operation on the target file by using a TEA algorithm.
优选的,所述第一钩子函数的参数类型与所述打开文件函数的参数类型相同,所述第二钩子函数的参数类型与所述读文件函数的参数类型相同。Preferably, the parameter type of the first hook function is the same as the parameter type of the open file function, and the parameter type of the second hook function is the same as the parameter type of the read file function.
本发明实施例还提供一种计算机可读存储介质,其上存储有计算机程序,该程序被处理器执行时实现以下步骤:The embodiment of the invention further provides a computer readable storage medium, on which a computer program is stored, and when the program is executed by the processor, the following steps are implemented:
获取用于钩取打开文件函数的第一钩子函数和用于钩取读文件函数的第二钩子函数;Obtaining a first hook function for hooking the open file function and a second hook function for hooking the read file function;
在对目标文件进行打开操作的过程中,先调用所述第一钩子函数判断所述目标文件是否位于待解密文件列表中,再调用所述打开文件函数对所述目标文件进行打开操作,其中,若所述目标文件位于所述待解密文件列表中,则将所述目标文件的文件句柄保存到待解密文件句柄列表中;In the process of performing the opening operation on the target file, first calling the first hook function to determine whether the target file is located in the file list to be decrypted, and then calling the open file function to open the target file, where If the target file is located in the to-be-decrypted file list, save the file handle of the target file to the file handle list to be decrypted;
在对所述目标文件进行读操作的过程中,先调用所述第二钩子函数判断所述目标文件的文件句柄是否位于所述待解密文件句柄列表中,若所述目标文件的文件句柄位于所述待解密文件句柄列表中,则,获取解密秘钥,并利用所述解密秘钥对所述目标文件进行解密操作,再调用所述读文件函数对所述目标文件进行读操作。 In the process of performing the read operation on the target file, first calling the second hook function to determine whether the file handle of the target file is located in the file handle list to be decrypted, if the file handle of the target file is located in the In the case of the decrypted file handle list, the decryption key is obtained, and the target file is decrypted by using the decryption key, and the read file function is called to perform a read operation on the target file.
本发明实施例还提供了一种计算机设备,如图3所示,为了便于说明,仅示出了与本发明实施例相关的部分,具体技术细节未揭示的,请参照本发明实施例方法部分。该计算机设备可以为包括手机、平板电脑、PDA(Personal Digital Assistant,个人数字助理)、POS(Point of Sales,销售终端)、车载电脑等任意终端设备,以计算机设备为手机为例:The embodiment of the present invention further provides a computer device. As shown in FIG. 3, for the convenience of description, only parts related to the embodiment of the present invention are shown. If the specific technical details are not disclosed, please refer to the method part of the embodiment of the present invention. . The computer device may be any terminal device including a mobile phone, a tablet computer, a PDA (Personal Digital Assistant), a POS (Point of Sales), an in-vehicle computer, and the like, and the computer device is used as a mobile phone as an example:
图3示出的是与本发明实施例提供的计算机设备相关的部分结构的框图。参考图3,该计算机设备包括:存储器301和处理器302。本领域技术人员可以理解,图3中示出的计算机设备结构并不构成对计算机设备的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。3 is a block diagram showing a portion of the structure associated with a computer device provided by an embodiment of the present invention. Referring to FIG. 3, the computer device includes a memory 301 and a processor 302. Those skilled in the art will appreciate that the computer device architecture illustrated in FIG. 3 does not constitute a limitation to a computer device, and may include more or fewer components than those illustrated, or some components may be combined, or different component arrangements.
下面结合图3对计算机设备的各个构成部件进行具体的介绍:The specific components of the computer device will be specifically described below with reference to FIG. 3:
存储器301可用于存储软件程序以及模块,处理器302通过运行存储在存储器301的软件程序以及模块,从而执行各种功能应用以及数据处理。存储器301可主要包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序(比如声音播放功能、图像播放功能等)等;存储数据区可存储数据(比如音频数据、电话本等)等。此外,存储器301可以包括高速随机存取存储器,还可以包括非易失性存储器,例如至少一个磁盘存储器件、闪存器件、或其他易失性固态存储器件。The memory 301 can be used to store software programs and modules, and the processor 302 executes various functional applications and data processing by running software programs and modules stored in the memory 301. The memory 301 can mainly include a storage program area and a storage data area, wherein the storage program area can store an operating system, an application required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area can store data. (such as audio data, phone book, etc.). Further, the memory 301 may include a high speed random access memory, and may also include a nonvolatile memory such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
处理器302是计算机设备的控制中心,通过运行或执行存储在存储器301内的软件程序和/或模块,以及调用存储在存储器301内的数据,执行各种功能和处理数据。可选的,处理器302可包括一个或多个处理单元;优选的,处理器302可集成应用处理器和调制解调处理器,其中,应用处理器主要处理操作系统、用户界面和应用程序等,调制解调处理器主要处理无线通信。The processor 302 is a control center of a computer device that performs various functions and processing data by running or executing software programs and/or modules stored in the memory 301, and recalling data stored in the memory 301. Optionally, the processor 302 may include one or more processing units; preferably, the processor 302 may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, and the like. The modem processor primarily handles wireless communications.
在本发明实施例中,该计算机设备所包括的处理器302可以具有以下功能:In the embodiment of the present invention, the processor 302 included in the computer device may have the following functions:
获取用于钩取打开文件函数的第一钩子函数和用于钩取读文件函数的第二钩子函数;Obtaining a first hook function for hooking the open file function and a second hook function for hooking the read file function;
在对目标文件进行打开操作的过程中,先调用所述第一钩子函数判断所述目标文件是否位于待解密文件列表中,再调用所述打开文件函数对所述目标文件进行打开操作,其中,若所述目标文件位于所述待解密文件列表中,则将所述目标文件的文件句柄保存到待解密文件句柄列表中;In the process of performing the opening operation on the target file, first calling the first hook function to determine whether the target file is located in the file list to be decrypted, and then calling the open file function to open the target file, where If the target file is located in the to-be-decrypted file list, save the file handle of the target file to the file handle list to be decrypted;
在对所述目标文件进行读操作的过程中,先调用所述第二钩子函数判断所述目标文件的文件句柄是否位于所述待解密文件句柄列表中,若所述目标文件的文件句柄位于所述待解密文件句柄列表中,则,获取解密秘钥,并利用所述解密秘钥对所述目标文件进行解密操作,再调用所述读文件函数对所述目标文件进行读操作。 In the process of performing the read operation on the target file, first calling the second hook function to determine whether the file handle of the target file is located in the file handle list to be decrypted, if the file handle of the target file is located in the In the case of the decrypted file handle list, the decryption key is obtained, and the target file is decrypted by using the decryption key, and the read file function is called to perform a read operation on the target file.
总之,本申请通过用于钩取打开文件函数的第一钩子函数和用于钩取读文件的第二钩子函数,在对目标文件进行打开操作的过程中,先调用第一钩子函数判断目标文件是否位于待解密文件列表中,再调用打开文件函数对目标文件进行打开操作,其中,若目标文件位于待解密文件列表中,则将目标文件的文件句柄保存到待解密文件句柄列表中,在对目标文件进行读操作的过程中,先调用第二钩子函数判断目标文件的文件句柄是否位于待解密文件句柄列表中,若目标文件的文件句柄位于待解密文件句柄列表中,则,获取解密秘钥,并利用解密秘钥对目标文件进行解密操作,再调用读文件函数对目标文件进行读操作,从而实现了在系统底层自动对目标文件进行解密,确保被加密的文件能够被正确解密,同时,各模块的开发人员无需再去关心文件的解密操作。In summary, the present application firstly calls the first hook function to determine the target file in the process of opening the target file by using the first hook function for hooking the open file function and the second hook function for hooking the read file. Whether it is located in the list of files to be decrypted, and then call the open file function to open the target file, wherein if the target file is located in the file list to be decrypted, the file handle of the target file is saved to the file handle list to be decrypted, in the pair In the process of reading the target file, the second hook function is first used to determine whether the file handle of the target file is located in the file handle list to be decrypted. If the file handle of the target file is located in the file handle list to be decrypted, the decryption key is obtained. And decrypting the target file by using the decryption key, and then calling the read file function to read the target file, thereby automatically decrypting the target file at the bottom of the system, ensuring that the encrypted file can be correctly decrypted, and at the same time, Developers of each module no longer need to care about the decryption of files .
在此提供的算法和显示不与任何特定计算机、虚拟系统或者其它设备固有相关。各种通用系统也可以与基于在此的示教一起使用。根据上面的描述,构造这类系统所要求的结构是显而易见的。此外,本发明也不针对任何特定编程语言。应当明白,可以利用各种编程语言实现在此描述的本发明的内容,并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。The algorithms and displays provided herein are not inherently related to any particular computer, virtual system, or other device. Various general purpose systems can also be used with the teaching based on the teachings herein. The structure required to construct such a system is apparent from the above description. Moreover, the invention is not directed to any particular programming language. It is to be understood that the invention may be embodied in a variety of programming language, and the description of the specific language has been described above in order to disclose the preferred embodiments of the invention.
在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. However, it is understood that the embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures, and techniques are not shown in detail so as not to obscure the understanding of the description.
类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如下面的权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。Similarly, the various features of the invention are sometimes grouped together into a single embodiment, in the above description of the exemplary embodiments of the invention, Figure, or a description of it. However, the method disclosed is not to be interpreted as reflecting the intention that the claimed invention requires more features than those specifically recited in the claims. Rather, as the following claims reflect, inventive aspects reside in less than all features of the single embodiments disclosed herein. Therefore, the claims following the specific embodiments are hereby explicitly incorporated into the embodiments, and each of the claims as a separate embodiment of the invention.
本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征 来代替。Those skilled in the art will appreciate that the modules in the devices of the embodiments can be adaptively changed and placed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and further they may be divided into a plurality of sub-modules or sub-units or sub-components. In addition to such features and/or at least some of the processes or units being mutually exclusive, any combination of the features disclosed in the specification, including the accompanying claims, the abstract and the drawings, and any methods so disclosed, or All processes or units of the device are combined. Each feature disclosed in the specification (including the accompanying claims, the abstract and the drawings) may be replaced by an alternative feature that provides the same, equivalent or similar purpose, unless stated otherwise. To replace.
此外,本领域的技术人员能够理解,尽管在此的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在下面的权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。In addition, those skilled in the art will appreciate that although some embodiments herein include certain features included in other embodiments and not other features, combinations of features of different embodiments are intended to be within the scope of the present invention. And different embodiments are formed. For example, in the following claims, any one of the claimed embodiments can be used in any combination.
本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的网关、代理服务器、系统中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。The various component embodiments of the present invention may be implemented in hardware, or in a software module running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or digital signal processor (DSP) may be used in practice to implement some or all of the functionality of some, or all, of the gateways, proxy servers, systems in accordance with embodiments of the present invention. The invention can also be implemented as a device or device program (e.g., a computer program and a computer program product) for performing some or all of the methods described herein. Such a program implementing the invention may be stored on a computer readable medium or may be in the form of one or more signals. Such signals may be downloaded from an Internet website, provided on a carrier signal, or provided in any other form.
应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。单词、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。 It is to be noted that the above-described embodiments are illustrative of the invention and are not intended to be limiting, and that the invention may be devised without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as a limitation. The word "comprising" does not exclude the presence of the elements or steps that are not recited in the claims. The word "a" or "an" The invention can be implemented by means of hardware comprising several distinct elements and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means can be embodied by the same hardware item. The use of words, second, third, etc. does not indicate any order. These words can be interpreted as names.

Claims (10)

  1. 一种文件解密方法,其特征在于,所述方法包括:A file decryption method, characterized in that the method comprises:
    获取用于钩取打开文件函数的第一钩子函数和用于钩取读文件函数的第二钩子函数;Obtaining a first hook function for hooking the open file function and a second hook function for hooking the read file function;
    在对目标文件进行打开操作的过程中,先调用所述第一钩子函数判断所述目标文件是否位于待解密文件列表中,再调用所述打开文件函数对所述目标文件进行打开操作,其中,若所述目标文件位于所述待解密文件列表中,则将所述目标文件的文件句柄保存到待解密文件句柄列表中;In the process of performing the opening operation on the target file, first calling the first hook function to determine whether the target file is located in the file list to be decrypted, and then calling the open file function to open the target file, where If the target file is located in the to-be-decrypted file list, save the file handle of the target file to the file handle list to be decrypted;
    在对所述目标文件进行读操作的过程中,先调用所述第二钩子函数判断所述目标文件的文件句柄是否位于所述待解密文件句柄列表中,若所述目标文件的文件句柄位于所述待解密文件句柄列表中,则,获取解密秘钥,并利用所述解密秘钥对所述目标文件进行解密操作,再调用所述读文件函数对所述目标文件进行读操作。In the process of performing the read operation on the target file, first calling the second hook function to determine whether the file handle of the target file is located in the file handle list to be decrypted, if the file handle of the target file is located in the In the case of the decrypted file handle list, the decryption key is obtained, and the target file is decrypted by using the decryption key, and the read file function is called to perform a read operation on the target file.
  2. 如权利要求1所述的方法,其特征在于,所述获取解密秘钥,包括:The method of claim 1 wherein said obtaining a decryption key comprises:
    从服务器中获取所述解密秘钥。The decryption key is obtained from the server.
  3. 如权利要求1所述的方法,其特征在于,所述对所述目标文件进行解密操作,包括:The method of claim 1, wherein the decrypting operation on the target file comprises:
    利用TEA算法对所述目标文件进行解密操作。The target file is decrypted using the TEA algorithm.
  4. 如权利要求1所述的方法,其特征在于,所述第一钩子函数的参数类型与所述打开文件函数的参数类型相同,所述第二钩子函数的参数类型与所述读文件函数的参数类型相同。The method according to claim 1, wherein a parameter type of said first hook function is the same as a parameter type of said open file function, and a parameter type of said second hook function and a parameter of said read file function The same type.
  5. 一种文件解密装置,其特征在于,所述装置包括:A file decryption device, characterized in that the device comprises:
    获取模块,用于获取用于钩取打开文件函数的第一钩子函数和用于钩取读文件函数的第二钩子函数;An obtaining module, configured to obtain a first hook function for hooking the open file function and a second hook function for hooking the read file function;
    第一调用模块,用于在对目标文件进行打开操作的过程中,先调用所述第一钩子函数判断所述目标文件是否位于待解密文件列表中,再调用所述打开文件函数对所述目标文件进行打开操作,其中,若所述目标文件位于所述待解密文件列表中,则将所述目标文件的文件句柄保存到待解密文件句柄列表中;a first calling module, configured to: in the process of performing an opening operation on the target file, first calling the first hook function to determine whether the target file is located in a file list to be decrypted, and then calling the open file function to the target The file is opened, wherein if the target file is located in the list of files to be decrypted, the file handle of the target file is saved in the file handle list to be decrypted;
    第二调用模块,用于在对所述目标文件进行读操作的过程中,先调用所述第二钩子函数判断所述目标文件的文件句柄是否位于所述待解密文件句柄列表中,若所述目标文件的文件句柄位于所述待解密文件句柄列表中,则,获取解密秘钥,并利用所述解密秘钥对所述目标文件进行解密操作,再调用所述读文件函数对所述目标文件进行读操作。a second calling module, configured to: in the process of performing a read operation on the target file, first calling the second hook function to determine whether a file handle of the target file is located in the file handle list to be decrypted, if The file handle of the target file is located in the file handle list to be decrypted, then the decryption key is obtained, and the target file is decrypted by using the decryption key, and the read file function is called to the target file. Read it.
  6. 如权利要求5所述的装置,其特征在于,所述第一调用模块包括: The device of claim 5, wherein the first calling module comprises:
    获取单元,用于从服务器中获取所述解密秘钥。An obtaining unit, configured to acquire the decryption key from a server.
  7. 如权利要求5所述的装置,其特征在于,所述第二调用模块包括:The device of claim 5, wherein the second calling module comprises:
    解密单元,用于利用TEA算法对所述目标文件进行解密操作。And a decryption unit, configured to perform a decryption operation on the target file by using a TEA algorithm.
  8. 如权利要求5所述的装置,其特征在于,所述第一钩子函数的参数类型与所述打开文件函数的参数类型相同,所述第二钩子函数的参数类型与所述读文件函数的参数类型相同。The apparatus according to claim 5, wherein a parameter type of said first hook function is the same as a parameter type of said open file function, a parameter type of said second hook function and a parameter of said read file function The same type.
  9. 一种计算机可读存储介质,其上存储有计算机程序,其特征在于,该程序被处理器执行时实现以下步骤:A computer readable storage medium having stored thereon a computer program, wherein the program, when executed by the processor, implements the following steps:
    获取用于钩取打开文件函数的第一钩子函数和用于钩取读文件函数的第二钩子函数;Obtaining a first hook function for hooking the open file function and a second hook function for hooking the read file function;
    在对目标文件进行打开操作的过程中,先调用所述第一钩子函数判断所述目标文件是否位于待解密文件列表中,再调用所述打开文件函数对所述目标文件进行打开操作,其中,若所述目标文件位于所述待解密文件列表中,则将所述目标文件的文件句柄保存到待解密文件句柄列表中;In the process of performing the opening operation on the target file, first calling the first hook function to determine whether the target file is located in the file list to be decrypted, and then calling the open file function to open the target file, where If the target file is located in the to-be-decrypted file list, save the file handle of the target file to the file handle list to be decrypted;
    在对所述目标文件进行读操作的过程中,先调用所述第二钩子函数判断所述目标文件的文件句柄是否位于所述待解密文件句柄列表中,若所述目标文件的文件句柄位于所述待解密文件句柄列表中,则,获取解密秘钥,并利用所述解密秘钥对所述目标文件进行解密操作,再调用所述读文件函数对所述目标文件进行读操作。In the process of performing the read operation on the target file, first calling the second hook function to determine whether the file handle of the target file is located in the file handle list to be decrypted, if the file handle of the target file is located in the In the case of the decrypted file handle list, the decryption key is obtained, and the target file is decrypted by using the decryption key, and the read file function is called to perform a read operation on the target file.
  10. 一种计算机设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,其特征在于,所述处理器执行所述程序时实现以下步骤:A computer device comprising a memory, a processor, and a computer program stored on the memory and operable on the processor, wherein the processor performs the following steps when executing the program:
    获取用于钩取打开文件函数的第一钩子函数和用于钩取读文件函数的第二钩子函数;Obtaining a first hook function for hooking the open file function and a second hook function for hooking the read file function;
    在对目标文件进行打开操作的过程中,先调用所述第一钩子函数判断所述目标文件是否位于待解密文件列表中,再调用所述打开文件函数对所述目标文件进行打开操作,其中,若所述目标文件位于所述待解密文件列表中,则将所述目标文件的文件句柄保存到待解密文件句柄列表中;In the process of performing the opening operation on the target file, first calling the first hook function to determine whether the target file is located in the file list to be decrypted, and then calling the open file function to open the target file, where If the target file is located in the to-be-decrypted file list, save the file handle of the target file to the file handle list to be decrypted;
    在对所述目标文件进行读操作的过程中,先调用所述第二钩子函数判断所述目标文件的文件句柄是否位于所述待解密文件句柄列表中,若所述目标文件的文件句柄位于所述待解密文件句柄列表中,则,获取解密秘钥,并利用所述解密秘钥对所述目标文件进行解密操作,再调用所述读文件函数对所述目标文件进行读操作。 In the process of performing the read operation on the target file, first calling the second hook function to determine whether the file handle of the target file is located in the file handle list to be decrypted, if the file handle of the target file is located in the In the case of the decrypted file handle list, the decryption key is obtained, and the target file is decrypted by using the decryption key, and the read file function is called to perform a read operation on the target file.
PCT/CN2017/107619 2017-06-30 2017-10-25 File decryption method and device, computer readable storage medium and apparatus WO2019000737A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710525772.0 2017-06-30
CN201710525772.0A CN107423634B (en) 2017-06-30 2017-06-30 File decryption method, apparatus, computer readable storage medium and equipment

Publications (1)

Publication Number Publication Date
WO2019000737A1 true WO2019000737A1 (en) 2019-01-03

Family

ID=60427796

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/107619 WO2019000737A1 (en) 2017-06-30 2017-10-25 File decryption method and device, computer readable storage medium and apparatus

Country Status (2)

Country Link
CN (1) CN107423634B (en)
WO (1) WO2019000737A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7945586B1 (en) * 2007-03-29 2011-05-17 Trend Micro Incorporated Methods and apparatus to protect data
CN103150499A (en) * 2012-12-27 2013-06-12 中华电信股份有限公司 Protection method for preventing file from being leaked in encrypted form
CN104331644A (en) * 2014-11-24 2015-02-04 北京邮电大学 Transparent encryption and decryption method for intelligent terminal file
CN105303073A (en) * 2015-11-26 2016-02-03 北京深思数盾科技有限公司 Protecting method for software codes

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2618135C (en) * 2005-08-09 2014-10-28 Nexsan Technologies Canada Inc. Data archiving system
CN100520798C (en) * 2007-05-24 2009-07-29 炬力集成电路设计有限公司 File protection method and its device
CN102609667A (en) * 2012-02-22 2012-07-25 浙江机电职业技术学院 Automatic file encryption and decryption system and automatic file encryption and decryption method based on filter drive program
CN103763313B (en) * 2014-01-03 2017-05-10 深圳市大成天下信息技术有限公司 File protection method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7945586B1 (en) * 2007-03-29 2011-05-17 Trend Micro Incorporated Methods and apparatus to protect data
CN103150499A (en) * 2012-12-27 2013-06-12 中华电信股份有限公司 Protection method for preventing file from being leaked in encrypted form
CN104331644A (en) * 2014-11-24 2015-02-04 北京邮电大学 Transparent encryption and decryption method for intelligent terminal file
CN105303073A (en) * 2015-11-26 2016-02-03 北京深思数盾科技有限公司 Protecting method for software codes

Also Published As

Publication number Publication date
CN107423634A (en) 2017-12-01
CN107423634B (en) 2018-11-09

Similar Documents

Publication Publication Date Title
US10616194B2 (en) Secure data destruction in a distributed environment using key protection mechanisms
JP5924829B2 (en) Reduce unauthorized access to data traffic
JP6789308B2 (en) Systems and methods for generating tripwire files
US10178077B2 (en) Preventing persistent storage of cryptographic information using signaling
US20170346843A1 (en) Behavior processing method and device based on application program
US10204235B2 (en) Content item encryption on mobile devices
US8799898B2 (en) Methods and apparatus for binding applications to a cloud computing environment
JP2012508931A5 (en)
TW200304620A (en) Authenticated code method and apparatus
TW201933829A (en) Method and device for incremental upgrade
CN115277143B (en) Data security transmission method, device, equipment and storage medium
TW201826159A (en) Method and apparatus for preventing rollback of secure data
CN108989288B (en) Block chain-based mobile digital copyright protection method and device
CN108229190B (en) Transparent encryption and decryption control method, device, program, storage medium and electronic equipment
WO2015176531A1 (en) Terminal data writing and reading methods and devices
WO2012152212A1 (en) Method and device for executing registry operation
CN118765403A (en) Authenticated presentation of non-homogeneous pass
WO2019071928A1 (en) Method and apparatus for implementing list view, and readable storage medium and device
WO2019000736A1 (en) File encryption method and device, computer readable storage medium and apparatus
WO2017096926A1 (en) Method and system for accessing virtual magnetic disk
JP5717899B2 (en) Audio device for portable device
JP5476381B2 (en) Improved I / O control and efficiency in encrypted file systems
WO2019000737A1 (en) File decryption method and device, computer readable storage medium and apparatus
WO2018133580A1 (en) Method and device for protecting local file of smart terminal
CN111506549B (en) File processing system, method, equipment and storage medium based on block chain

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17915344

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17915344

Country of ref document: EP

Kind code of ref document: A1