Method and device for file handle closing operation

Abstract

The invention provides a file handle closuring operation method and a file handle closuring operation device. The file handle closuring operation method comprises the following steps of: acquiring a file handle closuring operation request initiated by an invoker, wherein the request comprises handle information to be closed; under the condition that a current operating system platform is supported, according to the handle information to be closed, acquiring object information to be closed; when an object to be closed has a corresponding new object type, replacing the original object type of the object with the new object type; invoking a Native API (application program interface) of a handle closing routine, extracting a callback routine from the new object type, and invoking the callback routine; and establishing an I / O (input / output) request packet inside the callback routine, sending the I / O request packet to file system lower equipment, and finishing file handle closuring operation by the file system lower equipment. The file handle closuring operation method and the file handle closuring operation device can enhance the offensive and defensive confrontation ability to a driver-stage malicious program and avoid potential possibility of incompatibility between security software due to handle closing operation interference.

Description

technical field [0001] The present invention relates to the technical field of operating system security processing, in particular to a method for closing a file handle and a device for closing a file handle. Background technique [0002] When faced with complex problems, people often use the divide and conquer method to divide and narrow the scope of the problem. This is also true in the design of operating systems. The Windows operating system solves complex problems with the help of layered design ideas. This approach brings advantages such as portability and scalability. However, due to security flaws in design theory (such as lack of integrity verification mechanism, etc.), another aspect of high scalability also means that the system has a large number of possibilities to be tampered with. [0003] Compared with the active behaviors of file creation, opening, reading and writing, setting, and deleting, the file handle closing operation (CloseHandle) in Windows operati...

AI Technical Summary

Problems solved by technology

Due to the inability to actively control the timing of the call, one security software will intercept the passive trigger request of another security software during the process of closing the handle, which will cause alarm conflicts. This type of interference is also one of the root causes of incompatibility between security software. one

In addition, when security software conducts kernel attack and defense with driver-level malicious programs, it will also encounter similar problems

[0005] Therefore, a technical problem urgently needed by those skilled in the art is to propose a processing mechanism for file handle closing operations to intercept and control the closing process of file handles, enhance the ability to resist attack and defense against driver-level malicious programs, and Avoid potential incompatibilities between security software due to interference with handle closing operations

Images