基于api hook的数据文件透明加解密系统设计和实现.pdf

中文摘要
数据文件的安全对国家机构、企业和个人都有至关重要的作用。现存的对数
据文件有效的保护方法有利用硬件技术的硬盘加密技术;在驱动层的透明加解
密;过滤驱动层的加解密技术;基于 API HOOK 的透明加解密技术。这些技术都
能控制在硬盘上存储的数据文件以加密的形式存储,既不影响用户使用,也能在
一定程度上保证了数据文件的安全。
在各种技术中,本文主要研究基于 API HOOK 的透明加解密技术,一方面是
因为它是最靠近应用程序读写文件的接口,使明文数据使数据文件在内存中以明
文形式出现的时间最短,只要做好进程保护,就能绝对控制数据文件的安全;另
一方面,市场上此类产品因为设计实现难度较大而缺乏通用产品,具有很好的实
用意义。
本文主要分析几种常用的数据文件的类型,分析软件行为,研究 WindowsNT
平台下 和 的部分 API,通过设计实现一个独立的处理系统,
HOOK 部分 API 函数,实现数据文件的透明加解密。
本论文不仅提出了一套在用户 API 层实现的透明加解密的设计方法,还实现
了一个能满足几种特定软件的原型系统。
关键词:数据文件 API HOOK 透明加解密系统设计与实现

I
ABSTRACT
The security of data files is important. There are four main methods now that can
efficiently protect data files: encrypt and decrypt data in hardware level, in file drivers,
in filter driver and in user space. All of these methods can promise data files in disks
are stored with encrypted format, and be transparent to customers.
Of all these methods, the objective here is aimed at transparent encryption and
decryption using API HOOK. The reason can be explained in two aspects. Firstly, this
method keeps the original data(plain text) nearest to the user memory. Therefore, the
time plain text exists is the shortest. Secondly, the product designed and realized by
this method is not easy and rare. It is of great use if it was developed.
This analyses the actions of some generally used software applications, and also
studies some API functions of and of Windows NT platform. We
achieve the objective of implementing a system that can encrypt and decrypt data file
transparently by hooking some significant API function.
It does not only put forward the design methods and principles, but also develops
a model of our theory which can be applied to some certain software applications.
Keywords:Data files API HOOK transparent encryption and decryption system
design and implement
II
主要符号对照表
本文中使用的符号对照表如下:
API 应用程序编程接口(Application Programming Interface)
OS