[go: up one dir, main page]

CN103312814A - Method for establishing VNC covert channel between cloud management platform and virtual machine end users - Google Patents

Method for establishing VNC covert channel between cloud management platform and virtual machine end users Download PDF

Info

Publication number
CN103312814A
CN103312814A CN2013102685390A CN201310268539A CN103312814A CN 103312814 A CN103312814 A CN 103312814A CN 2013102685390 A CN2013102685390 A CN 2013102685390A CN 201310268539 A CN201310268539 A CN 201310268539A CN 103312814 A CN103312814 A CN 103312814A
Authority
CN
China
Prior art keywords
message
vnc
module
window
virtual machine
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2013102685390A
Other languages
Chinese (zh)
Other versions
CN103312814B (en
Inventor
郭迟
崔竞松
李秋晨
贺汇林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongshan Cybertech Technology Co Ltd
Original Assignee
Wuhan University WHU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University WHU filed Critical Wuhan University WHU
Priority to CN201310268539.0A priority Critical patent/CN103312814B/en
Publication of CN103312814A publication Critical patent/CN103312814A/en
Application granted granted Critical
Publication of CN103312814B publication Critical patent/CN103312814B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

The invention relates to the technical field of computer virtualization, and provides a method for establishing a VNC hidden channel between a cloud management platform and a virtual machine terminal user. The scheme mainly comprises three modules of message conversion, message sending and message feedback receiving. The message conversion module is an interface of a calling channel and is responsible for converting message contents into pixel data which can be identified by a message sending end; the message sending module is responsible for adding the pixel data of the message image into original communication frames of the VNC server and the VNC client and sending the modified communication frames to the VNC client together; the message feedback receiving module is responsible for capturing the operation response of the user to the message window during the channel display period and sending the operation response to the message conversion module. Therefore, the invention has the following advantages: only part of VNC server side function source codes in the KVM virtualization cloud platform need to be modified, the system of the virtual machine can be transparent, and real-time bidirectional interaction can be carried out between the cloud management platform and a virtual machine terminal user.

Description

云管理平台和虚拟机终端用户间VNC隐通道的建立方法Method for establishing VNC covert channel between cloud management platform and virtual machine end users

 the

技术领域 technical field

本发明涉及计算机虚拟化技术领域,尤其是涉及一种云管理平台和虚拟机终端用户间VNC隐通道的建立方法。 The invention relates to the technical field of computer virtualization, in particular to a method for establishing a VNC covert channel between a cloud management platform and a virtual machine terminal user.

背景技术 Background technique

目前业界已经出现各种不同的云管理平台,随着这些云平台功能的不断完善,在平台的正常运行过程中,很多时候会产生大量的管理消息需要即时通知给云平台中虚拟机的终端用户,比如通知虚拟机租户其实时的消费信息; At present, various cloud management platforms have emerged in the industry. With the continuous improvement of the functions of these cloud platforms, a large number of management messages will be generated during the normal operation of the platform and need to be notified immediately to the end users of the virtual machines in the cloud platform. , such as informing virtual machine tenants of their real-time consumption information;

另一方面,当前已经出现了一系列的部署在VMM层的虚拟机安全监控套件,在这些安全套件的监控过程中,当它们发现虚拟机系统内部存在安全隐患时,可能需要实时通知其虚拟机终端用户,等待用户的交互选择才能进行下一步的操作。 On the other hand, there are currently a series of virtual machine security monitoring suites deployed at the VMM layer. During the monitoring process of these security suites, when they find that there are security risks in the virtual machine system, they may need to notify the virtual machine in real time. The terminal user waits for the user's interactive selection before proceeding to the next step.

目前在云管理平台和虚拟机远程终端用户之间进行实时通信主要有三种方式:一是在云管理端和虚拟机系统内部分别安装通讯软件服务端和客户端,也就是将传统的服务端/客户端通信方式应用到云管理平台中的物理机和虚拟机之间;这种方式需要在虚拟机系统内部安装通讯软件插件或客户端,然而因为终端用户对虚拟机系统自身拥有完全控制权,如果用户选择重装系统或者清理掉该插件便很有可能使通讯软件客户端功能失效,也即这种方式的抗用户干扰性较低; At present, there are three main methods for real-time communication between the cloud management platform and remote terminal users of the virtual machine: one is to install the communication software server and client respectively in the cloud management terminal and the virtual machine system, that is, to integrate the traditional server/ The client communication method is applied between the physical machine and the virtual machine in the cloud management platform; this method needs to install a communication software plug-in or client inside the virtual machine system, but because the end user has full control over the virtual machine system itself, If the user chooses to reinstall the system or clean up the plug-in, it is likely to invalidate the function of the communication software client, which means that the anti-interference ability of this method is low;

第二种方式是直接在云平台管理端机器和虚拟机终端用户所在机器上分别安装通讯软件服务端和客户端,即在物理机之间采用传统的服务端/客户端通讯方式;这种方式对客户端平台有具体的要求,它受限于用户所在的系统,客户端需要开发各种Windows, Mac, Linux/Unix系列等等不同版本的系统,甚至目前所在的移动终端也需要开发相应的客户端程序,很大程度上丧失了云平台远程控制功能使用过程中的便捷性和易用性,同时抗用户干扰性也不高; The second way is to directly install the communication software server and client respectively on the cloud platform management machine and the machine where the virtual machine end user is located, that is, the traditional server/client communication method is adopted between physical machines; this way There are specific requirements for the client platform, which is limited by the system where the user is located. The client needs to develop various versions of Windows, Mac, Linux/Unix series, etc., and even the current mobile terminal needs to develop corresponding The client program largely loses the convenience and ease of use of the remote control function of the cloud platform, and at the same time has low resistance to user interference;

第三种方法是本发明提出和采取的方式:这种方式通过修改云平台中采用的虚拟机远程桌面控制的软件服务端,将待发送消息集成融入到虚拟机桌面图像中,然后一起发送给终端用户使用的远程桌面控制软件客户端;此方式不需要在虚拟机系统内部安装任何插件或者通讯客户端,即该消息通道对虚拟机系统自身是透明的;同时这种方式也不需要在终端用户机器上安装任何插件或者通讯客户端亦或做其他任何改变,也即该方式对原虚拟机远程桌面控制软件的适用范围是无损的。 The third method is the method proposed and adopted by the present invention: in this method, by modifying the software server end of the virtual machine remote desktop control adopted in the cloud platform, the message to be sent is integrated into the virtual machine desktop image, and then sent together to The remote desktop control software client used by end users; this method does not need to install any plug-ins or communication clients inside the virtual machine system, that is, the message channel is transparent to the virtual machine system itself; Install any plug-ins or communication clients on the user's machine or make any other changes, that is, this method is non-destructive to the scope of application of the original virtual machine remote desktop control software.

发明内容 Contents of the invention

本发明中设计的方案是以开源的虚拟机远程桌面控制软件VNC为基础,结合目前发展迅速的KVM虚拟化平台,通过修改其中远程控制软件的服务端代码,最终建立一条对虚拟机自身系统透明的可在云平台和终端用户间双向交互的消息通道。 The scheme designed in the present invention is based on the open-source virtual machine remote desktop control software VNC, combined with the current rapidly developing KVM virtualization platform, by modifying the server code of the remote control software, and finally establishing a system transparent to the virtual machine's own system A message channel for two-way interaction between the cloud platform and end users.

本发明主要是通过下述技术方案得以解决的: The present invention is mainly solved by the following technical solutions:

一种云管理平台和虚拟机终端用户间VNC隐通道的建立方法,该VNC隐通道包括以下三个模块: A method for establishing a VNC covert channel between a cloud management platform and a virtual machine terminal user, the VNC covert channel includes the following three modules:

消息转换模块:消息转换模块位于虚拟机实际所在的物理主机上 ,独立于KVM架构中的QEMU模块,提供云平台调用VNC隐通道的接口,将云平台管理员欲发送往终端用户的原始消息生成管理员设定的通道消息窗口对话框,抓取该窗口图像像素信息,转换成一般VNC通信过程中能够识别的像素格式和编码方式;同时也在收到消息反馈接收模块发送过来的终端用户反馈后将用户对消息通道的操作传递给云平台管理员; Message conversion module: The message conversion module is located on the actual physical host where the virtual machine is located, independent of the QEMU module in the KVM architecture, providing an interface for the cloud platform to call the VNC covert channel, and generating the original message that the cloud platform administrator wants to send to the end user The channel message window dialog box set by the administrator captures the pixel information of the window image and converts it into a pixel format and encoding method that can be recognized in the general VNC communication process; at the same time, it also receives the end user feedback sent by the message feedback receiving module Then pass the user's operation on the message channel to the cloud platform administrator;

消息发送模块:消息发送模块位于虚拟机实际所在物理主机上的KVM架构中的QEMU模块代码中,通过修改KVM虚拟化解决方案中KVM架构中的QEMU模块里面部分VNC服务端功能源码,添加消息发送模块源码,在修改代码中将管理员欲发往终端用户的消息像素数据转换成当次VNC连接中使用的格式,然后无缝添加进入原始的VNC服务端和客户端通信帧报文中; Message sending module: The message sending module is located in the QEMU module code of the KVM architecture on the physical host where the virtual machine is actually located. By modifying the source code of some VNC server functions in the KVM architecture of the KVM virtualization solution, the message sending module is added. Module source code, in modifying the code, convert the message pixel data that the administrator wants to send to the end user into the format used in the current VNC connection, and then seamlessly add it into the original VNC server and client communication frame message;

消息反馈接收模块:消息反馈接收模块位于虚拟机实际所在物理主机上的KVM架构中的QEMU模块代码中,通过修改KVM虚拟化解决方案中KVM架构中的QEMU模块里面VNC服务端功能源码,添加消息反馈接收模块,在代码中抓取消息在终端用户桌面显示期间终端用户的鼠标操作,将终端用户发出的位于通道消息窗口显示区域的鼠标操作信息通过命名管道的方式发往消息转换模块。 Message feedback receiving module: The message feedback receiving module is located in the QEMU module code in the KVM architecture on the physical host where the virtual machine is actually located. By modifying the source code of the VNC server function in the QEMU module in the KVM architecture in the KVM virtualization solution, add a message The feedback receiving module captures the mouse operation of the terminal user during the display of the message on the terminal user's desktop in the code, and sends the mouse operation information in the display area of the channel message window sent by the terminal user to the message conversion module through a named pipe.

本发明创造性的实现了以下功能: The present invention creatively realizes the following functions:

第一,服务端消息推送。在云管理平台控制节点上,可以通过该通道向远程虚拟机终端用户发送其欲显示的消息,这种消息的显示是实时的,即服务端发送后,客户端可以立即看到; First, server-side message push. On the control node of the cloud management platform, the message to be displayed can be sent to the remote virtual machine terminal user through this channel. The display of this message is real-time, that is, after the server sends it, the client can see it immediately;

第二,对客户端用户反馈识别。在服务端通过消息通道推送消息到客户端后,终端用户根据其自身需要对推送的消息窗口做出不同的反应,这个时候服务端应该能够识别出用户具体的针对该通道消息窗口的反馈操作,并将用户反馈传送往云管理平台控制端,由云管理平台根据其不同的操作事件再进行相应的处理。 Second, identify client user feedback. After the server pushes the message to the client through the message channel, the end user reacts differently to the pushed message window according to their own needs. At this time, the server should be able to identify the user's specific feedback operation for the channel message window. And the user feedback is sent to the control terminal of the cloud management platform, and the cloud management platform performs corresponding processing according to its different operation events.

第三,推送消息布局定制。在消息的发送端,云管理平台应该可以根据其不同需要去定制通道消息窗口在终端用户VNC客户端上显示的内容和布局排版的情况。 Third, push message layout customization. At the sending end of the message, the cloud management platform should be able to customize the content and layout of the channel message window displayed on the end user's VNC client according to its different needs.

其中,上述消息转换模块主要架构具体又可细分为以下几个部分: Among them, the main architecture of the above-mentioned message conversion module can be subdivided into the following parts:

平台消息交互接口:该接口负责直接和原始消息发送端(云管理平台主控节点或云管理人员等)进行直接信息交互,它向外呈现一种接口,接口参数包括虚拟机访问端口号、使用的模版类型以及包含消息内容块数、消息内容、用户交互操作种类、用户操作内容等参数的配置文件(一般以端口命名),参数内容涵义如附图1所示;  Platform message interaction interface: This interface is responsible for direct information interaction with the original message sender (cloud management platform master control node or cloud management personnel, etc.). The template type and the configuration file (generally named after the port) including the number of message content blocks, message content, user interactive operation type, user operation content and other parameters. The meaning of the parameter content is shown in Figure 1;

图像像素数据文件:该文件用来存放最终欲在终端用户VNC客户端显示的消息窗口的图像像素数据。包括消息窗口的宽、高、像素格式以及具体像素数据内容。 Image pixel data file: This file is used to store the image pixel data of the message window to be finally displayed on the end user VNC client. Including the width, height, pixel format and specific pixel data content of the message window.

窗口配置信息补全单元:该部分负责对云平台发送过来的消息窗口配置信息进行补全,对于云平台管理员未具体定制的窗口配置参数采用默认设置。 Window configuration information completion unit: This part is responsible for completing the message window configuration information sent by the cloud platform, and adopts the default settings for the window configuration parameters not specifically customized by the cloud platform administrator.

消息窗口布局模版单元:主要作用是用来告诉消息转换部分应该生成怎样的消息窗口,即消息窗口中包括哪些组件以及组件的内容。 Message window layout template unit: the main function is to tell the message conversion part what kind of message window should be generated, that is, which components and component contents are included in the message window.

消息转换单元:这是该模块的核心功能部分,负责对待发送消息格式转换以及用户反馈操作坐标转换。当平台消息转换接口接收到云管理平台或管理人员发送过来的消息后,消息转换部分将根据其传送过来的参数转到窗口配置信息补全部分,补全云平台未定义的窗口参数后,按照这些参数所对应的窗口布局生成最终欲显示的消息图像窗口,最后将该窗口对应的图像像素数据存入特定的文件中,以便消息发送模块读取; Message conversion unit: This is the core functional part of the module, which is responsible for the format conversion of the message to be sent and the coordinate conversion of user feedback operations. When the platform message conversion interface receives the message sent by the cloud management platform or managers, the message conversion part will transfer to the window configuration information completion part according to the parameters transmitted by it. After completing the undefined window parameters of the cloud platform, follow the The window layout corresponding to these parameters generates the final message image window to be displayed, and finally the image pixel data corresponding to the window is stored in a specific file so that the message sending module can read it;

消息转换部分另外一个功能是接收到用户反馈接口传递过来的终端用户操作坐标后,将根据该坐标所处位置找到其对应元组内实际进行的操作,如该坐标处于第一个操作组件位置内,则表示用户选择的是第一种操作,以此类推...最后将对应的操作内容发送到平台消息交互接口。当检测到用户发送过来的反馈操作x,y坐标位于消息窗口中操作控件区域且该反馈为鼠标单击事件时,则将该对应控件内容(即虚拟机终端用户对消息窗口的选择)发送往原始消息发送端,与此同时,删除消息图像像素数据文件,以结束当次通道消息显示。 Another function of the message conversion part is to find the actual operation in the corresponding tuple according to the position of the coordinate after receiving the end user's operation coordinate from the user feedback interface, such as the coordinate is in the position of the first operation component , it means that the user chooses the first operation, and so on...Finally, the corresponding operation content is sent to the platform message interaction interface. When it is detected that the x and y coordinates of the feedback operation sent by the user are located in the operation control area of the message window and the feedback is a mouse click event, the corresponding control content (that is, the selection of the message window by the end user of the virtual machine) is sent to At the same time, the sender of the original message deletes the message image pixel data file to end the display of the current channel message.

接收用户反馈单元:该部分主要用来接收VNC服务端中用户消息反馈接收模块发送过来的用户操作的坐标,将其发送到消息转换部分,作为其输入。此部分实现主要是在消息显示期间一直监听相应虚拟机的命名管道的输入,即消息反馈接收模块端向命名管道写入用户反馈消息,在该发送模块读取管道中的消息,此处采用管道阻塞的方式,即未收到管道写入消息,则一直进行监听。 Receiving user feedback unit: This part is mainly used to receive the coordinates of the user operation sent by the user message feedback receiving module in the VNC server, and send it to the message conversion part as its input. The implementation of this part is mainly to monitor the input of the named pipe of the corresponding virtual machine during the message display period, that is, the message feedback receiving module writes the user feedback message to the named pipe, and the sending module reads the message in the pipe, and the pipe is used here The blocking method, that is, if the pipeline write message is not received, it will continue to monitor.

所述消息转换模块位于云服务提供节点上,所述云服务提供节点即虚拟机实际所在的物理主机;该消息转换模块独立于KVM架构中的QEMU模块程序,是VNC隐通道向外提供的调用接口,其实现流程包括以下步骤: The message conversion module is located on the cloud service provider node, and the cloud service provider node is the physical host where the virtual machine is actually located; the message conversion module is independent of the QEMU module program in the KVM architecture, and is a call provided by the VNC covert channel to the outside Interface, its implementation process includes the following steps:

步骤1:首先根据管理员调用VNC隐通道的平台消息交互接口设定的参数来读取管理员发送过来的消息内容及消息通道排版布局信息; Step 1: First read the content of the message sent by the administrator and the typesetting and layout information of the message channel according to the parameters set by the administrator calling the platform message interaction interface of the VNC covert channel;

步骤2:消息转换单元接收到步骤1读取的这些配置信息后,调用窗口配置信息补全单元模块,在窗口配置信息补全模块中根据管理员设定的模版型号查询消息窗口布局模版单元,补全管理员调用VNC隐通道时未配置的参数信息; Step 2: After the message conversion unit receives the configuration information read in step 1, it calls the window configuration information completion unit module, and queries the message window layout template unit according to the template model set by the administrator in the window configuration information completion module. Complete the unconfigured parameter information when the administrator calls the VNC covert channel;

步骤3:根据步骤2补全后的消息窗口配置信息生成一个临时消息窗口,所述临时消息窗口外观和最终远程终端用户在其自身VNC客户端上看到通道消息窗口相同; Step 3: Generate a temporary message window according to the message window configuration information completed in step 2, the appearance of the temporary message window is the same as that of the channel message window seen by the final remote terminal user on its own VNC client;

步骤4:接着抓取步骤3生成的消息窗口的图像信息,生成对应的消息窗口bmp截图图片; Step 4: Then grab the image information of the message window generated in step 3, and generate the corresponding message window bmp screenshot;

步骤5:读取步骤4生成的bmp图像信息,将该图像信息转换成32位真彩色的使用RAW编码的图像像素数据文件,以便之后的消息发送模块读取; Step 5: Read the bmp image information generated in step 4, and convert the image information into a 32-bit true-color image pixel data file using RAW encoding, so that the subsequent message sending module can read it;

步骤6:与此同时接收用户反馈单元监听消息反馈接收模块传送回来的终端用户针对该通道消息的选择结果,在该消息转换模块对之解析处理后将终端用户选择结果的具体内容传送往云管理平台消息原始发送端。 Step 6: At the same time, the user feedback unit monitors the selection result of the end user for the channel message sent back by the message feedback receiving module, and sends the specific content of the selection result of the end user to the cloud management after the message conversion module parses and processes it The original sender of platform messages.

本发明中上述消息发送模块又主要分为消息图像读取单元、消息图像图像转换单元、消息图像图像添加单元三个部分: In the present invention, the above-mentioned message sending module is mainly divided into three parts: a message image reading unit, a message image image conversion unit, and a message image image adding unit:

消息图像像素读取单元:在消息转换模块生成消息窗口图像的像素数据并将之存入特定文件后,消息发送模块中图像像素读取部分首先抓取当次VNC连接的端口号,然后根据该端口号去读取对应的特定路径下的通道消息像素数据,包括消息窗口的宽、高、像素格式、像素数据内容。 Message image pixel reading unit: After the message conversion module generates the pixel data of the message window image and stores it in a specific file, the image pixel reading part in the message sending module first grabs the port number of the current VNC connection, and then according to the The port number is used to read the channel message pixel data under the corresponding specific path, including the width, height, pixel format, and pixel data content of the message window.

消息图像像素转换单元:该部分首先获取当次VNC通信会话过程中终端用户选择的像素格式,然后和上文图像像素读取部分得到的像素格式进行对比,如果不同,则按照用户选择的格式对上文读取的图像像素数据进行转换,如用户选择的是8位,而消息图像像素为32位,则根据图像转换原理将32位像素数据转换为8位数据。 Message image pixel conversion unit: this part first obtains the pixel format selected by the terminal user during the current VNC communication session, and then compares it with the pixel format obtained by the image pixel reading part above. The image pixel data read above is converted. If the user selects 8 bits and the message image pixels are 32 bits, the 32-bit pixel data is converted into 8-bit data according to the image conversion principle.

消息图像数据添加单元:在将图像数据转换为当次VNC连接相同格式后,便开始在VNC原始桌面图像帧缓冲更新信息帧(FramebufferUpdate)发送之前,结合该帧缓冲更新信息帧数据结构将消息图像像素数据添加到信息帧后面。 Message image data adding unit: After converting the image data into the same format as the current VNC connection, before sending the VNC original desktop image frame buffer update information frame (FramebufferUpdate), combine the frame buffer update information frame data structure to add the message image Pixel data is appended after the infoframe.

所述的消息发送模块是通过修改通信过程中的帧缓冲更新信息帧来实现,其实现流程包括以下步骤: The message sending module is implemented by modifying the frame buffer update information frame in the communication process, and its implementation process includes the following steps:

步骤1:找到VNC服务端和客户端通信过程中服务端原始数据生成的代码,在KVM架构中的QEMU模块中,该部分位于qemu-kvm/ui/vnc-jobs.c下vnc_worker_thread_loop函数中,在该函数中添加代码执行以下步骤; Step 1: Find the code generated by the raw data of the server during the communication between the VNC server and the client. In the QEMU module in the KVM architecture, this part is located in the vnc_worker_thread_loop function under qemu-kvm/ui/vnc-jobs.c, in Add code to this function to perform the following steps;

步骤2:消息图像像素读取单元读取消息转换模块产生的消息图像像素数据; Step 2: the message image pixel reading unit reads the message image pixel data generated by the message conversion module;

步骤3:获取当次VNC连接过程中所使用的像素格式及编码方式; Step 3: Obtain the pixel format and encoding method used in the current VNC connection process;

步骤4:接着消息图像转换单元开始将步骤1中读取的消息图像像素数据进一步转化为此次VNC连接过程中所使用的像素格式及编码方式; Step 4: Then the message image conversion unit starts to further convert the message image pixel data read in step 1 into the pixel format and encoding method used in the VNC connection process;

步骤5:结合桌面图像更新信息帧的数据结构,消息图像像素数据添加单元将步骤4转化后的消息图像矩形区域内像素数据添加到正常的图像更新信息帧后面,这样VNC客户端收到该信息帧后,在其自身终端显示器上进行绘制时将可以同时绘制出消息通道中传送的消息窗口。 Step 5: In combination with the data structure of the desktop image update information frame, the message image pixel data adding unit adds the pixel data in the rectangular area of the message image converted in step 4 to the back of the normal image update information frame, so that the VNC client receives the information After the frame, when drawing on its own terminal display, it will be able to draw the message window transmitted in the message channel at the same time.

本发明中所述的消息反馈接收模块的核心操作是识别消息通道显示期间用户针对消息窗口的操作选择并对之进行相应处理。客户端发送过来的VNC通信信息帧中第一个字节表示信息帧类型,如值为05表示鼠标事件。在本方案中拟抓取的用户操作反馈主要指终端用户发出的鼠标操作。其中鼠标信息帧中的第二个字节表示鼠标单击的键名(如左击、右击、滑动中间滚轮等)第三到六个字节表示鼠标操作的x,y坐标。分析该信息帧中的x,y坐标,判断其是否处于消息通道窗口区域内,如是,则认为用户该操作的对象是消息窗口,此时将发送该坐标到消息转换模块,同时产生一个消息区域更新事件。该区域更新事件实现过程主要是通过模拟生成一个客户端发送过来的指定矩形区域的全量更新帧缓冲更新请求信息帧,以使VNC服务端更新消息通道窗口所在矩形区域。 The core operation of the message feedback receiving module in the present invention is to identify the user's operation selection for the message window during the display of the message channel and to process it accordingly. The first byte in the VNC communication information frame sent by the client indicates the type of the information frame, such as a value of 05 indicates a mouse event. The user operation feedback to be captured in this solution mainly refers to the mouse operation issued by the end user. The second byte in the mouse information frame represents the key name of the mouse click (such as left click, right click, sliding the middle wheel, etc.) and the third to six bytes represent the x, y coordinates of the mouse operation. Analyze the x and y coordinates in the information frame to determine whether it is in the window area of the message channel. If so, it is considered that the object of the user's operation is the message window. At this time, the coordinates will be sent to the message conversion module, and a message area will be generated at the same time update event. The implementation process of the area update event is mainly to simulate and generate a full update frame buffer update request information frame of a specified rectangular area sent by the client, so that the VNC server can update the rectangular area where the message channel window is located.

实现流程包括以下步骤: The implementation process includes the following steps:

步骤1:找到VNC服务端和客户端通信过程中服务端接收客户端终端用户反馈数据的代码,在KVM架构中的QEMU模块中,该部分位于qemu-kvm/ui/vnc.c下的vnc_client_read函数中,在该函数中添加代码执行以下步骤; Step 1: Find the code for the server to receive the feedback data from the client terminal user during the communication process between the VNC server and the client. In the QEMU module in the KVM architecture, this part is located in the vnc_client_read function under qemu-kvm/ui/vnc.c , add code to the function to perform the following steps;

步骤2:判断是否处于隐通道消息显示期间,如是则截取当次会话连接从客户端发送过来的交互信息帧,否则表明为VNC服务端和客户端原始通信,此时消息反馈模块不做额外操作; Step 2: Determine whether it is in the display period of the covert channel message, if so, intercept the interactive information frame sent from the client in the current session connection, otherwise it indicates the original communication between the VNC server and the client, and the message feedback module does not perform additional operations at this time ;

步骤3:根据截获的交互信息帧中鼠标操作坐标的位置来判断此次操作用户针对的对象,所述对象包括通道消息或访问系统,若鼠标操作在消息窗口所在的矩形区域内,则表明用户鼠标操作的对象是消息通道窗口; Step 3: According to the position of the mouse operation coordinates in the intercepted interactive information frame, judge the object targeted by the user in this operation. The object includes the channel message or the access system. If the mouse operation is within the rectangular area where the message window is located, it indicates that the user The object of the mouse operation is the message channel window;

步骤4:在收到针对通道消息的交互信息帧后,将操作的具体内容发送往云服务提供节点上的消息转换模块程序,由消息转换模块将最终的内容发往通道消息的原始发送端; Step 4: After receiving the interactive information frame for the channel message, send the specific content of the operation to the message conversion module program on the cloud service provider node, and the message conversion module will send the final content to the original sender of the channel message;

步骤5:将该交互信息帧更改为更新当前消息窗口所在矩形区域的图像更新信息帧,也即产生消息区域更新事件,更新消息窗口所在屏幕区域,完成一次交互。 Step 5: Change the interaction information frame to an image update information frame that updates the rectangular area where the current message window is located, that is, generate a message area update event, update the screen area where the message window is located, and complete an interaction.

因此,本发明具有如下优点:1.稳定性高,对虚拟机自身系统透明。本发明通过修改云平台中采用的虚拟机远程桌面控制的软件服务端,将待发送消息集成融入到虚拟机桌面图像中,然后一起发送给终端用户使用的远程桌面控制软件客户端,它不需要在虚拟机系统内部安装任何插件或者通讯客户端,即便用户选择重装系统或者其他操作,该隐通道功能仍能发挥作用,也即该消息通道对虚拟机系统自身是透明的2.便捷无损性,适用范围。本发明不需要在终端用户机器上安装任何插件或者通讯客户端亦或做其他任何改变,虚拟机终端用户可以在windows、linux、mac甚至智能移动终端等任何系统环境上通过浏览器或vnc客户端便可以体验该功能,也即该方式对原虚拟机远程桌面控制软件的适用范围是无损的。 Therefore, the present invention has the following advantages: 1. High stability, transparent to the system of the virtual machine itself. The present invention integrates the message to be sent into the desktop image of the virtual machine by modifying the software server end of the remote desktop control of the virtual machine adopted in the cloud platform, and then sends it to the remote desktop control software client used by the terminal user together, which does not require Install any plug-in or communication client inside the virtual machine system, even if the user chooses to reinstall the system or perform other operations, the hidden channel function can still function, that is, the message channel is transparent to the virtual machine system itself 2. Convenient and non-destructive , the scope of application. The present invention does not need to install any plug-in or communication client on the terminal user's machine or make any other changes, and the virtual machine terminal user can use a browser or a vnc client on any system environment such as windows, linux, mac or even an intelligent mobile terminal You can experience this function, that is, this method is nondestructive to the scope of application of the original virtual machine remote desktop control software.

附图说明 Description of drawings

图1本发明的VNC通道总体设计架构图。 Fig. 1 is a schematic diagram of the overall design of the VNC channel of the present invention.

图2本发明的通道消息转换模块架构图。 Fig. 2 is a structural diagram of the channel message conversion module of the present invention.

图3本发明的通道消息发送模块架构图。 Fig. 3 is an architecture diagram of the channel message sending module of the present invention.

图4 本发明的消息发送模块中使用的桌面图像更新信息帧的数据结构图。 Fig. 4 is a data structure diagram of the desktop image update information frame used in the message sending module of the present invention.

图5本发明的通道消息反馈接收模块流程图。 Fig. 5 is a flow chart of the channel message feedback receiving module of the present invention.

图6本发明的消息反馈接收模块中使用的交互信息帧的数据结构图。 Fig. 6 is a data structure diagram of the interactive information frame used in the message feedback receiving module of the present invention.

具体实施方案 specific implementation plan

下面通过实施例,并结合附图,对本发明的技术方案作进一步具体的说明。 The technical solutions of the present invention will be further specifically described below through the embodiments and in conjunction with the accompanying drawings.

实施例: Example:

参见图1,在使用KVM虚拟化技术的云平台中,实现云管理平台和虚拟机远程终端用户之间交互消息通道功能主要包括消息转换、消息发送、消息反馈接收三个模块。 Referring to Figure 1, in the cloud platform using KVM virtualization technology, the function of realizing the interactive message channel between the cloud management platform and the virtual machine remote terminal user mainly includes three modules: message conversion, message sending, and message feedback receiving.

消息转换模块:消息转换模块位于虚拟机实际所在的物理主机上 ,它独立于qemu-kvm,主要负责接收云管理平台主控节点管理消息和对接收到的消息进行转换以使消息发送模块能够识别。在该模块中会向云管理平台提供一个接口以接收云管理平台或云管理员发送过来欲最终发往虚拟机终端用户的消息,由于接收到的消息是文本字符串或图片和字符串有机组合的形式,而VNC服务端和客户端之间通信是通过图像进行传送,所以在消息转换模块需要将文本字符串消息转换成图像,之后将图像内容以位图像素数据格式的方式读出到特定文件中,作为消息发送模块的消息来源;同时在收到消息反馈接收模块发送回来的表示终端用户操作的坐标后,根据坐标将其转换成对应的具体操作,最终将终端用户反馈结果回送往云管理平台或云管理员。 Message conversion module: The message conversion module is located on the physical host where the virtual machine is actually located. It is independent of qemu-kvm and is mainly responsible for receiving the management messages of the cloud management platform master node and converting the received messages so that the message sending module can identify them. . In this module, an interface will be provided to the cloud management platform to receive messages sent by the cloud management platform or cloud administrators to be sent to end users of virtual machines, because the received messages are text strings or an organic combination of pictures and strings form, and the communication between the VNC server and the client is transmitted through the image, so the message conversion module needs to convert the text string message into an image, and then read out the image content in the bitmap pixel data format to a specific In the file, it serves as the message source of the message sending module; at the same time, after receiving the coordinates representing the end user's operation sent back by the message feedback receiving module, it is converted into the corresponding specific operation according to the coordinates, and finally the end user feedback result is sent back to Cloud management platform or cloud administrator.

消息发送模块:消息发送模块位于虚拟机实际所在物理主机上的qemu-kvm代码中,通过修改KVM虚拟化解决方案中qemu-kvm中部分VNC服务端功能源码(位于qemu-kvm/ui/vnc-jobs.c中)来实现。在消息发送模块中,首先读取消息转换模块产生的消息图像像素数据,然后根据待发送消息的目的虚拟机找到其VNC连接的像素格式和编码方式属性,对原始消息图像像素数据进行转换,再结合VNC帧缓冲更新信息帧的数据结构特点将转换后的消息图像像素数据添加到VNC原始通信信息帧的末尾,之后等待消息结束标志,最后恢复原始VNC会话通信。 Message sending module: The message sending module is located in the qemu-kvm code on the physical host where the virtual machine is actually located. By modifying the source code of some VNC server functions in qemu-kvm in the KVM virtualization solution (located in qemu-kvm/ui/vnc- jobs.c) to achieve. In the message sending module, first read the message image pixel data generated by the message conversion module, and then find out the pixel format and encoding mode attributes of the VNC connection according to the destination virtual machine of the message to be sent, convert the original message image pixel data, and then Combined with the data structure characteristics of the VNC frame buffer update information frame, the converted message image pixel data is added to the end of the VNC original communication information frame, and then wait for the message end sign, and finally restore the original VNC session communication.

消息反馈接收模块:消息反馈接收模块位于虚拟机实际所在物理主机上的qemu-kvm代码中,通过修改KVM虚拟化解决方案中qemu-kvm中VNC服务端功能源码(位于qemu-kvm/ui/vnc.c中)来实现。主要负责接收用户对消息发送模块发送过去消息的交互操作信息。该模块在通道消息显示期间将截取终端用户的所有操作信息帧,根据事件交互信息帧结构找出针对于消息通道窗口的用户响应,然后采用命名管道的方式将用户操作的坐标发送往消息转换模块,同时向消息发送模块发送一个消息区域更新事件以结束通道中此次消息的显示。 Message feedback receiving module: The message feedback receiving module is located in the qemu-kvm code on the actual physical host where the virtual machine is located. By modifying the source code of the VNC server function in qemu-kvm in the KVM virtualization solution (located in qemu-kvm/ui/vnc .c) to achieve. It is mainly responsible for receiving the interactive operation information of the past message sent by the user to the message sending module. This module will intercept all operation information frames of end users during channel message display, find out the user response to the message channel window according to the event interaction information frame structure, and then send the coordinates of user operations to the message conversion module by means of a named pipe , and at the same time send a message area update event to the message sending module to end the display of this message in the channel.

上述消息转换模块架构实现流程如图2所示: The implementation process of the above message conversion module architecture is shown in Figure 2:

步骤1:首先根据管理员调用VNC隐通道接口设定的参数来读取管理员发送过来的消息内容及消息通道排版布局信息; Step 1: First, read the content of the message sent by the administrator and the typesetting and layout information of the message channel according to the parameters set by the administrator calling the VNC covert channel interface;

步骤2:根据步骤1读取的这些配置信息进入窗口配置信息补全模块,在窗口配置信息补全模块中根据管理员设定的模版型号查询消息窗口布局模版,补全管理员调用VNC隐通道时未配置的参数信息; Step 2: Enter the window configuration information completion module based on the configuration information read in step 1. In the window configuration information completion module, query the message window layout template according to the template model set by the administrator, and complete the VNC hidden channel called by the administrator Parameter information not configured at the time;

步骤3:根据步骤2补全后的消息窗口配置信息生成一个临时消息窗口(该消息窗口外观和最终远程终端用户在其自身VNC客户端上看到通道消息窗口一样); Step 3: Generate a temporary message window according to the completed message window configuration information in step 2 (the appearance of the message window is the same as that of the channel message window seen by the final remote terminal user on its own VNC client);

步骤4:接着抓取步骤3生成的消息窗口的图像信息,生成对应的消息窗口bmp截图图片; Step 4: Then grab the image information of the message window generated in step 3, and generate the corresponding message window bmp screenshot;

步骤5:读取步骤4生成的bmp图像信息,将该图像信息转换成32位真彩色的使用RAW编码的图像像素数据文件,以便之后的消息发送模块读取; Step 5: Read the bmp image information generated in step 4, and convert the image information into a 32-bit true-color image pixel data file using RAW encoding, so that the subsequent message sending module can read it;

步骤6:与此同时监听消息反馈接收模块传送回来的终端用户针对该通道消息的选择结果,在该消息转换模块对之解析处理后将终端用户选择结果的具体内容传送往云管理平台消息原始发送端。 Step 6: At the same time, monitor the end user's selection result for the channel message sent back by the message feedback receiving module, and send the specific content of the end user's selection result to the cloud management platform after the message conversion module parses and processes it. end.

上述消息发送模块架构实现流程如图3所示: The implementation process of the above message sending module architecture is shown in Figure 3:

步骤1:找到VNC服务端和客户端通信过程中服务端原始数据生成的代码,在qemu-kvm中,该部分位于qemu-kvm/ui/vnc-jobs.c下的vnc_worker_thread_loop函数中,在该函数中添加代码执行以下步骤; Step 1: Find the code generated by the raw data of the server during the communication between the VNC server and the client. In qemu-kvm, this part is located in the vnc_worker_thread_loop function under qemu-kvm/ui/vnc-jobs.c. In this function Add code to perform the following steps;

步骤2:读取消息转换模块产生的消息图像像素数据; Step 2: read the message image pixel data generated by the message conversion module;

步骤3:获取当次VNC连接过程中所使用的像素格式及编码方式; Step 3: Obtain the pixel format and encoding method used in the current VNC connection process;

步骤4:将步骤1中读取的消息图像像素数据进一步转化为此次VNC连接过程中所使用的像素格式及编码方式; Step 4: Further convert the message image pixel data read in step 1 into the pixel format and encoding method used in this VNC connection process;

步骤5:结合桌面图像更新信息帧的数据结构(如图4),将步骤4转化后的消息图像矩形区域内像素数据添加到正常的图像更新信息帧后面,这样VNC客户端收到该信息帧后,在其自身终端显示器上进行绘制时将可以同时绘制出消息通道中传送的消息窗口。 Step 5: Combining the data structure of the desktop image update information frame (as shown in Figure 4), add the pixel data in the rectangular area of the message image converted in step 4 to the back of the normal image update information frame, so that the VNC client receives the information frame After that, when drawing on its own terminal display, it will be able to draw the message window transmitted in the message channel at the same time.

上述消息反馈接收模块工作流程如图5所示: The workflow of the above message feedback receiving module is shown in Figure 5:

步骤1:找到VNC服务端和客户端通信过程中服务端接收客户端终端用户反馈数据的代码,在qemu-kvm中,该部分位于qemu-kvm/ui/vnc.c下的vnc_client_read函数中,在该函数中添加代码执行以下步骤; Step 1: Find the code for the server to receive the feedback data from the client terminal user during the communication process between the VNC server and the client. In qemu-kvm, this part is located in the vnc_client_read function under qemu-kvm/ui/vnc.c, in Add code to this function to perform the following steps;

步骤2:判断是否处于隐通道消息显示期间,如是则截取当次会话连接从客户端发送过来的交互信息帧,否则表明为VNC服务端和客户端原始通信,此时消息反馈模块不做额外操作; Step 2: Determine whether it is in the display period of the covert channel message, if so, intercept the interactive information frame sent from the client in the current session connection, otherwise it indicates the original communication between the VNC server and the client, and the message feedback module does not perform additional operations at this time ;

步骤3:参见图6,根据截获的交互信息帧中鼠标操作坐标的位置来判断此次操作用户针对的对象(通道消息或访问系统),若鼠标操作在消息窗口所在的矩形区域内,则表明用户鼠标操作的对象是消息通道窗口; Step 3: Referring to Figure 6, judge the object (channel message or access system) targeted by the user in this operation according to the position of the mouse operation coordinates in the intercepted interaction information frame. If the mouse operation is within the rectangular area where the message window is located, it indicates The object of the user's mouse operation is the message channel window;

步骤4:在收到针对通道消息的交互信息帧后,将操作的具体内容发送往云服务提供节点上的消息转换模块程序,由消息转换模块将最终的内容发往通道消息的原始发送端(一般情况下指云管理平台控制节点)。 Step 4: After receiving the interactive information frame for the channel message, send the specific content of the operation to the message conversion module program on the cloud service provider node, and the message conversion module will send the final content to the original sender of the channel message ( Generally, it refers to the cloud management platform control node).

步骤5:将该交互信息帧更改为更新当前消息窗口所在矩形区域的图像更新信息帧,也即产生消息区域更新事件,更新消息窗口所在屏幕区域,完成一次交互; Step 5: Change the interaction information frame to an image update information frame that updates the rectangular area where the current message window is located, that is, generate a message area update event, update the screen area where the message window is located, and complete an interaction;

本文中所描述的具体实施例仅仅是对本发明精神作举例说明。本发明所属技术领域的技术人员可以对所描述的具体实施例做各种各样的修改或补充或采用类似的方式替代,但并不会偏离本发明的精神或者超越所附权利要求书所定义的范围。 The specific embodiments described herein are merely illustrative of the spirit of the invention. Those skilled in the art to which the present invention belongs can make various modifications or supplements to the described specific embodiments or adopt similar methods to replace them, but they will not deviate from the spirit of the present invention or go beyond the definition of the appended claims range.

Claims (4)

1. the method for building up of VNC concealed channel between a cloud management platform and virtual machine terminal use, this VNC concealed channel comprises following three modules:
Message conversion module: message conversion module is positioned on the physical host at the actual place of virtual machine, be independent of the QEMU module in the KVM framework, cloud platform invoke VNC is provided the interface of concealed channel, the origination message of cloud platform management person being desired to send to the terminal use generates the path message window dialog frame that the keeper sets, grasp this video in window Pixel Information, convert pixel format and the coded system that to identify in the general VNC communication process to; Simultaneously also after receiving terminal use's feedback that the message feedback receiver module sends over, the user is passed to cloud platform management person to the operation of message channel;
Message transmission module: message transmission module is arranged in the QEMU block code of the KVM framework on the physical host of the actual place of virtual machine, by revising the inside of the QEMU module in KVM framework part of V NC service end function source code in the KVM virtualization solution, add the message transmission module source code, the message pixel data of the keeper being desired to mail to the terminal use in revising code converts the form that uses in time VNC connects, seamless interpolation enters in original VNC service end and the client communication frame message then;
The message feedback receiver module: the message feedback receiver module is arranged in the QEMU block code of the KVM framework on the physical host of the actual place of virtual machine, by revising VNC service end function source code in the inside of the QEMU module in the KVM framework in the KVM virtualization solution, add the message feedback receiver module, grasp message terminal use's during end-user desktop shows mouse action in code, the mouse action information that is positioned at path message window viewing area that the terminal use is sent mails to message conversion module by the mode of named pipes.
2. according to the method for building up of VNC concealed channel between the cloud management platform described in the claim 1 and virtual machine terminal use, it is characterized in that, described message conversion module is positioned at cloud service to be provided on the node, and it is the physical host at the actual place of virtual machine that described cloud service provides node; This message conversion module is independent of the QEMU modular program in the KVM framework, is the calling interface that the VNC concealed channel outwards provides, and its realization flow may further comprise the steps:
Step 1: at first the parameter of calling the platform interacting message interface setting of VNC concealed channel according to the keeper reads message content and the message channel composing layout information that the keeper sends over;
Step 2: after the message conversion unit receives these configuration informations that step 1 reads, call window configuration information completion unit module, the masterplate model query messages window layout masterplate unit of in window configuration information completion module, setting according to the keeper, the parameter information that the completion keeper does not dispose when calling the VNC concealed channel;
Step 3: generate an interim message window according to the message window configuration information after step 2 completion, described interim message window outward appearance and finally remote terminal user see that in himself VNC client the path message window is identical;
Step 4: then grasp the image information of the message window of step 3 generation, generate corresponding message window bmp sectional drawing picture;
Step 5: the bmp image information that read step 4 generates converts this image information the use RAW image encoded pixel data file of 32 true color to, so that message transmission module afterwards reads;
Step 6: meanwhile receive user feedback unit monitoring information feedback receiver module and transmit the terminal use that returns at the selection result of this path message, this message conversion module to dissection process after the particular content of terminal use's selection result is transmitted toward the original transmitting terminal of cloud management platform message.
3. according to the method for building up of VNC concealed channel between the cloud management platform described in the claim 1 and virtual machine terminal use, it is characterized in that, described message transmission module is to realize that by the frame buffer update information frame of revising in the communication process its realization flow may further comprise the steps:
Step 1: find the code that the service end initial data generates in VNC service end and the client communication process, in the QEMU module in the KVM framework, this part is arranged in vnc_worker_thread_loop function under the qemu-kvm/ui/vnc-jobs.c, adds code and carry out following steps in this function;
Step 2: message image pixel reading unit reads the message image pixel data that message conversion module produces;
Step 3: obtain employed pixel format and coded system in time VNC connection procedure;
Step 4: then the message image converting unit message image pixel data that begins to read in the step 1 further is converted into employed pixel format and coded system in this VNC connection procedure;
Step 5: in conjunction with the data structure of desktop picture lastest imformation frame, pixel data adds normal image update information frame back in the message image rectangular area after message image pixel data adding device transforms step 4, after the VNC client is received this information frame like this, when drawing, himself terminal display can draw out the message window that transmits in the message channel simultaneously.
4. according to the method for building up of VNC concealed channel between the cloud management platform described in the claim 1 and virtual machine terminal use, it is characterized in that described message feedback receiver module realization flow may further comprise the steps:
Step 1: the code that finds service end reception client terminal user feedback data in VNC service end and the client communication process, in the QEMU module in the KVM framework, this part is arranged in the vnc_client_read function under the qemu-kvm/ui/vnc.c, adds code and carry out following steps in this function;
Step 2: judge whether to be in during the demonstration of concealed channel message, then the interactive information frame that time session connection sends over from client is worked as in intercepting in this way, otherwise is indicated as VNC service end and client original communication, and this moment, the message feedback module was not done operation bidirectional;
Step 3: according to the position of mouse action coordinate in the interactive information frame of intercepting and capturing judge this time operate the user at object, described object comprises path message or access system, if mouse action is in the rectangular area at message window place, then show user's mouse action to as if the message channel window;
Step 4: behind the interactive information frame of receiving at path message, the particular content of operating is sent to cloud service the program of the message conversion module on the node is provided, final content is mail to the original transmitting terminal of path message by message conversion module;
Step 5: this interactive information frame is changed to the image update information frame that upgrades rectangular area, current message window place, also namely produce the message region update event, updating message window place screen area is finished once mutual.
CN201310268539.0A 2013-06-28 2013-06-28 Method for establishing VNC hidden channel between cloud management platform and virtual machine terminal user Active CN103312814B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310268539.0A CN103312814B (en) 2013-06-28 2013-06-28 Method for establishing VNC hidden channel between cloud management platform and virtual machine terminal user

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310268539.0A CN103312814B (en) 2013-06-28 2013-06-28 Method for establishing VNC hidden channel between cloud management platform and virtual machine terminal user

Publications (2)

Publication Number Publication Date
CN103312814A true CN103312814A (en) 2013-09-18
CN103312814B CN103312814B (en) 2016-03-30

Family

ID=49137592

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310268539.0A Active CN103312814B (en) 2013-06-28 2013-06-28 Method for establishing VNC hidden channel between cloud management platform and virtual machine terminal user

Country Status (1)

Country Link
CN (1) CN103312814B (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105005716A (en) * 2015-06-16 2015-10-28 中国科学院计算技术研究所 Remote payment system and remote payment method of application program
CN107283423A (en) * 2016-04-11 2017-10-24 凌华科技股份有限公司 Intelligent Test Robot System
CN107291409A (en) * 2017-05-10 2017-10-24 北京西会科技有限公司 A kind of online desktop sharing method, system
CN107589979A (en) * 2017-09-26 2018-01-16 新华三云计算技术有限公司 A kind of terminal screenshot method and device based on virtual desktop
CN107888430A (en) * 2017-12-15 2018-04-06 新华三云计算技术有限公司 Virtual Machine Manager operates synchronous method and device
CN108628716A (en) * 2017-03-21 2018-10-09 腾讯科技(深圳)有限公司 Information receives guard system, method and device
CN109660581A (en) * 2017-10-11 2019-04-19 阿里巴巴集团控股有限公司 Physical machine management method and device, system
CN110780880A (en) * 2019-10-30 2020-02-11 上海信耀电子有限公司 Method for implementing embedded remote client
CN113438257A (en) * 2021-08-26 2021-09-24 网御安全技术(深圳)有限公司 Time-based hidden channel feature acquisition method, system, equipment and storage medium
CN114021054A (en) * 2021-10-21 2022-02-08 山东浪潮工业互联网产业股份有限公司 Operation and maintenance management method based on kvm combined industrial internet mode
CN115580460A (en) * 2022-09-28 2023-01-06 深信服科技股份有限公司 A communication method, device, electronic equipment and computer storage medium
CN119052239A (en) * 2024-08-22 2024-11-29 普利菲克(深圳)信息技术有限公司 Cloud platform server communication channel construction method and device and server
CN120196447A (en) * 2025-05-20 2025-06-24 湖南源科创新科技有限公司 High-efficiency image processing task scheduling method and intelligent collaborative computing platform

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102035849A (en) * 2010-12-23 2011-04-27 华为技术有限公司 Method, equipment and system for realizing resource management in cloud computing
JP2013020425A (en) * 2011-07-11 2013-01-31 Hitachi Solutions Ltd Hardware and software cooperative verification method using open source software
CN102937911A (en) * 2011-08-16 2013-02-20 中兴通讯股份有限公司 Management method and system for virtual machine sources

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102035849A (en) * 2010-12-23 2011-04-27 华为技术有限公司 Method, equipment and system for realizing resource management in cloud computing
JP2013020425A (en) * 2011-07-11 2013-01-31 Hitachi Solutions Ltd Hardware and software cooperative verification method using open source software
CN102937911A (en) * 2011-08-16 2013-02-20 中兴通讯股份有限公司 Management method and system for virtual machine sources

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
徐燕雯: "《中国优秀硕士学位论文全文数据库》", 30 November 2012, article "基于KVM的桌面虚拟化架构设计与实现", pages: 138-146 *
董青: "《中国优秀硕士学位论文全文数据库》", 15 December 2011, article "基于虚拟化的桌面融合技术" *

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105005716B (en) * 2015-06-16 2018-01-09 中国科学院计算技术研究所 A kind of application program remote delivery system and long-range delivery method
CN105005716A (en) * 2015-06-16 2015-10-28 中国科学院计算技术研究所 Remote payment system and remote payment method of application program
CN107283423A (en) * 2016-04-11 2017-10-24 凌华科技股份有限公司 Intelligent Test Robot System
CN108628716A (en) * 2017-03-21 2018-10-09 腾讯科技(深圳)有限公司 Information receives guard system, method and device
CN108628716B (en) * 2017-03-21 2020-12-25 腾讯科技(深圳)有限公司 Information receiving and managing system, method and device
CN107291409B (en) * 2017-05-10 2020-06-19 北京西会科技有限公司 Online desktop sharing method and system
CN107291409A (en) * 2017-05-10 2017-10-24 北京西会科技有限公司 A kind of online desktop sharing method, system
CN107589979A (en) * 2017-09-26 2018-01-16 新华三云计算技术有限公司 A kind of terminal screenshot method and device based on virtual desktop
CN107589979B (en) * 2017-09-26 2020-12-04 新华三云计算技术有限公司 A kind of terminal screenshot method and device based on virtual desktop
CN109660581A (en) * 2017-10-11 2019-04-19 阿里巴巴集团控股有限公司 Physical machine management method and device, system
CN107888430A (en) * 2017-12-15 2018-04-06 新华三云计算技术有限公司 Virtual Machine Manager operates synchronous method and device
CN107888430B (en) * 2017-12-15 2020-01-14 新华三云计算技术有限公司 Virtual machine management operation synchronization method and device
CN110780880A (en) * 2019-10-30 2020-02-11 上海信耀电子有限公司 Method for implementing embedded remote client
CN113438257A (en) * 2021-08-26 2021-09-24 网御安全技术(深圳)有限公司 Time-based hidden channel feature acquisition method, system, equipment and storage medium
CN113438257B (en) * 2021-08-26 2021-11-12 网御安全技术(深圳)有限公司 Time-based hidden channel feature acquisition method, system, equipment and storage medium
CN114021054A (en) * 2021-10-21 2022-02-08 山东浪潮工业互联网产业股份有限公司 Operation and maintenance management method based on kvm combined industrial internet mode
CN115580460A (en) * 2022-09-28 2023-01-06 深信服科技股份有限公司 A communication method, device, electronic equipment and computer storage medium
CN119052239A (en) * 2024-08-22 2024-11-29 普利菲克(深圳)信息技术有限公司 Cloud platform server communication channel construction method and device and server
CN119052239B (en) * 2024-08-22 2025-06-10 上海德龙达实业有限责任公司 Cloud platform server communication channel construction method and device and server
CN120196447A (en) * 2025-05-20 2025-06-24 湖南源科创新科技有限公司 High-efficiency image processing task scheduling method and intelligent collaborative computing platform

Also Published As

Publication number Publication date
CN103312814B (en) 2016-03-30

Similar Documents

Publication Publication Date Title
CN103312814B (en) Method for establishing VNC hidden channel between cloud management platform and virtual machine terminal user
CN106527892B (en) Screen capturing method and system of electronic equipment
US8117275B2 (en) Media fusion remote access system
CN103067259B (en) Method and device used for sending and display and execution of special message instructions and based on instant messaging
CN108897507B (en) Whiteboard synchronous display method and system based on android intelligent classroom
CN105637472B (en) Framework for screen content sharing system with generalized screen descriptions
US20090257730A1 (en) Video server, video client device and video processing method thereof
KR20080111450A (en) Efficient encoding of alternative graphic sets
CN102662618B (en) Image processing method in remote assistance process and device
CN106657071B (en) Electronic contest game keyboard and mouse device applied to cloud game and using method thereof
CN105338318A (en) Monitoring system and remote control method thereof
CN103838375B (en) Terminal input method and terminal
WO2016202102A1 (en) Message transmission method and device
CN103513858A (en) Remote assistance method and device
CN105550934A (en) System and method for pushing WeChat soft advertisement in virtual reality
CN104375795A (en) Electric power information communication scheduling visualization processing system based on man-machine interaction
CN113617020B (en) Game control method, device, storage medium, server and terminal
CN107643930A (en) Using operation method and Cloud Server
CN108958868A (en) The method, apparatus and computer readable storage medium of display interface
CN102413139A (en) Method and system for remotely inputting characters
CN109523221A (en) Different working flow using netted visualization painting canvas is integrated
CN111913711A (en) Video rendering method and device
CN112035210B (en) Method, device, apparatus and medium for outputting color information
CN104462220B (en) Web page screen-cutting and coding and transmission method and device
CN102387118B (en) A kind of data output method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20200108

Address after: 528437 Zhongshan, Guangdong Torch Development Zone, 6 Xiang Hao Road, South Korea, 11 tower, 1119 cards.

Patentee after: Zhongshan Cybertech Technology Co., Ltd.

Address before: 430072 Hubei Province, Wuhan city Wuchang District of Wuhan University Luojiashan

Patentee before: WuHan University