In recent years, there has been a trend toward promoting digitization of information, so that image processing apparatuses such as a scanner which is used for digitization of documents, a fax machine, a printer which is used for outputting digitized information, etc., are becoming indispensable equipment units. These image processing apparatuses are often configured as multi-functional machines which are usable as a printer, a fax machine, a scanner, and a copier by including therein an imaging function, an image forming function, a communications function, etc.
Of such image processing apparatuses, in a printing apparatus which is used for outputting digitized documents, a printer is generally used which executes printing outputting based on a printing job generated in an information processing apparatus such as a PC (personal computer), etc. Then, as a software program which implements functions for generating the printing job to be input to the printer, a printer driver which corresponds to respective printer functions is generally installed in the information processing apparatus.
Then, in a related-art printer driver, a method is used for extending functions in a form called a plug-in while leaving a program of a main body that is already installed without re-installing an updated program (see Patent document 1, for example).
Here, FIG. 7 is a diagram illustrating a configuration of a printer driver 100 in general. As shown in FIG. 7, in the printer driver 100, which is divided into a core driver 110 and a plug-in 120, functions are implemented by calling the plug-in 120 from the core driver 110 side.
FIG. 8 is a diagram conceptually illustrating a process when the plug-in 120 is called from the core driver 110 side. As shown in FIG. 8, the plug-in 120 has a plug-in interface open to the public, so that the core driver 110 side uses the publicly-open interface to utilize the function of the plug-in 120.
FIG. 9 is a diagram illustrating an example of a publicly-open interface. The core driver 110 starts a plug-in process with an “OpenPlugin( )” command as shown in FIG. 9, and obtains from the plug-in 120 side an interface function table as shown in FIG. 10 with a “GetInterface( )” command. In this way, the core driver 110 may use an interface function which is described in the interface function table to operate the function of the plug-in 120. Subsequently, the plug-in process is completed with a “ClosePlugin( )” command.
As shown in FIG. 9, as an argument of the “GetInterface( )” command, the interface function table such as an “LPPLUGIN_IF_TBL table” is designated which is included in a DLL (Dynamic Link Library) file which makes up the plug-in 120. In this way, the core driver 110 may obtain the interface function as shown in FIG. 10 and utilize an interface of the plug-in 120 as shown in FIG. 11. FIG. 12 is a sequence diagram illustrating a process between the plug-in 120 side and the core driver 110 side in a series of operations as described above.
Commands such as “NeedJimon( )” and “NeedWatermark( )”, etc., that are shown in FIGS. 10 and 11 are commands related to drawing, and the interface function table shown in FIG.11 is used by a drawing unit 114. Moreover, of operations shown in FIG. 12, a process on the core driver 110 side is a process of the drawing unit 114.
Patent document
Patent Document 1 JP2008-97574A
In the configuration of the related-art plug-in as described above, the interface function table as shown in FIG. 10 is publicly open, so that there is a possibility of the plug-in being replaced with a malicious dummy DLL (Dynamic Link Library). FIG. 13, which is a diagram corresponding to FIG. 8, is a diagram which conceptually illustrates that a valid plug-in is replaced with the malicious dummy DLL.
As shown in FIG. 13, a file name of a DLL file which has the same interface function as a valid plug-in 120 and which is to be a plug-in thereof may be used, so that the valid plug-in may be taken over by a malicious plug-in. For example, when a security-related plug-in is taken over to be invalidated, security to be applied to a document is not applied, leading to a problem of leakage of information, etc.