| 内核脱钩技术在检测rootkit木马信息隐藏中的应用 |
| |
| 引用本文: | 吴坤鸿,舒辉,董卫宇.内核脱钩技术在检测rootkit木马信息隐藏中的应用[J].计算机工程与设计,2008,29(14). |
| |
| 作者姓名: | 吴坤鸿 舒辉 董卫宇 |
| |
| 作者单位: | 信息工程大学信息工程学院,河南郑州,450002 |
| |
| 摘 要: | 简要讨论了Windows内核系统服务调用机制,分析了基于rootkit技术的木马通过内核态挂钩SystemServiceDispatch-Table隐藏各种敏感信息的一般原理.在检测SystemServiceDispatchTable挂钩隐藏注册表键值的基础上,提出两种内核检测脱钩方法,实现了对rootkit挂钩的有效检测与脱钩,确保了系统荻取注册表等敏感信息的完整性.
|
| 关 键 词: | 系统调用 内核挂钩 信息隐藏 内核检测 内核脱钩 |
Application of kernel unhooking in detecting information hiding of rootkit trojan |
| |
| WU Kun-hong,SHU Hui,DONG Wei-yu.Application of kernel unhooking in detecting information hiding of rootkit trojan[J].Computer Engineering and Design,2008,29(14). |
| |
| Authors: | WU Kun-hong SHU Hui DONG Wei-yu |
| |
| Affiliation: | WU Kun-hong,SHU Hui,DONG Wei-yu(College of Information Engineering,Information Engineering University,Zhengzhou 450002,China) |
| |
| Abstract: | The mechanism of Windows kernel system services call is briefly discussed,and then made an analysis on universal principles of hiding various sensitive information by hooking SystemServiceDispatchTable of trojan based on rootkit technology on the kernel level.On the foundation of detecting registry hiding by kernel hooking,two kernel detecting-unhooking methods which are able to detecte and unhook rootkit hooking is presented,and the query outcome integrity of sensitive information such as system registry i... |
| |
| Keywords: | kernel call kernel hooking information hiding kernel detecting kernel unhooking |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
