首页 | 本学科首页   官方微博 | 高级检索  
     

驱动模式的Windows进程合法性验证
引用本文:钱涛,郑扣根.驱动模式的Windows进程合法性验证[J].计算机应用,2009,29(12):3398-3399.
作者姓名:钱涛  郑扣根
作者单位:1. 浙江大学计算机科学与技术系2. 浙江大学 计算机科学与技术系
摘    要:为了避免Windows平台上的恶意进程破坏系统资源,提出了通过拦截Windows进程的创建过程,并检查进程执行文件的路径来验证进程是否合法的方法。该方法以软件驱动的方式运行在系统内核态,并结合使用路径树模型来提高进程合法性验证的效率。通过该方法可以有效地拦截进程的创建过程,并验证进程执行文件路径的合法性。系统从而能够在恶意进程完成创建之前,杀死恶意进程,避免系统资源遭受破坏。

关 键 词:进程合法性验证    进程创建过程    内核态    路径树
收稿时间:2009-06-25
修稿时间:2009-08-06

Validation of processes via Windows kernel mode driver
Abstract:In order to prevent malignant processes on Windows platform from destroying system resources, a validation technique via kernel mode driver was presented. This validation hooked the creation of processes and got their execution file paths, then checked whether the processes were legal. The validation procedure ran in Windows kernel mode and utilized a data structure named path-tree to speed up the validation. By this method, malignant processes can be terminated before their accomplishment of creation, so as to avoid causing damages to system resources.
Keywords:process validation                                                                                                                        process creation                                                                                                                        kernel mode                                                                                                                        path-tree
本文献已被 万方数据 等数据库收录!
点击此处可从《计算机应用》浏览原始摘要信息
点击此处可从《计算机应用》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号