| Windows环境木马进程隐藏技术研究 |
| |
| 引用本文: | 卢立蕾,文伟平.Windows环境木马进程隐藏技术研究[J].信息网络安全,2009(5):35-37. |
| |
| 作者姓名: | 卢立蕾 文伟平 |
| |
| 作者单位: | 北京大学软件与微电子学院信息安全系,北京,102600 |
| |
| 摘 要: | 本文介绍了在Windows环境下特洛伊木马常用的进程隐藏技术,结合实际,详细分析了利用系统服务方式、动态嵌入方式、SSDT Hook和DKOM技术实现进程隐藏的基本原理,对如何防御和检测木马具有一定的参考意义。
|
| 关 键 词: | 木马 进程 隐藏 系统服务 动态嵌入 SSDT Hook DKOM |
Research of Process Concealment Technology Used by Trojan Horse in Windows Environment |
| |
| LU Li-lei,WEN Wei-ping.Research of Process Concealment Technology Used by Trojan Horse in Windows Environment[J].Netinfo Security,2009(5):35-37. |
| |
| Authors: | LU Li-lei WEN Wei-ping |
| |
| Affiliation: | (Department of Information Security, SSM, Peking University, Beijing 102600, China) |
| |
| Abstract: | The paper introduces the common process concealment technologies used by the Trojan horse in the Windows environment. The technologies such as System Service, Dynamic Embedding, SSDT Hook and DKOM method are analyzed in detail on the basis of practice. This will give us some reference about how to defend and check Trojan horse. |
| |
| Keywords: | SSDTHook DKOM |
| 本文献已被 维普 万方数据 等数据库收录! |
