| Windows Rootkit隐藏技术研究 |
| |
| 引用本文: | 杨彦,黄皓.Windows Rootkit隐藏技术研究[J].计算机工程,2008,34(12):152-153. |
| |
| 作者姓名: | 杨彦 黄皓 |
| |
| 作者单位: | 1. 南京大学计算机科学与技术系,南京,210093
2. 南京大学计算机科学与技术系,南京,210093;南京大学软件新技术国家重点实验室,南京,210093 |
| |
| 摘 要: | Rootkit是恶意软件用于隐藏自身及其他特定资源和活动的程序集合。该文分析和研究现有的针对Windows系统的代表性Rookit隐藏技术,将其总结为2类:通过修改系统内核对象数据实现隐藏和通过修改程序执行路径实现隐藏。说明并比较了相应的技术原理,展望了Rootkit隐藏技术未来的发展趋势。
|
| 关 键 词: | Windows Rootkit技术 Hook技术 系统内核 系统调用 中断描述符表 |
| 修稿时间: | |
Research on Concealment Technology of Windows Rootkit |
| |
| YANG Yan,HUANG Hao.Research on Concealment Technology of Windows Rootkit[J].Computer Engineering,2008,34(12):152-153. |
| |
| Authors: | YANG Yan HUANG Hao |
| |
| Affiliation: | (1. Dept. of Computer Science and Technology, Nanjing University, Nanjing 210093; 2. State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing 210093) |
| |
| Abstract: | Rootkit is a program set which malicious software uses to conceal itself and other specific resources and actions. This paper analyzes and researches on the concealment technologies which representative rootkits on Windows platform commonly use, and classifies them into two categories: modifying kernel object data structures and changing execution paths. The technical principles are described and compared in detail. The future development directions are discussed. |
| |
| Keywords: | |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
