| Windows主机键盘记录技术对比分析 |
| |
| 引用本文: | 刘望桐,罗森林.Windows主机键盘记录技术对比分析[J].信息网络安全,2014(6):43-47. |
| |
| 作者姓名: | 刘望桐 罗森林 |
| |
| 作者单位: | 北京理工大学信息系统及安全对抗实验中心,北京100081 |
| |
| 基金项目: | 国家242计划项目[2005C48]、北京理工大学科技创新计划重大项目[2011CX01015] |
| |
| 摘 要: | 键盘记录技术是最为基础的用户信息窃取技术,也是计算机恶意代码最常使用的技术,在计算机安全检测领域有着重要的意义。文章简述了Windows系统下的键盘信息处理机制,并在此基础上分析总结了基于函数截获的消息HOOK、内核函数HOOK、基于键盘状态检测的应用层键盘扫描、主动轮询这4种典型的键盘记录技术,并通过实验测试了这4种键盘记录技术的查全率、隐蔽性和抗干扰性。实验结果表明,目前主流的4种键盘记录技术查全率均能达到100%,但隐蔽性不足,无法避免主流安全软件的查杀,同时除键盘轮询外其余键盘记录技术不能抵抗主流的防密码窃取机制的干扰。
|
| 关 键 词: | 键盘记录 HOOK 中断响应 |
Keyboard Monitoring Technology Research based on Windows |
| |
| LIU Wang-tong,LUO Sen-lin.Keyboard Monitoring Technology Research based on Windows[J].Netinfo Security,2014(6):43-47. |
| |
| Authors: | LIU Wang-tong LUO Sen-lin |
| |
| Affiliation: | (Information System and Security & Countermeasures Experimental Center, Beijing Institute of Technology, Beijing 100081, China) |
| |
| Abstract: | Keylogger is the most basic computer monitoring technology and is widely used by malicious code, it has important signiifcance in the ifeld of computer security testing. This paper describes the keyboard information processing mechanism on Windows systems, analyzes and summarizes the four kinds of typical keylogger technology:messages HOOK, kernel function HOOK based on function intercept and keyboard scanning, active polling based on keyboard state detection. The experimental results show that the recall of the four kinds of mainstream keylogger technology can reach 100%. But these four keylogger technology lack of imperceptibility, cannot avoided searching and killing of mainstream security software. While in addition to polling the keyboard, the rest kinds of keylogger technology can’t resist the interference of mainstream anti-theft mechanisms. |
| |
| Keywords: | keylogger HOOK interrupt response |
| 本文献已被 CNKI 维普 等数据库收录! |
