| 基于调用门的进程隐藏技术 |
| |
| 引用本文: | 龚友,范明钰,王光卫.基于调用门的进程隐藏技术[J].计算机应用,2009,29(Z1). |
| |
| 作者姓名: | 龚友 范明钰 王光卫 |
| |
| 作者单位: | 电子科技大学,计算机科学与工程学院,成都,610054 |
| |
| 基金项目: | 国家自然科学基金资助项目(60272091;60373109);;国家863计划项目(2009AA012403) |
| |
| 摘 要: | Rootkit是黑客入侵系统后保留后门常用的一项技术,而Rootkit的过人之处就在于它的隐形技术。论文主要介绍了目前Windows下常见的进程隐藏方法,并分析了现有方法的局限性,提出一种新的方法,该方法通过调用门的方式来修改进程链表和进程的访问令牌,从而达到进程隐藏和提升进程权限的目的,该攻击方法隐蔽性更强,能有效对抗常规的安全检测技术。最后用实验证明了此方法的有效性。
|
| 关 键 词: | Rootkit 进程隐藏 访问令牌 调用门 |
Hidden process technology based on call gate |
| |
| GONG You,FAN Ming-yu,WANG Guang-wei.Hidden process technology based on call gate[J].journal of Computer Applications,2009,29(Z1). |
| |
| Authors: | GONG You FAN Ming-yu WANG Guang-wei |
| |
| Affiliation: | Institute of Computer Science and Engineering;University of Electronic Science and Technology of China;Chengdu Sichuan 610054;China |
| |
| Abstract: | Rootkit is a common technology used by hackers to keep backdoors on the compromised system.While its strong suit lies in its stealth technology.In this paper,the normal methods of hidden process in Windows was induced,and their limitations were analyzed.Then a new method was proposed.This method can modify the process list and process access token,so as to complete process hidden and upgrade the level of the process permission.This method is more concealed,so it can confront normal hidden process detection ... |
| |
| Keywords: | Rootkit hidden process process token call gate |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
