| 利用核心态钩挂技术防止代码注入攻击 |
| |
| 引用本文: | 朱若磊. 利用核心态钩挂技术防止代码注入攻击[J]. 计算机应用, 2006, 26(9): 2134-2136 |
| |
| 作者姓名: | 朱若磊 |
| |
| 作者单位: | 广东商学院,信息学院,广东,广州,510320 |
| |
| 摘 要: | 为防止代码注入攻击,利用钩挂技术来监视有关的API函数调用十分必要。由于Windows NT系统中存在着严格的进程隔离机制,此种钩挂要在核心态下才有效。提出并讨论了实现此种技术的一种简便的方法。实践表明,在Windows XP系统条件下,利用它能够成功阻止木马利用代码注入实现攻击。
|
| 关 键 词: | 代码注入 钩挂 核心态 |
| 文章编号: | 1001-9081(2006)09-2134-3 |
| 收稿时间: | 2006-03-16 |
| 修稿时间: | 2006-03-162006-05-29 |
Preventing code injection attack with hook in kernel mode |
| |
| ZHU Ruo-lei. Preventing code injection attack with hook in kernel mode[J]. Journal of Computer Applications, 2006, 26(9): 2134-2136 |
| |
| Authors: | ZHU Ruo-lei |
| |
| Affiliation: | School of Information Science and Technology, Guangdong University of Business Studies, Guangzhou Guangdong 510320, China |
| |
| Abstract: | To prevent code injection attack,it is necessary to monitor involved API(Application Programming Interface) by hooking them.Because there exists rigid process isolation in Windows NT,hooking these APIs must be done in kernel mode.A relatively simple way to do this was introduced.It is proved that in Windows XP the way to hook API in kernel mode can efficiently prevent code injection attack. |
| |
| Keywords: | eode injection hook kernel mode |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
|
