| Windows服务隐藏技术研究与实现 |
| |
| 引用本文: | 曹磊,蔡皖东. Windows服务隐藏技术研究与实现[J]. 微电子学与计算机, 2011, 28(12): 10-13 |
| |
| 作者姓名: | 曹磊 蔡皖东 |
| |
| 作者单位: | 西北工业大学计算机学院,陕西西安,710072 |
| |
| 摘 要: | 恶意程序利用Windows服务可以实现自启动及部分隐藏功能,研究服务隐藏技术能够提高对此类恶意程序的检测能力.研究了Windows服务的启动过程及服务对象的内部数据结构,提出一种结合内存隐藏和注册表隐藏的多点联合隐藏方法,设计并实现了一个基于该方法的服务隐藏程序,在实验条件下测试了此方法的隐藏效果,分析了应对该类型服务隐藏技术的检测策略.实验证明该方法能够在不影响服务功能的前提下,有效隐藏服务,躲避各类检测工具.
|
| 关 键 词: | Windows服务 服务隐藏 内存信息隐藏 注册表项隐藏 |
Research and Implementation of Windows Service Concealing Technology |
| |
| CAO Lei,CAI Wan-Dong. Research and Implementation of Windows Service Concealing Technology[J]. Microelectronics & Computer, 2011, 28(12): 10-13 |
| |
| Authors: | CAO Lei CAI Wan-Dong |
| |
| Affiliation: | (College of Computer,Northwestern Polytechnical University,Xi′an 710072,China) |
| |
| Abstract: | Malware may use Windows services to achieve auto-starting and partial concealing.In order to improve the detecting ability to such kind of malware,it is necessary to research the services concealing technology.The boot process of Windows services and the inner data structure of service object are researched,and then a multi-point concealing method combining memory hidden and registry hidden is proposed.Design and realize a service concealing program based on the method,test the hidden effect of the method i... |
| |
| Keywords: | Windows service service concealing memory hidden registry hidden |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
