| 基于远程线程注入的进程隐藏技术研究 |
| |
| 引用本文: | 何志,范明钰,罗彬杰. 基于远程线程注入的进程隐藏技术研究[J]. 计算机应用, 2008, 28(Z1) |
| |
| 作者姓名: | 何志 范明钰 罗彬杰 |
| |
| 作者单位: | 1. 电子科技大学,计算机科学与工程学院,成都,610054
2. 西南财经大学,经济信息工程学院,成都,610074 |
| |
| 摘 要: | Windows系统平台下的进程隐藏方法中远程线程注入技术比较常见,但常规的远程线程注入技术难以避过安全检测技术的检测。针对于此,提出了基于APC机制的远程线程注入技术,通过利用APC机制实现新的攻击策略,以达到进程隐藏的目的。并在分析技术原理基础上,针对该技术改进了安全检测方案。在实际检测中该攻击方法隐蔽性更强,能有效对抗常规的安全检测技术。
|
| 关 键 词: | RootKit 进程隐藏 远程线程注入 APC机制 |
Research on remote-thread injection based hidden process technology |
| |
| HE Zhi,FAN Ming-yu,LUO Bin-jie. Research on remote-thread injection based hidden process technology[J]. Journal of Computer Applications, 2008, 28(Z1) |
| |
| Authors: | HE Zhi FAN Ming-yu LUO Bin-jie |
| |
| Affiliation: | HE Zhi1,FAN Ming-yu1,LUO Bin-jie2 (1.School of Computer Science , Engineering,University of Electronic Science , Technology of China,Chengdu Sichuan 610054,China,2.School of Economic Information Engineering,Southwestern University of Finance , Economics,Chengdu Sichuan 610074,China) |
| |
| Abstract: | The remote-thread injection technology is one normal method of hidden process in Windows,but it's hard to confront security detection technology.A new remote-thread injection technology was proposed based on APC mechanism.It made use of APC mechanism to realize a new attack strategy of hiding process.Finally the detection technology based on the principle of APC mechanism was improved.In fact this attack method is more concealed,so it can confront normal hidden process detection techniques. |
| |
| Keywords: | RootKit hidden process remote-thread injection APC mechanism |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
