| 利用反钩挂技术侦测隐藏进程的攻击 |
| |
| 引用本文: | 朱若磊.利用反钩挂技术侦测隐藏进程的攻击[J].南昌大学学报(工科版),2008,30(4):1. |
| |
| 作者姓名: | 朱若磊 |
| |
| 作者单位: | 广东商学院信息学院; |
| |
| 基金项目: | 广东自然科学基金资助项目
|
| |
| 摘 要: | 为躲避查杀,先进的木马病毒都采用了进程隐藏技术来运行。通过分析可知,为了实现进程隐藏,实现对API函数的钩挂必不可少,因此,实现反API函数钩挂技术就成为了监测使用了隐藏技术木马的关键。在讨论了在用户空间内侦测各种API函数钩挂技术的关键技术的基础上,提出了可靠的枚举进
|
| 关 键 词: | 进程隐藏 木马病毒 API钩挂 |
Detection of Attack by Hidden Process Using Anti-hook Technology |
| |
| ZHU Ruo-lei.Detection of Attack by Hidden Process Using Anti-hook Technology[J].Journal of Nanchang University(Engineering & Technology Edition),2008,30(4):1. |
| |
| Authors: | ZHU Ruo-lei |
| |
| Abstract: | To avoid being scanned and killed,the advanced Trojan run under the system of hidden process.By analyzing these virus,the fact was known that,if you want to implement the hidden process,API hook is necessary.Therefore anti-hook has become the key technology of detecting Trojan using hidden process.The method of reliably enumerating modules in a progress and detecting the deep inline hook were put forward while the technology of detecting all kinds of HOOK in user-mode was discussed.The practice illustrates that using anti-hook technology can make scanning and killing Trojan easier by exposing the hidden information about these Trojans. |
| |
| Keywords: | Trojan hidden-process API HOOK |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《南昌大学学报(工科版)》浏览原始摘要信息 |
|
点击此处可从《南昌大学学报(工科版)》下载全文 |
|
