摘要
Windows系统平台下的进程隐藏方法中远程线程注入技术比较常见,但常规的远程线程注入技术难以避过安全检测技术的检测。针对于此,提出了基于APC机制的远程线程注入技术,通过利用APC机制实现新的攻击策略,以达到进程隐藏的目的。并在分析技术原理基础上,针对该技术改进了安全检测方案。在实际检测中该攻击方法隐蔽性更强,能有效对抗常规的安全检测技术。
The remote-thread injection technology is one normal method of hidden process in Windows, but it's hard to confront security detection technology. A new remote-thread injection technology was proposed based on APC mechanism. It made use of APC mechanism to realize a new attack strategy of hiding process. Finally the detection technology based on the principle of APC mechanism was improved. In fact this attack method is more concealed, so it can confront normal hidden process detection techniques.
出处
《计算机应用》
CSCD
北大核心
2008年第B06期92-94,共3页
journal of Computer Applications
