摘要
Windows内核恶意代码是指能够通过改变Windows执行流程或者改变内核审计和簿记系统所依赖的数据结构等手段以达到隐藏自身,实现恶意功能的程序或程序集,对操作系统安全造成很大的危害。对近年来基于NT内核的微软Windows操作系统下恶意代码主要的隐藏实现技术(包括对进程函数、注册表函数、SSDT等的HOOK行为)进行了深入分析研究,提出了一些具有实用价值的恶意代码检测技术方案。实践表明文中提出的恶意代码分析检测技术在实际中具有积极的指导意义。
Malicious code in Windows kernel is a program or set of programs that an intruder uses to hide her presence and allow malicious actions on a computer system by altering the execution flow of the operating system or manipulating the data set that the operating system relies upon for auditing and bookkeeping, it does great harm to the safe of Windows operating system. Carries on the thorough analysis of main concealing techniques of malicious code ( include every hooking action on process functions, registry functions,SSDT and etc. ) in the Windows operation system based on NT kernel, which has been popular in recent years. Then it propses some schemes on how to detect the malicious code in Windows kernel, practice has showed that the schemes have very high practicality.
出处
《计算机技术与发展》
2008年第9期145-147,共3页
Computer Technology and Development
基金
江西省自然科学基金资助项目(0611009)
江西省教育厅支持项目(赣教技2006123)
华东交通大学校立科研基金资助项目(07JC03)
