摘要
针对目前安全防护软件在抵抗采用ring0级内联挂钩技术的恶意软件威胁时所遇到的修复困难、后遗症多、稳定性差等问题,从Windows系统内核函数调用机制出发,探究了系统服务调度表的功能.采用挂钩系统服务调度表的方法,实现了恶意软件内联挂钩的间接解除.此技术建立在不直接修改被恶意软件内联挂钩的代码基础上,因而具有突出的安全性、有效性和稳定性.
In view of the problems that current security software encountered, such as difficulties to repair, many after-effects and poor stability, this paper explores the functions of the System Service Dispatch Table based on the Windows kernel function call mechanism, the method of SSDT-hook is used to unhook the inline-hook performed by malicious software indirectly. This technique does not modify the code that is inline-hooked by malicious software directly, so it has excellent performance with high safety, effective and stability.
出处
《重庆工学院学报(自然科学版)》
2009年第12期93-97,共5页
Journal of Chongqing Institute of Technology
基金
重庆市高等教育研究课题资助项目(0826075)
重庆理工大学大学生科研立项资助项目(JSJ11B)
