探讨动态链接库(DLL)的后门及防御方法

Introduction to Back Door and Defensive Method of DLL

随着计算机及网络技术的迅猛发展,后门对信息安全的威胁日益增加。后门的编写者调整思路把目光放到了动态链接程序库上,这样就不会有进程,不开端口等特点,也就实现了进程、端口的隐藏,所以基于DLL后门的防治和信息安全问题已成为一个值得关注的研究对象。文中介绍了该种木马程序的工作原理和功能的实现,描述了主要的API函数,并且总结了一些查杀DLL木马的方法。

With the computer and network technology,the rapid development of the back door of the increasing threats to information security.The authors adjusted the back door to look into the idea of a dynamic link library,so that there can be no process,no open ports etc.,thus achieving a process,the port hidden,so the back door DLL-based prevention and information security problems has become a more important object of study worthy of attention.This article describes the types of Trojan horse program works and realization of the function,describing the main API functions,and summarizes a number of DLL Trojans killing methods.