摘要
具有拦截行为的模块是非常危险的。为了侦测模块的此种行为,主动侦测模块拦截的对象,同时使用SEH技术跟踪记录程序执行的流程,并结合对内存直接搜寻所得的模块信息,对该执行流程进行分析,以确定用户空间下具有拦截行为的模块是一个有效的办法。XP系统下的测试表明,该方法能够有效地枚举相关程序所经历的模块,并根据相关信息发现具有拦截行为的模块,为进一步的安全措施提供依据。
A module that has intercepting behaviour is very dangerous. In order to probe such intercepting behaviour of a module,it is an effective way to identify such a module with the intercepting behaviour which is present in users’space by throwing active detection on the objects the module intercepting,and tracking and recording the program execution flow using SHE technology simultaneously; then with the help of module information scanned directly in the memory,analysing the recorded data of the flow. The text based on the XP system proves that this method can effectively enumerate all the modules experienced by related programs and find out the intercepting module according to corresponding information.
出处
《计算机应用与软件》
CSCD
2010年第12期112-114,共3页
Computer Applications and Software
基金
广东省自然科学基金项目(06023961)
