期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

Windows服务隐藏技术研究与实现 被引量:1

Research and Implementation of Windows Service Concealing Technology
下载PDF
导出
摘要 恶意程序利用Windows服务可以实现自启动及部分隐藏功能,研究服务隐藏技术能够提高对此类恶意程序的检测能力.研究了Windows服务的启动过程及服务对象的内部数据结构,提出一种结合内存隐藏和注册表隐藏的多点联合隐藏方法,设计并实现了一个基于该方法的服务隐藏程序,在实验条件下测试了此方法的隐藏效果,分析了应对该类型服务隐藏技术的检测策略.实验证明该方法能够在不影响服务功能的前提下,有效隐藏服务,躲避各类检测工具. Malware may use Windows services to achieve auto-starting and partial concealing.In order to improve the detecting ability to such kind of malware,it is necessary to research the services concealing technology.The boot process of Windows services and the inner data structure of service object are researched,and then a multi-point concealing method combining memory hidden and registry hidden is proposed.Design and realize a service concealing program based on the method,test the hidden effect of the method in experimental conditions,analyze the detecting strategy dealing with this kinds of service concealing technology.The experiment proves that this method can hide service effectively with no influence on the service function,and evade kinds of detecting tools.
作者 曹磊 蔡皖东
机构地区 西北工业大学计算机学院
出处 《微电子学与计算机》 CSCD 北大核心 2011年第12期10-13,共4页 Microelectronics & Computer
关键词 WINDOWS服务 服务隐藏 内存信息隐藏 注册表项隐藏 Windows service service concealing memory hidden registry hidden
分类号 TP316 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献8

  • 1王玲.广告软件和间谍软件的危害与防治[J].微电子学与计算机,2004,21(9):107-110. 被引量:4
  • 2杨珂,房鼎益,陈晓江.间谍软件和反间谍软件的分析与研究[J].微电子学与计算机,2006,23(8):46-48. 被引量:3
  • 3Butler I. DKOM(Direet Kernel Object Manipulation) [-EB/OL]. [2011-05-15]. http://www, blaekhat, corn /presentations/win- usa - 04/bh- win - 04 - butler, pdf.
  • 4Mark E Russinovich, David A SolomorL Windows inter- nals 5th[M]. America: Microsoft Press, 2009: 300- 307.
  • 5Mark E Russinovich,David A. Solomon. Windows Internals 5th[M]. America.Microsoft Press,2009:269-276.
  • 6Linxer. XueTr [EB/OL]. [2011- 05- 10]. http:// www. xuetr, corn.
  • 7Pjf. IceSwordl. 22 中文版[B/OL]. [-2011-05-13]. http.//pjf, blogen, corn/diary, 9956289. shtml.
  • 8Rutkowski J K. Thoughts about cross-view based root- kit detection[EB/OL ]-2011 - 05 - 141. http://www. invisiblethings, ort/papers/crossview _ detection_ thoughts. pdf.

二级参考文献17

  • 1王玲.广告软件和间谍软件的危害与防治[J].微电子学与计算机,2004,21(9):107-110. 被引量:4
  • 2Kevin Townsend. Spyware, Adware, and Peer-to-Peer Networks: The Hidden Threat to Corporate Security. http://www.pestpatrol.com/Whitepapers, 2003.
  • 3David Stang. Internet Intruders: Spyware, Adware, Hijackers and Other Pests. http://www.pestpatrol.com/Support/About/About_Spyware.asp, 2002.
  • 4Pestpatrol. Pests by Category Over Time. http://pestpatrol.com/News_Media/Stats/Category_time.asp, 2004.
  • 5Anthony Luscre. Advisory on Malware, Spyware & Adware.http://www.mogadore.summit.k 12.oh.us/ehelp/malware_spyware_adware.pdf.
  • 6Gain Publishing, Privacy Statement. http://www.gain-publising.com/help/psdocs/kmd/privacy-help51.html.
  • 7Sharnan Networks. Kazaa Media Desktop End User License Agreement. http://www.kazaa.com/us/terms.htm.
  • 8Download.com. Download.com Review of iMesh. http://download.com.com/3000-2166-10035331.html/part =imesh &subj =dlpage&tag=button, 2003.
  • 9Lime Wire LLC. Limewire Basic is Funded by Advertising Revenue. http://www.limewire.com/english/content/downloadfree.shtml.
  • 10David Stang. Beyond Viruses: Why Anti-Virus Software is No Longer Enough. http://www.pestpatrol.com/Whitepapers/BeyondViruses 0302.asp, 2002.

共引文献5

同被引文献8

引证文献1

二级引证文献1

微电子学与计算机
2011年 第12期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部