摘要
Ghost还原系统已经被广泛应用于计算机的系统还原,该技术在使用方便的同时,也存在着安全隐患。文中首先介绍了Ghost映像文件的格式,并阐述其解析的过程和原理。然后在此基础上引出针对Ghost还原系统映像的木马隐蔽驻留技术,并剖析了所实现的Ghost映像文件穿越的命令行工具。该工具读取解析Ghost映像文件,然后往其中写入后门文件来实现木马的隐蔽驻留。最后提出了如何预防和检测利用该方法隐蔽驻留的木马,确保系统还原后的完整和安全。
Ghost reduction system is widely used in the computer system restoration, this technology is easy to use while contains certain safety hidden trouble. This paper first describes Ghost image file format, and tells of its analytical process and principles. And on this basis, this paper draws out the Trojan hiding and residence technology of the Ghost image reduction system, and analyzes the realization of command line tool which can penetrate the Ghost image file. This tool reads and analyzes Ghost image file, and then writes in the back door to their files, thus to realize the Trojan horse hiding and residence. This paper finally puts forth how to prevent and detect the hiding and residing Trojan by this method, and thus to ensure the integrity and safety of restored system.
出处
《信息安全与通信保密》
2012年第1期84-86,共3页
Information Security and Communications Privacy