摘要
基于SDK平台,采用内核检测技术,设计开发了一种监视注册表值的变化;检测病毒、木马等恶意软件隐藏的文件、进程及内核模块等主要功能的新型的系统安全检测软件。通过进程端口映射查找系统打开的端口信息有效地查找木马及NTFS流文件中的流病毒;通过查看BHO、LSP防止浏览器和网络被劫持;通过查看HOOK的SSDT及SSDT Shadow恢复被修改的内容。经实际系统测试与比较表明,系统能有效地保障系统软件的安全。
Based on the SDK platform, by adopting kernel inspection technology, this paper designs and develops a new system security detection software for monitoring changes of registry value and detecting files, processes ahd kernel modules hidden by malicious software like virus and cockhorse. Port messages opened by the system are found by means of process port mapping for effective search of stream virus in cockhorse and NTFS stream files. BHO and I_SP are examined to prevent hijacking of browsers and networks. HOOK's SSDT and SSDT Shadow are checked to recover modified items. Actual system tests and comparison indicate that this system can effectively guarantee the safety of the system software.
出处
《电气自动化》
2015年第5期27-29,88,共4页
Electrical Automation
基金
国家自然科学基金(60971297)
定西师范高等专科学校校级项目基金(13JJ9022)资助
关键词
SDK平台
安全检测
设计
实现
系统服务描述表
输入输出请求包
根权限工具
SDK platform
security detection
design
implementation
system service descriptor table (SSDT)
I/O request packet ( IRP )
rootkit