摘要
研究了两种文件操作监控常用的API钩挂技术,通过实验指出IATHook技术的不稳定性,提出使用基于Inline Hook技术的Detours来解决explorer.exe错误。最后给出了文件操作监控方案的实现方法,并对Detours技术进行了详细阐述。经测实验证,该方案确实能有效实现文件的安全保护。
Two kinds of Hook API technologies commonly used by file operation monitoring were discussed.According to experiments,the instability of IAT Hook was pointed out,and it was suggested to use Detours technology which was based on Inline Hook to solve the problem of explorer.exe fault.In the end,the paper put forward an implementation method of the file operation monitoring and had a description of Detours.The test shows that the schema is indeed effective in achieving file security protection.
出处
《计算机应用》
CSCD
北大核心
2010年第A12期3423-3426,共4页
journal of Computer Applications
基金
西南交通大学信息编码与传输四川省重点实验室开放研究基金资助课题(2009-005)
