Windows操作系统的信息监控方法研究

Research on Information Monitoring Methods Based on Windows Operating System

随着计算机网络技术的发展,安全问题日益受到人们的重视。计算机信息安全可分为网络安全和主机安全两大类。长期以来人们很重视网络安全而忽视主机安全,随着信息安全技术的发展,主机安全问题也越来越受到重视。主要从工程实现角度研究了几种基于Windows操作系统的本地监控信息方法。依据分层的Windows软件系统,顺次分析了基于应用层Windows窗口消息的hook方法,基于应用层Win32函数的Detour方法和基于内核层的Dilter Driver方法。

With the development of computer network technology, people are increasingly concerned about the security problems. Computer information security can be divided into two major categories: network security and host security. For a long time people attach great importance to network security and neglect that of host security. With the development of information security technology, host security problems are considered more and mo re important. Mainly from the engineering point of view, studies are made about several local methods of monitoring information based on windows operating system based. According to the stratified Windows software system, sequential analysis are made about the hook method based on the application layer windows message, the detour methods based on the application layer win32 function ,and the filter driver methods based on the core layer.