摘要
基于SDK平台,采用内核检测技术,设计开发了一种新型的系统安全检测软件。其主要功能包括系统服务程序监视及相关操作;监视注册表值的变化;检测病毒、木马等恶意软件隐藏的文件、进程及内核模块等;强制结束掉被保护的进程和删掉被保护的文件,并通过进程端口映射能够查找系统打开的端口信息及打开端口的进程;有效地查找木马及NTFS流文件中的流病毒;通过查看BHO(Browser Helper Objects)、LSP(Layer Service Provider),防止浏览器和网络被劫持;通过查看被HOOK的SSDT(System Service Descript Table)及SSDT Shadow(System Service Descript Table Shadow)恢复被修改的内容。经过实际系统测试与比较表明,该系统能有效地保障系统软件的安全。
In this paper, based on the SDK platform, USES the kernel detection technology, designed and developed a new type of system security detection software. Its main functions include system service routine surveillance and related operations; Monitor the registry value changes; Detect viruses, trojans and other malicious software hidden files, processes, and the kernel module, etc.;Forced to end off a protected process and delete protected files, and through the process of port mapping system that can find open port information and the process of opening ports; Effectively find the Trojan and NTFS file virus; By looking at the BHO(Browser Helper Objects), the LSP(Layer Service Provider), to prevent the Browser and the web is hijacked; By looking at the HOOK SSDT(System Service Descript the Table) and the SSDT Shadow(System Service Descript the Table Shadow) to restore the modified content. Through the actual system test and comparison show that the system can effectively guarantee the safety of the system software.
出处
《自动化与仪器仪表》
2015年第1期89-91 94,94,共4页
Automation & Instrumentation
关键词
系统服务描述表
根权限工具
输入输出请求包
System service description table
Root access tools
Input/output request packets
