作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2008, Vol. 34 ›› Issue (21): 129-131. doi: 10.3969/j.issn.1000-3428.2008.21.047

• 安全技术 • 上一篇    下一篇

反rootkit的内核完整性检测与恢复技术

吴坤鸿,乐宏彦   

  1. (73630部队,福州 350002)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2008-11-05 发布日期:2008-11-05

Anti-rootkit Technology of Kernel Integrity Detection and Restoration

WU Kun-hong, LE Hong-yan   

  1. (73630 Unit, Fuzhou 350002)
  • Received:1900-01-01 Revised:1900-01-01 Online:2008-11-05 Published:2008-11-05

摘要: 针对rootkit恶意软件挂钩SystemServiceDispatchTable和使用内联函数补丁进行隐藏文件的原理,提出基于内核文件的完整性检测和恢复方法,结果证明了其能够确保系统获取文件等敏感信息的完整性。

关键词: rootkit软件, SSDT截持, 内联函数补丁, 完整性恢复

Abstract: Aiming at the principles how rootkit malicious softwares hided files by hooking SystemServiceDispatchTable and utilizing inline function pacthing, this paper presents a method of integrity detection and restoration based on kernel file, which is proved to ensure the integrity of outcome of querying file.

Key words: rootkit, SSDT hook, inline function patching, integrity restore

中图分类号: