摘要: 通过修改系统服务调度表(SSDT),恶意代码可以避免被杀毒软件或反恶意软件清除。针对SSDT挂钩技术,通过系统文件重定位,实现基于SSDT恢复的反恶意代码技术,阐述Ntoskrnl.exe文件的重装方法和Ntoskrnl.exe文件偏移比较法。实验结果证明,该技术能使恶意代码和木马程序失效,保障系统安全。
关键词:
系统服务调度表,
恶意软件,
系统内核,
挂钩
Abstract: By amending System Service Dispatch Table(SSDT), the malicious code can avoid being cleared by antivirus software or anti-malice software. Aiming at SDDT hook technology, this paper realizes an anti-malicious code technology based on SSDT restoration through system file relocation. It expatiates the method of resetting Ntoskrnl.exe files and the method of shifting comparison of Ntoskrnl.exe files. Experimental results show that this technology can invalidate malicious codes and Trojan programs and guarantee system security.
Key words:
System Service Dispatch Table(SSDT),
malicious software,
system kernel,
hook
中图分类号:
陈 萌. 基于SSDT恢复的反恶意代码技术[J]. 计算机工程, 2009, 35(21): 128-130.
CHEN Meng. Anti-malicious Code Technology Based on SSDT Restoration[J]. Computer Engineering, 2009, 35(21): 128-130.