作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2009, Vol. 35 ›› Issue (21): 128-130. doi: 10.3969/j.issn.1000-3428.2009.21.042

• 安全技术 • 上一篇    下一篇

基于SSDT恢复的反恶意代码技术

陈 萌   

  1. (宁波工程学院电子与信息工程学院,宁波 315016)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2009-11-05 发布日期:2009-11-05

Anti-malicious Code Technology Based on SSDT Restoration

CHEN Meng   

  1. (College of Electronic and Information Engineering, Ningbo University of Technology, Ningbo 315016)
  • Received:1900-01-01 Revised:1900-01-01 Online:2009-11-05 Published:2009-11-05

摘要: 通过修改系统服务调度表(SSDT),恶意代码可以避免被杀毒软件或反恶意软件清除。针对SSDT挂钩技术,通过系统文件重定位,实现基于SSDT恢复的反恶意代码技术,阐述Ntoskrnl.exe文件的重装方法和Ntoskrnl.exe文件偏移比较法。实验结果证明,该技术能使恶意代码和木马程序失效,保障系统安全。

关键词: 系统服务调度表, 恶意软件, 系统内核, 挂钩

Abstract: By amending System Service Dispatch Table(SSDT), the malicious code can avoid being cleared by antivirus software or anti-malice software. Aiming at SDDT hook technology, this paper realizes an anti-malicious code technology based on SSDT restoration through system file relocation. It expatiates the method of resetting Ntoskrnl.exe files and the method of shifting comparison of Ntoskrnl.exe files. Experimental results show that this technology can invalidate malicious codes and Trojan programs and guarantee system security.

Key words: System Service Dispatch Table(SSDT), malicious software, system kernel, hook

中图分类号: