Abstract:
Aiming at the principles how rootkit malicious softwares hided files by hooking SystemServiceDispatchTable and utilizing inline function pacthing, this paper presents a method of integrity detection and restoration based on kernel file, which is proved to ensure the integrity of outcome of querying file.
Key words:
rootkit,
SSDT hook,
inline function patching,
integrity restore
摘要: 针对rootkit恶意软件挂钩SystemServiceDispatchTable和使用内联函数补丁进行隐藏文件的原理,提出基于内核文件的完整性检测和恢复方法,结果证明了其能够确保系统获取文件等敏感信息的完整性。
关键词:
rootkit软件,
SSDT截持,
内联函数补丁,
完整性恢复
CLC Number:
WU Kun-hong; LE Hong-yan. Anti-rootkit Technology of Kernel Integrity Detection and Restoration[J]. Computer Engineering, 2008, 34(21): 129-131.
吴坤鸿;乐宏彦. 反rootkit的内核完整性检测与恢复技术[J]. 计算机工程, 2008, 34(21): 129-131.