• • 上一篇    下一篇

基于 Windows API 调用机制的 Rootkit检测系统的设计与研究

袁宇恒%黄耿星%龚征   

  • 出版日期:2014-11-15
  • 基金资助:
    国家自然科学基金[61100201,61300204];广东省自然科学基金[S2012040006711];广东省高等学校优秀青年教师培养计划资助项目[Yq2013051];广州市珠江科技新星专项(2014J2200006)

The Design and Research of Rootkit Detection System Based on Windows API

YUAN Yu-heng%HUANG Geng-xing%GONG Zheng   

  • Online:2014-11-15
  • About author:华南师范大学计算机学院,广东广州,510631

摘要: 从功能上来看,Rootkit 是指隐藏进程、网络端口、文件痕迹等的恶意软件,现已被广泛应用在黑客入侵和攻击他人的计算机系统上。许多计算机病毒、间谍软件也都常常使用Rootkit 潜伏在操作系统上伺机而动。如何有效地对 Rootkit 进行检测和防范成为应对木马入侵和僵尸网络的首要解决的关键问题。文章在以往的研究基础上,通过深入探讨 Windows 底层原理,开发了一个基于 Windows API 调用机制的 Rootkit 检测系统。在该系统的帮助下,用户不但可以深入查看操作系统的各类底层信息,还可以很方便地找出隐藏在计算机之中的病毒、木马并进行清理,从而更好地保护操作系统。该系统丰富了现今针对 Rootkit 检测的研究成果,对后续的研究具有一定的参考价值。

Abstract: Rootkit is referred to the malicious software that hides the traces of processes, network ports, files, etc. It is now widely used for the hacker intruding and attacking other peoples’ computer systems. Many computer viruses and spywares also use Rootkit to lurk in the operation system and watch for the proper moment for action. How to detect Rootkit efficiently becomes the key problem to counter these kinds of attacks. On the basis of previous works,this paper discusses the underlying principles of Windows, and developes a Rootkit detection system based on the WINDOWS API. With its help, the user can not only discover different kinds of hidden information of the operation system, but also easily find out the virus and Trojan which are running in the computer and clean them up. To a certain extent, this system enriches the research productions on Rootkit detection, and can offer reference for the follow-up studies.