中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 软件所图书馆  > 期刊论文
Title:
一种通用的Shadow SSDT原始地址获取新方式
Alternative Title: A NOVEL AND GENERAL METHOD ON ACQUIRING ORIGINAL ADDRESSES OF SHADOW SSDT
Author: 霍亮 ; 马恒太 ; 张楠
Keyword: Shadow SSDT ; win32k.sys ; Shadow SSDT钩子 ; Shadow SSDT恢复 ; Shadow SSDT ; win32k.sys ; Shadow SSDT hook ; Shadow SSDT recovery
Source: 计算机应用与软件
Issued Date: 2014
Volume: 31, Issue:6, Pages:66-68,119
Indexed Type: CSCD
Department: 中国科学院软件研究所天基综合信息系统重点实验室 北京100190;中国科学院大学 北京100190 中国科学院软件研究所天基综合信息系统重点实验室 北京100190
Abstract: 挂钩恢复是一项重要的安全技术.对Shadow系统服务描述表(SSDT)挂钩检测以及恢复方法进行分析,传统方法中的原始地址获取方式不仅存在Windows操作系统版本兼容性问题,而且代码逻辑复杂.针对该问题,提出一种通用算法,对ShadowSSDT原始地址获取方法进行改进,并设计了基址重定位方法,减少了代码量,有效提高了稳定性和兼容性.
English Abstract: Hook recovery is one of the important security technologies. We analyse the detection of Shadow system service description table (SSDT) hook and its recovery. In traditional way of original addresses acquisition there are the problems of compatibility in regard to Windows operating system versions and of the complex code logic. In light of this issue,we present a general algorithm,which improves the acquisition means of Shadow SSDT original addresses, and design the base address relocating approach, which reduces the amount of code. They efficiently enhance the stability and compatibility.
Language: 中文
Citation statistics:
Content Type: 期刊论文
URI: http://ir.iscas.ac.cn/handle/311060/16741
Appears in Collections:软件所图书馆_期刊论文

Files in This Item:

There are no files associated with this item.


Recommended Citation:
霍亮,马恒太,张楠. 一种通用的Shadow SSDT原始地址获取新方式[J]. 计算机应用与软件,2014-01-01,31(6):66-68,119.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[霍亮]'s Articles
[马恒太]'s Articles
[张楠]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[霍亮]‘s Articles
[马恒太]‘s Articles
[张楠]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2021  中国科学院软件研究所 - Feedback
Powered by CSpace