Institutional Repository
| 一种通用的Shadow SSDT原始地址获取新方式 | |
| Alternative Title | A NOVEL AND GENERAL METHOD ON ACQUIRING ORIGINAL ADDRESSES OF SHADOW SSDT |
| 霍亮; 马恒太; 张楠 | |
| 2014 | |
| Source | 计算机应用与软件
 |
| ISSN | 1000-386X |
| Volume | 31Issue:6Pages:66-68,119 |
| English Abstract | 挂钩恢复是一项重要的安全技术.对Shadow系统服务描述表(SSDT)挂钩检测以及恢复方法进行分析,传统方法中的原始地址获取方式不仅存在Windows操作系统版本兼容性问题,而且代码逻辑复杂.针对该问题,提出一种通用算法,对ShadowSSDT原始地址获取方法进行改进,并设计了基址重定位方法,减少了代码量,有效提高了稳定性和兼容性. |
| Indexed Type | CSCD |
| Abstract | Hook recovery is one of the important security technologies. We analyse the detection of Shadow system service description table (SSDT) hook and its recovery. In traditional way of original addresses acquisition there are the problems of compatibility in regard to Windows operating system versions and of the complex code logic. In light of this issue,we present a general algorithm,which improves the acquisition means of Shadow SSDT original addresses, and design the base address relocating approach, which reduces the amount of code. They efficiently enhance the stability and compatibility. |
| Keyword | Shadow Ssdt Win32k.sys Shadow Ssdt钩子 Shadow Ssdt恢复 Shadow Ssdt Win32k.sys Shadow Ssdt Hook Shadow Ssdt Recovery |
| Department | 中国科学院软件研究所天基综合信息系统重点实验室 北京100190;中国科学院大学 北京100190 中国科学院软件研究所天基综合信息系统重点实验室 北京100190 |
| Language | 中文 |
| CSCD ID | CSCD:5157222 |
| Content Type | 期刊论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/16741 |
| Collection | 中国科学院软件研究所 |
| Recommended Citation GB/T 7714 | 霍亮,马恒太,张楠. 一种通用的Shadow SSDT原始地址获取新方式[J]. 计算机应用与软件,2014,31(6):66-68,119. |
| APA | 霍亮,马恒太,&张楠.(2014).一种通用的Shadow SSDT原始地址获取新方式.计算机应用与软件,31(6),66-68,119. |
| MLA | 霍亮,et al."一种通用的Shadow SSDT原始地址获取新方式".计算机应用与软件 31.6(2014):66-68,119. |
| Files in This Item: | There are no files associated with this item. | |||||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment