计算机工程与设计
計算機工程與設計
계산궤공정여설계
COMPUTER ENGINEERING AND DESIGN
2014年
7期
2325-2329
,共5页
多进程守护病毒%系统服务描述表%挂接SwapContext%HOOK技术%进程隐藏
多進程守護病毒%繫統服務描述錶%掛接SwapContext%HOOK技術%進程隱藏
다진정수호병독%계통복무묘술표%괘접SwapContext%HOOK기술%진정은장
multi-process protected virus%system services descriptor table%hook SwapContext%HOOK technology%hidden process
针对Windows任务管理器不能显示系统内部隐藏进程和不具有结束多进程守护病毒的能力问题,设计并实现了一个进程管理系统。系统应用基于HOOK技术检测隐藏进程的方法,继承了挂钩系统服务描述表和挂接SwapContext两种检测隐藏进程方法的优点,克服了前者可靠性不强、后者效率不高的缺点。通过截获TerminateProcess函数,转向自定义函数MyTerminateProcessList,实现同时结束多个进程的功能,弥补了任务管理器的不足。实验结果表明,该系统能够有效地检测到隐藏系统内部的进程,同时具有便捷性、高效性、占有系统资源少等特点。
針對Windows任務管理器不能顯示繫統內部隱藏進程和不具有結束多進程守護病毒的能力問題,設計併實現瞭一箇進程管理繫統。繫統應用基于HOOK技術檢測隱藏進程的方法,繼承瞭掛鉤繫統服務描述錶和掛接SwapContext兩種檢測隱藏進程方法的優點,剋服瞭前者可靠性不彊、後者效率不高的缺點。通過截穫TerminateProcess函數,轉嚮自定義函數MyTerminateProcessList,實現同時結束多箇進程的功能,瀰補瞭任務管理器的不足。實驗結果錶明,該繫統能夠有效地檢測到隱藏繫統內部的進程,同時具有便捷性、高效性、佔有繫統資源少等特點。
침대Windows임무관리기불능현시계통내부은장진정화불구유결속다진정수호병독적능력문제,설계병실현료일개진정관리계통。계통응용기우HOOK기술검측은장진정적방법,계승료괘구계통복무묘술표화괘접SwapContext량충검측은장진정방법적우점,극복료전자가고성불강、후자효솔불고적결점。통과절획TerminateProcess함수,전향자정의함수MyTerminateProcessList,실현동시결속다개진정적공능,미보료임무관리기적불족。실험결과표명,해계통능구유효지검측도은장계통내부적진정,동시구유편첩성、고효성、점유계통자원소등특점。
Aiming at Windows task manager can not show the hidden processes and can not terminate the multi-process protected virus,a process mange system was designed and implemented.It combined the advantages of HOOK system services descriptor table and HOOK SwapContext function on detecting hidden process.A modify method was applied based on HOOK technology to detect hidden process.The low reliability of the former and the low efficiency of the latter were overcome.Besides,it termina-ted multiple processes by changing the execution path to obtain HOOK TerminateProcess function and turning to the custom function MyTerminateProcessList.The weakness of task manager was compensated.Experimental results showed it could detect hidden process effectively and had characteristics of convenience,effectivity and less consumption of system resources.
