CAJ | 학술논문

从功能上来看，Rootkit 是指隐藏进程、网络端口、文件痕迹等的恶意软件，现已被广泛应用在黑客入侵和攻击他人的计算机系统上。许多计算机病毒、间谍软件也都常常使用Rootkit 潜伏在操作系统上伺机而动。如何有效地对 Rootkit 进行检测和防范成为应对木马入侵和僵尸网络的首要解决的关键问题。文章在以往的研究基础上，通过深入探讨 Windows 底层原理，开发了一个基于 Windows API 调用机制的 Rootkit 检测系统。在该系统的帮助下，用户不但可以深入查看操作系统的各类底层信息，还可以很方便地找出隐藏在计算机之中的病毒、木马并进行清理，从而更好地保护操作系统。该系统丰富了现今针对 Rootkit 检测的研究成果，对后续的研究具有一定的参考价值。
종공능상래간，Rootkit 시지은장진정、망락단구、문건흔적등적악의연건，현이피엄범응용재흑객입침화공격타인적계산궤계통상。허다계산궤병독、간첩연건야도상상사용Rootkit 잠복재조작계통상사궤이동。여하유효지대 Rootkit 진행검측화방범성위응대목마입침화강시망락적수요해결적관건문제。문장재이왕적연구기출상，통과심입탐토 Windows 저층원리，개발료일개기우 Windows API 조용궤제적 Rootkit 검측계통。재해계통적방조하，용호불단가이심입사간조작계통적각류저층신식，환가이흔방편지조출은장재계산궤지중적병독、목마병진행청리，종이경호지보호조작계통。해계통봉부료현금침대 Rootkit 검측적연구성과，대후속적연구구유일정적삼고개치。
Rootkit is referred to the malicious software that hides the traces of processes, network ports, files, etc. It is now widely used for the hacker intruding and attacking other peoples’ computer systems. Many computer viruses and spywares also use Rootkit to lurk in the operation system and watch for the proper moment for action. How to detect Rootkit efficiently becomes the key problem to counter these kinds of attacks. On the basis of previous works,this paper discusses the underlying principles of Windows, and developes a Rootkit detection system based on the WINDOWS API. With its help, the user can not only discover different kinds of hidden information of the operation system, but also easily find out the virus and Trojan which are running in the computer and clean them up. To a certain extent, this system enriches the research productions on Rootkit detection, and can offer reference for the follow-up studies.