| 远程线程注入DLL的检测与卸载方法研究 |
| |
| 引用本文: | 王佩红,赵尔敦,张瑜. 远程线程注入DLL的检测与卸载方法研究[J]. 计算机与数字工程, 2010, 38(3): 106-108,142 |
| |
| 作者姓名: | 王佩红 赵尔敦 张瑜 |
| |
| 作者单位: | 华中师范大学计算机科学系,武汉,430079 |
| |
| 摘 要: | 研究了Windows操作系统下的一种木马检测技术,该木马结合了远程线程注入、动态链接库(DLL)等技术。针对目前最新的远程线程注入实现木马隐藏的关键技术,提出了一种进程被远程注入动态链接库的检测方法和相应动态链接库的卸载方法。实验表明,这种方法对已被远程线程注入DLL的进程检测和恢复效果明显。
|
| 关 键 词: | 远程线程注入 进程 模块 DLL |
Research on Detection and Uninstall Method in Remote Thread Injection of DLL |
| |
| Wang Peihong,Zhao Erdun,Zhang Yu. Research on Detection and Uninstall Method in Remote Thread Injection of DLL[J]. Computer and Digital Engineering, 2010, 38(3): 106-108,142 |
| |
| Authors: | Wang Peihong Zhao Erdun Zhang Yu |
| |
| Affiliation: | Department of Computer Science/a>;Hua Zhong Normal University/a>;Wuhan 430079 |
| |
| Abstract: | A trojan horse detection technology in the Windows operation system is investigaeted,which combines several advancing technologies including remote thread injection and dynamic-link library(DLL),etc.According to the latest technology of hidding the Trojan Horse through remote thread injection,a detection method for discovering whether a process is remotely injected into DLL is proposed.And furthermore,a corresponding DLL uninstall method is also given.The remarkable effects of the proposed method have been ... |
| |
| Keywords: | remote thread injection process module DLL |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
