计算机工程2012,Vol.38Issue(14):106-108,3.DOI:10.3969/j.issn.1000-3428.2012.14.031
Windows注册表隐藏检测完全解决方案
Perfect Solution of Windows Registry Concealment Detection
摘要
Abstract
According to the problem that registry item hidden by Rootkit Trojan can not be effectively delected, this paper proposes a prefect solution by analyzing the Windows registry system and registry concealment technique. The crucial problems are solved, such as the lower-level data copying algorithm which is used to copy registry files, the multi-level match algorithm which is used to detect the hidden position. Experimental result shows that the solution can breakthrough restrictions of Windows, detect all hidden nodes from the kernel layer to application layer unaffected, and get rid of interference of Rootkit.关键词
注册表隐藏/底层数据复制/隐藏检测/注册表信息提取/多层次匹配算法/Rootkit木马Key words
registry concealment/ lower-level data copying/ concealment detection/ registry information extraction/ multi-level matching algorithm/ Rootkit trojan分类
信息技术与安全科学引用本文复制引用
王文奇,吴志刚,李世晓..Windows注册表隐藏检测完全解决方案[J].计算机工程,2012,38(14):106-108,3.基金项目
河南省科技攻关计划基金资助项目(082102210082,082102210092) (082102210082,082102210092)
河南省教育厅自然科学研究基金资助项目(2011A520049) (2011A520049)
