The Research And Implementation Of Anti-Rootkit Driver Based On Windows

With the revolution of the information networks, the increasing number ofnetwork attacks occurs, such as local network penetration, theft of privateinformation. In addition, in information security area, the attack and defensetechnologies are accelerating the development of each other. Hackers Rootkittechnologies maintain the continued control of the computer, and help hackershide backdoor software as well. Rootkit is a covert, extremely dangerous hackingtechnique.The paper aims at studying and developing an efficient Anti-Rootkittool by in-depth study of the Rootkit technology.At the same time,the importance of military information will reach anunprecedented height when we are in the war. War or battle has become the primarytask of maintaining information superiority. The other hand, the army’s currentdegree of information technology, such as the rapid transfer of battlefieldinformation, needs to be strengthened. Especially in the defense of kernel-levelsystem, the vast majority of the military combat platforms mostly deployed inthe top of the Windows XP operating system, and we know that the Windows XP systemis an extremely unsafe operating platform.Currently known means of systemintrusion, most of the Windows XP operating system,such as rootkit attackscontinued control of the computer, information maintained by attacking theoperating system kernel and military information systems is extremely dangerous.This article aims to start from the course of development of the Windowsoperating system, the kernel architecture, file systems, and other systemKernel-Rootkit technology relations and theories, a detailed statement instanceproof Rootkit attackthe principle, including hooking SSDT table, ShadowSSDTtable, kernel objects linked operation. For each attack,to analyze and proposeguidelines for testing, repair methods, and to be demonstrated to achieve inprinciple. Rootkit detection demonstration by the above summarized by VisualStudio2008and WDDK7.0, which developed a software named ScDetective caneffectively detect Rootkit and do the recovery action. With the Windows7and Window8operating system gradually promotion.The OSwhich army use is also under Win7and Win8.The new system for Rootkit defensehas done very well.But at the same time, hackers’ development of attacktechnologies did not stop yet, and the new attack technologies named Bootkitwhich is based on Rootkit had been developed to attack the new OS.This articledescribes the relationship between the structures and systems of the Windowsoperating system kernel Rootkit technologies and theories, and then talked aboutseveral Rootkit attackes, including the linked SSDT table, ShadowSSDT table,and kernel objects operation, then each attack the theory of the method, anddiscuss how these means process.Finally, by analyzing the the Rootkit’s latestdevelopment, our research and analysis Bootkit technology and its systemprinciples. These work is well for the next preparation of research.