| With the windows as the current mainstream popularity of PC (PC), windowsoperating system research and development into all aspects of life, Especially the core componentsof the windows, with its study, can be used as a safe means. Of course, its study is a double-edgedsword, can also destroy a computer. For these two areas,there are rootkits and anti-rootkits. In orderto achieve some ulterior motives, rootkits as an attacker, the parties face their hidden, and then attackwhen needed, in order to achieve certain objectives, such as theft of trade secrets and destroycomputer; Anti-rootkit with rootkit birth of the birth, its purpose is clear, is to ferret out rootkitshidden in the computer, back to master a safe environment. Rootkits and anti-rootkit is anantagonistic relationship, with more in-depth study of the system will be intensified.According to the level of the operating system to divide the intrusion can be divided intouser-level Rootkit Rootkit and kernel-level Rootkit. In comparison, users working at the operatingsystem level Rootkit application layer, a lightweight, versatile advantages; Rootkit and kernel-leveloperating system kernel direct attack, more dangerous, more powerful and more difficult to detect,but its work need to ring0privileges, and poor compatibility.For these two Rootkit, this paper first describes the relevant technical principles, includinguser-level Rootkit and kernel-level Rootkit, and described conventional Rootkit technology.Including IAT HOOK, EAT HOOK, IDT table modifications and IRP handling routines as well asclassic HOOK SSDT HOOK, on this basis, introduces several more innovative Rootkit techniques.Rootkit technology by means of analysis, introduced several conventional methods Anti-Rootkit andRootkit for the new approach to Anti-Rootkit. Finally, according to methods mentioned in the textRootkit and Anti-Rootkit methods, namely writing a piece of software for authentication.Byadopting a new approach to the current world Rootkit surface Anti-Rootkit software forauthentication, security software to make up for these shortcomings, in order to develop a newAnti-Rootkit software, in order to improve system security. |
PDF Full Text Request