摘要
对当前主流的木马技术原理进行了深入的剖析,对主流木马的基本功能、隐藏机制和传播途径进行了研究,对主流木马使用的两种技术——API HOOK技术和SPI技术进行了细致地分析,根据新型木马实现隐藏的机制,提出了相关检测和清除的技术,探索出了一种新型木马的检测和清除方法。最后总结出了可以对新型木马实施清除的有效方法,实现了利用迭代比较法查杀木马的示例软件。
In this paper, the current mainstream Trojan horse technology principle is analyzed in depth and the new style Trojan horse hiding mechanism is analyzed as well. We study the basic function, the hide mechanism and spread route of mainstream Trojan horse. We focus on API HOOK technology and SPI technology and bring forward correlation examine and clear technology. Finally,we put forth an effective method to examine and clear the new style Trojan horse and apply iterative-comparative method in developing a demonstration software.
出处
《现代电子技术》
2007年第13期96-100,共5页
Modern Electronics Technique
关键词
远程线程插入技术
路径分析法
迭代比较法
木马技术
remote- threading inserting technology
path - analyzing method
iterative- comparative method
Trojan horse technology
