| It brings great differences to the society with the developing of the computer and network. We enjoy the advantage that bring by the technology, our lives deeply depended on the computer. We found more and more new computer virus, it make us focus on the security of the computer. Trojan horse technology is developing fast with developing of the network technology, and it always on the front of the technology. Especially the hide technology of the Trojan horse, it represents the viability of the Trojan horse and decides how long can the Trojan horse stay in the boarding computer.In the article, we introduced the hide technology of the Trojan horse in the boarding computer. Firstly, we introduced the characteristic and development of the Trojan horse horse. Then introduce the hiding technology that based on ROOTKIT tecnologhy of DLL Trojan horse. There are some main hidden methods: Inject the DLL into any of a host process'address space by creating a remote thread; make the DLL module disappear from the host process by disconnecting the link of modules in the process and hook some related functions in the SSDT, then filter out the information about the DLL Trojan horse and the boarding host, in order to avoid conventional DLL module detecting software; bypass the IceSword by erasing module information in VAD; hide the process icon in the tray. After the Trojan horse complete its mission, revert the process link in the system and module link of the boarding host.At last, we test the functions on the Windows XP. The result shows that it can escape the detection of the process Explorer and IceSword. We get the expectable target. |
PDF Full Text Request