| The Windows are widely used by us now,there are countless and variousapplications on the Windows-based platforms.It provides a great convenience for ourwork and life. However, some people with malicious motivations created some evilprograms, these programs are constantly upgrading our normal security,resulting into agreat threat.Some malicious Trojan virus fight security software through upgrading,attempting to achieve the highest rights to extend its malicious behavior, these softwarecan fight the primary security software, and they are constantly upgrading, continuousimproving, and if let they do whatever they want, which will make a immeasurable lossin our daily work and life.Exploring the behavior of malicious Trojan virus and analyzing its principles,developing relevant tools to detect malicious programs and fight back becameincreasingly necessary. However Windows doesn’t open source code which invisiblyincrease difficult to study, lead to hardly completing a fully functional kernel-levelRootK. But this also makes the fight against the virus and Trojans become morevaluable.Based on the above background,we explore the mainstream RootKit technology anddetection technology, design and achieve a fully functional kernel-level RootKitsoftware. The software can have a process manager, detect kernel hook, enumeratedetect system module and service,and so on.It has the following main characteristics:(1) choose positive defense technology, firstly master the kernel.(2) construct the filter rules in the kernel, avoid intruding kernel by Trojans.(3) record sensitive areas of the system, the system directory, process operation,the registry operation and so on.After testing, the program can successfully detect and block Trojans RootKit, playthe role of active defense, be used simply and flexibly, satisfy the needs of dailyprotection, be used in some simple situations, achieve a comprehensive protection.. |
