驱动模式的Windows进程合法性验证

计算机应用 ›› 2009, Vol. 29 ›› Issue (12): 3398-3399.

驱动模式的Windows进程合法性验证

钱涛¹,郑扣根²

1. 浙江大学计算机科学与技术系
2. 浙江大学计算机科学与技术系

收稿日期:2009-06-25 修回日期:2009-08-06 发布日期:2009-12-10 出版日期:2009-12-01
通讯作者: 钱涛

Validation of processes via Windows kernel mode driver

Received:2009-06-25 Revised:2009-08-06 Online:2009-12-10 Published:2009-12-01

摘要/Abstract

摘要： 为了避免Windows平台上的恶意进程破坏系统资源,提出了通过拦截Windows进程的创建过程,并检查进程执行文件的路径来验证进程是否合法的方法。该方法以软件驱动的方式运行在系统内核态,并结合使用路径树模型来提高进程合法性验证的效率。通过该方法可以有效地拦截进程的创建过程,并验证进程执行文件路径的合法性。系统从而能够在恶意进程完成创建之前,杀死恶意进程,避免系统资源遭受破坏。

关键词: 进程合法性验证, 进程创建过程, 内核态, 路径树

Abstract: In order to prevent malignant processes on Windows platform from destroying system resources, a validation technique via kernel mode driver was presented. This validation hooked the creation of processes and got their execution file paths, then checked whether the processes were legal. The validation procedure ran in Windows kernel mode and utilized a data structure named path-tree to speed up the validation. By this method, malignant processes can be terminated before their accomplishment of creation, so as to avoid causing damages to system resources.

Key words: process validation, process creation, kernel mode, path-tree

钱涛郑扣根. 驱动模式的Windows进程合法性验证[J]. 计算机应用, 2009, 29(12): 3398-3399.

[1]	向雄, 田检. 基于软件定义网络的对等网传输调度优化[J]. 计算机应用, 2020, 40(3): 777-782.
[2]	温菊屏, 胡小生, 林冬梅, 曾亚光. 基于参考节点嵌入的图可达性查询[J]. 计算机应用, 2016, 36(7): 1998-2005.
[3]	汪维清汪维华张明义. 基于有序双循环链表的低代价最短路径树快速算法[J]. 计算机应用, 2007, 27(8): 1980-1983.