计算机应用 ›› 2010, Vol. 30 ›› Issue (12): 3423-3426.
• 典型应用 • 上一篇
苏雪丽1,马金鑫2,袁丁3
收稿日期:
修回日期:
发布日期:
出版日期:
通讯作者:
基金资助:
Received:
Revised:
Online:
Published:
摘要: 研究了两种文件操作监控常用的API钩挂技术,通过实验指出IAT Hook技术的不稳定性,提出使用基于Inline Hook技术的Detours来解决explorer.exe错误。最后给出了文件操作监控方案的实现方法,并对Detours技术进行了详细阐述。经测实验证,该方案确实能有效实现文件的安全保护。
关键词: API钩挂, 内联钩挂, Detours技术, 文件操作监控
Abstract: Two kinds of Hook API technologies commonly used by file operation monitoring were discussed. According to experiments, the instability of IAT Hook was pointed out, and it was suggested to use Detours technology which was based on Inline Hook to solve the problem of explorer.exe fault. In the end, the paper put forward an implementation method of the file operation monitoring and had a description of Detours. The test shows that the schema is indeed effective in achieving file security protection.
Key words: Hook API, inline Hook, Detours, file operation monitoring
苏雪丽 马金鑫 袁丁. 基于Detours的文件操作监控方案[J]. 计算机应用, 2010, 30(12): 3423-3426.
0 / 推荐
导出引用管理器 EndNote|Ris|BibTeX
链接本文: http://www.joca.cn/CN/
http://www.joca.cn/CN/Y2010/V30/I12/3423
