Analyse the Undetectable Behavior of Rootkits on System Services
系统服务Rootkits隐藏行为分析

Hooking the system services to hide the presence of objects such as processes,files,registry keys,and open ports is the most popular method of rootkits. But a great deal of rootkits detection methods can't tell the relationship between the rootkits and the hided objects. Analyzing the undetectable behavior of user-mode or kernel-mode rootkits on system services,six hide models are built.We develop a method to reveal the object hided by the rootkits when the rootkits are detected through analyzing the binary...