基于API截获的软件行为监控技术
首发时间:2009-01-08
摘要:软件行为监控技术一直是信息安全领域的研究方向之一,现有方法主要是基于系统底层过滤驱动技术,占用系统资源较多,而且可能会与杀毒软件冲突。而本文提出的方法基于在用户层截获系统API(应用程序编程接口)技术。本文阐述了如何利用微软的Detours开发包,通过在用户层截获软件对系统API的调用,获取软件的API操作信息,从而对软件行为进行监控的方法,并给出了参考实现。测试表明,本方法具有对应用程序和操作系统透明,并且占用系统资源少,并且不与杀毒软件冲突等特点,而且可以分线程实时显示日志信息。而且通过扩展此方法,可以开发更多的应用。
For information in English, please click here
Software monitor based on API-Interception
Abstract:Monitor the behavior of the applications is one of the subjects in information security area. Most of the methods are base on kernel driver filter, which will take too much system resources and may have collision with anti-virus software. This paper illustrates a method based on intercepting API in user-level. It shows how to intercept the API calls from an application in use of Microsoft’s Detours kit to get the behavior of the application, a sample implementation is also present. Result shows that this method is transparent to OS and applications, takes little system resources, has no collision with anti-virus software, and be able to show the logs in threads. And it is easy to develop other applications by extending this method.
Keywords: information security user-level API-Interception
论文图表:
引用
No.2748037132312314****
同行评议
共计0人参与
勘误表
基于API截获的软件行为监控技术
评论
全部评论0/1000