Based on the SDK platform,by adopting kernel inspection technology,this paper designs and develops a new system security detection software for monitoring changes of registry value and detecting files,processes and kernel modules hidden by malicious software like virus and cockhorse.Port messages opened by the system are found by means of process port mapping for effective search of stream virus in cockhorse and NTFS stream files.BHO and LSP are examined to prevent hijacking of browsers and networks. HOOK's SSDT and SSDT Shadow are checked to recover modified items.Actual system tests and comparison indicate that this system can effectively guarantee the safety of the system software.%基于SDK平台,采用内核检测技术,设计开发了一种监视注册表值的变化;检测病毒、木马等恶意软件隐藏的文件、进程及内核模块等主要功能的新型的系统安全检测软件。通过进程端口映射查找系统打开的端口信息有效地查找木马及 NTFS 流文件中的流病毒;通过查看 BHO、LSP 防止浏览器和网络被劫持;通过查看 HOOK 的 SSDT 及 SSDT Shadow 恢复被修改的内容。经实际系统测试与比较表明,系统能有效地保障系统软件的安全。
展开▼
