论文信息 - A Method for Hidden Process Detection Based on Routines of Thread Scheduling List

A Method for Hidden Process Detection Based on Routines of Thread Scheduling List

the hidden process detection thread-based scheduling list exist hardcode problem and some hidden processes could be skipped by some malicious programs. The article proposes a new method based on the routines of thread scheduling list, which derived through the system exporting Routine Long Instructions Disassembling (RLID) to find a Thread Scheduling List (TSL) to solve the hardcode problem as we use the thread-based scheduling list to detect hidden process, so that all hidden processes could not be skipped in the detection . The experiment shows that this method has well reliability and integrity.

Jun Chang | Jiang Yu | Yinshan Liu | Wandong Pu

[1] Greg Hoglund,et al. Rootkits: Subverting the Windows Kernel , 2005 .

[2] Wu Dong-ying. Hidden process detection techniques based on memory scanning , 2009 .

[3] Andrea C. Arpaci-Dusseau,et al. VMM-based hidden process detection and identification using Lycosid , 2008, VEE '08.

[4] Yi-Min Wang,et al. Detecting stealth software with Strider GhostBuster , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[5] Hu He-jun. Hidden process detection technique based on memory search , 2009 .