Rootkit隱遁攻擊技術及其防範

基本信息,內容簡介,目錄信息,

基本信息

Rootkit隱遁攻擊技術及其防範
作 譯 者:張瑜
出版時間:2017-01
千 字 數:386
版 次:01-01
頁 數:271
開 本:16開
I S B N :9787121306181

內容簡介

本書系統論述了Rootkit隱遁攻擊的概念、原理、套用技術及檢測取證。首先,簡要回顧了Rootkit的由來、定義、原理、類型及其演化。其次,闡述了Rootkit技術的基礎理論,包括硬體系統、軟體系統,以及Windows核心驅動程式設計。然後,重點探討了Rootkit攻擊技術的具體類型及其實現,包括用戶層Rootkit、核心層Rootkit、固件Rootkit及硬體Rootkit。最後,從防禦的角度討論了Rootkit檢測與取證技術,以及Rootkit未來的發展趨勢。 本書取材新穎,聚焦前沿,內容豐富,可作為IT和安全專業人士的研究指導用書,同時也適合作為高等學校計算機安全專業本科、研究生的參考教材。

目錄信息

第1章 Rootkit概述 ...............................................................................................................1
1.1 Rootkit的由來 ........................................................................................................................1
1.2 Rootkit的定義 ........................................................................................................................3
1.3 Rootkit的原理 ........................................................................................................................3
1.3.1 計算機系統的抽象.....................................................................................................4
1.3.2 Rootkit設計理念 .......................................................................................................7
1.4 Rootkit的類型及其演化 ........................................................................................................8
1.5 本章小結 ...............................................................................................................................11
第2章 硬體系統 ..................................................................................................................13
2.1 保護模式概述 .......................................................................................................................13
2.2 保護模式執行環境 ...............................................................................................................14
2.3 保護模式CPU特權級 .........................................................................................................18
2.4 保護模式記憶體分段與分頁 ...................................................................................................18
2.5 記憶體訪問控制體系 ...............................................................................................................23
2.6 本章小結 ...............................................................................................................................24
第3章 軟體系統 ..................................................................................................................25
3.1 Windows系統的設計原則...................................................................................................25
3.2 Windows系統的體系結構...................................................................................................26
3.3 Windows的分段與分頁.......................................................................................................27
3.4 Windows系統服務調用機制...............................................................................................28
3.4.1 中斷分發...................................................................................................................30
3.4.2 異常分發...................................................................................................................32
3.4.3 系統服務分發...........................................................................................................33
3.5 本章小結 ...............................................................................................................................35
第4章 Windows核心驅動程式 ...........................................................................................37
4.1 概述 .......................................................................................................................................37
4.2 重要數據結構 .......................................................................................................................41
4.2.1 IRP ............................................................................................................................42
4.2.2 I/O堆疊 ....................................................................................................................45
4.2.3 IRP的傳遞與完成 ...................................................................................................47
4.3 WDM驅動的基本結構 .......................................................................................................48
4.3.1 DriverEntry ...............................................................................................................48
4.3.2 AddDevice.................................................................................................................53
4.3.3 IRP處理例程 ...........................................................................................................54
4.3.4 Unload .......................................................................................................................54
4.3.5 核心驅動程式實例...................................................................................................54
4.4 本章小結 ...............................................................................................................................56
第5章 用戶層Rootkit .........................................................................................................57
5.1 用戶層Rootkit概述 .............................................................................................................57
5.2 用戶層Rootkit技術 .............................................................................................................58
5.2.1 IAT鉤子 ...................................................................................................................58
5.2.2 Inline Function鉤子 .................................................................................................69
5.2.3 DLL注入 ..................................................................................................................75
5.2.4 DLL劫持 ..................................................................................................................78
5.3 本章小結 ...............................................................................................................................85
第6章 核心層Rootkit .........................................................................................................87
6.1 核心層Rootkit概述 .............................................................................................................87
6.2 核心層Rootkit技術 .............................................................................................................88
6.2.1 系統表格鉤子...........................................................................................................89
6.2.2 映像修改.................................................................................................................129
6.2.3 過濾驅動程式.........................................................................................................139
6.2.4 直接核心對象操縱(DKOM) ............................................................................143
6.3 本章小結 .............................................................................................................................145
第7章 底層Rootkit ...........................................................................................................147
7.1 擴展的處理器模式 .............................................................................................................147
7.1.1 系統管理模式.........................................................................................................148
7.1.2 虛擬機技術.............................................................................................................149
7.2 固件 .....................................................................................................................................150
7.2.1 板載BIOS ..............................................................................................................150
7.2.2 擴展ROM ..............................................................................................................152
7.2.3 ACPI組件 ...............................................................................................................152
7.2.4 UEFI組件 ...............................................................................................................152
7.3 硬體 .....................................................................................................................................154
7.4 本章小結 .............................................................................................................................154
第8章 Rootkit檢測與取證分析 .........................................................................................155
8.1 Rootkit檢測概述 ................................................................................................................155
8.2 Rootkit檢測技術 ................................................................................................................158
8.2.1 IAT Hook檢測示例 ...............................................................................................159
8.2.2 IRP Hook檢測示例 ................................................................................................160
8.2.3 IDT Hook檢測示例 ...............................................................................................162
8.2.4 MSR Hook檢測示例 .............................................................................................165
8.2.5 SSDT Hook檢測示例 ............................................................................................174
8.2.6 Inline Hook檢測示例 ............................................................................................176
8.2.7 基於免疫的Rootkit檢測技術...............................................................................177
8.3 Rootkit檢測工具 ................................................................................................................191
8.4 Rootkit取證分析 ................................................................................................................193
8.4.1 證據的獲取與存儲.................................................................................................194
8.4.2 取證分析.................................................................................................................194
8.5 Rootkit取證工具 ................................................................................................................238
8.5.1 磁碟鏡像工具.........................................................................................................238
8.5.2 記憶體鏡像工具.........................................................................................................241
8.5.3 記憶體分析工具.........................................................................................................243
8.5.4 進程轉儲工具.........................................................................................................243
8.5.5 時間軸取證工具.....................................................................................................243
8.5.6 證據收集工具.........................................................................................................244
8.5.7 電子郵件取證工具.................................................................................................244
8.5.8 大數據取證分析工具.............................................................................................245
8.6 本章小結 .............................................................................................................................246
第9章 Rootkit的未來 .......................................................................................................247
9.1 Rootkit的發展趨勢 ............................................................................................................247
9.2 Rootkit的防禦方向 ............................................................................................................248
參考文獻 ..............................................................................................................................251

相關詞條

熱門詞條

聯絡我們