用户模式挂钩的检测 [英] Detection of User-Mode Hooks
本文介绍了用户模式挂钩的检测的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在尝试编写一些代码来检测用户模式挂钩.您能否指导我完成检测钩子的步骤和方法.到目前为止,我一直尝试枚举所有正在运行的进程,并枚举每个进程的模块.我在某处阅读以比较内存模块和磁盘模块,以检查钩子以及与IAT相关的内容.我知道我的问题很模糊,但是我只是这个领域的初学者.请帮帮我.
I am trying to write some codes for detecting the user-mode hooks. Would you please guide me through the steps and ways to detect hooks. Till now I have tried enumerating all the running processes and enumerating the modules for each of the process. I read somewhere to compare the in-memory modules and on-disk modules to check for the hooks and something related to the IAT too. I know my question is very vague but I am just a beginner in this field. Please help me out.
推荐答案
这个没有快速的答案.
我可以为您发布Google链接,但我敢打赌,您去过那里,做到了.
我首先要对用户挂钩的工作方式有一个很好的了解.
There are no quick answers for this one.
I could post google links for you, but I''d bet that, you''ve been there, done that.
I''d start with getting a good understanding of how user hooks work.
这篇关于用户模式挂钩的检测的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文