如何检测系统过程中的变化? [英] How to detect a change in system processes?
本文介绍了如何检测系统过程中的变化?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
朋友,
我在开发应用程序时遇到问题,该应用程序检查某些重要的Windows进程(例如winlogon.exe,services.exe等)是否已被某些恶意文件更改.恶意文件会在这些过程中注入其代码.是否存在检测此更改的任何方法.我尝试了哈希值机制,但由于哈希值的前后是相同的,因此未成功.
需要想法和建议. thnx
Hi Friends,
I am having a certain problem developing an application that checks whether certain important windows processes like winlogon.exe, services.exe etc have been altered by a certain malicious file. The malicious files inject their code in these processes. Does there exist any method to detect this change. I tried a hash value mechanism but it did not succeed as the after and before hash values turn out to be same.
need ideas and suggestions. thnx
推荐答案
在.NET中无法做到这一点.您将不得不编写一些东西来将对I/O函数的调用重定向到您的代码,然后再重定向到原始函数. SysInternals ProcMon可以做到这一点.
认真地说,只要获得一个不错的防病毒包并完成此操作即可.
There''s no way to do it in .NET. You''d have to write something to redirect calls to the I/O functions to your code, then on to the original functions. SysInternals ProcMon does this very thing.
Seriously, just get a decent antivirus package and be done with this.
这篇关于如何检测系统过程中的变化?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文