Windows下两种API钩挂技术的研究与实现
苏雪丽;袁丁
【期刊名称】《计算机工程与设计》 【年(卷),期】2011(032)007
【摘要】Two API-Hooking technologies, IAT Hook and Inline Hook are expounded, and then the implementation of them. According to experiments, the instability of IAT Hook is pointed out, such as explorer.exe fault, suggesting use Detours technology which is based on Inline Hook to make up for deficiencies in IAT Hook. In the end, an implementation of this schema is forwarded. Experimental results show that the proposed method realized stable and reliable API-Hooking, Inline Hook is a good API-Hooking technology.%详细阐述了两种API钩挂技术IAT(import address table) Hook和Inline Hook的基本原理,给出了各自的实现方法.通过实验,指出IAT Hook在文件操作监控时存在的不稳定现象,比如explorer.exe错误.提出用基于Inline Hook的Detours技术弥补IAT Hook的缺陷,并给出了实现方法.实验结果表明,该方法能有效实现稳定可靠的API钩挂,Inline Hook是一种比较好的API钩挂技术. 【总页数】5页(2548-2552)
【关键词】API钩挂技术;IAT钩挂;PE文件;Inline钩挂;Detours技术 【作者】苏雪丽;袁丁
【作者单位】四川师范大学计算机科学学院,四川成都610101;四川师范大学计算机科学学院,四川成都610101;西南交通大学信息编码与传输四川省重点实验
Windows下两种API钩挂技术的研究与实现
