• DocumentCode
    2690724
  • Title

    Virus Analysis on IDT Hooks of Rootkits Trojan

  • Author

    Wang, Yong ; Gu, Dawu ; Li, Wei ; Li, Jing ; Wen, Mi

  • fYear
    2009
  • fDate
    16-17 May 2009
  • Firstpage
    224
  • Lastpage
    228
  • Abstract
    Rootkits Trojan virus, which can control attacked computers, delete import files and even steal password, are much popular now. Interrupt Descriptor Table (IDT) hook is rootkit technology in kernel level of Trojan. The paper makes deeply analysis on the IDT hooks handle procedure of rootkit Trojan according to previous other researchers methods. We compare its IDT structure and programs to find how Trojan interrupt handler code can respond the interrupt vector request in both real address mode and protected address mode. Finally, we analyze the IDT hook detection methods of rootkits Trojan by Windbg or other professional tools.
  • Keywords
    computer viruses; security of data; interrupt descriptor table hook; rootkits Trojan virus; virus analysis; Central Processing Unit; Computer hacking; Computer science; Electronic commerce; Hardware; Information analysis; Kernel; Power engineering and energy; Protection; Registers; IDT hook; Trojan; rootkit; virus;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Engineering and Electronic Commerce, 2009. IEEC '09. International Symposium on
  • Conference_Location
    Ternopil
  • Print_ISBN
    978-0-7695-3686-6
  • Type

    conf

  • DOI
    10.1109/IEEC.2009.52
  • Filename
    5175108
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2690724