摘要
为有效阻止用户过度使用计算机,提出了一种用HOOK API技术实现进程自我保护的方法,该方法通过截获Open-Process函数,改变其执行流程,转向自定义代理函数来实现进程自我保护。在此基础上,设计并实现了一个进程监控系统,它增强了Windows任务管理器的功能。实验结果表明,在NT环境下,该系统能够有效地对系统进程及用户应用程序的运行时间进行管理和监控,而且具有很强的自我保护能力及消耗内存资源少等优点。
In order to prevent users from excessive use of computer effectively,a method of the self-protection of processes with HOOK API technology is proposed.This method changes its implementation of the processes,by intercepting OpenProcess function,turns to a custom proxy function to achieve the self-protection of processes.On this basis,a process-monitoring system is designed and imple-mented,the functions of Windows task manager are enhanced.experimental results show that this system can effectively manage and monitor the running time of the system process and user application in the NT environment,and has the advantages of less consumption of memory resources and strong self-protection ability.
出处
《计算机工程与设计》
CSCD
北大核心
2011年第4期1330-1333,共4页
Computer Engineering and Design
基金
河南省教委自然科学基金项目(2006520014)
作者简介
徐江峰(1965-),男,河南禹州人,博士,教授,研究方向为信息安全、混沌加密通信;
邵向阳(1985-),男,河南西平人,硕士研究生,研究方向为信息安全。E-mail:shaoxiangyang001@163.com
