Windows环境下具有可信软件管理功能的Shell实现
毕业论文关键词 PE文件 数据比对 病毒防护T
itle The shell realization of trustable application management based on Windows platform
Abstract Nowadays, some viruses take the weaknesses of the PE file format and embed themselves into an existing executable file in order to infect files and make copies of themselves. Traditional anti-virus softwares do can identify them and kill them after updating their virus databases. However, if we can do virus prevention against the PE file format, we can greatly improve the system security level, especially under the condition when anti-virus softwares are not updated. We designed an effective way to detect the viruses embedded inside an executable file based on the PE file format. That is, before executing an executable file, we compare the information within the header of the executable file. If it 's same as we recorded, then the executable is considered trustable and we allow user to execute it, otherwise it may have been embedded with viruses and we warn user not to execute it.
Keywords PE File Format, data comparsion, anti-virus
目 录
1 背景介绍 I
1.1 课题背景 . I
1.2 PE 文件.. I
1.3 课题意义 II
1.4 技术选择 II
2 核心技术介绍 .. III
2.1 PE 文件 III
2.2 DOS 头 .IV
2.3 PE 头VI
2.4 可选头 .VIII
2.5 节表(Section Table) . XII
3 系统架构 ... XVI
3.1 总体设计 XVI
3.2 数据层设计 XVI
3.3 业务逻辑层设计 ... XVII
4 系统设计改进构想 . XVIII
4.1 云服务端构想 .. XVIII
4.2 其它性能改进 .. XVIII
1 背景介绍 1.1 课题背景 在病毒横行的时代,杀毒软件使得人们产生了很多的依赖性,但是更多时候由于大家对杀毒软件的依赖太高,而忽略了很多系统安全隐患。特别是当病毒的开发者越来越绕开杀毒软件,使用基本的系统漏洞感染文件,而杀毒软件无法检测时,这些隐患轻则带来使用不便,重则可能带来巨大的损失。 曾经,06 年暑假,那时我家刚买电脑,,我加里的电脑中病毒了。是一种专门感染 exe 文件的病毒。当时我对电脑不是很了解,最开始是运行程序的时候,程序很久才打开,后来我发现任务管理器里多了很多进程。比如我打开 word,除了 Winword.exe 之外,还有~winword.tmp 这个进程。再后来我发现,~winword.tmp 结束掉之后,我的 word 窗口就没了,但是 winword.exe 还在。后来越来越多的软件都这样了。我渐渐觉得这不是系统错误,而是病毒,尽管杀毒软件没报毒。当时家里还没有宽带,没有 Internet,连56Kbps 的拨号网络都没有。所以也没法更新杀毒软件。我只能重装系统。