Windows内核变量定位与应用研究
DOI:
CSTR:
作者:
作者单位:

作者简介:

通讯作者:

中图分类号:

基金项目:


Researches on Windows kernel variable locating and application
Author:
Affiliation:

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    Windows内核变量是内存分析过程中经常需要使用到的数据,但是由于Windows操作系统的封闭性,定位到Windows内核变量的位置非常困难。前人提出了一些内核变量定位的方法,但是在实验后发现,结果并不尽人意。针对这一现状,在前人的算法上进行了改进,提出一种基于虚拟地址转换的算法,使得可以准确定位内核变量位置。另外,也提出了一个基于Windows XP全新的内核变量快速定位方法。最后,以内核变量MmPhysicalMemoryBlock的应用为例,提出了基于MmPhysicalMemoryBlock的内存数据快速导出算法。实验结果表明,2个内核变量定位算法能准确的定位内核变量,内存数据快速导出算法也能准确完整的导出需要的内存数据。

    Abstract:

    The data of Windows kernel variables was used frequently on the analysis of memory. But locating these kernel variables was limited by the operating system. Former scholars have proposed some algorithms of Windows kernel variables locating. But after experiments, the result was not satisfactory. With an improvement on precedent algorithms, an algorithm based on virtual address translation was proposed for accurately locating kernel variables. It could improve the accuracy of locating the kernel variables. And, an innovative fast locating algorithm based on the Windows XP kernel variables was proposed. At last, a fast memory data export algorithm based on MmPhysicalMemoryBlock was suggested with the example of kernel variable MmPhysicalMemoryBlock application. The experiments showed that, these two kernel variables locating algorithm are able to locate kernel variables preciesly, the fast memory data export algorithm is able to export wanted memory data with accuracy and integrity.

    参考文献
    相似文献
    引证文献
引用本文

车生兵,易文. Windows内核变量定位与应用研究[J].电子测量技术,2015,38(5):27-32

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:
  • 最后修改日期:
  • 录用日期:
  • 在线发布日期: 2015-06-05
  • 出版日期:
文章二维码