Windows 的作業系統市占率至今仍是相當高,其中,Windows 登錄檔 (Windows Registry) 儲存了許多的使用者訊息。微軟利用登錄檔對使用者進行客製化的同時,攻擊者也利用登錄檔的各項資訊對作業系統進行攻擊。本論文會先介紹登錄檔的相關資訊,接續探討有關登錄檔的攻擊與對應的防禦。最後介紹利用 Windows Hook API 的方法,攔截過濾到的資料,透過資料分析元件上傳至 VirusTotal,進而判斷該程式是否有可能是攻擊者的工具,用來產生惡意的寫入資料。透過 Windows Hook API 與 VirusTotal,進行更即時的分析與攔截惡意程式,保護使用者的系統安全。;Windows remains the dominant operating system in terms of market share. Among its core components, the Windows Registry stores a wealth of userrelated information. While Microsoft leverages the registry to personalize user experiences, attackers also exploit its contents to target the operating system. This thesis first introduces key concepts related to the Windows Registry, followed by an in-depth discussion on registry-based attacks and corresponding defense mechanisms. Finally, it presents a method utilizing the Windows Hook API to intercept and filter registry operations. The intercepted data is then analyzed and uploaded to VirusTotal to determine whether the originating program may be a malicious tool used for unauthorized registry modifications. By integrating the Windows Hook API with VirusTotal, the system enables real-time analysis and interception of potential malware, thereby enhancing user system security.
