KERNEL MONITORING MODULE INSTALLED COMPUTER SYSTEM AND KERNEL MONITORING METHOD THEREOF

摘要

PURPOSE: A computer system with a kernel monitoring device and a kernel monitoring method are provided to record all data related to a call of the system service function when a malicious process passes a monitoring module to call the system service function. CONSTITUTION: A system service function handler module(218) comprises the first replacement code replacing the first code area including a call command of a monitoring target system service function. The first hooking module(214) is jumped or executed by calling the monitoring target system service function by a process executed in a user mode. The first hooking module calls a main monitoring module(210) using information of the system service function as a parameter.