Discovery of kernel rootkits by detecting hidden information

摘要

In accordance with a particular embodiment of the present invention, a method of detecting kernel level rootkits includes requesting first information from a kernel level process, the first information including first contents. The first information is received at a user level process. The method also includes compiling second information at kernel level, the second information including second contents corresponding to an expected first contents of the first information. The first contents are compared to the second contents.