首页>
外国专利>
Method and system for detecting windows rootkit that modifies the kernel mode system service dispatch table
Method and system for detecting windows rootkit that modifies the kernel mode system service dispatch table
展开▼
机译:用于检测Windows rootkit修改内核模式系统服务分发表的方法和系统
展开▼
页面导航
摘要
著录项
相似文献
摘要
A method, system, and computer program product for detecting a kernel-mode rootkit that hooks the System Service Dispatch Table (SSDT) is secure, avoids false positives, and does not disable security applications. A method for detecting a rootkit comprises the steps of calling a function that accesses a system service directly, receiving results from calling the function that accesses the system service directly, calling a function that accesses the system service indirectly, receiving results from calling the function that accesses the system service indirectly, and comparing the received results from calling the function that accesses the system service directly and the received results from calling the function that accesses the system service indirectly to determine presence of a rootkit.
展开▼