发明授权
US08281393B2 Method and system for detecting windows rootkit that modifies the kernel mode system service dispatch table
有权
用于检测修改内核模式系统服务调度表的Windows rootkit的方法和系统
- 专利标题: Method and system for detecting windows rootkit that modifies the kernel mode system service dispatch table
- 专利标题(中): 用于检测修改内核模式系统服务调度表的Windows rootkit的方法和系统
-
申请号: US11594095申请日: 2006-11-08
-
公开(公告)号: US08281393B2公开(公告)日: 2012-10-02
- 发明人: Ahmed Sallam
- 申请人: Ahmed Sallam
- 申请人地址: US CA Santa Clara
- 专利权人: McAfee, Inc.
- 当前专利权人: McAfee, Inc.
- 当前专利权人地址: US CA Santa Clara
- 代理机构: Patent Capital Group
- 主分类号: G06F21/00
- IPC分类号: G06F21/00
摘要:
A method, system, and computer program product for detecting a kernel-mode rootkit that hooks the System Service Dispatch Table (SSDT) is secure, avoids false positives, and does not disable security applications. A method for detecting a rootkit comprises the steps of calling a function that accesses a system service directly, receiving results from calling the function that accesses the system service directly, calling a function that accesses the system service indirectly, receiving results from calling the function that accesses the system service indirectly, and comparing the received results from calling the function that accesses the system service directly and the received results from calling the function that accesses the system service indirectly to determine presence of a rootkit.
公开/授权文献
信息查询
