The Community for Technology Leaders
RSS Icon
Subscribe
Santiago, Chile
Apr. 22, 2009 to Apr. 24, 2009
ISBN: 978-1-4244-3534-0
pp: 96-101
Jiayuan Zhang , College of Computer Science and Technology, Jilin University, Changchun 130021, China
Shufen Liu , College of Computer Science and Technology, Jilin University, Changchun 130021, China
Jun Peng , College of Computer Science and Technology, Jilin University, Changchun 130021, China
Aijie Guan , College of Computer Science and Technology, Jilin University, Changchun 130021, China
ABSTRACT
In order to protect System Service Descriptor Table (SSDT) and discover the hook which is hidden in kernel module, we propose two methods which work in user-mode for detecting the hook of SSDT. The methods we propose are different from the method that must work in kernel-mode after loading rootkit drivers. The first method is using \device\physicalmemory to detect the hook in user-mode, and the second one is using the function of NtSystemDebugControl to detect the hook in user-mode. The experimental results show that both methods can detect the hook of SSDT in user-mode. In addition, the user program simplifies the tedious process and avoids the disadvantages of loading drivers.
CITATION
Jiayuan Zhang, Shufen Liu, Jun Peng, Aijie Guan, "Techniques of user-mode detecting System Service Descriptor Table", CSCWD, 2009, International Conference on Computer Supported Cooperative Work in Design, International Conference on Computer Supported Cooperative Work in Design 2009, pp. 96-101, doi:10.1109/CSCWD.2009.4968041
5 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool