The Community for Technology Leaders
RSS Icon
Subscribe
Santiago, Chile
Apr. 22, 2009 to Apr. 24, 2009
ISBN: 978-1-4244-3534-0
pp: 96-101
Shufen Liu , College of Computer Science and Technology, Jilin University, Changchun 130021, China
Jiayuan Zhang , College of Computer Science and Technology, Jilin University, Changchun 130021, China
Aijie Guan , College of Computer Science and Technology, Jilin University, Changchun 130021, China
ABSTRACT
In order to protect System Service Descriptor Table (SSDT) and discover the hook which is hidden in kernel module, we propose two methods which work in user-mode for detecting the hook of SSDT. The methods we propose are different from the method that must work in kernel-mode after loading rootkit drivers. The first method is using \device\physicalmemory to detect the hook in user-mode, and the second one is using the function of NtSystemDebugControl to detect the hook in user-mode. The experimental results show that both methods can detect the hook of SSDT in user-mode. In addition, the user program simplifies the tedious process and avoids the disadvantages of loading drivers.
CITATION
Shufen Liu, Jiayuan Zhang, Aijie Guan, "Techniques of user-mode detecting System Service Descriptor Table", CSCWD, 2009, International Conference on Computer Supported Cooperative Work in Design, International Conference on Computer Supported Cooperative Work in Design 2009, pp. 96-101, doi:10.1109/CSCWD.2009.4968041
42 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool