DocumentCode :
1580457
Title :
A way to restore the System Service Dispatch Table from user-space
Author :
Quan, Daiyong ; Luan, Guosen ; Wang, Keliang
Author_Institution :
College of Computer and Information Technology China Three Gorges University, Yichang, Hubei Province, 443002, China
fYear :
2012
Firstpage :
339
Lastpage :
341
Abstract :
Win32 kernel root kits modify the behavior of the system by hooking the entries within the kernel´s System Service Dispatch Table (SSDT). How to restore the SSDT modified by the malicious has become a very important issue to an administrator who would like to ensure the safe operation of the system. This article reviews the technique of kernel Native API hooking and proposes a way to restore the SSDT directly from user-space via devicephysical memory and do not require a kernel driver to be loaded. Security tools used the similar hooking technique to implement some of their security features should take additional steps to prevent the restoration of the SSDT entries.
Keywords :
Native API; Restoring; Root kits; SSDT;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
World Automation Congress (WAC), 2012
Conference_Location :
Puerto Vallarta, Mexico
ISSN :
2154-4824
Print_ISBN :
978-1-4673-4497-5
Type :
conf
Filename :
6321292
Link To Document :
بازگشت