FIELD: information security.
SUBSTANCE: invention relates to antivirus technologies, and more specifically to a method of creating handler system calls. According to one version, method of system function call, during which following steps are performed: loading hypervisor for interception of handler system calls. Modifying structure of operating system kernel, connected to system function call, said structure operating system kernel includes at least: a) a system call; b) system call table in which address of call is replaced with at least one system function call address on other function with maintaining original address system function call; intercepting system call handler call by hypervisor; calling another function at any replacement address in system call; calling system function on stored original address.
EFFECT: technical result consists in a system function call in conditions of use of operating system kernel protection means.
1 cl, 7 dwg
Title | Year | Author | Number |
---|---|---|---|
METHOD OF CREATING A SYSTEM CALL HANDLER | 2014 |
|
RU2596577C2 |
METHOD OF ACCESSING PROCEDURES OF LOADING DRIVER | 2014 |
|
RU2586576C1 |
METHOD FOR CODE PERFORMANCE IN HYPERVISOR MODE | 2015 |
|
RU2609761C1 |
METHOD OF PROVIDING COLLABORATIVE OPERATION OF SEVERAL HYPERVISORS IN COMPUTER SYSTEM | 2014 |
|
RU2589853C1 |
SYSTEM AND METHODS FOR AUDITING A VIRTUAL MACHINE | 2017 |
|
RU2691187C1 |
MEMORY INTROSPECTION ENGINE FOR PROTECTING INTEGRITY OF VIRTUAL MACHINES | 2014 |
|
RU2640300C2 |
SYSTEM AND METHOD OF DETECTING MALICIOUS CODE IN FILE | 2016 |
|
RU2637997C1 |
SYSTEM AND METHOD OF GENERATING LOG WHEN EXECUTING FILE WITH VULNERABILITIES IN VIRTUAL MACHINE | 2018 |
|
RU2724790C1 |
SYSTEM AND METHOD FOR PERFORMING ANTI-VIRUS SCAN OF FILE ON VIRTUAL MACHINE | 2016 |
|
RU2628921C1 |
SYSTEM AND METHOD OF PROTECTING COMPUTER APPLICATIONS | 2011 |
|
RU2460133C1 |
Authors
Dates
2016-06-10—Published
2014-09-30—Filed