Show metadata Hide metadata

(19)

(11)

2 586 576

(13)

(51)

IPC

G06F21/57(2013-01-01)

G06F21/56(2013-01-01)

(21) (22)

Application

2014148959/08, 2014-12-05

(24)

Start date

2014-12-05

(22)

Actual filing date

2014-12-05

(45)

Published

2016-06-10

(72)

Inventor

Rusakov Vyacheslav EvgenevichKirzhemanov Andrej LeonidovichParshin Yurij Gennadevich

(73)

Holder

Zakrytoe Aktsionernoe Obshshestvo Kasperskogo"

METHOD OF ACCESSING PROCEDURES OF LOADING DRIVER Russian patent published in 2016 - IPC G06F21/57 G06F21/56

Abstract RU 2586576 C1

FIELD: information technology.

SUBSTANCE: invention relates to software safety, namely to methods of performing boot driver addressing procedures. Method of accessing boot driver procedures, in which: a) in process of operating system loading by driver-interceptor list of not initialised loading drivers is read, which are loaded into memory, but not initialised; b) by means of driver-interceptor call initialisation procedure for trapping of at least one loading driver from a list of been loading drivers is set; c) at installation of handler interception initialisation procedure loading drivers, with help of said handler is replaced by previously read address of entry point of loading address of driver entry point of said handler; d) with help of call initialisation procedure intercepted handler is mounted at least one loading driver from list of not initialised loading drivers; e) with help of handler stored information at least one loading driver, filled with at least one said loading driver during initiation, wherein said information on said loading gate driver contains at least an entry point at least one procedure loading driver; f) by means of at least one of driver-interceptor, anti-driver is accessing procedures of at least one loading driver at previously stored addresses entry points.

EFFECT: providing access to initial procedures of loading drivers in case of procedures interception by root kits by performing addressing procedures of at least one loading driver at previously stored locations.

4 cl, 3 dwg

Similar patents RU2586576C1

Title	Year	Author	Number
METHOD OF CREATING A SYSTEM CALL HANDLER	2014	Yudin Maksim Vitalevich Tarasenko Aleksandr Sergeevich Levchenko Vyacheslav Ivanovich Kumagin Igor Yurevich	RU2596577C2
METHOD OF INVOKING SYSTEM FUNCTIONS IN CONDITIONS OF USE OF AGENTS FOR PROTECTING OPERATING SYSTEM KERNEL	2014	Yudin Maksim Vitalevich Tarasenko Aleksandr Sergeevich Levchenko Vyacheslav Ivanovich Kumagin Igor Yurevich	RU2585978C2
SYSTEM AND METHOD OF OPTIMIZING ANTI-VIRUS TESTING OF INACTIVE OPERATING SYSTEMS	2016	Vorontsov Dmitrij Viktorovich Kirzhemanov Andrej Leonidovich Spravtsev Yurij Vladimirovich	RU2638735C2
REMOVING TRACK OF HARMFUL ACTIVITY FROM OPERATING SYSTEM, WHICH IS NOT DOWNLOADED ON COMPUTER DEVICE AT PRESENT	2016	Vorontsov Dmitrij Viktorovich Kirzhemanov Andrej Leonidovich Spravtsev Yurij Vladimirovich	RU2639666C2
METHOD OF DETECTING UNKNOWN PROGRAMS BY LOAD PROCESS EMULATION	2011	Parshin Jurij Gennad'Evich Pintijskij Vladislav Valer'Evich	RU2472215C1
SYSTEM AND METHOD OF DETECTING MALICIOUS CODE IN FILE	2016	Golovkin Maksim Yurevich Monastyrskij Aleksej Vladimirovich Pintijskij Vladislav Valerevich Pavlyushchik Mikhail Aleksandrovich Butuzov Vitalij Vladimirovich Karasovskij Dmitrij Valerievich	RU2637997C1
SYSTEM AND METHOD OF DETERMINING POTENTIALLY MALICIOUS SOFTWARE BASED ON MONITORING FILE INTEGRITY USING TIME MARKS	2010	Pavljushchik Mikhail Aleksandrovich	RU2420793C1
SECURITY AGENT, OPERATING AT EMBEDDED SOFTWARE LEVEL WITH SUPPORT OF OPERATING SYSTEM SECURITY LEVEL	2013	Gusarov Igor Anatolevich Nesmachnyj Jurij Vladimirovich Dobrovolskij Sergej Vasilevich Godunov Ilja Borisovich	RU2583714C2
SYSTEM AND METHOD FOR AUTOMATIC PROCESSING OF SOFTWARE SYSTEM ERRORS	2012	Antukh Aleksandr Ehduardovich Malanov Aleksej Vladimirovich	RU2521265C2
METHOD OF DETECTING MALWARE IN OPERATING SYSTEM KERNEL	2012	Tumojan Evgenij Petrovich Ol'Shanov Konstantin Dmitrievich Cherementsev Sergej Nikolaevich	RU2510075C2

RU 2 586 576 C1

Authors

Rusakov Vyacheslav Evgenevich

Kirzhemanov Andrej Leonidovich

Parshin Yurij Gennadevich

Dates

2016-06-10—Published

2014-12-05—Filed