FIELD: information technology.
SUBSTANCE: invention relates to antivirus technologies, particularly to a method of creating handler system calls. Way to contact modified system call handler of system calls in Windows operating system consists of steps where: localized code of original handler system calls; modified system call handler is created by memory allocation and copying code to original handler additionally, the next step is performed: changing the address of the original handler on the address of the modified handler; intercepted call processor instructions associated with a system call, using a hypervisor; saved value register MSR using a hypervisor for its return process Patch Guard when reading the last value of register MSR for correct work of the operating system; one contacts a modified system call for interception operations associated with removal of images of the screen.
EFFECT: technical result of this invention is providing the possibility of processing system calls.
1 cl, 7 dwg
| Title | Year | Author | Number |
|---|---|---|---|
| METHOD OF INVOKING SYSTEM FUNCTIONS IN CONDITIONS OF USE OF AGENTS FOR PROTECTING OPERATING SYSTEM KERNEL | 2014 |
|
RU2585978C2 |
| METHOD OF ACCESSING PROCEDURES OF LOADING DRIVER | 2014 |
|
RU2586576C1 |
| MEMORY INTROSPECTION ENGINE FOR PROTECTING INTEGRITY OF VIRTUAL MACHINES | 2014 |
|
RU2640300C2 |
| METHOD OF PROVIDING COLLABORATIVE OPERATION OF SEVERAL HYPERVISORS IN COMPUTER SYSTEM | 2014 |
|
RU2589853C1 |
| METHOD FOR CODE PERFORMANCE IN HYPERVISOR MODE | 2015 |
|
RU2609761C1 |
| SYSTEM AND METHODS FOR AUDITING A VIRTUAL MACHINE | 2017 |
|
RU2691187C1 |
| SYSTEM AND METHOD OF DETECTING MALICIOUS CODE IN FILE | 2016 |
|
RU2637997C1 |
| SYSTEM AND METHOD OF PROTECTING COMPUTER APPLICATIONS | 2011 |
|
RU2460133C1 |
| METHOD OF RECALL OF ORIGINAL FUNCTION AFTER ITS INTERCEPTION WITH SAVING OF STACK OF PARAMETERS | 2013 |
|
RU2546588C2 |
| SYSTEM AND METHOD FOR PERFORMING ANTI-VIRUS SCAN OF FILE ON VIRTUAL MACHINE | 2016 |
|
RU2628921C1 |
