RU2014139202A - The way to call system functions in the conditions of use of the kernel system protection - Google Patents
The way to call system functions in the conditions of use of the kernel system protection Download PDFInfo
- Publication number
- RU2014139202A RU2014139202A RU2014139202A RU2014139202A RU2014139202A RU 2014139202 A RU2014139202 A RU 2014139202A RU 2014139202 A RU2014139202 A RU 2014139202A RU 2014139202 A RU2014139202 A RU 2014139202A RU 2014139202 A RU2014139202 A RU 2014139202A
- Authority
- RU
- Russia
- Prior art keywords
- call
- address
- function
- handler
- functions
- Prior art date
Links
Landscapes
- Storage Device Security (AREA)
- Stored Programmes (AREA)
Abstract
Способ вызова системных функций, во время которых выполняют следующие этапы:- загружают гипервизор для перехвата обработчика системных вызовов;- модифицируют структуры ядра операционной системы, связанные с вызовами системных функций, при этом указанные структуры ядра операционной системы включают, по меньшей мере:а) обработчик системных вызовов;б) таблицу системных вызовов, в которой заменяют адрес вызова, по меньшей мере, одной системной функции на адрес вызова другой функции, сохраняя при этом оригинальный адрес вызова системной функции;- перехватывают вызов обработчика системных вызовов с помощью гипервизора;- вызывают другую функцию по замененному адресу в таблице системных вызовов;- вызывают системную функцию по сохраненному оригинальному адресу.A method of calling system functions, during which the following steps are performed: - load the hypervisor to intercept the system call handler; - modify the kernel structure of the operating system associated with calls to system functions, while the specified kernel structure of the operating system includes at least: a) a handler system calls; b) a system call table in which the call address of at least one system function is replaced by the call address of another function, while maintaining the original system call address tion; - intercepting a call the system call handler by using the hypervisor; - call another function of the replaced address in the system call table; - causes system function by preserving the original address.
Claims (1)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
RU2014139202/08A RU2585978C2 (en) | 2014-09-30 | 2014-09-30 | Method of invoking system functions in conditions of use of agents for protecting operating system kernel |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
RU2014139202/08A RU2585978C2 (en) | 2014-09-30 | 2014-09-30 | Method of invoking system functions in conditions of use of agents for protecting operating system kernel |
Publications (2)
Publication Number | Publication Date |
---|---|
RU2014139202A true RU2014139202A (en) | 2016-04-20 |
RU2585978C2 RU2585978C2 (en) | 2016-06-10 |
Family
ID=55789216
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
RU2014139202/08A RU2585978C2 (en) | 2014-09-30 | 2014-09-30 | Method of invoking system functions in conditions of use of agents for protecting operating system kernel |
Country Status (1)
Country | Link |
---|---|
RU (1) | RU2585978C2 (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
RU2634176C1 (en) * | 2016-07-29 | 2017-10-24 | Акционерное общество "Лаборатория Касперского" | System and method for detecting malware by intercepting access to information displayed to user |
RU2634168C1 (en) * | 2016-07-29 | 2017-10-24 | Акционерное общество "Лаборатория Касперского" | System and method for blocking access to protected applications |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7703081B1 (en) * | 2005-09-22 | 2010-04-20 | Symantec Corporation | Fast system call hooking on x86-64 bit windows XP platforms |
US8484734B1 (en) * | 2006-08-22 | 2013-07-09 | Trend Micro Incorporated | Application programming interface for antivirus applications |
US7996836B1 (en) * | 2006-12-29 | 2011-08-09 | Symantec Corporation | Using a hypervisor to provide computer security |
US8380987B2 (en) * | 2007-01-25 | 2013-02-19 | Microsoft Corporation | Protection agents and privilege modes |
US7765374B2 (en) * | 2007-01-25 | 2010-07-27 | Microsoft Corporation | Protecting operating-system resources |
-
2014
- 2014-09-30 RU RU2014139202/08A patent/RU2585978C2/en active
Also Published As
Publication number | Publication date |
---|---|
RU2585978C2 (en) | 2016-06-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CL2016002294A1 (en) | Parallel decision tree processor architecture. | |
CL2022000448A1 (en) | Autoinjector (divisional application no. 201903061) | |
CL2019002007A1 (en) | Cross-platform enclave identity. | |
BR112017008614A2 (en) | hardware accelerated virtual context switching | |
CL2016002023A1 (en) | "Compounds derived from benzoate-4- (amidoamino) - substituted with an oxazole dicarboxylic group, enteropeptidase inhibitors; pharmaceutical composition comprising them; and its use in the treatment of obesity and diabetes mellitus ”. pct | |
EA201791460A1 (en) | N4-HYDROXYCYTIDINE AND RELATED DERIVATIVES AND OPTIONS FOR ANTI-VIRUS APPLICATION | |
MX2022011695A (en) | Compounds for optically active devices. | |
MX2018003711A (en) | Mixing ring for dissolving a portion of solute in a portion of solvent, system and method for dissolve a portion of solute in a portion of solvent. | |
TWD178407S (en) | Washing machine | |
IL288057A (en) | Executing system calls in isolated address space in operating system kernel | |
BR112017002181A2 (en) | stackable shaped articles, and related methods and assemblies | |
MX2019009606A (en) | Bis-compounds for optically active devices. | |
EA202190708A1 (en) | EXPRESSION MODULATORS PNPLA3 | |
EA201892500A1 (en) | APPLICATION OF THE LIGNIN FRACTION AS AN ANTIFYTOPATOGENIC AGENT AND CONTAINING ITS ANTIFYTOPATOGENIC COMPOSITIONS | |
MX2017006709A (en) | Agent for preventing or improving symptoms caused by imbalance of sex hormones. | |
TR201819419T4 (en) | New tetrahydropyridopyrimidine compound or salt. | |
MX2020010269A (en) | Methods of treating ulcerative colitis. | |
MX360084B (en) | Shampoo composition comprising gel matrix and histidine. | |
CL2015003286A1 (en) | (cyano-dimethyl-methyl) - (isoxazoles and - [1, 3, 4] novel thiadiazoles | |
RU2014139202A (en) | The way to call system functions in the conditions of use of the kernel system protection | |
WO2017112292A3 (en) | Technologies for native code invocation using binary analysis | |
EA201792124A1 (en) | BIOTIN FOR THE TREATMENT OF AMIOTROPHIC LATERAL SCLEROSIS | |
CL2017002305A1 (en) | Declarative cascading reorganization for styles | |
CL2016002361A1 (en) | Compounds derived from azabenzofuran; pharmaceutical composition, and its use as inhibitors of the function of the ns5b protein of hcv for the treatment of hepatitis c. | |
GB2559660A8 (en) | Implementing service function chains |