WO2008105596A1 - Method of preventing input keystroke data from hacking - Google Patents
Method of preventing input keystroke data from hacking Download PDFInfo
- Publication number
- WO2008105596A1 WO2008105596A1 PCT/KR2008/001006 KR2008001006W WO2008105596A1 WO 2008105596 A1 WO2008105596 A1 WO 2008105596A1 KR 2008001006 W KR2008001006 W KR 2008001006W WO 2008105596 A1 WO2008105596 A1 WO 2008105596A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- function
- event
- key input
- hacking
- virtual function
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
Definitions
- the present invention relates, in general, to a method of preventing hacking, and, more particularly, to a method of preventing the hacking of key input information, which is intended to protect the key input information from hacking tools.
- web browsers are not limited to simple information searching, but is trending toward expanding into fields of various credit-based services, including online shopping malls, online stock trading, and Internet banking.
- an object of the present invention is to provide a method of preventing the hacking of key input information, in which a predetermined function, for example, an error return function, is entered in place of an Invoke function for processing key input events among functions recorded in a virtual function table corresponding to an event sink installed by a Browser Helper Object (BHO) key logger, thereby being able to prevent key input information hooking for intercepting event information.
- a predetermined function for example, an error return function
- the present invention provides a method of preventing hacking of key input information, including a first step of duplicating a virtual function table for each of one or more event sinks, which are connected to one or more objects provided in a web browser; a second step of detecting a first function for processing key input events among functions registered in the duplicated virtual function table, and replacing the detected function with a second predetermined function; and a third step of entering an address of the duplicated virtual function table in a virtual function table pointer of the event sink.
- the address of a new virtual function table in which a predetermined function, for example, an error return function, is entered in a function for processing key input events among functions recorded in an original virtual function table, is recorded in the virtual function table point of an event sink installed by a BHO key logger, thereby preventing the hooking of key input information by the function of processing key input information.
- a predetermined function for example, an error return function
- the present invention has an advantage in that a function of processing key input information itself is replaced with another predetermined function, thereby fundamentally preventing the hacking of key input information.
- FIG. 1 is a diagram showing a typical event sink and the structure of a virtual function table
- FIG. 2 is a diagram showing the schematic construction of a user terminal to which the present invention is applied;
- FIG. 3 is a flowchart showing a method of preventing the hacking of key input Information according to a preferred embodiment of the present invention.
- FIG. 4 is a diagram showing the structure of the virtual function table of an event sink according to a preferred embodiment of the present invention.
- a Microsoft MSHTML library for processing HyperText Markup Language (HTML)
- HTML HyperText Markup Language
- COM Component Object Model
- client object provided with an outgoing interface for indicating events
- server object for supporting events
- a procedure of corresponding to the relevant event is performed, by the Invoke method of the client object is connected at the time of the occurrence of an event of the server object.
- a client object for processing events is referred to as an *event sink'
- a server object for supporting connection to such an event sink is referred to as a ⁇ connectable object' .
- a button object implements an incoming interface called IButton
- client object implements an outgoing interface called DButtonSink
- DButtonSink is provided with a method called OnClick.
- the button object When, in this state, the button object is clicked on, the button object searches for a connected event sink, searches for DButtonSink connected to the event sink, and then calls an Invoke method.
- the Invoke method of DButtonSink calls and executes an OnClick method corresponding to an event.
- the connectable object must implement four interfaces: IConnectionPointContainer, IConnectionPoint, IEnumConnectionPoints, and IEnumConnections .
- IConnectionPointContainer indicates that a relevant object is a connectable object, and provides a list of outgoing interfaces.
- IConnectionPoint indicates a single outgoing interface supported by an object, and connects an event sink to a server object using an Advise function.
- IEnumConnectionPoints indicates a list of all outgoing interfaces supported by a server object.
- IEnumConnections indicates a list of all event sinks connected to a single IConnectionPoint.
- a Browser Helper Object (BHO) key logger program creates an event sink for processing key input events, connects the event sink to a text input object, such as IHTMLInputTextElement, and hooks key input information.
- BHO Browser Helper Object
- a key logger program is registered in IConnectionPoint, connected to the text input window, as an event sink.
- the event sink is provided with a virtual function table (vtable) in which the addresses of member functions have been stored.
- the key logger program receives an event ID and an argument through an Invoke method, which is called when an event occurs in a text input window object, and acquires key input information through the keyCode value of IHTMLEventObj , which is transmitted as an argument in the case in which the event ID is a key input event (an OnKeypress event) .
- an OnKeypress event an OnKeypress event
- the address of a new virtual function table in which an Invoke function provided in an original virtual function table has been replaced with a predetermined function, for example, an error return function, is recorded in the virtual function table pointer of an event sink, so that the resulting function can be used, thereby preventing the hooking of key input information by a BHO key logger program.
- a predetermined function for example, an error return function
- the user terminal includes a control unit 100 and a memory unit 102.
- the control unit 100 duplicates the virtual function table of an event s ink which belongs to one or more event sinks connected to one or more objects provided in a web browser and in which a keyboard security control is not installed, and replaces the Invoke function of the virtual function table with a predetermined function, for example, an error return function.
- a predetermined function for example, an error return function.
- arguments resulting from the processing of the Invoke function that is, key input information
- the error return function is a function for returning a DISP_E_MEMBERNOTFOUND error. This error is a predictable error that is normally returned by the Invoke function when no member corresponding to the event is present in a class.
- the memory unit 102 stores various types of information, including the processing program of the control unit 100.
- the memory unit 102 stores a plurality of event sinks, provided in the user terminal, and virtual function tables (vtables) corresponding to respective event sinks.
- each of the event sinks is provided with a virtual function table pointer (vfptr) in which the address of its own virtual function table is entered.
- the control unit 100 obtains IConnectionPoint corresponding to an outgoing interface to be released from the IConnectionPointContainer of a connectable object, obtains IEnumConnections, indicating a list of currently connected event sinks, from the interface, and acquires a list of one or more event sinks connected to one or more objects currently provided in the web browser at step 200. When the list of event sinks is acquired, the control unit 100 selects any one event sink from among the event sinks at step 202.
- the control unit 100 checks whether the selected event sink is an event sink in which a keyboard security control has been installed at step 204.
- an event sink in which a keyboard security control has been installed is provided with an interface capable of providing notification of the state of being installed for security, the event sink is considered to be installed for security in the case in which the method of the interface sends an appropriate response .
- the control unit 100 creates a new virtual function table (new vtable) by duplicating the virtual function table of the relevant event sink at step 206, and enters a predetermined function, for example, an error return function, in place of the Invoke function of the duplicated virtual function table (new vtable) at step 208. Thereafter, the control unit 100 records the address of the duplicated virtual function table (new Vtable) in the vfptr (virtual function table pointer) of the relevant event sink at step 210.
- vfptr is a region in which the address of a virtual function table is stored.
- the value of vfptr is recorded so as to point to the address of the original virtual function table (original vtable) , thereby enabling the performance of an original operation.
- the address of a new virtual function table in which a predetermined function, for example, an error return function, has been entered in place of an Invoke function for processing input events among functions recorded in an original virtual function table, is recorded in the virtual function table pointer of an event sink, thereby preventing the hooking of key input information through the relevant event sink.
- a predetermined function for example, an error return function
- the control unit 100 checks whether the processing of all event sinks of the event sink list is completed at step 212.
- control unit 100 If the processing of aLl event sinks of the event sink list is not completed, the control unit 100 returns to step 202 and performs the processing of the next event sink. If the processing of all event sinks of the event sink list is completed, the control unit 100 terminates the process of preventing the hacking of key input information according to the present invention.
- the technology according to the present invention can prevent the hacking of key input information, it can be widely employed in the field of keyboard security.
Abstract
The present invention relates to a method for preventing the hacking of key input information. In the present invention, the address of a new virtual function table, in which a predetermined function, for example, an error return function, is entered in place of an Invoke function for processing key input events among functions recorded in an original virtual function table, is recorded in the virtual function table point of an event sink installed by a BHO key logger, thereby providing the advantage of fundamentally preventing the hacking of key input information.
Description
[DESCRIPTION]
[invention Title]
METHOD OF PREVENTING INPUT KEYSTROKE DATA FROM HACKING
[Technical Field]
The present invention relates, in general, to a method of preventing hacking, and, more particularly, to a method of preventing the hacking of key input information, which is intended to protect the key input information from hacking tools.
[Background Art]
Recently, with the development of computer hardware and network-based technology, various types of information exchange and information sharing are being actively performed between individuals and organizations/companies over the wired and wireless Internet.
The utilization of web browsers is not limited to simple information searching, but is trending toward expanding into fields of various credit-based services, including online shopping malls, online stock trading, and Internet banking.
However, behind the development of technology, the number of malicious hackers, who try to steal personal information, including credit information, exchanged
between individuals and organizations, and obtain profit using the stolen personal information, is rapidly increasing. Various illegal activities, committed by hackers, not only cause persons concerned to suffer losses, but also cause a serious problem disrupting the stability of today's credit-based society.
In general, such hackers use various hacking tools to achieve the malicious purpose of committing the hacking of personal information. Of the various hacking tools, key logger programs, which intercept signals generated by pressing the keyboard of a user computer, are widely used.
Technologies for protecting personal information from such key logger programs include Korean Patent Application No. 10-0496462, which was filed with the Korean Industrial Property Office. The technology for which a patent application was submitted discloses a method of inputting specific personal information by clicking a virtual keyboard, displayed on the screen of a user computer, using a mouse . The prior art technology enables user information to be input through the virtua] keyboard displayed on the screen, but has a problem in that user information may be stolen by monitoring the pointing coordinate information of the mouse. As a result, the development of technology for fundamentally preventing the hacking of key input information entered into a user' s computer is urgently
required.
[Disclosure] [Technical Problem]
Accordingly, the present invention has been made keeping in mind the above problems occurring in the prior art, and an object of the present invention is to provide a method of preventing the hacking of key input information, in which a predetermined function, for example, an error return function, is entered in place of an Invoke function for processing key input events among functions recorded in a virtual function table corresponding to an event sink installed by a Browser Helper Object (BHO) key logger, thereby being able to prevent key input information hooking for intercepting event information.
[Technical Solution]
In order to accomplish the above object, the present invention provides a method of preventing hacking of key input information, including a first step of duplicating a virtual function table for each of one or more event sinks, which are connected to one or more objects provided in a web browser; a second step of detecting a first function for processing key input events among functions registered in the duplicated virtual function table, and replacing the detected function with a second predetermined function; and a third step of entering an address of the duplicated
virtual function table in a virtual function table pointer of the event sink.
[Advantageous Effects]
According to the present invention, the address of a new virtual function table, in which a predetermined function, for example, an error return function, is entered in a function for processing key input events among functions recorded in an original virtual function table, is recorded in the virtual function table point of an event sink installed by a BHO key logger, thereby preventing the hooking of key input information by the function of processing key input information.
As described above, the present invention has an advantage in that a function of processing key input information itself is replaced with another predetermined function, thereby fundamentally preventing the hacking of key input information.
[Description of Drawings]
FIG. 1 is a diagram showing a typical event sink and the structure of a virtual function table;
FIG. 2 is a diagram showing the schematic construction of a user terminal to which the present invention is applied;
FIG. 3 is a flowchart showing a method of preventing the hacking of key input Information according to a
preferred embodiment of the present invention; and
FIG. 4 is a diagram showing the structure of the virtual function table of an event sink according to a preferred embodiment of the present invention.
[Best Mode]
In general, in Internet Explorer, a Microsoft MSHTML library, for processing HyperText Markup Language (HTML) , represents all HTML tags in the form of Component Object Model (COM) objects. When a client object, provided with an outgoing interface for indicating events, is connected to a server object for supporting events, a procedure of corresponding to the relevant event is performed, by the Invoke method of the client object is connected at the time of the occurrence of an event of the server object. A client object for processing events is referred to as an *event sink' , and a server object for supporting connection to such an event sink is referred to as a λconnectable object' . For example, it is assumed that a button object implements an incoming interface called IButton, a client object implements an outgoing interface called DButtonSink, and DButtonSink is provided with a method called OnClick.
When, in this state, the button object is clicked on, the button object searches for a connected event sink, searches for DButtonSink connected to the event sink, and
then calls an Invoke method. The Invoke method of DButtonSink calls and executes an OnClick method corresponding to an event.
The connectable object must implement four interfaces: IConnectionPointContainer, IConnectionPoint, IEnumConnectionPoints, and IEnumConnections .
IConnectionPointContainer indicates that a relevant object is a connectable object, and provides a list of outgoing interfaces. IConnectionPoint indicates a single outgoing interface supported by an object, and connects an event sink to a server object using an Advise function.
IEnumConnectionPoints indicates a list of all outgoing interfaces supported by a server object. IEnumConnections indicates a list of all event sinks connected to a single IConnectionPoint.
In general, a Browser Helper Object (BHO) key logger program creates an event sink for processing key input events, connects the event sink to a text input object, such as IHTMLInputTextElement, and hooks key input information.
In greater detail, referring to FIG. 1, a key logger program is registered in IConnectionPoint, connected to the text input window, as an event sink. The event sink is provided with a virtual function table (vtable) in which the addresses of member functions have been stored.
The key logger program receives an event ID and an argument through an Invoke method, which is called when an
event occurs in a text input window object, and acquires key input information through the keyCode value of IHTMLEventObj , which is transmitted as an argument in the case in which the event ID is a key input event (an OnKeypress event) . Although, in the above example, only the key input event of the text input window is shown, various events may be used for key logging.
As a result, in the present invention, the address of a new virtual function table, in which an Invoke function provided in an original virtual function table has been replaced with a predetermined function, for example, an error return function, is recorded in the virtual function table pointer of an event sink, so that the resulting function can be used, thereby preventing the hooking of key input information by a BHO key logger program.
The schematic construction of a user terminal to which the above-described present invention can be applied will be described with reference to FIG. 2 below.
The user terminal includes a control unit 100 and a memory unit 102.
The control unit 100, according to a preferred embodiment of the present invention, duplicates the virtual function table of an event s ink which belongs to one or more event sinks connected to one or more objects provided in a web browser and in which a keyboard security control is not installed, and replaces the Invoke function of the virtual function table with a predetermined function, for
example, an error return function. By doing so, arguments resulting from the processing of the Invoke function, that is, key input information, can be protected from hacking. Here, the error return function is a function for returning a DISP_E_MEMBERNOTFOUND error. This error is a predictable error that is normally returned by the Invoke function when no member corresponding to the event is present in a class.
The memory unit 102 stores various types of information, including the processing program of the control unit 100. In particular, the memory unit 102 stores a plurality of event sinks, provided in the user terminal, and virtual function tables (vtables) corresponding to respective event sinks. Here, each of the event sinks is provided with a virtual function table pointer (vfptr) in which the address of its own virtual function table is entered.
Now, a method of preventing the hacking of key input information according to a preferred embodiment of the present invention will be described in detail with reference to the flowchart of FIG. 3.
The control unit 100 obtains IConnectionPoint corresponding to an outgoing interface to be released from the IConnectionPointContainer of a connectable object, obtains IEnumConnections, indicating a list of currently connected event sinks, from the interface, and acquires a list of one or more event sinks connected to one or more objects currently provided in the web browser at step 200.
When the list of event sinks is acquired, the control unit 100 selects any one event sink from among the event sinks at step 202.
The control unit 100 checks whether the selected event sink is an event sink in which a keyboard security control has been installed at step 204. Here, since an event sink in which a keyboard security control has been installed is provided with an interface capable of providing notification of the state of being installed for security, the event sink is considered to be installed for security in the case in which the method of the interface sends an appropriate response .
If the event sink is not an event sink to which a keyboard security control is connected, the control unit 100, as shown in FIG. 4, creates a new virtual function table (new vtable) by duplicating the virtual function table of the relevant event sink at step 206, and enters a predetermined function, for example, an error return function, in place of the Invoke function of the duplicated virtual function table (new vtable) at step 208. Thereafter, the control unit 100 records the address of the duplicated virtual function table (new Vtable) in the vfptr (virtual function table pointer) of the relevant event sink at step 210. Here, vfptr is a region in which the address of a virtual function table is stored. Here, when the keyboard security according to a preferred embodiment of the present invention is released, the value of vfptr is
recorded so as to point to the address of the original virtual function table (original vtable) , thereby enabling the performance of an original operation.
As described above, according to the present invention, the address of a new virtual function table, in which a predetermined function, for example, an error return function, has been entered in place of an Invoke function for processing input events among functions recorded in an original virtual function table, is recorded in the virtual function table pointer of an event sink, thereby preventing the hooking of key input information through the relevant event sink.
If the processing of the event sink is completed, or it is determined at step 204 that the event sink is an event sink to which a keyboard security control is connected, the control unit 100 checks whether the processing of all event sinks of the event sink list is completed at step 212.
If the processing of aLl event sinks of the event sink list is not completed, the control unit 100 returns to step 202 and performs the processing of the next event sink. If the processing of all event sinks of the event sink list is completed, the control unit 100 terminates the process of preventing the hacking of key input information according to the present invention.
Although the present invention has been described in conjunction with the limited embodiments and drawings, the
present invention is not limited to the embodiments, but those skilled in the art to which the present invention pertains can make various modifications and variations based on the above description. Accordingly, it should be noted that the spirit of the present invention should be appreciated based only on the following claims, and that all equivalent modifications thereof fall within the scope of the spirit of the present invention.
[industrial Applicability]
Since the technology according to the present invention can prevent the hacking of key input information, it can be widely employed in the field of keyboard security.
Claims
[CLAIMS]
[Claim l]
A method of preventing hacking of key input information, comprising: a first step of duplicating a virtual function table for each of one or more event sinks, which are connected to one or more objects provided in a web browser; a second step of detecting a first function for processing key input events among functions registered in the duplicated virtual function table, and replacing the detected function with a second predetermined function; and a third step of entering an address of the duplicated virtual function table in a virtual function table pointer of the event sink.
[Claim 2]
The method as set forth in claim 1, wherein: the first function is an Invoke function; and the second function is an error return function.
[Claim 3] The method as set forth in claim 1, wherein information about the one or more event sinks that are connected to the one or more objects provided in the web browser is acquired through a connectable interface.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020070019637A KR100847248B1 (en) | 2007-02-27 | 2007-02-27 | Method of preventing input keystroke data from hacking |
KR10-2007-0019637 | 2007-02-27 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2008105596A1 true WO2008105596A1 (en) | 2008-09-04 |
Family
ID=39721408
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2008/001006 WO2008105596A1 (en) | 2007-02-27 | 2008-02-21 | Method of preventing input keystroke data from hacking |
Country Status (2)
Country | Link |
---|---|
KR (1) | KR100847248B1 (en) |
WO (1) | WO2008105596A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102081709A (en) * | 2009-12-01 | 2011-06-01 | 联想(北京)有限公司 | Method and device for disabling browser plug-in and terminal |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6718414B1 (en) * | 2000-03-08 | 2004-04-06 | Intel Corporation | Function modification in a write-protected operating system |
KR20040072044A (en) * | 2003-02-07 | 2004-08-16 | 킹스정보통신(주) | Computer security system using security input device driver |
KR100549647B1 (en) * | 2005-08-09 | 2006-02-06 | 소프트캠프(주) | Keboard in-put information security method |
US7171693B2 (en) * | 2000-05-12 | 2007-01-30 | Xtreamlok Pty Ltd | Information security method and system |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20010000260A (en) * | 2000-08-25 | 2001-01-05 | 박준상 | System and Method of authentication |
KR100745489B1 (en) * | 2005-07-19 | 2007-08-02 | 소프트포럼 주식회사 | Preventing method for hacking key input data |
-
2007
- 2007-02-27 KR KR1020070019637A patent/KR100847248B1/en active IP Right Grant
-
2008
- 2008-02-21 WO PCT/KR2008/001006 patent/WO2008105596A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6718414B1 (en) * | 2000-03-08 | 2004-04-06 | Intel Corporation | Function modification in a write-protected operating system |
US7171693B2 (en) * | 2000-05-12 | 2007-01-30 | Xtreamlok Pty Ltd | Information security method and system |
KR20040072044A (en) * | 2003-02-07 | 2004-08-16 | 킹스정보통신(주) | Computer security system using security input device driver |
KR100549647B1 (en) * | 2005-08-09 | 2006-02-06 | 소프트캠프(주) | Keboard in-put information security method |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102081709A (en) * | 2009-12-01 | 2011-06-01 | 联想(北京)有限公司 | Method and device for disabling browser plug-in and terminal |
Also Published As
Publication number | Publication date |
---|---|
KR100847248B1 (en) | 2008-07-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
AU2019219712B2 (en) | System and methods for identifying compromised personally identifiable information on the internet | |
US9607093B2 (en) | Method and system for operating multiple web pages with anti-spoofing protection | |
US7770002B2 (en) | Multi-factor authentication | |
US20090132579A1 (en) | Session audit manager and method | |
US20090125993A1 (en) | Method for protecting against keylogging of user information via an alternative input device | |
US8205260B2 (en) | Detection of window replacement by a malicious software program | |
US20070250738A1 (en) | Disaster recovery within secure environments | |
US7933971B2 (en) | Method for secure communication over a public data network via a terminal that is accessible to multiple users | |
CN100487643C (en) | Application window closuring method in response to event in parent window and system thereof | |
CN102831358B (en) | A kind of method and device preventing webpage tamper | |
US20100175136A1 (en) | System and method for security of sensitive information through a network connection | |
US20070118876A1 (en) | Methods, systems, and computer program products for reconfiguring an operational mode of an input interface based on a privacy level | |
US20080289035A1 (en) | Method and system for preventing password theft through unauthorized keylogging | |
US20080275843A1 (en) | Identifying an application user as a source of database activity | |
JP4908131B2 (en) | Display processing program, apparatus, and method of non-immediate processing existence possibility | |
US11468130B2 (en) | Data retrieval system and method | |
KR20060093932A (en) | Method that can secure keyboard key stroke using secure input filter driver and keyboard secure input bho of internet explorer in windows operating system | |
CN113949560B (en) | Network security identification method, device, server and storage medium | |
CN102664913B (en) | Method and device for webpage access control | |
US10489584B2 (en) | Local and global evaluation of multi-database system | |
WO2008105596A1 (en) | Method of preventing input keystroke data from hacking | |
JP2007034677A (en) | Directory information providing method, directory information providing device, directory information providing system and program | |
Yue et al. | SessionMagnifier: A simple approach to secure and convenient kiosk browsing | |
JPH11272613A (en) | User authentication method, recording medium stored with program for executing the method, and user authentication system using the method | |
KR20180065535A (en) | System and method for detecting kernel rootkit |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 08723044 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 08723044 Country of ref document: EP Kind code of ref document: A1 |