| 摘要 |
FIELD: information security.SUBSTANCE: invention relates to antivirus technologies, and more specifically to a method of creating handler system calls. According to one version, method of system function call, during which following steps are performed: loading hypervisor for interception of handler system calls. Modifying structure of operating system kernel, connected to system function call, said structure operating system kernel includes at least: a) a system call; b) system call table in which address of call is replaced with at least one system function call address on other function with maintaining original address system function call; intercepting system call handler call by hypervisor; calling another function at any replacement address in system call; calling system function on stored original address.EFFECT: technical result consists in a system function call in conditions of use of operating system kernel protection means.1 cl, 7 dwg |
