摘要 |
Systems and methods for computer security are provided. In one implementation, a computer-implemented method is provided. The method includes applying a hook to a kernel of an operating system, monitoring system calls made to the kernel using the hook, and injecting a new entry into a list of files assembled by a loader to create a new process when the hook identifies a create process system call. In another implementation, the method can further include initializing the injected new entry where the injected new entry is operable to examine process files prior to loading, examining the process files, and acting on the process according to a result of the examination.
|