| 摘要 |
A system and a method for detecting/restoring modification of a service table, and a computer-readable recording medium storing a program thereof are provided to prevent leakage of user information or a wrong operation of a user terminal by checking the service table of a kernel area. An ntoskrnl.exe loader(100) loads ntoskrnl.exe to a memory area used for of the ntoskrnl.exe being installed to a computer at first, or a predetermined area of a physically or virtually separated memory. A current service table database(113) stores a service table value exported from the loaded ntoskrnl.exe. A service table comparator(110) periodically compares the current service table value with an original service table value previously stored in an original service table database(115). A table notifying part(120) notifies a user of difference if the current service table value is different from the original service table value. A service table restoring part(130) restores the current service table value with the original service table value after notification.
|
