摘要 |
A method for protecting sound capture in a Windows multimedia system is provided to prevent data transferred to a kernel from being intercepted by hooking a multimedia API(Application Program Interface), as a technology for hiding an import table of an execution program to prevent multimedia API hooking and checking alternation of DLL(Dynamic Link Library) is used. Information for the DLL to be loaded is recorded to an import area of the execution file and the execution file finds the information from a DOS(Diskette Operating System) header(S30). A Windows NT(New Technology) header is found from the DOS header(S31). An import descriptor is found from a directory area of the NT header(S32). A name of the DLL to be loaded is found from the import descriptor(S33). The name of a function is found from a function information array appointed by the import descriptor(S34). Fake information is recorded for each founding step(S35).
|