Re: General structure of an anti virus product

---

• From: "Scherbina Vladimir" <vladimir.scherbina@xxxxxxxxx>
• Date: Wed, 18 Jan 2006 11:29:53 +0200

---

It usually hooks SDT. SDT is a service discriptor table - a table that
contains addresses of system calls.

This is not documented mechanism to implement hooking, so it's prone to
BSOD's. Google for details.

--
Vladimir

"Vicks" <vihag007@xxxxxxxxx> wrote in message
news:1137564004.721045.200150@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Hi All,
>
> This is my first question to this group. Can someone please help me to
> understand how does antivirus product basically work in kernel mode.
> I mean in kernel mode how and when does it scans the binary. Which User
> and kernel mode APIs does it hook to implement its functionality.
>
> When does the driver gets loaded during the booting up of system.
>
> Any Info would be a great help.
>


.

---

• References:
  • General structure of an anti virus product
    • From: Vicks

• Prev by Date: Re: BSOD possible Virus Issue
• Next by Date: Re: NAV 6
• Previous by thread: General structure of an anti virus product
• Next by thread: BSOD possible Virus Issue
• Index(es):
  • Date
  • Thread

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)