Can all antivirus programs detected malware that uses hooks?
- Thread starter Prayag
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Status
Probably you mean SSDT patching to perform API hooking within the kernel instead of the classic user mode hooking using remote threads and things like that.
SSDT hooking is as far as I know, the lowest level technique to replace/hook/intercept/whatever API and for this reason has been used for years both by malcoders and AV vendors.
But in 2005 Microsoft introduced a Kernel Patching Protection (also known as “PatchGuard”) for 64 bit systems, making this technique uneffective in the worst case or quite harder to perform in the average case.
SSDT hooking is as far as I know, the lowest level technique to replace/hook/intercept/whatever API and for this reason has been used for years both by malcoders and AV vendors.
But in 2005 Microsoft introduced a Kernel Patching Protection (also known as “PatchGuard”) for 64 bit systems, making this technique uneffective in the worst case or quite harder to perform in the average case.
- Status
You may also like...
-
-
Korean malware removal tool I have never heard about before- Started by Parkinsond
- Replies: 19
-
Entreprise Antivirus Comparative : Cylance - CrowdStrike - Cynet - DeepInstinct- Started by Shadowra
- Replies: 18
-
OmniDefender - New Antivirus Software 2025- Started by OsirisXD
- Replies: 184
