Monitoring Windows Kernel's Services
ABSTRACT<br /> The kernel of Windows operating system provides high-level applications with the low-level functionality needed to perform system operations. This functionality referred to as system services. So, Controlling these services gives the ability to monitor and control important acti...
Saved in:
| Main Author: | |
|---|---|
| Format: | Book |
| Published: |
College of Education for Pure Sciences,
2010-09-01T00:00:00Z.
|
| Subjects: | |
| Online Access: | Connect to this object online. |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
MARC
| LEADER | 00000 am a22000003u 4500 | ||
|---|---|---|---|
| 001 | doaj_9f645eaad3c14396b6fbf0bbc068a340 | ||
| 042 | |a dc | ||
| 100 | 1 | 0 | |a Rawaa Putros Polos |e author |
| 245 | 0 | 0 | |a Monitoring Windows Kernel's Services |
| 260 | |b College of Education for Pure Sciences, |c 2010-09-01T00:00:00Z. | ||
| 500 | |a 1812-125X | ||
| 500 | |a 2664-2530 | ||
| 500 | |a 10.33899/edusj.2010.58404 | ||
| 520 | |a ABSTRACT<br /> The kernel of Windows operating system provides high-level applications with the low-level functionality needed to perform system operations. This functionality referred to as system services. So, Controlling these services gives the ability to monitor and control important activities of the operating system.<br /> This research presents kernel hooking technique that is one of the most efficient and used technique to achieve system services monitoring.<br /> The aim of the research is how the operating system can be programmatically monitored and controlled on a system-wide basis by means of kernel hooking.<br /> This technique was implemented in a device driver by accessing SSDT (System Service Descriptor Table) to gain the ability for manipulating and change number of effective kernel services for monitoring programs execution, deletion operations and processes termination in the system.<br /> The work has been run successfully on Windows XP SP2 and developed using DDK (Driver Development Kit) for device driver implementation and Visual C++ version 6.0 for application implementation.<br /> So, when the application is executed, programs execution, deletion, and processes termination operations have been controlled, and gives user the capability to permit performing these operations or canceling them. | ||
| 546 | |a AR | ||
| 546 | |a EN | ||
| 690 | |a windows kernel's services | ||
| 690 | |a kernel hooking | ||
| 690 | |a accessing ssdt (system service descriptor table) | ||
| 690 | |a ddk (driver development kit) | ||
| 690 | |a Education | ||
| 690 | |a L | ||
| 690 | |a Science (General) | ||
| 690 | |a Q1-390 | ||
| 655 | 7 | |a article |2 local | |
| 786 | 0 | |n مجلة التربية والعلم, Vol 23, Iss 3, Pp 116-129 (2010) | |
| 787 | 0 | |n https://edusj.mosuljournals.com/article_58404_275aae5d2ce1e1cdc3976e9d81014b59.pdf | |
| 787 | 0 | |n https://doaj.org/toc/1812-125X | |
| 787 | 0 | |n https://doaj.org/toc/2664-2530 | |
| 856 | 4 | 1 | |u https://doaj.org/article/9f645eaad3c14396b6fbf0bbc068a340 |z Connect to this object online. |