×

Rootkit scanning system, method, and computer program product

  • US 8,370,941 B1
  • Filed: 05/06/2008
  • Issued: 02/05/2013
  • Est. Priority Date: 05/06/2008
  • Status: Active Grant
First Claim
Patent Images

1. A computer program product embodied on a non-transitory computer readable medium for performing operations, comprising:

  • traversing a chain of hooks, the chain of hooks including a plurality of hooks in which a succeeding hook is called by a previous hook in the chain, each hook having an associated calling address;

    identifying code, based on the traversal of the chain of hooks, by identifying that the calling address is associated with the code;

    determining that the chain of hooks is associated with at least one detour, which involves a redirection from an intended destination of a computer to a different location that points to the code;

    scanning the code identified by the traversing of the chain of hooks for at least one rootkit, which includes malicious code, wherein the scanning includes a comparison activity associated with a plurality of signatures associated with a plurality of rootkits;

    restoring the hook from pointing to the detour to pointing to the intended destination of the computer;

    determining whether the at least one detour is destined for at least one additional detour; and

    traversing the at least one additional detour, based on the determination.

View all claims
  • 10 Assignments
Timeline View
Assignment View
    ×
    ×