General structure of an anti virus product

General structure of an anti virus product
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
General structure of an anti virus product Vicks 01-18-2006
Posted by Vicks on January 18, 2006, 1:00 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi All,

This is my first question to this group. Can someone please help me to
understand how does antivirus product basically work in kernel mode.
I mean in kernel mode how and when does it scans the binary. Which User
and kernel mode APIs does it hook to implement its functionality.

When does the driver gets loaded during the booting up of system.

Any Info would be a great help.


Posted by Scherbina Vladimir on January 18, 2006, 4:29 am
If you were  Registered and logged in, you could reply and use other advanced thread options
It usually hooks SDT. SDT is a service discriptor table - a table that
contains addresses of system calls.

This is not documented mechanism to implement hooking, so it's prone to
BSOD's. Google for details.

--
Vladimir

> Hi All,
>
> This is my first question to this group. Can someone please help me to
> understand how does antivirus product basically work in kernel mode.
> I mean in kernel mode how and when does it scans the binary. Which User
> and kernel mode APIs does it hook to implement its functionality.
>
> When does the driver gets loaded during the booting up of system.
>
> Any Info would be a great help.
>



Similar ThreadsPosted
One more "Fake" Anti-Malware product-"eAntivirusPro" September 18, 2008, 7:08 am
Looking for comments on VTE AV Product February 9, 2007, 4:01 am
free anti virus,anti spam, anti spyware softwares April 7, 2006, 7:01 am
PC Pitstop Exterminate - Anti-Spyware, Anti-Malware, Anti-Virus December 7, 2008, 10:40 am
Needing an enterprise product installable on Windows XP or 2003 that can scan Apple Mac's July 17, 2008, 7:21 pm
advice on anti-virus, anti-trojan software May 12, 2008, 7:35 am
HELP: Virus is preventing me from installing anti virus software!! January 11, 2007, 2:17 am
I have a virus that uses "anti virus software" downloads as a cover up March 24, 2007, 1:40 pm
I have a worm or virus that does not allow me to go to ANY anti-virus website January 28, 2006, 10:29 pm
Best Anti-virus? February 8, 2007, 10:42 am

The site map in XML format XML site map

Contact Us | Privacy Policy