Method for bypassing detection of application layer of computer system
The invention provides a method for bypassing detection of an application layer of a computer system. The method comprises the following steps: enabling the application layer of the computer system to package function parameters needing to be called and transmit the function parameters to a driver;...
Saved in:
Main Author | |
---|---|
Format | Patent |
Language | Chinese English |
Published |
15.02.2022
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | The invention provides a method for bypassing detection of an application layer of a computer system. The method comprises the following steps: enabling the application layer of the computer system to package function parameters needing to be called and transmit the function parameters to a driver; driving and reading a dynamic link library ntdll.dll file, exporting an entry of a function needing to be called, and analyzing a calling number; reading a kernel file, and analyzing a system function call table; according to the call number and the system function call table, analyzing the address of the function needing to be called in the kernel; and calling the function needing to be called according to the address. According to the method, the purpose of bypassing detection of the application layer of the computer system when certain functions are called is achieved through drive communication, the method is achieved in a kernel mode, compared with an existing method, the method is more bottom-layer and diffic |
---|---|
Bibliography: | Application Number: CN202111404412 |