GitHub - san-sei/KernelProcessMonitoring

ProcessHooking.sys

This is a rootkit system kerenel driver that will recive commands (program name/process ID) from user mode and will start monitoring programs activities by hooking System Call Table.

The result that is a graph will be written into a file and then will be used to extract malicuious behavior. The entire approach is detailed in my paper here. https://ieeexplore.ieee.org/document/8277225

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
.nuget		.nuget
ProcessHooking Package		ProcessHooking Package
ProcessHooking		ProcessHooking
UseDriver		UseDriver
Win7Debug		Win7Debug
CheckNt.xlsx		CheckNt.xlsx
ProcessHooking.sdf		ProcessHooking.sdf
ProcessHooking.sln		ProcessHooking.sln
ProcessHooking.v12.suo		ProcessHooking.v12.suo
ProcessHookingReadme.docx		ProcessHookingReadme.docx
README.md		README.md
Readme.pdf		Readme.pdf
~$CheckNt.xlsx		~$CheckNt.xlsx

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

About

Uh oh!

Releases

Packages

Uh oh!

Contributors 2

Uh oh!

Languages

san-sei/KernelProcessMonitoring

Folders and files

Latest commit

History

Repository files navigation

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors 2

Uh oh!

Languages

Packages