|
|
Profense SDK
-
Version
1.00
Simple APIs of Profense SDK include powerful
functions: multi
layer packet filter (transport layer and channel
layer), system services monitor (SDT monitor), IDT
monitor, GDT monitor, LDT monitor, registry and
filesystem access monitor, NT object manager
monitor, filesystem filtering interface, executive
objects monitor (processes and threads), executable
objects monitor (executable images and sections),
state-of-art hidden executive objects monitor
(SMM based), abnormal activity monitor (SMM based),
abnormal activity monitor (VMM based,
including VMX & SVM interfaces), executive objects
manipulation interface (using for hidden objects
in-memory heuristic search), Patch Guard manipulation
interface (using for internal purposes),
interface for search of non-exported symbols in kernel
environment, real-time instruction tracer
interface (using for catching suspicious interception
of system services), interface for heuristic
detection of exploits (any kind of exploits, Trojans
|