Check if a thread is using a hooked SSDT. More...
Public Member Functions | |
def | check (self) |
This check is True if any of the thread's SSDTs have hooked functions. More... | |
Public Member Functions inherited from volatility.plugins.malware.threads.AbstractThreadCheck | |
def | __init__ (self, thread, mods, mod_addrs, hooked_tables, found_by_scanner) |
def | check (self) |
Return True or False from this method. | |
Public Attributes | |
hooked_tables | |
Public Attributes inherited from volatility.plugins.malware.threads.AbstractThreadCheck | |
thread | |
mods | |
mod_addrs | |
hooked_tables | |
found_by_scanner | |
flags | |
Check if a thread is using a hooked SSDT.
def volatility.plugins.malware.threads.HookedSSDT.check | ( | self | ) |
This check is True if any of the thread's SSDTs have hooked functions.
If its True and the SSDT hooking module is legit, you can filter them out with –allow-hook.