The Volatility Framework
Public Member Functions | Public Attributes | List of all members
volatility.plugins.malware.threads.HookedSSDT Class Reference

Check if a thread is using a hooked SSDT. More...

Inheritance diagram for volatility.plugins.malware.threads.HookedSSDT:
volatility.plugins.malware.threads.AbstractThreadCheck

Public Member Functions

def check (self)
 This check is True if any of the thread's SSDTs have hooked functions. More...
 
- Public Member Functions inherited from volatility.plugins.malware.threads.AbstractThreadCheck
def __init__ (self, thread, mods, mod_addrs, hooked_tables, found_by_scanner)
 
def check (self)
 Return True or False from this method.
 

Public Attributes

 hooked_tables
 
- Public Attributes inherited from volatility.plugins.malware.threads.AbstractThreadCheck
 thread
 
 mods
 
 mod_addrs
 
 hooked_tables
 
 found_by_scanner
 
 flags
 

Detailed Description

Check if a thread is using a hooked SSDT.

Member Function Documentation

def volatility.plugins.malware.threads.HookedSSDT.check (   self)

This check is True if any of the thread's SSDTs have hooked functions.

If its True and the SSDT hooking module is legit, you can filter them out with –allow-hook.

The documentation for this class was generated from the following file: