[novice]

Hello!

Can anybody give some introduction how hips systems can work from technical perspective?
I read on this forum that main av companies are making win32k.sys hooks. How it is achieved/can someone give an example of hooking win32k?
Thank you for any help.

mb

[rkhunter]

You can run anti-rootkit on system with HIPS installed, for example, Rku or Xuetr and look on system modifications.

[novice]

rkhuner,
Thank you. Well I would rather try to understand main mechanism of working hips systems, like is it preventing userland attacks or rather kernel or both?
BTW is there any good tutorial, or list of known usermode attacks? I mean how its realized how it is working etc?
Sorry, maybe my question seems to be stupid for you, but I'm new in this area, so I woul appreciate ANY links, tutorials and knowledge that you can give me..

THANK YOU!

[rkhunter]

Look topic http://www.kernelmode.info/forum/viewto ... =13&t=1098.