{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T14:32:54Z","timestamp":1742913174170,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":22,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642030949"},{"type":"electronic","value":"9783642030956"}],"license":[{"start":{"date-parts":[[2009,1,1]],"date-time":"2009-01-01T00:00:00Z","timestamp":1230768000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009]]},"DOI":"10.1007\/978-3-642-03095-6_21","type":"book-chapter","created":{"date-parts":[[2009,7,30]],"date-time":"2009-07-30T17:40:55Z","timestamp":1248975655000},"page":"202-213","source":"Crossref","is-referenced-by-count":3,"title":["A New Windows Driver-Hidden Rootkit Based on Direct Kernel Object Manipulation"],"prefix":"10.1007","author":[{"given":"Woei-Jiunn","family":"Tsaur","sequence":"first","affiliation":[]},{"given":"Yuh-Chen","family":"Chen","sequence":"additional","affiliation":[]},{"given":"Being-Yu","family":"Tsai","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"21_CR1","unstructured":"Antirootkit (2009), http:\/\/www.antirootkit.com"},{"key":"21_CR2","unstructured":"Buster (2009), http:\/\/www.trendmicro.com\/"},{"key":"21_CR3","unstructured":"Keong, C.: Defeating Kernel Native API Hookers by Direct Service Dispatch Table Restoration. Technical Report, SIG2 G-TEC Lab (October 2004)"},{"key":"21_CR4","unstructured":"DarkSpy (2009), http:\/\/www.antirootkit.com\/software\/DarkSpy.htm"},{"issue":"1","key":"21_CR5","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1109\/MSP.2006.12","volume":"4","author":"E.W. Felten","year":"2006","unstructured":"Felten, E.W., Halderman, J.A.: Digital Rights Management, Spyware, and Security. IEEE Security & Privacy\u00a04(1), 18\u201323 (2006)","journal-title":"IEEE Security & Privacy"},{"key":"21_CR6","unstructured":"Florio, E.: When Malware Meets Rootkits. White Paper, Symantec (December 2005)"},{"key":"21_CR7","unstructured":"FUrootkit (2009), http:\/\/www.rootkit.com\/board_project_fused.php?did=proj12"},{"key":"21_CR8","doi-asserted-by":"crossref","unstructured":"Kim, G.H., Spafford, E.H.: The Design and Implementation of Tripwire: A File System Integrity Checker. In: Proceedings of the 2nd ACM Conference on Computer and Communications Security, pp. 18\u201329 (1994)","DOI":"10.1145\/191177.191183"},{"key":"21_CR9","unstructured":"Hunt, G., Brubacher, D.: Detours: Binary Interception of Win32 Functions. In: Proceedings of the Third USENIX Windows NT Symposium, pp. 135\u2013143 (1999)"},{"key":"21_CR10","unstructured":"VICE (2009), http:\/\/www.rootkit.com\/board_project_fused.php?did=proj20"},{"key":"21_CR11","unstructured":"Gmer (2009), http:\/\/www.gmer.net\/index.php"},{"key":"21_CR12","doi-asserted-by":"crossref","unstructured":"Bulter, J., Undercoffer, J.L., Pinkston, J.: Hidden Process: the Implication for Intrusion Detection. In: Proceedings of the IEEE International Workshop on Information Assurance, pp. 116\u2013121 (2003)","DOI":"10.1109\/SMCSIA.2003.1232409"},{"key":"21_CR13","unstructured":"Rutkowska, J.: Introducing Stealth Malware Taxonomy. Technical Report, Invisiblethings (November 2006)"},{"key":"21_CR14","unstructured":"Chian, K., Lloyd, L.: A Case Study of the Rustock Rootkit and Spam Bot. In: Proceedings of USENIX First Workshop on Hot Topics in Understanding Bonets (2007)"},{"key":"21_CR15","unstructured":"IceSword (2009), http:\/\/pjf.blogcn.com\/index.shtm"},{"key":"21_CR16","unstructured":"McAfee, Rootkits, Part 1 of 3: The Growing Threat, White Paper, McAfee (April 2006)"},{"key":"21_CR17","unstructured":"NTrootkit (2008), http:\/\/www.rootkit.com\/board_project_fused.php?did=proj11"},{"issue":"3","key":"21_CR18","first-page":"194","volume":"2","author":"P. Beaucamps","year":"2007","unstructured":"Beaucamps, P.: Advanced Polymorphic Techniques. International Journal of Computer Science\u00a02(3), 194\u2013205 (2007)","journal-title":"International Journal of Computer Science"},{"key":"21_CR19","unstructured":"RootkitRevealer (2009), http:\/\/technet.microsoft.com\/en-us\/sysinternals\/bb897445.aspx"},{"key":"21_CR20","unstructured":"Rootkit (2009), http:\/\/www.rootkit.com"},{"key":"21_CR21","unstructured":"Tucan (2009), http:\/\/www.pandasecurity.com\/"},{"key":"21_CR22","unstructured":"Unhooker (2009), http:\/\/www.antirootkit.com\/software\/RootKit-Unhooker.htm"}],"container-title":["Lecture Notes in Computer Science","Algorithms and Architectures for Parallel Processing"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-03095-6_21","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,11]],"date-time":"2025-02-11T15:45:09Z","timestamp":1739288709000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-03095-6_21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009]]},"ISBN":["9783642030949","9783642030956"],"references-count":22,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-03095-6_21","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2009]]}}}