{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,4,5]],"date-time":"2022-04-05T12:20:53Z","timestamp":1649161253833},"reference-count":31,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2008,7,10]],"date-time":"2008-07-10T00:00:00Z","timestamp":1215648000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["J Comput Virol"],"published-print":{"date-parts":[[2010,5]]},"DOI":"10.1007\/s11416-008-0091-3","type":"journal-article","created":{"date-parts":[[2008,7,9]],"date-time":"2008-07-09T05:59:37Z","timestamp":1215583177000},"page":"123-141","source":"Crossref","is-referenced-by-count":0,"title":["User-mode memory scanning on 32-bit & 64-bit windows"],"prefix":"10.1007","volume":"6","author":[{"given":"Eric Uday","family":"Kumar","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2008,7,10]]},"reference":[{"key":"91_CR1","unstructured":"90210: Process Hide. http:\/\/vx.netlux.org\/vx.php?id=ep12 (2004)"},{"key":"91_CR2","unstructured":"Barwise, M.: Quantity of malware booms. http:\/\/www.heise-security.co.uk\/news\/101764 (2008)"},{"key":"91_CR3","unstructured":"Bassov, A.: Entering the kernel without a driver and getting interrupt information from APIC. http:\/\/www.codeproject.com\/KB\/system\/soviet_kernel_hack.aspx?df=100&forumid=209018&exp=0&select=1480766&tid=1480766 (2005)"},{"key":"91_CR4","unstructured":"Crazylord: Playing with Windows \/dev\/(k)mem. http:\/\/www.fsl.cs.sunysb.edu\/~dquigley\/files\/vista_security\/p59-0x10_Playing_with_Windows_dev(k )mem.txt (2002)"},{"key":"91_CR5","unstructured":"Diamond CS: Advanced Process Termination. http:\/\/www.diamondcs.com.au\/advancedseries\/processkilltechniques.php (2005)"},{"key":"91_CR6","unstructured":"Evers, J.: Microsoft coughs up Vista APIs. http:\/\/news.zdnet.co.uk\/security\/0 ,1000000189,39285232,00.htm (2006)"},{"key":"91_CR7","unstructured":"Evers, J.: Windows PatchGuard hindering security. http:\/\/news.zdnet.co.uk\/software\/0 ,1000000121,39280753,00.htm (2006)"},{"key":"91_CR8","unstructured":"Fedotov, A.: Enumerating Windows Processes. http:\/\/www.alexfedotov.com\/articles\/enumproc.asp (2006)"},{"key":"91_CR9","unstructured":"Fedotov, A.: Processes and Threads Sample. http:\/\/www.alexfedotov.com\/samples\/threads.asp (2006)"},{"key":"91_CR10","unstructured":"Silberman, P., C.H.A.O.S.: FUTo. http:\/\/www.uninformed.org\/?v=3&a=7&t=sumry (2005)"},{"key":"91_CR11","unstructured":"Ionescu, A.: Subverting Windows 2003 SP1 Kernel Integrity Protection. http:\/\/www.alex-ionescu.com\/recon2k6.pdf (2006)"},{"key":"91_CR12","unstructured":"Ionescu, A.: Why protected processes are a bad idea. http:\/\/www.alex-ionescu.com\/?p=34 (2007)"},{"key":"91_CR13","unstructured":"Kath, R.: The Virtual-Memory Manager in Windows NT. http:\/\/msdn2.microsoft.com\/en-us\/library\/ms810616.aspx (1992)"},{"key":"91_CR14","unstructured":"Kerbs, B.: Microsoft releases Windows Malware stats. Retrieved 16 February, 2008, from http:\/\/blog.washingtonpost.com\/securityfix\/2006\/06\/microsoft_releases_malware_sta.html (2006)"},{"key":"91_CR15","unstructured":"Kumar, E.: Battle with the Unseen\u2014Understanding Rootkits on Windows. http:\/\/ericuday.googlepages.com\/EKumar_Rootkits.pdf (2006)"},{"key":"91_CR16","unstructured":"Microsoft MSDN documentation: Memory Limits for Windows Releases. http:\/\/msdn2.microsoft.com\/en-us\/library\/aa366778.aspx (2008)"},{"key":"91_CR17","unstructured":"Microsoft KB Article: How to Obtain a Handle to Any Process with SeDebugPrivilege, Q131065. http:\/\/support.microsoft.com\/kb\/131065 (2006)"},{"key":"91_CR18","unstructured":"Microsoft KB Article: Comparison of 32-bit and 64-bit memory architecture. http:\/\/support.microsoft.com\/?kbid=294418 (2007)"},{"key":"91_CR19","unstructured":"Nebbet, G.: Read kernel memory from user-mode using Kmem. http:\/\/catch22.net\/source\/ (2004)"},{"key":"91_CR20","unstructured":"Restrepo, T.: Enumerating 16-bit Processes under WinNT. http:\/\/www.winterdom.com\/dev\/ptk\/16bitproc.html (1998)"},{"key":"91_CR21","unstructured":"Russinovich, M. (2006). NT\u2019s \u201c\\dev\\kmem\\\u201d. http:\/\/technet.microsoft.com\/en-us\/sysinternals\/bb897446.aspx"},{"key":"91_CR22","unstructured":"Russinovich, M., Solomon, D.: Virtual to Physical address translation 32-bit and 64-bit (IA64 & x64), http:\/\/book.itzero.com\/read\/microsoft\/0507\/microsoft.press.microsoft.windows.internals.fourth.edition.dec.2004.internal.fixed.ebook-ddu_html\/0735619174\/ch07lev1sec5.html (2004)"},{"key":"91_CR23","unstructured":"Sanders, B.: Address space implementations in various 64\u00a0bit processors from Intel and AMD. http:\/\/members.shaw.ca\/bsanders\/WindowsGeneralWeb\/RAMVirtualMemoryPageFileEtc.htm (2007)"},{"key":"91_CR24","unstructured":"Schreiber, S.: Interfacing the native API in Windows 2000. http:\/\/www.informit.com\/articles\/article.aspx?p=22442&seqNum=5 (2001)"},{"key":"91_CR25","unstructured":"Skoudis, E.: 10 emerging malware trends for 2007. http:\/\/searchfinancialsecurity.techtarget.com\/tip\/0 ,289483,sid185_gci1294544,00.html (2007)"},{"key":"91_CR26","unstructured":"Solomon, D., Russinovich, M.: Microsoft \u00ae Windows\u00ae Internals. Fourth Edition: Microsoft Windows ServerTM 2003, Windows XP, and Windows 2000, pp. 420\u2013428. Microsoft Press. ISBN: 0735619174 (2004)"},{"key":"91_CR27","unstructured":"Sz\u00f6r, P.: Memory scanning under WinNT. http:\/\/www.peterszor.com\/memscannt.pdf (1999)"},{"key":"91_CR28","unstructured":"Talekar, N.: Faster Method to Enumerate Heaps on Windows. http:\/\/securityxploded.com\/enumheaps.php (2007)"},{"key":"91_CR29","unstructured":"Tan, C.: Defeating kernel native API hookers by direct Service Dispatch Table restoration. http:\/\/www.security.org.sg\/code\/sdtrestore.html (2004)"},{"key":"91_CR30","unstructured":"Viscarola, P.: Nt vs. Zw\u2014Clearing confusion on the native API. http:\/\/www.osronline.com\/article.cfm?id=257 (2003)"},{"key":"91_CR31","unstructured":"Vizjereij, X.: Module walker. http:\/\/www.runeforge.net\/node\/142 (2007)"}],"container-title":["Journal in Computer Virology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-008-0091-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11416-008-0091-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-008-0091-3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,1]],"date-time":"2019-06-01T10:45:42Z","timestamp":1559385942000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11416-008-0091-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,7,10]]},"references-count":31,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2010,5]]}},"alternative-id":["91"],"URL":"https:\/\/doi.org\/10.1007\/s11416-008-0091-3","relation":{},"ISSN":["1772-9890","1772-9904"],"issn-type":[{"value":"1772-9890","type":"print"},{"value":"1772-9904","type":"electronic"}],"subject":[],"published":{"date-parts":[[2008,7,10]]}}}