BEST Platform
 | |
| Original author(s) | Eugene Balabanov |
|---|---|
| Developer(s) | SmartTec LLС |
| Engine | |
| Type | Security software |
| Website | www |
Search BEST Platform on Amazon.
Balabanov Eugene’s Secrutiy Toolkit is aimed to simplify development of security-related software such as system monitors, antiviral software or file management software. The kit consists of a kernel mode driver , a proxy dll and a user mode service. The service is able to load plugins which are to implement desired business logic. BEST platform is functionally divided into following components:
File System Monitor[edit]
This component intercepts the following file system operations : CREATE/OPEN of a file , LOADing and UNLOADing of executable modules , DELETion of files and directories, CLOSing of files, and enumerating of directories contents. FSSDK user is able to monitor , allow or deny all of mentioned operations. It is also possible to redirect OPEN/CREATE request to any subdirectory in order to implement sand box functionality
Registry Monitor[edit]
This component intercepts almost all registry related operations such as opening , creating and deleting a key or value. It is also possible to redirect registry operations to a given subkey, thus, implementing a sandbox in a similar to file system monitor way
Process Monitor[edit]
This component monitors creation and termination of processes in the system. It is possible to monitor loading and unloading of processes, however, there is no way to prevent a process from loading using this component. User should use File System Monitor for preventing modules from being loaded
Generic API intercepting engine[edit]
This component works in conjunction with Process Monitor and enables any plugin to register its own system-wide interceptors of user-mode API functions. Due to Patch Guard introduction in 64 bit versions of Windows, it is no longer possible to intercept a big majority of system services directly in kernel, so this mechanism is designed to achieve this goal. Nevertheless the intercepting DLL is a user-mode module, it is to be forcibly injected into appropriate processes address space from kernel on behalf of BEST platform. This mechanism is available through IFileSystemService interface, via CallService method. However, this interface is reserved for use by SmartTech only and isn’t covered by this documentation
See also[edit]
This article "BEST Platform" is from Wikipedia. The list of its authors can be seen in its historical. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.
