Hooksafe information

This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages) This article has an unclear citation style. The references used may be made clearer with a different or consistent style of citation and footnoting. (January 2014) (Learn how and when to remove this message) This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Hooksafe" – news · newspapers · books · scholar · JSTOR (January 2014) (Learn how and when to remove this message) (Learn how and when to remove this message)

Hooksafe is a hypervisor-based lightweight system that protects an operating system's kernel hooks from rootkit attacks.^[1]

It prevents thousands of kernel hooks in the guest operating system from being hijacked. This is achieved by making a shadow copy of all the kernel hooks at one central place and adding an indirection layer on it to regulate attempts to access the hooks. A prototype of Hooksafe was used on a Linux guest and protected nearly 6000 kernel hooks.^[2][1] It focuses on protecting kernel control data that are function pointers. It provides large scale hook protection with small performance overhead^[3]