Preventing code injection attack with hook in kernel mode
利用核心态钩挂技术防止代码注入攻击

To prevent code injection attack,it is necessary to monitor involved API(Application Programming Interface) by hooking them.Because there exists rigid process isolation in Windows NT,hooking these APIs must be done in kernel mode.A relatively simple way to do this was introduced.It is proved that in Windows XP the way to hook API in kernel mode can efficiently prevent code injection attack.