http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php

Hope that Symantec will be the first one to solve this problem!

Regards，

Jia

i've reprinted this on bbs.kafan.cn several replies got,one of them is made by Flowercode: In simple words to say is that there were a problem called Time-of-check-to-time-of-use which TOCTOU for short. It means that maybe it will be check ok when program passing an argument in to it ,but the parameter could be changed after you checked and ready to use ,and when you start to use it,the parameter is no longer the one you want. That's why guys work for Microsoft will "try" in the first place when writing code;then ProbeForRead for second;CaptureXxx is third,and there are Critical Section or Raise IRQL before and after important chech steps. Nowadays engineers writing secure drivers,barely hear about TOCTOU,so don't expect they would pay attention on this. TOCTOU attack needs a little luck to succeed,with mainstream configuration of PC,if keep attacking maybe succeed within 1 or 2 minutes.