Rootkits: Subverting the Windows Kernel

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [Z]

MAC addresses

MAC interface Machine status word Major function pointers

MAKEFILE file

MAKELONG macro 2nd

Malicious code

Malicious modifications MappedSystemCallTable function

Mapping scancodesMDL [See Memory Descriptor Lists]

Memory Descriptor Lists (MDLs) Memory descriptor tablesMemory management     access restrictions 2nd     by kernel

     for SSDTs

Memory pages

     address translation for

     checks for 2nd

     multiple processes

    page directories

         checks

         entries 2nd

         multiple

    page tables

         directories

         entries

         lookups

     processes and threads in     read-only access to

Memory space for hooking

METHOD_BUFFERED function

METHOD_NEITHER function

Microcode updates Microsoft, bug fixes byMigbot rootkit

     loading drivers with     rerouting control flow using Minimal footprints Model-Specific Registers (MSRs)

Modifications     firmware     software 2nd     source-code     tokens MODULE_ENTRY structure 2nd MODULE_INFO structure

MODULE_INFORMATION structure

MODULEINFO structure Monitors, keystroke Morris Worm

Motives of attackers

Moving whole packets

MSRs (Model-Specific Registers)

Multiple page directories and processes in memory pages Multiprocessor systems

my_function_detour_ntdeviceiocontrolfile function 2nd my_function_detour_seaccesscheck function

MyImageLoadNotify function MyKiFastCallEntry function MyPassThru function