Rootkits: Subverting the Windows Kernel
| < Day Day Up > |
Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [Z] Packet pools Packets bouncing moving sending in host emulation with raw sockets Page Directory table Page frames Pageable drivers Paged in memory Paged out memory Pages, memory address translation for checks for 2nd multiple processes page directories checks entries 2nd multiple page tables directories entries lookups processes and threads in read-only access to Patching description runtime detour. [See Detour patching] jump templates variations PCI and PCMCIA device access PE [See Portable Executable] PEBs [See Process Environment Blocks] Pending status in NDIS Peripheral buses PIC [See Programmable Interrupt Controller]PIDs [See Process Identifiers] Portable Executable (PE) formatPorts for keyboard controller forging sources reading and writing Preambles Prefix method Print_keystroke function Privileges for tokens Process Environment Blocks (PEBs) Process ExplorerProcess Identifiers (PIDs) for remote threads in hybrid hooking in process detection 2nd Process tokens finding log events in modifying SIDs for Processes address space for hidden, detecting hiding 2nd 3rd in memory pages injecting DLLs into kernel management by listing, sources of logging scheduling vs. tasks Processors IDTs for in embedded systems Programmable Interrupt Controller (PIC) Promiscuous sniffing Protocol driver callbacks ProtocolCharacteristics structure Protocols disguised. [See Disguised TCP/IP protocols] registering PsCreateSystemThread function PsGetCurrentProcess function 2nd 3rd PsGetVersion function PsLoadedModuleResource function PspActiveProcessMutex function PspExitProcess function PsSetImageLoadNotifyRoutine function 2nd |
| < Day Day Up > |