Rootkits: Subverting the Windows Kernel

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [Z]

Far calls

Far jumps 2nd Far returns Fast call methods

FastIo function

FASTIOPRESENT macro

File filter drivers

File-hiding code FILE_FULL_EA_INFORMATION structure 2nd

Files     for Windows device drivers

     hidden, detecting     kernel access to FilterFastIoQueryStandardInfo function FindFirstFile functionFinding

    hooks

         address ranges in

         IAT

         inline

         IRP handler

         SSDT

     tokens

FindNextFile function

FindProcessEPROC function 2nd 3rd

FindProcessToken function

FindPsLoadedModuleList function

FindResource function

Firewalls

     bypassing     source port control by

Firmware 2nd

Flashable BIOS chips

FLINK member

     as process pointer     changing value of 2nd 3rd     offsets to

Forensic tools, bypassing Forging source ports Free build environments Function bytes, checking for

Fusion rootkits     file handles for     I/O Request Packets with     symbolic links for