Rootkits: Subverting the Windows Kernel

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [Z]

HANDLE_TABLE structure

Hard reboots from keyboard controllers Hardware     access

         addresses in

         BIOS

         I/O bus

        keyboard controller. [See Keyboard controller access]         latching in

         PCI and PCMCIA devices         timing in

     control registers     firmware modifications     Interrupt Descriptor Tables     manipulating     memory descriptor tables

    memory pages. [See Memory pages]

     microcode updates

     multiprocessor systems

     Ring Zero

     system service descriptor tables

     tables for

Hardware reordering of instructions

Hashing

Hidden items, detecting

     files

     processes

Hiding

     processes 2nd 3rd

     with DKOM         device drivers

         processes

         synchronization issues

HIPS technology

Hlade's Law HOOK_SYSCALL macro HookDrive function

HookDriveSet function 2nd HookedDeviceControl function HookImportsOfImage function HookInterrupts function

HookKeyboard function Hooks     finding         address ranges in         IAT         inline         IRP handler

         SSDT

     hybrid approach     IAT 2nd     injecting DLLs into processes

     kernel

         IDTs

         IRPs

         SSDTs     looking for

     memory space for Host emulation

     ARP in     IP gateways in     MAC addresses in     packet transmissions in HTONL macro

HTONS macro

Hybrid hooking approach

HybridHook example

Hyper-threaded systems