Rootkits: Subverting the Windows Kernel

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [Z]

KeCurrentProcessorNumber function

KeGetCurrentIrql function KeInitializeDpc function KeInitializeEvent function 2nd

KeInsertQueueDpc function

KeNumberProcesses function

KeRaiseIrql function

KeReleaseSemaphore function kernel

     components of     decompressing .sys files

     fusion rootkits         file handles for         IRPs with         symbolic links for     hooking

         IDTs

         IRPs

         SSDTs

     introducing code into

     loading rootkits into

     logging debug statements

    NDIS TCP/IP support. [See NDIS interface]

     rootkit design for

     surviving reboots

    TDI TCP/IP support. [See TDI (Transport Data Interface) specification]

     Windows device drivers for

kernel mode

     for networking code

     self-determination Kernel modules, address ranges of

Kernel.dll file

Kernel's Processor Control Blocks (KPRCBs) 2nd

Kernel32.dll file

KeServiceDescriptorTable tables 2nd KeSetTargetProcessorDPC function KeSetTimerEx command

KeStallExecutionProcessor function 2nd KeWaitForSingleObject function 2nd Keyboard controller access     controller addressing

     for hard reboots     for keystroke monitoring     for LED indicators Keyboard sniffers     IRPs for     KLOG KEYBOARD_INPUT_DATA structures

Keypress events

Keyrelease events KiSystemService dispatcher 2nd KLOG rootkit

KPRCBs [See Kernel's Processor Control Blocks]

KPROCESS structure

KTHREAD structure

KUSER_SHARED_DATA memory area