Professional Rootkits (Programmer to Programmer)

macros, hooking, 30–31, 37–38

Main, function, 260–262

MainEntryPoint, function, 232, 234–239

MainForm, function, 260–262

MAKEFILE file, content of, 20

makeWritable, function, 66–78

Manipulating data types, Rtl routine, 41

Manipulating memory, Rtl routine, 41

MapKernelAddress, function, 54–63

mapping functions, differentiated, 20

MASTER_FILE, ADS location, 16

MDLFlags, Memory Descriptor List (MDL) and, 29–30

Memory Descriptor List (MDL)

defined, 28

diagrammed, 28

MDLFlags and, 29–30

ntddk.h, 28–29

using, 28–30

memory scanning, overview, 278

message hook detection, IceSword, 314

MetaSploit software, using, 8

Microsoft, website, 1–2

Microsoft Driver Development Kit (DDK)

downloading the, 1–2

installing the, 4

shortcuts, 4–5

verifying the, 6

Microsoft MSDN subscription, necessity of having a, 1–2

Microsoft Outlook

E-mail filtering overview, 215–216

installing an Outlook client filter, 231

OutlookExtension.cpp file, 218–231

OutlookExtension.h file, 216–218

testing the Outlook client extension, 231–232

Microsoft Visual C++ 2005 Express

downloading, 2

installing, 5

verifying, 6

Microsoft Windows 2000, XP, and 2003, PGP Monitor, 101

modifying, environment variables, 23

Monitor History, control category, 257

Monitor Status, control category, 257

Mozilla Firefox, installation technique for, 249–251

MSDN, integrating, 5