Professional Rootkits (Programmer to Programmer)

2017-07-07 02:10:07

Readme.txt

E-mail filtering implementation file, 232

E-mail filtering skeletal file, 216

readme.txt file

code, 241

E-mail Filtering, 241

Recipient Selection dialog box, 115–116

RegisterEntry, function, 234–239

Registry

backing up the, 211–212

modification risks, 211

settings installation, 247–248

registry key

detecting, 276

Ghost.c file, 198

hookManager.c file, 199–202

hookManager.h file, 198–199

registryManager.c file, 189–198

registryManager.h file, 188–189

testing, 212

Registry operations, Zw routine, 41

registry tamper detection, IceSword, 314

registryManager.c file

code, 190–197

concealment, 189–198

functions list, 189–190

registryManager.h file

code, 188–189

concealment, 188–189

RegistryMonitor

FileMonitor Versus, 305

freeware, 302–304

RegMon, utility, 2, 5–6

RegMon. See RegistryMonitor

Release, function, 218–231

removeFilter, function, 142–145

Reporting, control category, 257

resource functions, differentiated, 20

rootkit

adding an on/off switch to the, 104–114

building overview, 1–3

comint32.sys, 21

creating a basic, 9–12

dealing with a detected, 287–289

detection methods, 275–279

detection summary, 290

device driver, 9–15

environment diagrammed, 134

installing a, 21–25

loading/unloading the, 24

summary, 26

testing a, 26

toolkit overview, 3

verifying the presence of a, 287

rootkit controller

the connection, 257

ControlForm, 273

ControlForm.cs file, 262–268

the controller, 255–257

example, 258–273

GhostTracker form, 273

GhostTracker.cs file, 260–262

Listen.cs file, 270–272

tamper detection, 257–258

TargetController.cs file, 268–270

Rootkit Hook Analyzer

detection software, 282–283

freeware, 311–312

rootkit installation

SCMLoader.c, 22

SCMUnloader.c, 25

rootkit prevention

automatic updates, 292

blocking unexpected operations, 298

hardening, 295–297

host-based intrusion prevention systems, 295–298

operating system updates, 292

personal firewalls, 293–295

summary, 299–300

techniques, 298–299

virtualizing, 297

rootkit remote controller implementation, summary, 274

rootkit software, anti-, 254

rootkit tools, summary, 8

Rootkit Unhooker

freeware, 308–310

software, 288

RootkitRevealer

detection software, 280–281

freeware, 310

rootkits, preventing, 291–300

Rtl (Runtime Library), functional group, 41

RtlInitUnicodeString, definition of, 20

Runtime Library (Rtl), functional group, 41

Категории

Search