Professional Rootkits (Programmer to Programmer)

2017-07-07 02:10:07

Safe Mode, entering, 289–290

sample, building a, 6

Samurai, freeware, 307–308

Samurai HIPS, hardening techniques, 296–297

Save As dialog box, 115–116

Save PGP Zip As dialog box, 115–116

SaveAttachments, function, 234–239

SaveBody, function, 234–239

SaveRecipients, function, 234–239

scanning, kernel memory, 278

Scheduling, control category, 257

SCMLoader.c file

build environment problems, 23

code, 22

Debug View output, 24

VCVARS32.BAT file, 23

SCMUnloader.c file

build command, 25

code, 25

rootkit installation, 25

semaphore guarded linked list, threading and synchronization technique, 170

SendToRemoteController, function, 122–130

server operations, functional groups for hooking, 39

Service Control Manager, ZwSetSystem Information, 246–247

service descriptor table, overview, 27–28

service detection, IceSword, 314

service load prevention, prevention technique, 298

ServiceDescriptorEntry, hookManager.h file, 37–38

signature, defined, 248

software.

See also detection software

anti-rootkit, 254

detection, 279–287

InstallShield, 244, 287

intended installation, 243–244

MetaSploit, 8

ProcessGuard, 167–168

Strider GhostBuster, 280

Sophos Anti-Rootkit

detection software, 286–287

freeware, 315

SOURCES

Basic Rootkit, 20

Communications, 130–131

Filter Drivers, 166

Hooking the Kernel System Call Table, 33

I/O Processing, 112

Key Logging, 172

User Hooks, 50

SQL Server, integrating the, 5

stack execution prevention, prevention technique, 299

stackOffset, CALL_DATA_STRUCT, 63

Start, function, 268–270, 270–272

StartKeyLogger, function, 174, 185

Stdafx.cpp, E-mail filtering skeletal file, 216

Stdafx.h, E-mail filtering skeletal file, 216

Stop, function, 269–270, 270–272

StopKeyLogger, function, 185

Strider GhostBuster, detection software, 280

string functions, differentiated, 20

summaries

Basic Rootkit, 26

Communications, 135–136

Concealment, 212–213

E-mail Filtering, 242

Filter Drivers, 166

I/O Processing, 117–118

Installation Considerations, 254

Kernel Hooks, 42

Key Logging, 186

Rootkit Detection, 290, 299–300

Rootkit Remote Controller Implementation, 274

Rootkit Tools, 8

Tools, 8

User Hooks, 100–101

Summary view, overview, 257

SwapContext

overview, 278

Process Hiding Detection diagrammed, 279

Sygate Personal Firewall, overview, 294

Symantec/Norton Firewall, overview, 295

symbols, downloading, 2–3

synchronization, functions list, 170

synchronization functions, differentiated, 20

Sysinternals

Freeware downloads, 5–6

utilities, 2

system call table

diagrammed, 31

hooking diagrammed, 31

hooking the, 30–31

KeServiceDescriptorTable, 30

trap checks of the, 42

system service table, overview, 27–28

Категории