Professional Rootkits (Programmer to Programmer)

UNHOOK, macro, 37–38

Unicode string

FileName, 20

specifier for a, 47

unintended installation, overview, 245

unloading, the rootkit, 24

Updates, control category, 257

User Hooks

code for finding a specific dynamic link library, 44–46

example, 50–99

finding a specific library, 44–49

Ghost.h file, 50–51

Ghost.h file code, 51

hookManager.c file, 54–63

hookManager.c file code, 55–63

hookManager.h file, 52–54

hookManager.h file code, 52–54

injectManager.c file, 66–78

injectManager.c file code, 67–78

injectManager.h file, 63–66

injectManager.h file code, 63–66

parse86.c file, 78–96

parse86.c file code, 79–96

parse86.h file, 78

parse86.h file code, 78

peFormat.h file, 97–99

peFormat.h file code, 97–99

process injection, 43–44

SOURCES, 50

summary, 100–101

using Ghost to block PGP encoding, 99–100