Professional Rootkits (Programmer to Programmer)

Zone Alarm Firewall, overview, 294

Zone Alarm Professional Firewall, overview, 295

Zw (File and Registry), functional group, 41

ZwMapViewOfSection

diagrammed, 44

Ghost.c, 34

hooking, 33

process injection, 43–44

trampoline process and, 49

ZwOpenFile kernel mode device driver, 20

ZwProtectVirtualMemory variable, Ghost.c file, 51–52

ZwSetSystemInformation, Service ControlManager, 246–247