Rootkits: Subverting the Windows Kernel - page 104
| < Day Day Up > |
Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [Z] Packet pools Packets bouncing moving sending in host emulation with raw sockets Page Directory table Page Pageable drivers Paged in memory Paged out memory Pages, memory address translation for checks for 2nd multiple processes page directories checks entries 2nd multiple page tables directories entries lookups processes and threads in read-only access to Patching description runtime detour. [See jump templates variations PCI and PCMCIA device access PE [See Portable Executable] PEBs [See Process Environment Blocks] Pending status in NDIS Peripheral buses PIC [See Programmable Interrupt Controller] PIDs [See Process Identifiers] Portable Executable (PE) format Ports for keyboard controller reading and writing Preambles Prefix method Print_keystroke function Privileges for tokens Process Environment Blocks (PEBs) Process Explorer Process Identifiers (PIDs) for remote threads in hybrid hooking in process detection 2nd Process tokens finding log events in modifying SIDs for Processes address space for hidden, detecting hiding 2nd 3rd in memory pages injecting DLLs into kernel management by listing, sources of logging scheduling vs. Processors IDTs for in embedded systems Programmable Interrupt Controller (PIC) Promiscuous sniffing Protocol driver callbacks ProtocolCharacteristics structure Protocols disguised. [See Disguised TCP/IP protocols] registering PsCreateSystemThread function PsGetCurrentProcess function 2nd 3rd PsGetVersion function PsLoadedModuleResource function PspActiveProcessMutex function PspExitProcess function PsSetImageLoadNotifyRoutine function 2nd |
| < Day Day Up > |
| < Day Day Up > |
Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [Z] RaiseCPUIrqlAndWait function Raw network manipulation binding to interfaces bouncing packets on Windows XP sending packets sniffing Read-only table access ReadFile function 2nd Reading ports Reboots from keyboard controllers surviving recvfrom function Registering for surviving reboot protocols Registers control latching between Registry for injecting DLLs into processes key detection operating system version queries in RegOpenKeyEx function RegQueryValue function RegQueryValueEx function 2nd Relative Virtual Addresses (RVAs) Remote command and control 2nd Remote servers connecting to sending data to Remote Remote threads Reordering of instructions REQINFO structure Rerouting control flow ResponseToArp function Restarting rootkits Returns, far Ring Zero Rings 2nd RootkitDispatch function RootkitRevealer tool Rootkits and software exploits characteristics of detecting behavior detection guarding-the-doors approach looking for hooks scanning rooms for kernel history of loading offensive technologies operation of purpose of restarting vs. exploits vs. viruses RtlCopyMemory function RtlGetVersion function Run key Runtime address fixups Runtime patching detour. [See jump templates variations RVAs [See Relative Virtual Addresses] |
| < Day Day Up > |
Similar products
Similar products
- Network Security Architectures
%dual-5-nbrchange: ip-eigrp(0) 1: neighbor 10.13.0.1 (tunnel1) is down: holding time expired - Network Security Architectures
Firewall at data center - CustomGuide Inc - Project 2003 Personal Trainer
The default view bar of project 2003 - Deploying Secure 802.11 Wireless Networks with Microsoft Windows
Peap-mschapv2 wireless ias - Microsoft SQL Server 2005 New Features
What is the core concept -bi is the cube or udm - Visual Basic 2005 Cookbook(c) Solutions for VB 2005 Programmers
Paint visual basic