Conclusion
| < Day Day Up > |
| In this chapter, we provided a lot of information about hooking tables of function pointers, both in userland and in the kernel. Kernel hooks are preferred, because if a detection/protection software suite is looking for your rootkit, you may employ all the power of the kernel to evade or defeat it. Kernel-level access provides a vast number of places to hide from or ways to defeat the enemy. Since stealth is a primary goal for your rootkit, filtering in some fashion is a must. Hooking is truly a dual-use technology. It is used by many public rootkits and other malicious software, but it is also used by anti-virus software and other host-protection products. |
| < Day Day Up > |
Rootkits: Subverting the Windows Kernel
ISBN: 0321294319
EAN: 2147483647
EAN: 2147483647
Year: 2006
Pages: 111
Pages: 111
Authors: Greg Hoglund, Jamie Butler
- ERP Systems Impact on Organizations
- ERP System Acquisition: A Process Model and Results From an Austrian Survey
- The Second Wave ERP Market: An Australian Viewpoint
- Enterprise Application Integration: New Solutions for a Solved Problem or a Challenging Research Field?
- Healthcare Information: From Administrative to Practice Databases
- Chapter III Two Models of Online Patronage: Why Do Consumers Shop on the Internet?
- Chapter VII Objective and Perceived Complexity and Their Impacts on Internet Communication
- Chapter IX Extrinsic Plus Intrinsic Human Factors Influencing the Web Usage
- Chapter XIV Product Catalog and Shopping Cart Effective Design
- Chapter XVI Turning Web Surfers into Loyal Customers: Cognitive Lock-In Through Interface Design and Web Site Usability