Conclusion

Previous page
Table of content
Next page
 < Day Day Up > 

In this chapter, you learned how to modify some of the very objects the kernel relies upon for its bookkeeping and reporting. Your rootkit can now hide a process and modify its access privileges so that when you return you have all the power of System. These DKOM tricks are very difficult to detect and extremely powerful! However, they also provide ample opportunity to crash the whole machine.

DKOM is not limited to just the uses presented here. You could also use DKOM to hide network ports by modifying the tables of open ports maintained by TCPIP.SYS for bookkeeping, to name just one example.

When seeking to modify kernel objects and reverse engineer where they are used, SoftIce, WinDbg, IDA Pro, and the Microsoft Symbol Server are invaluable tools.

     < Day Day Up > 

    Previous page
    Table of content
    Next page
    Rootkits(c) Subverting the Windows Kernel
    Rootkits: Subverting the Windows Kernel
    ISBN: 0321294319
    EAN: 2147483647
    Year: 2006
    Pages: 111
    Authors: Greg Hoglund, Jamie Butler
    BUY ON AMAZON
    Inside Network Security Assessment: Guarding Your IT Infrastructure
    Snort Cookbook
    Documenting Software Architectures: Views and Beyond
    Cisco IOS Cookbook (Cookbooks (OReilly))
    Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
    Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy