< Day Day Up > |
Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [Z] Data bus DATA BYTE for keyboard ports DbgPrint statement DDK (Driver Development Kit) Debug statements, logging Debug View tool Decompressing .sys files Deferred Procedure Calls (DPCs) Descriptor checks Descriptor privilege levels (DPLs) DetermineOSVersion function Detour patching 2nd function byte checking in NonPagedPool memory for overwritten instruction tracking rerouting control flow runtime address fixups in DetourFunctionNtDevice IoControlFile function DetourFunctionSeAccessCheck function Device drivers. [See Drivers] Device IRQLs (DIRQLs) DEVICE_EXTENSION structure DeviceIoControl function 2nd DeviceTree utility 2nd Direct code-byte patching method Direct Kernel Object Manipulation (DKOM) benefits and drawbacks device driver communications hiding with device drivers processes synchronization issues operating system version determination process token privilege and group elevation with adding SIDs to tokens finding tokens log events in modifying tokens DIRQLs (Device IRQLs) Disguised TCP/IP protocols ASCII payloads in DNS requests in encryption in timing in traffic patterns in DISPATCH_LEVEL DispatchPassDown function DispatchRead function 2nd DKOM. [See Direct Kernel Object Manipulation (DKOM)] DLLs forwarding injecting into processes listing DNS (Domain Name Service) DPCs [See Deferred Procedure Calls] DPLs [See Descriptor Privilege Levels] DrainOutputBuffer function 2nd Driver Development Kit (DDK) Driver tables for IRPs DRIVER type DRIVER_OBJECT structure DriverEntry function detour patches device driver communication file filter drivers file handles I/O request packets IDTs jump templates kernel hooks keyboard LEDs keystroke monitors processes protocol registering runtime patching scancode mapping 2nd SSDT hooks symbolic links threads in 2nd Windows device drivers 2nd Drivers communicating with for introducing code into kernel for network operations hiding layered file filter keyboard sniffers KLOG rootkit for loading Windows. [See Windows device drivers] DriverUnload function |
< Day Day Up > |