index_R | Rootkits: Subverting the Windows Kernel

< Day Day Up >

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [Z]

RaiseCPUIrqlAndWait function
Raw network manipulation
     binding to interfaces
     bouncing packets
     forging sources
     on Windows XP
     sending packets
     sniffing
Read-only table access
ReadFile function 2nd
Reading ports
Reboots
     from keyboard controllers
     surviving
recvfrom function
Registering
     for surviving reboot
     protocols
Registers
     control
     latching between
Registry
     for injecting DLLs into processes
     key detection
     operating system version queries in
RegOpenKeyEx function
RegQueryValue function
RegQueryValueEx function 2nd
Relative Virtual Addresses (RVAs)
Remote command and control 2nd
Remote servers
     connecting to
     sending data to
Remote shells
Remote threads
Reordering of instructions
REQINFO structure
Rerouting control flow
ResponseToArp function
Restarting rootkits
Returns, far
Ring Zero
Rings 2nd
RootkitDispatch function
RootkitRevealer tool
Rootkits
     and software exploits
     characteristics of
     detecting
         behavior detection
         guarding-the-doors approach
         looking for hooks
         scanning rooms
     for kernel
     history of
     legitimate uses of
     loading
     offensive technologies
     operation of
     purpose of
     restarting
     vs. exploits
     vs. viruses
RtlCopyMemory function
RtlGetVersion function
Run key
Runtime address fixups
Runtime patching
    detour. [See Detour patching]
     jump templates
     variations
RVAs [See Relative Virtual Addresses]

< Day Day Up >