Table of Contents

 < Day Day Up > 

book cover
Rootkits: Subverting the Windows Kernel
By Greg Hoglund, James Butler
Publisher: Addison Wesley Professional
Pub Date: July 22, 2005
ISBN: 0-321-29431-9
Pages: 352

Table of Contents  | Index

   Praise for Rootkits
      Historical Background
      Target Audience
   About the Authors
   About the Cover
      Chapter 1.  Leave No Trace
      Understanding Attackers' Motives
      What Is a Rootkit?
      Why Do Rootkits Exist?
      How Long Have Rootkits Been Around?
      How Do Rootkits Work?
      What a Rootkit Is Not
      Rootkits and Software Exploits
      Offensive Rootkit Technologies
      Chapter 2.  Subverting the Kernel
      Important Kernel Components
      Rootkit Design
      Introducing Code into the Kernel
      Building the Windows Device Driver
      Loading and Unloading the Driver
      Logging the Debug Statements
      Fusion Rootkits: Bridging User and Kernel Modes
      Loading the Rootkit
      Decompressing the .sys File from a Resource
      Surviving Reboot
      Chapter 3.  The Hardware Connection
      Ring Zero
      Tables, Tables, and More Tables
      Memory Pages
      The Memory Descriptor Tables
      The Interrupt Descriptor Table
      The System Service Dispatch Table
      The Control Registers
      Multiprocessor Systems
      Chapter 4.  The Age-Old Art of Hooking
      Userland Hooks
      Kernel Hooks
      A Hybrid Hooking Approach
      Chapter 5.  Runtime Patching
      Detour Patching
      Jump Templates
      Variations on the Method
      Chapter 6.  Layered Drivers
      A Keyboard Sniffer
      The KLOG Rootkit: A Walk-through
      File Filter Drivers
      Chapter 7.  Direct Kernel Object Manipulation
      DKOM Benefits and Drawbacks
      Determining the Version of the Operating System
      Communicating with the Device Driver from Userland
      Hiding with DKOM
      Token Privilege and Group Elevation with DKOM
      Chapter 8.  Hardware Manipulation
      Why Hardware?
      Modifying the Firmware
      Accessing the Hardware
      Example: Accessing the Keyboard Controller
      How Low Can You Go? Microcode Update
      Chapter 9.  Covert Channels
      Remote Command, Control, and Exfiltration of Data
      Disguised TCP/IP Protocols
      Kernel TCP/IP Support for Your Rootkit Using TDI
      Raw Network Manipulation
      Kernel TCP/IP Support for Your Rootkit Using NDIS
      Host Emulation
      Chapter 10.  Rootkit Detection
      Detecting Presence
      Detecting Behavior
 < Day Day Up > 

Rootkits(c) Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
ISBN: 0321294319
EAN: 2147483647
Year: 2006
Pages: 111

Similar book on Amazon © 2008-2017.
If you may any questions please contact us: