Table of Contents

 < Day Day Up > 

book cover
Rootkits: Subverting the Windows Kernel
By Greg Hoglund, James Butler
...............................................
Publisher: Addison Wesley Professional
Pub Date: July 22, 2005
ISBN: 0-321-29431-9
Pages: 352
 

Table of Contents  | Index


   Copyright
   Praise for Rootkits
   Preface
      Historical Background
      Target Audience
      Prerequisites
      Scope
   Acknowledgments
   About the Authors
   About the Cover
      Chapter 1.  Leave No Trace
      Understanding Attackers' Motives
      What Is a Rootkit?
      Why Do Rootkits Exist?
      How Long Have Rootkits Been Around?
      How Do Rootkits Work?
      What a Rootkit Is Not
      Rootkits and Software Exploits
      Offensive Rootkit Technologies
      Conclusion
      Chapter 2.  Subverting the Kernel
      Important Kernel Components
      Rootkit Design
      Introducing Code into the Kernel
      Building the Windows Device Driver
      Loading and Unloading the Driver
      Logging the Debug Statements
      Fusion Rootkits: Bridging User and Kernel Modes
      Loading the Rootkit
      Decompressing the .sys File from a Resource
      Surviving Reboot
      Conclusion
      Chapter 3.  The Hardware Connection
      Ring Zero
      Tables, Tables, and More Tables
      Memory Pages
      The Memory Descriptor Tables
      The Interrupt Descriptor Table
      The System Service Dispatch Table
      The Control Registers
      Multiprocessor Systems
      Conclusion
      Chapter 4.  The Age-Old Art of Hooking
      Userland Hooks
      Kernel Hooks
      A Hybrid Hooking Approach
      Conclusion
      Chapter 5.  Runtime Patching
      Detour Patching
      Jump Templates
      Variations on the Method
      Conclusion
      Chapter 6.  Layered Drivers
      A Keyboard Sniffer
      The KLOG Rootkit: A Walk-through
      File Filter Drivers
      Conclusion
      Chapter 7.  Direct Kernel Object Manipulation
      DKOM Benefits and Drawbacks
      Determining the Version of the Operating System
      Communicating with the Device Driver from Userland
      Hiding with DKOM
      Token Privilege and Group Elevation with DKOM
      Conclusion
      Chapter 8.  Hardware Manipulation
      Why Hardware?
      Modifying the Firmware
      Accessing the Hardware
      Example: Accessing the Keyboard Controller
      How Low Can You Go? Microcode Update
      Conclusion
      Chapter 9.  Covert Channels
      Remote Command, Control, and Exfiltration of Data
      Disguised TCP/IP Protocols
      Kernel TCP/IP Support for Your Rootkit Using TDI
      Raw Network Manipulation
      Kernel TCP/IP Support for Your Rootkit Using NDIS
      Host Emulation
      Conclusion
      Chapter 10.  Rootkit Detection
      Detecting Presence
      Detecting Behavior
      Conclusion
   Index
 < Day Day Up > 


Rootkits(c) Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
ISBN: 0321294319
EAN: 2147483647
Year: 2006
Pages: 111

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net