Chapter 4. The Age-Old Art of Hooking

Previous page
Table of content
Next page
 < Day Day Up > 

How does the sea become the king of all streams?Because it lies lower than they!Hence it is the king of all streams.

LAO TZU

The two purposes of most rootkits are to allow continued access to the computer and to provide stealth for the intruder. To achieve these objectives, your rootkit must alter the execution path of the operating system or directly attack the data that stores information about processes, drivers, network connections, etc. Chapter 7, Direct Kernel Object Manipulation, discusses the latter approach. In this chapter, we will cover altering the execution path of important reporting functions provided by the operating system. We will begin with a discussion of simple userland hooks in a target process, then advance to covering more global kernel-level hooks. At the end of the chapter, we will present a hybrid method. Keep in mind that the goal is to intercept the normal execution flow and alter the information returned by the operating system's report-ing APIs.

     < Day Day Up > 

    Previous page
    Table of content
    Next page
    Rootkits(c) Subverting the Windows Kernel
    Rootkits: Subverting the Windows Kernel
    ISBN: 0321294319
    EAN: 2147483647
    Year: 2006
    Pages: 111
    Authors: Greg Hoglund, Jamie Butler
    BUY ON AMAZON
    Interprocess Communications in Linux: The Nooks and Crannies
    VBScript Programmers Reference
    Excel Scientific and Engineering Cookbook (Cookbooks (OReilly))
    File System Forensic Analysis
    Programming .Net Windows Applications
    Digital Character Animation 3 (No. 3)
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy