Summary


We now have a rootkit that does the following:

  • Hides its device driver entry

  • Hides its configuration file

  • Hooks the operating system kernel

  • Hooks selected processes loaded by the operating system

  • Processes commands sent from user mode applications

  • Communicates with a remote controller

  • Filters network communication

  • Filters file system operations

  • Logs key presses

The threading and logging concepts detailed in this chapter can be applied to many of the previous chapters. Logging the system configuration, the current user, file and network filtered data, and forensic data can all be achieved using the techniques detailed in this chapter.

Our rootkit is just about as complete as a training example can be. However, it’s not really a rootkit unless it contains a few more forms of concealment. Though many of the concealment techniques introduced in the next chapter are easily detectable, they are nonetheless used extensively in most modern rootkits.




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net