registryManager.h


The file registryManager.h defines the three data structures and 12 functions required to implement registry key hiding. There is one KEY_HANDLE list. Each mapped key has one KEY_HANDLE entry containing one REG_KEY_DATA entry as well as one SUBKEY_DATA entry for every subkey of the given key. These subkey entries hold the key indices that will be passed back to the operating system. Key hiding is accomplished by aligning key indices to skip selected keys.

  // Copyright Ric Vieler, 2006 // Support header for registryManager.c #ifndef _REGISTRY_MANAGER_H_ #define _REGISTRY_MANAGER_H_ // key data structures typedef struct _KEY_HANDLE {  HANDLE  handle;  PVOID  keyData;  struct _KEY_HANDLE* previous;  struct _KEY_HANDLE* next; } KEY_HANDLE; typedef struct _SUBKEY_DATA { ULONG  subkeyIndex; ULONG  newIndex; struct _SUBKEY_DATA* next; } SUBKEY_DATA; typedef struct _REG_KEY_DATA { ULONG subkeys; SUBKEY_DATA* subkeyData; } REG_KEY_DATA; // implementation functions void InitializeKeyTracking(); void FreeKeyTrackingData(); KEY_HANDLE* FindKeyHandle( HANDLE hKey ); void AddNewKeyHandle( KEY_HANDLE* theNewTrack ); ULONG GetSubkeyCount( HANDLE hKey ); void FreeKeyHandle( HANDLE hKey ); KEY_HANDLE* AllocateKeyHandle( HANDLE hKey ); void AddIndices( KEY_HANDLE* pKeyHandle, ULONG index, ULONG newIndex ); SUBKEY_DATA* AdjustNextNewIndex( SUBKEY_DATA* pSubkeyData, int offset ); void AdjustIndices( KEY_HANDLE* pKeyHandle, int hiddenKeys ); ULONG GetNewIndex( HANDLE hKey, ULONG realIndex); int CreateHiddenKeyIndices( HANDLE hKey ); #endif 




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net