Process Hiding

Previous page
Table of content
Next page

Process hiding is accomplished by removing a specific process entry from the process link list, just as our rootkit is removed from the device driver link list. The implementation provided in this section uses the process ID to find a process in the process link list and then sets the link pointers to remove the desired process entry. This design requires the process to tell the rootkit its process ID. Fortunately, our rootkit already has a local command interface mechanism, so implementation of this functionality will only require slight modifications to existing files, although one new file will be required to test process hiding functionality. This file is aptly named HideMe.c. Process hiding is shown in Figure 9-1.

image from book
Figure 9-1



Previous page
Table of content
Next page
Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler
BUY ON AMAZON
Image Processing with LabVIEW and IMAQ Vision
Oracle Developer Forms Techniques
Cisco IOS Cookbook (Cookbooks (OReilly))
Special Edition Using Crystal Reports 10
DNS & BIND Cookbook
VBScript in a Nutshell, 2nd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy