Summary


Many of the considerations detailed in this chapter are relevant to conventional software as well as rootkits. If you have designed and developed installation software, you have no doubt worked with many of the details presented here, but there are also details specific to rootkits that should be new to you, including the following:

  • Unintended installation

  • Privilege escalation

  • Installation persistence

  • ZwSetSystemInformation

  • Installation through exploitation

  • Installation cleanup

The next chapter presents a basic rootkit controller. Unlike installation techniques, which should be as uncoupled as possible from the rootkit itself, the rootkit controller should be considered an integral part of every rootkit design. Knowing how a rootkit will be controlled and what responses are expected from the rootkit will greatly influence both its design and implementation.




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net