An Example


GhostTracker is a C# .NET-based application. The project consists of four files and two forms. If you look at the source code for this project you’ll see more than four files, but only four of the files were created; the rest were auto-generated as part of the C# project creation process.

The four files are as follows:

  • GhostTracker.cs–This is the main file, containing the MainForm for the application.

  • ControlForm.cs–This file contains the control logic for the control panels.

  • TargetController.cs–This file contains the link logic for each connection.

  • Listen.cs–This file contains initial connection and process spawning logic.

The two forms are as follows:

  • GhostTracker–This is the main form shown when the application is started.

  • ControlForm–This is the control panel available for each connected rootkit.

The basic design, the GhostTracker threading model shown in Figure 12-1, implements a listener thread that spawns a TargetController for each incoming connection. The TargetController can display a ControlForm to control the connected rootkit. Control panels are launched by double-clicking a list entry from the MainForm.

image from book
Figure 12-1

The code follows.




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net