GhostTracker is a C# .NET-based application. The project consists of four files and two forms. If you look at the source code for this project you’ll see more than four files, but only four of the files were created; the rest were auto-generated as part of the C# project creation process.
The four files are as follows:
GhostTracker.cs–This is the main file, containing the MainForm for the application.
ControlForm.cs–This file contains the control logic for the control panels.
TargetController.cs–This file contains the link logic for each connection.
Listen.cs–This file contains initial connection and process spawning logic.
The two forms are as follows:
GhostTracker–This is the main form shown when the application is started.
ControlForm–This is the control panel available for each connected rootkit.
The basic design, the GhostTracker threading model shown in Figure 12-1, implements a listener thread that spawns a TargetController for each incoming connection. The TargetController can display a ControlForm to control the connected rootkit. Control panels are launched by double-clicking a list entry from the MainForm.
The code follows.