Summary

Previous page
Table of content
Next page

The rootkit detection methods detailed in this chapter should give the rootkit designer a good understanding of the constraints imposed by existing detection technology. Your particular deployment environment might not require anti-detection functionality, but many rootkits will need to incorporate some, if not all, of the detection prevention techniques detailed in this chapter. Specifically, this chapter shows you how to do the following:

  • Prevent the detection of kernel system call table hooks

  • Prevent the detection of kernel trampoline hooking

  • Prevent the detection of user mode hooks

  • Prevent the detection of process hiding

  • Prevent the detection of file and/or registry key hiding

  • Prevent the detection of alternate data streams

The next chapter further expands upon rootkit design considerations by including anti-rootkit technology. This is the software that prevents the initial loading and running of a rootkit, as opposed to the detection of an already implanted rootkit.



Previous page
Table of content
Next page
Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler
BUY ON AMAZON
CISSP Exam Cram 2
Adobe After Effects 7.0 Studio Techniques
Documenting Software Architectures: Views and Beyond
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
The Java Tutorial: A Short Course on the Basics, 4th Edition
Java All-In-One Desk Reference For Dummies
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy