Summary


The rootkit detection methods detailed in this chapter should give the rootkit designer a good understanding of the constraints imposed by existing detection technology. Your particular deployment environment might not require anti-detection functionality, but many rootkits will need to incorporate some, if not all, of the detection prevention techniques detailed in this chapter. Specifically, this chapter shows you how to do the following:

  • Prevent the detection of kernel system call table hooks

  • Prevent the detection of kernel trampoline hooking

  • Prevent the detection of user mode hooks

  • Prevent the detection of process hiding

  • Prevent the detection of file and/or registry key hiding

  • Prevent the detection of alternate data streams

The next chapter further expands upon rootkit design considerations by including anti-rootkit technology. This is the software that prevents the initial loading and running of a rootkit, as opposed to the detection of an already implanted rootkit.




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net