C


C compiler, downloading a, 1

C# Visual Studio, installing, 120

CALL_DATA_STRUCT, members of, 63

callType, CALL_DATA_STRUCT, 63

CClientExtension, function, 219231

checkConnectionButton_Click, function, 262268

Checked DDK shell, using the, 5

checkPattern, function, 5463

cleanup, installation, 251254

client operations, functional groups for hooking, 39

Client Server Run Time (Csr), functional group, 39

CloseTDIConnection, function, 122130

CMessageEvents, function, 218231

code

commManager.c file, 122–133

commManager.h file, 121–122

configManager.c file, 14–15

configManager.h file, 13

ControlForm.cs file, 263–268

Controller.c file, 105–106

in data segment prevention technique, 299

directory hiding, 203–205

fileManager.c file, 17–19

fileManager.h file, 16

filterManager.c file, 142–145, 173–174

filterManager.h file, 142

Ghost.c file, 10–12, 33–36, 146–150, 172–173, 198

Ghost.h file, 10, 51

GhostTracker.cs file, 260–262

HideMe.c file, 206–210, 211

Hook Function, 31–33

hookManager.c file, 36–37, 55–63, 199–202

hookManager.h file, 37–38, 52–54, 198–199

injectManager.c file, 67–78

injectManager.h file, 63–66

installation, 246–247, 249–251, 251–254

IoManager.c file, 110–114, 154–166, 174

IoManager.h file, 106–107, 150–154

Kernel Memory Protection, 28–30

keyManager.c file, 176–184

keyManager.h file, 174–175

link library, 44–46

Listen.cs file, 271–272

Lotus Notes Client Extension testing, 242

LotusExtension.c file, 235–239

LotusExtension.def file, 240

LotusExtension.h file, 234

LotusExtension.mak file, 240

Mozilla Firefox installation, 249–251

Outlook Client Extension testing, 232

OutlookExtension.cpp file, 219–230

OutlookExtension.h file, 216–218

parse86.c file, 79–96

parse.c file, 79–96

parse.h file, 78

peFormat.h file, 97–99

readme.txt file, 241

registryManager.c file, 190–197

registryManager.h file, 188–189

SCMLoader.c file, 22

SCMUnloader.c file, 25

TargetController.cs file, 269–270

code (Basic Rootkit)

configManager.c file, 14–15

configManager.h file, 13

fileManager.c file, 17–19

fileManager.h file, 16

Ghost.c file, 10–12

SCMLoader.c file, 22

SCMUnloader.c file, 25

code (Communications)

commManager.c file, 122–133

commManager.h file, 121–122

code (Concealment)

Ghost.c file, 198

HideMe.c file, 206–210, 211

hookManager.c file, 199–202

hookManager.h file, 198–199

registryManager.c file, 190–197

registryManager.h file, 188–189

code (E-mail Filtering)

LotusExtension.c file, 235–239

LotusExtension.def file, 240

LotusExtension.h file, 234

LotusExtension.mak file, 240

OutlookExtension.cpp file, 219–230

OutlookExtension.h file, 216–218

readme.txt file, 241

code (Filter Drivers)

filterManager.c file, 142–145

filterManager.h file, 142

Ghost.c file, 146–150

IoManager.c file, 154–166

IoManager.h file, 150–154

code (Ghost Tracker)

ControlForm.cs file, 263–268

GhostTracker.cs file, 260–262

Listen.cs file, 271–272

TargetController.cs file, 269–270

code (I/O Processing)

Controller.cs file, 105–106

IoManager.c file, 110–114

IoManager.h file, 106–107

code (Kernel Hooks)

filterManager.c file, 173–174

Ghost.c file, 33–36

hookManager.c file, 36–37

hookManager.h file, 37–38

IoManager.c file, 174

keyManager.c file, 176–184

keyManager.h file, 174–175

code (Key Logging), Ghost.c file, 172173

code (User Hooks)

Ghost.c file, 51–52

Ghost.h file, 51

hookManager.c file, 55–63

hookManager.h file, 52–54

injectManager.c file, 67–78

injectManager.h file, 63–66

parse86.c file, 79–96

parse86.h file, 78

peFormat.h file, 97–99

combined filtering, diagrammed, 141

comint32.sys, rootkit/device driver, 21

comint32, debug statements and, 13

command

build, 25

ipconfig, 121

Command Prompt window, VCVARS32.BAT, 23

commManager.c file

code, 122–133

functions list, 122

used in Communications, 122–133

commManager.h file

code, 121–122

used in Communications, 121–122

Communications

code, 121–133

commManager.c file, 122–130

commManager.h file, 121–122

example, 120–133

initiating the connection, 120

running the example, 133–135

SOURCES, 130–131

summary, 135–136

Transport Driver Interface (TDI), 119–120

compiling, programs, 21, 2324

completion routine, keyboard I/O, 168

Compression and decompression operations, Rtl routine, 41

computer code. See code

Concealment

directory hiding, 203–205

directory hiding code, 203–205

Ghost.c file, 198

Ghost.c file code, 198

HideMe.c file code, 206–210, 211

hookManager.c file, 199–202

hookManager.c file code, 199–202

hookManager.h file, 198–199

hookManager.h file code, 198–199

overview, 187

process hiding, 205–211

registry key hiding, 187–202

registryManager.c file, 189–198

registryManager.c file code, 190–197

registryManager.h file, 188–189

registryManager.h file code, 188–189

summary, 212–213

testing, 211–212

configManager.c file, code, 1415

configManager.h file

code, 13

DriverEntry function, 13

configuration file

creating the, 23

diagrammed, 16

connection

initiating the, 120

rootkit controller, 257

Console Application, using the, 105114

Control categories, overview, 257

Control Panels, control category, 257

ControlForm

function, 262–268

overview, 273

rootkit remote controller implementation, 273

ControlForm.cs file

code, 263–268

functions list, 262

rootkit remote controller implementation, 262–268

controller

Control categories, 257

designing the, 256–257

determining the necessity of a, 255

interface, 256

Interface medium, 256

Summary view, 257

Controller.c file

code, 105–106

I/O Processing, 105–106

CreateFileW, function, 5051

CreateHiddenKeyIndices, function, 190198

createTrampoline, function, 6678

creating

a basic rootkit, 9–12

configuration files, 23

CrsNewThread, routine, 39

Csr (Client Server Run Time), functional group, 39

CsrCaptureMessageBuffer, routine, 39

CsrClientCallServer, routine, 39

CsrConnectClientToServer, routine, 39




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net