H


hardening

defined, 295

Samurai HIPS, 295–297

Heap operations, Rtl routine, 41

HideMe.c

code, 206–210, 211

file, 206–211

HOOK, macro, 3738

Hook Function

code, 31–33

defining a, 31–33, 47–48

Hook function, hookManager.c file, 3637

hookFunction, CALL_DATA_STRUCT, 63

HOOK_INDEX, macro, 3738

hooking, problems with, 42

HookKernel, function, 5463

hookManager.c file

checkPattern function, 55–63

code, 36–37, 55–63, 199–202

concealment, 199–202

findUnresolved function, 55–63

FreeKernelAddress function, 54–63

functions in, 54–55

functions list, 54–55

GetFunctionAddress function, 55–63

GetImageSize, function, 55–63

Hook function, 36–37

HookKernel function, 54–63

IsSameFile function, 54–63

IsSameString function, 54–63

kernel hooks, 36–37

MapKernelAddress function, 54–63

NewZwMapViewOfSection function, 36–37, 54–63

user hooks, 54–63

hookManager.h file

code, 37–38, 52–54, 198–199

concealment, 198–199

global variables, 37

kernel hooks, 37–38

KeServiceDescriptorTable, 37

NewZwMapViewOfSection, 37–38

ServiceDescriptorEntry, 37–38

user hooks, 52–54

HookTable, function, 6678

Host-based Intrusion Prevention Systems

blocking unexpected operations, 298

hardening, 295–297

virtualizing, 297




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net