K

Previous page
Table of content
Next page

KeInitializeSemaphore, function, 170

KeInitializeSpinLock, function, 170

Kerio Personal Firewall, overview, 294

kernel

call table hooking detection, 277

function hooking detection, 277

hooking problems, 42

Kernel Debugger, overview, 6

kernel hook prevention, prevention technique, 298

Kernel Hooks

basic components of, 31

code for defining a hook function, 31–33

code for kernel memory protection, 29–30

DriverUnload function, 34

example, 33–38

functional groups, 39–41

Ghost.c file code, 33–36

hookManager.c file, 36–37

hookManager.c file code, 36–37

hookManager.h file, 37–38

hookManager.h file code, 37–38

kernel hook functions, 31–33

kernel hook macros, 30–31

kernel memory protection, 28–31

problems with, 42

summary, 42

system service table, 27–28

Kernel (Ki), functional group, 40

kernel memory, scanning, 278

kernel mode device driver, wOpenFile, 20

kernel module detection, IceSword, 313

kernel system call table hook detection, IceSword, 314

kernel32Base variable, Ghost.c, 5152

kernel32.dll, Ghost.h, 5051

KeServiceDescriptorTable

hookManager.h file, 37–38

system call table, 27–30

KeWaitForSingleObject, function, 170

key code mapping, key processing versus, 171

key codes, interpreting, 170171

key logger

insertion diagram, 169

synchronization diagram, 170

Key Logging

example, 171–185

example testing, 185

filterManager.c file, 173–174

filterManager.c file code, 173–174

filterManager.h file, 174

Ghost.c file, 172–173

Ghost.c file code, 172–173

IoManager.c file, 174

IoManager.c file code, 174

IRP intercept method, 169–170

key codes, 170–171

keyboard filter, 168–170

keyManager.c file, 176–184

keyManager.c file code, 176–184

keyManager.h file, 174–175

keyManager.h file code, 174–175

processing levels, 167–168

SOURCES, 172

summary, 186

threading and synchronization, 170

key processing

diagram, 171

key code mapping versus, 171

keyboard filter, adding a, 168170

keyboard I/O, completion routine, 168

keyboardData global variable, key logging, 172173

KeyLoggerThread, function, 185

keyManager.c file

code, 176–184

key logging, 176–184

keyManager.h file

code, 174–175

key logging, 174–175

Ki (Kernel), functional group, 40

KiRaiseUserExceptionDispatcher, routine, 40

KiUserApcDispatcher, routine, 40

KiUserCallbackDispatcher, routine, 40

KiUserExceptionDispatcher, routine, 40

known good environment, defined, 276



Previous page
Table of content
Next page
Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
Qshell for iSeries
Network Security Architectures
Visual C# 2005 How to Program (2nd Edition)
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
What is Lean Six Sigma
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy