P


parameters, CALL_DATA_STRUCT, 63

parse86.c file

code, 79–96

functions list, 78–79

parse86.h file

code, 78

functions list, 78

ParseRecipientList, function, 234239

parsing

PE formatted files, 97–99

x86 instructions, 96

payload

defined, 7

overview, 7–8

PE formatted files, parsing, 9799

peFormat.h file

code, 97–99

user hooks, 97–99

periodic status reporting, feedback, 244

persistence, installation, 245246

personal firewalls

free, 294

to purchase, 294–295

rootkit prevention, 293–295

Pfx (ANSI Prefix Manager), functional group, 4041

PfxFindPrefix, routine, 41

PfxInitialize, routine, 40

PfxInsertPrefix, routine, 41

PfxRemovePrefix, routine, 40

PGP Desktop

overview, 115–117

Professional version 9 download, 99

PGP encoding, using Ghost to block, 99100

PGP Monitor, Microsoft Windows 2000,XP, and, 2003, 101

piggybacked, defined, 289

Ping, function, 269270

pMyMDL

Ghost.c file variable, 33–36

hookManager.h file variable, 37–38

Policy Development, control category, 257

Policy Implementation, control category, 257

Port operations, Zw routine, 41

prevention. See rootkit prevention

privilege escalation, overview, 245

process creation detection, IceSword, 314

Process detection, IceSword, 313

process hiding

diagrammed, 206

HideMe.c file, 206–211

overview, 205–206

testing, 212

process injection

injectManager.c file and, 66–78

limitation of, 47

NewZwMapViewOfSection function, 47

overview, 43–44

trampoline function and, 49

process injection hook, beforeEncode, 6778

Process operations, Zw routine, 41

process termination detection, IceSword, 314

ProcessGuard, anti-rootkit software, 254

Processing exceptions, Rtl routine, 41

processing levels, key logging and, 167168

processInject, function, 6678

programming, injected function, 114

programs, compiling, 21, 2324

PsCreateSystemThread, function, 170

PsTerminateSystemThread, function, 170

PutFile, function, 1619, 20




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net