R


Readme.txt

E-mail filtering implementation file, 232

E-mail filtering skeletal file, 216

readme.txt file

code, 241

E-mail Filtering, 241

Recipient Selection dialog box, 115116

RegisterEntry, function, 234239

Registry

backing up the, 211–212

modification risks, 211

settings installation, 247–248

registry key

detecting, 276

Ghost.c file, 198

hookManager.c file, 199–202

hookManager.h file, 198–199

registryManager.c file, 189–198

registryManager.h file, 188–189

testing, 212

Registry operations, Zw routine, 41

registry tamper detection, IceSword, 314

registryManager.c file

code, 190–197

concealment, 189–198

functions list, 189–190

registryManager.h file

code, 188–189

concealment, 188–189

RegistryMonitor

FileMonitor Versus, 305

freeware, 302–304

RegMon, utility, 2, 56

RegMon. See RegistryMonitor

Release, function, 218231

removeFilter, function, 142145

Reporting, control category, 257

resource functions, differentiated, 20

rootkit

adding an on/off switch to the, 104–114

building overview, 1–3

comint32.sys, 21

creating a basic, 9–12

dealing with a detected, 287–289

detection methods, 275–279

detection summary, 290

device driver, 9–15

environment diagrammed, 134

installing a, 21–25

loading/unloading the, 24

summary, 26

testing a, 26

toolkit overview, 3

verifying the presence of a, 287

rootkit controller

the connection, 257

ControlForm, 273

ControlForm.cs file, 262–268

the controller, 255–257

example, 258–273

GhostTracker form, 273

GhostTracker.cs file, 260–262

Listen.cs file, 270–272

tamper detection, 257–258

TargetController.cs file, 268–270

Rootkit Hook Analyzer

detection software, 282–283

freeware, 311–312

rootkit installation

SCMLoader.c, 22

SCMUnloader.c, 25

rootkit prevention

automatic updates, 292

blocking unexpected operations, 298

hardening, 295–297

host-based intrusion prevention systems, 295–298

operating system updates, 292

personal firewalls, 293–295

summary, 299–300

techniques, 298–299

virtualizing, 297

rootkit remote controller implementation, summary, 274

rootkit software, anti-, 254

rootkit tools, summary, 8

Rootkit Unhooker

freeware, 308–310

software, 288

RootkitRevealer

detection software, 280–281

freeware, 310

rootkits, preventing, 291300

Rtl (Runtime Library), functional group, 41

RtlInitUnicodeString, definition of, 20

Runtime Library (Rtl), functional group, 41




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net