Readme.txt
E-mail filtering implementation file, 232
E-mail filtering skeletal file, 216
readme.txt file
code, 241
E-mail Filtering, 241
Recipient Selection dialog box, 115–116
RegisterEntry, function, 234–239
Registry
backing up the, 211–212
modification risks, 211
settings installation, 247–248
registry key
detecting, 276
Ghost.c file, 198
hookManager.c file, 199–202
hookManager.h file, 198–199
registryManager.c file, 189–198
registryManager.h file, 188–189
testing, 212
Registry operations, Zw routine, 41
registry tamper detection, IceSword, 314
registryManager.c file
code, 190–197
concealment, 189–198
functions list, 189–190
registryManager.h file
code, 188–189
concealment, 188–189
RegistryMonitor
FileMonitor Versus, 305
freeware, 302–304
RegMon, utility, 2, 5–6
RegMon. See RegistryMonitor
Release, function, 218–231
removeFilter, function, 142–145
Reporting, control category, 257
resource functions, differentiated, 20
rootkit
adding an on/off switch to the, 104–114
building overview, 1–3
comint32.sys, 21
creating a basic, 9–12
dealing with a detected, 287–289
detection methods, 275–279
detection summary, 290
device driver, 9–15
environment diagrammed, 134
installing a, 21–25
loading/unloading the, 24
summary, 26
testing a, 26
toolkit overview, 3
verifying the presence of a, 287
rootkit controller
the connection, 257
ControlForm, 273
ControlForm.cs file, 262–268
the controller, 255–257
example, 258–273
GhostTracker form, 273
GhostTracker.cs file, 260–262
Listen.cs file, 270–272
tamper detection, 257–258
TargetController.cs file, 268–270
Rootkit Hook Analyzer
detection software, 282–283
freeware, 311–312
rootkit installation
SCMLoader.c, 22
SCMUnloader.c, 25
rootkit prevention
automatic updates, 292
blocking unexpected operations, 298
hardening, 295–297
host-based intrusion prevention systems, 295–298
operating system updates, 292
personal firewalls, 293–295
summary, 299–300
techniques, 298–299
virtualizing, 297
rootkit remote controller implementation, summary, 274
rootkit software, anti-, 254
rootkit tools, summary, 8
Rootkit Unhooker
freeware, 308–310
software, 288
RootkitRevealer
detection software, 280–281
freeware, 310
rootkits, preventing, 291–300
Rtl (Runtime Library), functional group, 41
RtlInitUnicodeString, definition of, 20
Runtime Library (Rtl), functional group, 41