Safe Mode, entering, 289–290
sample, building a, 6
Samurai, freeware, 307–308
Samurai HIPS, hardening techniques, 296–297
Save As dialog box, 115–116
Save PGP Zip As dialog box, 115–116
SaveAttachments, function, 234–239
SaveBody, function, 234–239
SaveRecipients, function, 234–239
scanning, kernel memory, 278
Scheduling, control category, 257
SCMLoader.c file
build environment problems, 23
code, 22
Debug View output, 24
VCVARS32.BAT file, 23
SCMUnloader.c file
build command, 25
code, 25
rootkit installation, 25
semaphore guarded linked list, threading and synchronization technique, 170
SendToRemoteController, function, 122–130
server operations, functional groups for hooking, 39
Service Control Manager, ZwSetSystem Information, 246–247
service descriptor table, overview, 27–28
service detection, IceSword, 314
service load prevention, prevention technique, 298
ServiceDescriptorEntry, hookManager.h file, 37–38
signature, defined, 248
software.
See also detection software
anti-rootkit, 254
detection, 279–287
InstallShield, 244, 287
intended installation, 243–244
MetaSploit, 8
ProcessGuard, 167–168
Strider GhostBuster, 280
Sophos Anti-Rootkit
detection software, 286–287
freeware, 315
SOURCES
Basic Rootkit, 20
Communications, 130–131
Filter Drivers, 166
Hooking the Kernel System Call Table, 33
I/O Processing, 112
Key Logging, 172
User Hooks, 50
SQL Server, integrating the, 5
stack execution prevention, prevention technique, 299
stackOffset, CALL_DATA_STRUCT, 63
Start, function, 268–270, 270–272
StartKeyLogger, function, 174, 185
Stdafx.cpp, E-mail filtering skeletal file, 216
Stdafx.h, E-mail filtering skeletal file, 216
Stop, function, 269–270, 270–272
StopKeyLogger, function, 185
Strider GhostBuster, detection software, 280
string functions, differentiated, 20
summaries
Basic Rootkit, 26
Communications, 135–136
Concealment, 212–213
E-mail Filtering, 242
Filter Drivers, 166
I/O Processing, 117–118
Installation Considerations, 254
Kernel Hooks, 42
Key Logging, 186
Rootkit Detection, 290, 299–300
Rootkit Remote Controller Implementation, 274
Rootkit Tools, 8
Tools, 8
User Hooks, 100–101
Summary view, overview, 257
SwapContext
overview, 278
Process Hiding Detection diagrammed, 279
Sygate Personal Firewall, overview, 294
Symantec/Norton Firewall, overview, 295
symbols, downloading, 2–3
synchronization, functions list, 170
synchronization functions, differentiated, 20
Sysinternals
Freeware downloads, 5–6
utilities, 2
system call table
diagrammed, 31
hooking diagrammed, 31
hooking the, 30–31
KeServiceDescriptorTable, 30
trap checks of the, 42
system service table, overview, 27–28