S


Safe Mode, entering, 289290

sample, building a, 6

Samurai, freeware, 307308

Samurai HIPS, hardening techniques, 296297

Save As dialog box, 115116

Save PGP Zip As dialog box, 115116

SaveAttachments, function, 234239

SaveBody, function, 234239

SaveRecipients, function, 234239

scanning, kernel memory, 278

Scheduling, control category, 257

SCMLoader.c file

build environment problems, 23

code, 22

Debug View output, 24

VCVARS32.BAT file, 23

SCMUnloader.c file

build command, 25

code, 25

rootkit installation, 25

semaphore guarded linked list, threading and synchronization technique, 170

SendToRemoteController, function, 122130

server operations, functional groups for hooking, 39

Service Control Manager, ZwSetSystem Information, 246247

service descriptor table, overview, 2728

service detection, IceSword, 314

service load prevention, prevention technique, 298

ServiceDescriptorEntry, hookManager.h file, 3738

signature, defined, 248

software.

See also detection software

anti-rootkit, 254

detection, 279–287

InstallShield, 244, 287

intended installation, 243–244

MetaSploit, 8

ProcessGuard, 167–168

Strider GhostBuster, 280

Sophos Anti-Rootkit

detection software, 286–287

freeware, 315

SOURCES

Basic Rootkit, 20

Communications, 130–131

Filter Drivers, 166

Hooking the Kernel System Call Table, 33

I/O Processing, 112

Key Logging, 172

User Hooks, 50

SQL Server, integrating the, 5

stack execution prevention, prevention technique, 299

stackOffset, CALL_DATA_STRUCT, 63

Start, function, 268270, 270272

StartKeyLogger, function, 174, 185

Stdafx.cpp, E-mail filtering skeletal file, 216

Stdafx.h, E-mail filtering skeletal file, 216

Stop, function, 269270, 270272

StopKeyLogger, function, 185

Strider GhostBuster, detection software, 280

string functions, differentiated, 20

summaries

Basic Rootkit, 26

Communications, 135–136

Concealment, 212–213

E-mail Filtering, 242

Filter Drivers, 166

I/O Processing, 117–118

Installation Considerations, 254

Kernel Hooks, 42

Key Logging, 186

Rootkit Detection, 290, 299–300

Rootkit Remote Controller Implementation, 274

Rootkit Tools, 8

Tools, 8

User Hooks, 100–101

Summary view, overview, 257

SwapContext

overview, 278

Process Hiding Detection diagrammed, 279

Sygate Personal Firewall, overview, 294

Symantec/Norton Firewall, overview, 295

symbols, downloading, 23

synchronization, functions list, 170

synchronization functions, differentiated, 20

Sysinternals

Freeware downloads, 5–6

utilities, 2

system call table

diagrammed, 31

hooking diagrammed, 31

hooking the, 30–31

KeServiceDescriptorTable, 30

trap checks of the, 42

system service table, overview, 2728




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net