Verification


To verify your Microsoft DDK installation, open a Checked shell (if you were following along you have an icon named “Checked DDK” on your desktop) and build one of the samples selected during the DDK installation. To build a sample, you need to traverse into a sample directory (any directory under the installation directory containing a “sources” file) and enter the command build. If you have installed properly, entering a build command from either the “Checked DDK” or “Free DDK” shell will initiate driver compilation and linking based on the “sources” file contained in that directory. Following the build, you can double-check your installation by searching for the newly created driver (*.sys) file in a directory beneath your build directory.

To verify your Microsoft VC++ 2005 Express installation, double-click the Microsoft VC++ 2005 Express icon. From the main menu, select File image from book New image from book Project. In the Project Types view, select Win32. From the Templates view, select Win32 Console Application. Enter the project name myProject and the solution name MySolution, and then press OK and Finish. Add the line “printf(“Hello World!\n”); just before the return in_tmain. You can now build the solution from the main menu by selecting Build image from book Build Solution. If all is well, you should be able to open a command prompt, navigate to the solution directory defined during creation, and from the Debug directory, execute myProject.exe. If Microsoft VC++ 2005 Express was installed correctly, you should see Hello World! at the command prompt.

To verify IDA, double-click idaw.exe (or the shortcut you’ve already created) and click OK at the opening screen. Then use Windows Explorer to navigate to your WINDOWS\System32 directory. From the System32 directory, drag and drop any dynamic link library (*.dll) onto the IDA file selection dialog. Then press OK twice (you may also have to press OK a third time to truncate data from a large segment) to load and analyze the library. Once loaded, IDA should provide an assembly code listing of the contents of the file beginning with the public start entry point.

To verify Debugging Tools for Windows, click WinDbg from Start image from book All Programs image from book Debugging Tools for Windows. From the Windows Debugger, select the menu option File image from book Symbol File Path. This path should have been set after downloading and installing the symbols for your specific operating system. Check the Reload check box and press OK. If you have a Windows XP or later operating system and you have never loaded symbols, this should bring up the Local Kernel Debugger. If you have previously loaded symbols, you might need to use menu option File image from book Kernel Debug and click OK from the Local tab to bring up the Local Kernel Debugger. In either case, the Local Kernel Debugger window should show no errors after the lines “Loading Kernel Symbols” or “Loading User Symbols.” To verify kernel debug operation, enter !process 0 0 in the command box (after lkd>). You should see a detailed list of processes.




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net