Chapter 3: Kernel Hooks


Overview

This chapter will guide you through the creation of a kernel hook. The kernel of the operating system provides high-level applications with the low-level functionality needed to perform system operations. By hooking the kernel, a rootkit can alter the low-level operations used by high-level applications. This provides a convenient mechanism for control, monitoring, and filtering, and offers many possibilities for concealment.

This chapter includes the following:

  • The system call table

  • Memory protection considerations

  • Kernel hooking macros

  • Kernel hooking functions

  • A basic example of kernel hooking

  • A description of kernel functions by group




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net