An Example


This example will increase the size of the Ghost project substantially. The reasons for the increased size and complexity stem from the need to parse PE (Windows executable) files, the need to provide hook functions and hook injection code, and the need to accurately identify an x86 instruction. Parsing machine code to find an instruction that can be replaced by a jump may seem outside the scope of this book, but it is a necessary component of the trampoline hook method.

The functionality required for processes injection has been implemented by creating four new files and modifying six existing files.

The new files are as follows:

  injectManager.c injectManager.h parse86.c parse86.h 

Following are the modified files:

  Ghost.c Ghost.h hookManager.c hookManager.h peFormat.h SOURCES 

Following is the code.

SOURCES

The files injectManager.c and parse86.c have been added to SOURCES:

  TARGETNAME=comint32 TARGETPATH=OBJ TARGETTYPE=DRIVER SOURCES=Ghost.c\  fileManager.c\  hookManager.c\  injectManager.c\  parse86.c\  configManager.c 




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net