An Example

Previous page
Table of content
Next page

This example will increase the size of the Ghost project substantially. The reasons for the increased size and complexity stem from the need to parse PE (Windows executable) files, the need to provide hook functions and hook injection code, and the need to accurately identify an x86 instruction. Parsing machine code to find an instruction that can be replaced by a jump may seem outside the scope of this book, but it is a necessary component of the trampoline hook method.

The functionality required for processes injection has been implemented by creating four new files and modifying six existing files.

The new files are as follows:

  injectManager.c injectManager.h parse86.c parse86.h

Following are the modified files: 

  Ghost.c Ghost.h hookManager.c hookManager.h peFormat.h SOURCES

Following is the code.

SOURCES

The files injectManager.c and parse86.c have been added to SOURCES:

  TARGETNAME=comint32 TARGETPATH=OBJ TARGETTYPE=DRIVER SOURCES=Ghost.c\  fileManager.c\  hookManager.c\  injectManager.c\  parse86.c\  configManager.c



Previous page
Table of content
Next page
Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler
BUY ON AMAZON
Beginning Cryptography with Java
CISSP Exam Cram 2
Software Configuration Management
Competency-Based Human Resource Management
Python Standard Library (Nutshell Handbooks) with
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy