Chapter 5: IO Processing


Overview

This chapter introduces you to the I/O processing system. I/O processing, named pipes, and shared memory can all be used to efficiently communicate between kernel and user mode processes. Of the three, I/O processing is probably the easiest to understand and implement. This communication method is required because our rootkit is implemented as a device driver loaded into kernel memory, while controlling applications are usually loaded into user memory. In addition to separate memory sections, kernel and user mode processes also use separate stacks. This effectively prevents the use of functional pass parameters even if you could identify the location of a function from an alternate memory section.

This chapter includes the following:

  • The DeviceIoControl function

  • A basic rootkit control application

  • Basic I/O processing within the rootkit

  • A basic rootkit command

  • Testing a basic rootkit command




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net