Chapter 7: Filter Drivers


Overview

This chapter describes both file system filter drivers and network filter drivers. Filter drivers are used throughout the operating system to provide layered communications between high-level software and low-level hardware. Stacking, or layering, filters allows hardware and software interfaces to be connected using as many layers as necessary. This layered approach can be exploited to insert your own filters into existing stacks. Adding a layer to an existing stack can be extremely difficult to detect, yet allow full control over all communication passing through the stack. This can be especially useful when the stack controls a network interface card (NIC) or a disk drive.

This chapter includes the following:

  • Filter driver insertion

  • File system filter drivers

  • Network filter drivers

  • An example of both filtering techniques




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net