Summary

Previous page
Table of content
Next page

At this point, we now have a rootkit that does all of the following:

  • Hides its device driver entry

  • Hides its configuration file

  • Hooks the operating system kernel

  • Hooks selected processes loaded by the operating system

  • Processes commands sent from user mode applications

  • Communicates with a remote controller

  • Filters network communication

  • Filters file system operations

As with the earlier chapters, this chapter only details enough to get you started. Once the filters are in place, you must decide which drive types and network protocols to attach to, and what types of I/O you want to exert control over.

To add to the bulleted list above, the next chapter details keyboard logging. Logging of any form adds a substantial level of difficulty to rootkit operations. Be prepared to delve into both threading and synchronization to perform PASSIVE_LEVEL logging from a DISPATCH_LEVEL callback routine.



Previous page
Table of content
Next page
Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler
BUY ON AMAZON
A+ Fast Pass
Introduction to 80x86 Assembly Language and Computer Architecture
MySQL Cookbook
InDesign Type: Professional Typography with Adobe InDesign CS2
Comparing, Designing, and Deploying VPNs
The Oracle Hackers Handbook: Hacking and Defending Oracle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy