Summary


At this point, we now have a rootkit that does all of the following:

  • Hides its device driver entry

  • Hides its configuration file

  • Hooks the operating system kernel

  • Hooks selected processes loaded by the operating system

  • Processes commands sent from user mode applications

  • Communicates with a remote controller

  • Filters network communication

  • Filters file system operations

As with the earlier chapters, this chapter only details enough to get you started. Once the filters are in place, you must decide which drive types and network protocols to attach to, and what types of I/O you want to exert control over.

To add to the bulleted list above, the next chapter details keyboard logging. Logging of any form adds a substantial level of difficulty to rootkit operations. Be prepared to delve into both threading and synchronization to perform PASSIVE_LEVEL logging from a DISPATCH_LEVEL callback routine.




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net