Flylib.com
Professional Rootkits (Programmer to Programmer)
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors:
Ric Vieler
BUY ON AMAZON
Table of Contents
Back Cover
Professional Rootkits
Credits
Introduction
Who This Book Is For
What This Book Covers
How This Book Is Structured
What You Need to Use This Book
Conventions
Source Code
Errata
p2p.wrox.com
Chapter 1: Tools
How Do I Build a Rootkit?
The Microsoft Driver Development Kit
Microsoft Visual VC 2005 Express
Microsoft Software Developers Kit
Sysinternals Freeware
IDA
Debugging Tools for Windows
Verification
VCVARS32.BAT
Other Tools to Consider
What to Keep Out
Summary
Chapter 2: A Basic Rootkit
Ghost
Alternate Data Streams
Installing Your Rootkit
Testing Your Rootkit
Summary
Chapter 3: Kernel Hooks
The System Call Table
Kernel Memory Protection
Defining a Hook Function
An Example
hookManager.c
hookManager.h
What to Hook?
Csr - Client Server Run Time
Dbg - Debug Manager
Etw - Event Tracing for Windows
Ki - Kernel (must be called from Kernel)
Ldr - Loader Manager
Pfx - ANSI Prefix Manager
Rtl - Runtime Library
Zw - File and Registry
The Problem with Hooking
Summary
Chapter 4: User Hooks
Process Injection
Finding a Specific Dynamic Link Library
Defining a Hook Function
The Trampoline Function
An Example
Ghost.h
Ghost.c
hookManager.h
hookManager.c
injectManager.h
injectManager.c
parse86.h
parse86.c
peFormat.h
Using Ghost to Block PGP Encoding
Summary
Chapter 5: IO Processing
Using DeviceIoControl
The Console Application
Controller.c
IoManager.h
buildController.bat
Handling IO within the Device Driver
IoManager.c
Injected Function Programming
Testing IO Control
Summary
Chapter 6: Communications
The Transport Driver Interface
Initiating the Connection
An Example
commManager.h
commManager.c
Running the Example
Summary
Chapter 7: Filter Drivers
Inserting a Filter Driver
File Filtering
Network Filtering
Combined Filtering
An Example
filterManager.h
filterManager.c
Ghost.c
IoManager.h
IoManager.c
Summary
Chapter 8: Key Logging
Processing Levels
A Keyboard Filter
Threading and Synchronization
Interpreting Key Codes
An Example
SOURCES
Ghost.c
filterManager.c
filterManager.h
IoManager.c
keyManager.h
keyManager.c
OnKeyboardRead
OnReadCompletion
GetKey
InitializeLogThread
KeyLoggerThread
StartKeylogger
StopKeylogger
OnCancel
Testing the Example
Summary
Chapter 9: Concealment
Registry Key Hiding
registryManager.h
registryManager.c
Ghost.c
hookManager.h
hookManager.c
Directory Hiding
Process Hiding
HideMe.c
Testing Concealment
Summary
Chapter 10: E-mail Filtering
Microsoft Outlook E-mail Filtering
OutlookExtension.h
OutlookExtension.cpp
Installing an Outlook Client Filter
Testing the Outlook Client Extension
Lotus Notes E-mail Filtering
LotusExtension.h
LotusExtension.c
LotusExtension.def
LotusExtension.mak
readme.txt
Installing a Lotus Notes Client Filter
Testing the Lotus Notes Client Extension
Summary
Chapter 11: Installation Considerations
Intended Installation
Intended Installation Software
End User License Agreements (EULAs)
Unintended Installation
Privilege Escalation
Persistence
ZwSetSystemInformation with SystemLoadAndCallImage
Registry Possibilities
Initialization Files
Installing onto Machines That Visit Your Website
Removing the Traces of an Installation
Testing Your Installation Techniques
Summary
Chapter 12: Ghost Tracker
The Controller
The Connection
Tamper Detection
An Example
GhostTracker.cs
ControlForm.cs
TargetController.cs
Listen.cs
GhostTracker
ControlForm
Summary
Chapter 13: Detecting Rootkits
Detection Methods
Detection Software
What to Do with a Detected Rootkit
Safe Mode
Summary
Chapter 14: Preventing Rootkits
Operating System Updates
Automatic Updates
Personal Firewalls
Free Personal Firewalls
Other Personal Firewalls
Host-based Intrusion Prevention Systems
Hardening
Virtualizing
Blocking Unexpected Operations
Rootkit Prevention Techniques
Summary
Appendix A: Freeware
DebugView
RegistryMonitor
FileMonitor
TCPView
IDA
Samurai
Rootkit Unhooker
RootkitRevealer
F-Secure BlackLight
Rootkit Hook Analyzer
IceSword
Sophos Anti-Rootkit
Index
B
C
D
E
F
G
H
I
K
L
M
N
O
P
Q
R
S
T
U
V
W
Z
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors:
Ric Vieler
BUY ON AMAZON
CISSP Exam Cram 2
Physical Security
Risk Assessment
Intrusion-Detection Systems (IDS)
Telecommunications and Network Security
Answers to Exam Prep Questions
The Complete Cisco VPN Configuration Guide
VPN Technologies
Concentrator Remote Access Connections with PPTP, L2TP, and WebVPN
PPTP and L2TP Remote Access
ISAKMP/IKE Phase 1 Preparation
Configuring the Windows VPN Client
C & Data Structures (Charles River Media Computer Engineering)
Union
Files
Stacks and Queues
Problems in Stacks and Queues
Problems in Graphs
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
Common misperceptions about SOA
Notification and eventing
How service-orientation principles inter-relate
Native Web service support for service-orientation principles
Service-Oriented Design (Part IV: Business Process Design)
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
The Internationalization of the Retail Supply Chain
Fashion Logistics and Quick Response
Temperature-Controlled Supply Chains
The Development of E-tail Logistics
Enterprise Resource Planning (ERP) Systems: Issues in Implementation
MPLS Configuration on Cisco IOS Software
Penultimate Hop Popping
Command Reference
Configuration and Implementation of MPLS QoS in Uniform Mode and Short Pipe Mode Operation
Case Study 4: Implementing Layer 3 VPNs over Layer 2 VPN Topologies and Providing L2 VPN Redundancy
Case Study 9: Implementing VPLS Services with the GSR 12000 Series
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies