Flylib.com
Professional Rootkits (Programmer to Programmer)
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors:
Ric Vieler
BUY ON AMAZON
Table of Contents
Back Cover
Professional Rootkits
Credits
Introduction
Who This Book Is For
What This Book Covers
How This Book Is Structured
What You Need to Use This Book
Conventions
Source Code
Errata
p2p.wrox.com
Chapter 1: Tools
How Do I Build a Rootkit?
The Microsoft Driver Development Kit
Microsoft Visual VC 2005 Express
Microsoft Software Developers Kit
Sysinternals Freeware
IDA
Debugging Tools for Windows
Verification
VCVARS32.BAT
Other Tools to Consider
What to Keep Out
Summary
Chapter 2: A Basic Rootkit
Ghost
Alternate Data Streams
Installing Your Rootkit
Testing Your Rootkit
Summary
Chapter 3: Kernel Hooks
The System Call Table
Kernel Memory Protection
Defining a Hook Function
An Example
hookManager.c
hookManager.h
What to Hook?
Csr - Client Server Run Time
Dbg - Debug Manager
Etw - Event Tracing for Windows
Ki - Kernel (must be called from Kernel)
Ldr - Loader Manager
Pfx - ANSI Prefix Manager
Rtl - Runtime Library
Zw - File and Registry
The Problem with Hooking
Summary
Chapter 4: User Hooks
Process Injection
Finding a Specific Dynamic Link Library
Defining a Hook Function
The Trampoline Function
An Example
Ghost.h
Ghost.c
hookManager.h
hookManager.c
injectManager.h
injectManager.c
parse86.h
parse86.c
peFormat.h
Using Ghost to Block PGP Encoding
Summary
Chapter 5: IO Processing
Using DeviceIoControl
The Console Application
Controller.c
IoManager.h
buildController.bat
Handling IO within the Device Driver
IoManager.c
Injected Function Programming
Testing IO Control
Summary
Chapter 6: Communications
The Transport Driver Interface
Initiating the Connection
An Example
commManager.h
commManager.c
Running the Example
Summary
Chapter 7: Filter Drivers
Inserting a Filter Driver
File Filtering
Network Filtering
Combined Filtering
An Example
filterManager.h
filterManager.c
Ghost.c
IoManager.h
IoManager.c
Summary
Chapter 8: Key Logging
Processing Levels
A Keyboard Filter
Threading and Synchronization
Interpreting Key Codes
An Example
SOURCES
Ghost.c
filterManager.c
filterManager.h
IoManager.c
keyManager.h
keyManager.c
OnKeyboardRead
OnReadCompletion
GetKey
InitializeLogThread
KeyLoggerThread
StartKeylogger
StopKeylogger
OnCancel
Testing the Example
Summary
Chapter 9: Concealment
Registry Key Hiding
registryManager.h
registryManager.c
Ghost.c
hookManager.h
hookManager.c
Directory Hiding
Process Hiding
HideMe.c
Testing Concealment
Summary
Chapter 10: E-mail Filtering
Microsoft Outlook E-mail Filtering
OutlookExtension.h
OutlookExtension.cpp
Installing an Outlook Client Filter
Testing the Outlook Client Extension
Lotus Notes E-mail Filtering
LotusExtension.h
LotusExtension.c
LotusExtension.def
LotusExtension.mak
readme.txt
Installing a Lotus Notes Client Filter
Testing the Lotus Notes Client Extension
Summary
Chapter 11: Installation Considerations
Intended Installation
Intended Installation Software
End User License Agreements (EULAs)
Unintended Installation
Privilege Escalation
Persistence
ZwSetSystemInformation with SystemLoadAndCallImage
Registry Possibilities
Initialization Files
Installing onto Machines That Visit Your Website
Removing the Traces of an Installation
Testing Your Installation Techniques
Summary
Chapter 12: Ghost Tracker
The Controller
The Connection
Tamper Detection
An Example
GhostTracker.cs
ControlForm.cs
TargetController.cs
Listen.cs
GhostTracker
ControlForm
Summary
Chapter 13: Detecting Rootkits
Detection Methods
Detection Software
What to Do with a Detected Rootkit
Safe Mode
Summary
Chapter 14: Preventing Rootkits
Operating System Updates
Automatic Updates
Personal Firewalls
Free Personal Firewalls
Other Personal Firewalls
Host-based Intrusion Prevention Systems
Hardening
Virtualizing
Blocking Unexpected Operations
Rootkit Prevention Techniques
Summary
Appendix A: Freeware
DebugView
RegistryMonitor
FileMonitor
TCPView
IDA
Samurai
Rootkit Unhooker
RootkitRevealer
F-Secure BlackLight
Rootkit Hook Analyzer
IceSword
Sophos Anti-Rootkit
Index
B
C
D
E
F
G
H
I
K
L
M
N
O
P
Q
R
S
T
U
V
W
Z
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors:
Ric Vieler
BUY ON AMAZON
Similar book on Amazon
CompTIA Project+ Study Guide: Exam PK0-003
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
Java I/O
Manifest
Bulk Put and Get
UTF-8
The java.io.Reader Class
The Local Device
Metrics and Models in Software Quality Engineering (2nd Edition)
Software Quality
Software Quality Metrics Overview
Collecting Customer Outage Data for Quality Improvement
Celebrate the Journey, Not Just the Destination
Concluding Remarks
The CISSP and CAP Prep Guide: Platinum Edition
Cryptography
Security Architecture and Design
Appendix A Answers to Assessment Questions
Appendix B Glossary of Terms and Acronyms
Appendix D The Information System Security Engineering Professional (ISSEP) Certification
Postfix: The Definitive Guide
Email and DNS
Shared Domains with System Accounts
Mailing-List Managers
Command-Based Filtering
C.6. Common Problems
The Oracle Hackers Handbook: Hacking and Defending Oracle
The Oracle Network Architecture
Attacking the Authentication Process
Oracle and PL/SQL
Triggers
Appendix A Default Usernames and Passwords
DNS & BIND Cookbook
Using a Single Data File for Multiple Zones
Configuring Mail to Go to One Server and the Web to Another
Restricting the Queries a Name Server Answers
Configuring the Order in Which a Resolver Uses DNS, /etc/hosts, and NIS
Determining Which Category a Message Is In
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies