Flylib.com
Professional Rootkits (Programmer to Programmer)
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors:
Ric Vieler
BUY ON AMAZON
Table of Contents
Back Cover
Professional Rootkits
Credits
Introduction
Who This Book Is For
What This Book Covers
How This Book Is Structured
What You Need to Use This Book
Conventions
Source Code
Errata
p2p.wrox.com
Chapter 1: Tools
How Do I Build a Rootkit?
The Microsoft Driver Development Kit
Microsoft Visual VC 2005 Express
Microsoft Software Developers Kit
Sysinternals Freeware
IDA
Debugging Tools for Windows
Verification
VCVARS32.BAT
Other Tools to Consider
What to Keep Out
Summary
Chapter 2: A Basic Rootkit
Ghost
Alternate Data Streams
Installing Your Rootkit
Testing Your Rootkit
Summary
Chapter 3: Kernel Hooks
The System Call Table
Kernel Memory Protection
Defining a Hook Function
An Example
hookManager.c
hookManager.h
What to Hook?
Csr - Client Server Run Time
Dbg - Debug Manager
Etw - Event Tracing for Windows
Ki - Kernel (must be called from Kernel)
Ldr - Loader Manager
Pfx - ANSI Prefix Manager
Rtl - Runtime Library
Zw - File and Registry
The Problem with Hooking
Summary
Chapter 4: User Hooks
Process Injection
Finding a Specific Dynamic Link Library
Defining a Hook Function
The Trampoline Function
An Example
Ghost.h
Ghost.c
hookManager.h
hookManager.c
injectManager.h
injectManager.c
parse86.h
parse86.c
peFormat.h
Using Ghost to Block PGP Encoding
Summary
Chapter 5: IO Processing
Using DeviceIoControl
The Console Application
Controller.c
IoManager.h
buildController.bat
Handling IO within the Device Driver
IoManager.c
Injected Function Programming
Testing IO Control
Summary
Chapter 6: Communications
The Transport Driver Interface
Initiating the Connection
An Example
commManager.h
commManager.c
Running the Example
Summary
Chapter 7: Filter Drivers
Inserting a Filter Driver
File Filtering
Network Filtering
Combined Filtering
An Example
filterManager.h
filterManager.c
Ghost.c
IoManager.h
IoManager.c
Summary
Chapter 8: Key Logging
Processing Levels
A Keyboard Filter
Threading and Synchronization
Interpreting Key Codes
An Example
SOURCES
Ghost.c
filterManager.c
filterManager.h
IoManager.c
keyManager.h
keyManager.c
OnKeyboardRead
OnReadCompletion
GetKey
InitializeLogThread
KeyLoggerThread
StartKeylogger
StopKeylogger
OnCancel
Testing the Example
Summary
Chapter 9: Concealment
Registry Key Hiding
registryManager.h
registryManager.c
Ghost.c
hookManager.h
hookManager.c
Directory Hiding
Process Hiding
HideMe.c
Testing Concealment
Summary
Chapter 10: E-mail Filtering
Microsoft Outlook E-mail Filtering
OutlookExtension.h
OutlookExtension.cpp
Installing an Outlook Client Filter
Testing the Outlook Client Extension
Lotus Notes E-mail Filtering
LotusExtension.h
LotusExtension.c
LotusExtension.def
LotusExtension.mak
readme.txt
Installing a Lotus Notes Client Filter
Testing the Lotus Notes Client Extension
Summary
Chapter 11: Installation Considerations
Intended Installation
Intended Installation Software
End User License Agreements (EULAs)
Unintended Installation
Privilege Escalation
Persistence
ZwSetSystemInformation with SystemLoadAndCallImage
Registry Possibilities
Initialization Files
Installing onto Machines That Visit Your Website
Removing the Traces of an Installation
Testing Your Installation Techniques
Summary
Chapter 12: Ghost Tracker
The Controller
The Connection
Tamper Detection
An Example
GhostTracker.cs
ControlForm.cs
TargetController.cs
Listen.cs
GhostTracker
ControlForm
Summary
Chapter 13: Detecting Rootkits
Detection Methods
Detection Software
What to Do with a Detected Rootkit
Safe Mode
Summary
Chapter 14: Preventing Rootkits
Operating System Updates
Automatic Updates
Personal Firewalls
Free Personal Firewalls
Other Personal Firewalls
Host-based Intrusion Prevention Systems
Hardening
Virtualizing
Blocking Unexpected Operations
Rootkit Prevention Techniques
Summary
Appendix A: Freeware
DebugView
RegistryMonitor
FileMonitor
TCPView
IDA
Samurai
Rootkit Unhooker
RootkitRevealer
F-Secure BlackLight
Rootkit Hook Analyzer
IceSword
Sophos Anti-Rootkit
Index
B
C
D
E
F
G
H
I
K
L
M
N
O
P
Q
R
S
T
U
V
W
Z
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors:
Ric Vieler
BUY ON AMAZON
Strategies for Information Technology Governance
Integration Strategies and Tactics for Information Technology Governance
An Emerging Strategy for E-Business IT Governance
Linking the IT Balanced Scorecard to the Business Objectives at a Major Canadian Financial Group
Managing IT Functions
Governance in IT Outsourcing Partnerships
Postfix: The Definitive Guide
The Postfix Queue
Separate Domains with System Accounts
Customized Restriction Classes
LDAP
C.5. Compiling Add-on Packages
The Java Tutorial: A Short Course on the Basics, 4th Edition
What Is a Message?
Runtime Exceptions The Controversy
Questions and Exercises
Code Samples
Applet Problems
GO! with Microsoft Office 2003 Brief (2nd Edition)
Project 1A. Exploring Outlook 2003
Objective 5. Insert Frequently Used Text
Project 4C. Recreation Ideas
GO! with Access Help
Project 3A. Fundraiser
Ruby Cookbook (Cookbooks (OReilly))
Running a Code Block Periodically
Looping Through Multiple Iterables in Parallel
Guessing a Documents Encoding
Understanding Pluralization Rules
Parsing Command-Line Arguments
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
Success Story #2 Bank One Bigger… Now Better
Success Story #4 Stanford Hospital and Clinics At the forefront of the quality revolution
Phase 2 Engagement (Creating Pull)
Phase 4 Performance and Control
Using DMAIC to Improve Service Processes
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies