Flylib.com
Professional Rootkits (Programmer to Programmer)
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors:
Ric Vieler
BUY ON AMAZON
Table of Contents
Back Cover
Professional Rootkits
Credits
Introduction
Who This Book Is For
What This Book Covers
How This Book Is Structured
What You Need to Use This Book
Conventions
Source Code
Errata
p2p.wrox.com
Chapter 1: Tools
How Do I Build a Rootkit?
The Microsoft Driver Development Kit
Microsoft Visual VC 2005 Express
Microsoft Software Developers Kit
Sysinternals Freeware
IDA
Debugging Tools for Windows
Verification
VCVARS32.BAT
Other Tools to Consider
What to Keep Out
Summary
Chapter 2: A Basic Rootkit
Ghost
Alternate Data Streams
Installing Your Rootkit
Testing Your Rootkit
Summary
Chapter 3: Kernel Hooks
The System Call Table
Kernel Memory Protection
Defining a Hook Function
An Example
hookManager.c
hookManager.h
What to Hook?
Csr - Client Server Run Time
Dbg - Debug Manager
Etw - Event Tracing for Windows
Ki - Kernel (must be called from Kernel)
Ldr - Loader Manager
Pfx - ANSI Prefix Manager
Rtl - Runtime Library
Zw - File and Registry
The Problem with Hooking
Summary
Chapter 4: User Hooks
Process Injection
Finding a Specific Dynamic Link Library
Defining a Hook Function
The Trampoline Function
An Example
Ghost.h
Ghost.c
hookManager.h
hookManager.c
injectManager.h
injectManager.c
parse86.h
parse86.c
peFormat.h
Using Ghost to Block PGP Encoding
Summary
Chapter 5: IO Processing
Using DeviceIoControl
The Console Application
Controller.c
IoManager.h
buildController.bat
Handling IO within the Device Driver
IoManager.c
Injected Function Programming
Testing IO Control
Summary
Chapter 6: Communications
The Transport Driver Interface
Initiating the Connection
An Example
commManager.h
commManager.c
Running the Example
Summary
Chapter 7: Filter Drivers
Inserting a Filter Driver
File Filtering
Network Filtering
Combined Filtering
An Example
filterManager.h
filterManager.c
Ghost.c
IoManager.h
IoManager.c
Summary
Chapter 8: Key Logging
Processing Levels
A Keyboard Filter
Threading and Synchronization
Interpreting Key Codes
An Example
SOURCES
Ghost.c
filterManager.c
filterManager.h
IoManager.c
keyManager.h
keyManager.c
OnKeyboardRead
OnReadCompletion
GetKey
InitializeLogThread
KeyLoggerThread
StartKeylogger
StopKeylogger
OnCancel
Testing the Example
Summary
Chapter 9: Concealment
Registry Key Hiding
registryManager.h
registryManager.c
Ghost.c
hookManager.h
hookManager.c
Directory Hiding
Process Hiding
HideMe.c
Testing Concealment
Summary
Chapter 10: E-mail Filtering
Microsoft Outlook E-mail Filtering
OutlookExtension.h
OutlookExtension.cpp
Installing an Outlook Client Filter
Testing the Outlook Client Extension
Lotus Notes E-mail Filtering
LotusExtension.h
LotusExtension.c
LotusExtension.def
LotusExtension.mak
readme.txt
Installing a Lotus Notes Client Filter
Testing the Lotus Notes Client Extension
Summary
Chapter 11: Installation Considerations
Intended Installation
Intended Installation Software
End User License Agreements (EULAs)
Unintended Installation
Privilege Escalation
Persistence
ZwSetSystemInformation with SystemLoadAndCallImage
Registry Possibilities
Initialization Files
Installing onto Machines That Visit Your Website
Removing the Traces of an Installation
Testing Your Installation Techniques
Summary
Chapter 12: Ghost Tracker
The Controller
The Connection
Tamper Detection
An Example
GhostTracker.cs
ControlForm.cs
TargetController.cs
Listen.cs
GhostTracker
ControlForm
Summary
Chapter 13: Detecting Rootkits
Detection Methods
Detection Software
What to Do with a Detected Rootkit
Safe Mode
Summary
Chapter 14: Preventing Rootkits
Operating System Updates
Automatic Updates
Personal Firewalls
Free Personal Firewalls
Other Personal Firewalls
Host-based Intrusion Prevention Systems
Hardening
Virtualizing
Blocking Unexpected Operations
Rootkit Prevention Techniques
Summary
Appendix A: Freeware
DebugView
RegistryMonitor
FileMonitor
TCPView
IDA
Samurai
Rootkit Unhooker
RootkitRevealer
F-Secure BlackLight
Rootkit Hook Analyzer
IceSword
Sophos Anti-Rootkit
Index
B
C
D
E
F
G
H
I
K
L
M
N
O
P
Q
R
S
T
U
V
W
Z
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors:
Ric Vieler
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
Oracle Structures
Optimizing: The Crystal Reports Side
Optimizing: Reducing Parses
Other Tips
Appendix A Common Issues
VBScript Programmers Reference
Classes in VBScript (Writing Your Own COM Objects)
Script Encoding
Appendix B Variable Naming Convention
Appendix C Coding Convention
Appendix H Regular Expressions
Managing Enterprise Systems with the Windows Script Host
Networking Resources
File Operations
Internet Applications
Messaging Operations
Security
The Java Tutorial: A Short Course on the Basics, 4th Edition
How to Throw Exceptions
Summary of Exceptions
Customizing a Threads run Method
Synchronizing Thread
General Programming Problems
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
Case #1 background: RailCo Ltd.
How service-orientation principles inter-relate
Business service layer
Orchestration service layer
Service-Oriented Analysis (Part II: Service Modeling)
802.11 Wireless Networks: The Definitive Guide, Second Edition
WEP Cryptographic Operations
Management Operations
Detailed PCF Framing
Differential Phase Shift Keying (DPSK)
WWiSE
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies