List:
First, foreword
Second, synopsis
Third, rootkit by public hideaway technology
Fourth, a hideaway technology deals with the method
Fifth, about ring0 rootkit
Sixth, rootkit examination
Seventh, reference, recommendation: )
*************************
One. Said first several the words which has nothing to do with the technology.
Now many people know to rootkit insufficiently, may say the blank. But this simpleminded article's goal is lets the new military recruits know that rootkit→ understands rootkit. Also lets one want to study it the person to treat as this article a reference perhaps the basic level instruction. In the article introduced the rootkit hideaway method is only a part. Many technologies had not mentioned, in addition has not public technologies. Some places I have not quoted the code, because does not want to take excessively many lengths. In order to avoid has plays with the code the suspicion, but will finish later thought that the code were too many, invites the units place excuse me. - Three contents suit the new military recruits to look, after perhaps the fourth part, to many person some significances. If the master saw unfortunately, please prepare, did not feel nauseated to the screen on or the body.
*************************
Two. Said rootkit simply.
The Rootkit history was very already glorious. Exists in operating systems and so on windows, unix, linux, not only limits in windows, this article I only as regularly said rootkit take the windows platform. Root in English is a root, takes root the meaning, kit is package's meaning. rootkit we may understand it use many technologies come an ambush's in your system back door, and has contained function quite many routine packages, for example has, the elimination diary, the increase user, b7cmdshell, functions and so on increase deletion start service. Certainly its designer also wants to use technologies to hide itself, guaranteed that was not discovered. Hideaway including hideaway advancement, hideaway document, port, or handle, registry item, key value and so on. In brief, writes rootkit the human is crafty completely milk use many means was not discovered.
Now people most familiar windows rootkit was hacker defender and ntrootkit, but also had has used baiyuanfan ring3 rootkit new mentality byshell which proposed in XCON, ha-ha. But under linux was knark.
*************************
Three .rootkit by public hideaway technology as well as examination technology.
1. On deletion advancement double necklace's advancement object.
ps: With as if many, also used including a present's robber number's procedure on
Now all people examined that the advancement one is (taskmgr.exe) examined through the duty supervisor. Understood a programming knowledge the human knew, the duty supervisor enumeration advancement information is NtQuerySystemInformation which depends is also the ZwQuerySystemInformation function. It is well known, this Native Api (this aircraft API) enumerates the advancement is must through the advancement activity chain table. We have a look at this structure.
Other pages: : 1 * 2 * 3 * 4 * 5 * 6 * 7 * 8 * 9 * 10 * Next>>
|
You are here: hacking technology
> hacker course
> Content
Category: Home
> hacker course