Jump to content
Nytro

Inside Windows Rootkits

Recommended Posts

Inside Windows Rootkits

By Chad Tilbury on September 4, 2013

Despite being written in 2006, Chris Ries’ paper Inside Windows Rootkits is still surprisingly relevant. About the only thing missing is a discussion of new(er) x64 mitigation techniques like Kernel Mode Code Signing and Kernel Patch Protection (aka PatchGuard). Few resources have explained rootkit internals so simply. As an example, Figure 2 from the paper neatly ties together the rootkit hooking universe:

InsideWindowsRootkits.jpg?resize=575%2C635

Figure 2: Potential places to intercept a call to the FindNextFile function, Inside Windows Rootkits by Chris Ries

The original PDF is a little hard to find these days, but here are a couple of links:

Chris Ries- Inside Windows Rootkits

http://thehackademy.net/madchat/vxdevl/library/Inside%20Windows%20Rootkits.pdf

Sursa: Inside Windows Rootkits | Forensic Methods

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...