Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [Z] RaiseCPUIrqlAndWait function Raw network manipulation binding to interfaces bouncing packets forging sources on Windows XP sending packets sniffing Read-only table access ReadFile function 2nd Reading portsReboots from keyboard controllers surviving recvfrom functionRegistering for surviving reboot protocolsRegisters control latching betweenRegistry for injecting DLLs into processes key detection operating system version queries in RegOpenKeyEx function RegQueryValue function RegQueryValueEx function 2nd Relative Virtual Addresses (RVAs) Remote command and control 2ndRemote servers connecting to sending data to Remote shells Remote threads Reordering of instructions REQINFO structure Rerouting control flow ResponseToArp function Restarting rootkits Returns, far Ring Zero Rings 2nd RootkitDispatch function RootkitRevealer toolRootkits and software exploits characteristics of detecting behavior detection guarding-the-doors approach looking for hooks scanning rooms for kernel history of legitimate uses of loading offensive technologies operation of purpose of restarting vs. exploits vs. viruses RtlCopyMemory function RtlGetVersion function Run key Runtime address fixups Runtime patchingdetour. [See Detour patching] jump templates variationsRVAs [See Relative Virtual Addresses] |