لطفا منتظر باشید ...
Chapter 4. The Age-Old Art of Hooking
How does the sea become the king of all streams?Because it lies lower than they!Hence it is the king of all streams.LAO TZU
The two purposes of most rootkits are to allow continued access to the computer and to provide stealth for the intruder. To achieve these objectives, your rootkit must alter the execution path of the operating system or directly attack the data that stores information about processes, drivers, network connections, etc. Chapter 7, Direct Kernel Object Manipulation, discusses the latter approach. In this chapter, we will cover altering the execution path of important reporting functions provided by the operating system. We will begin with a discussion of simple userland hooks in a target process, then advance to covering more global kernel-level hooks. At the end of the chapter, we will present a hybrid method. Keep in mind that the goal is to intercept the normal execution flow and alter the information returned by the operating system's report-ing APIs.
