Professional.Rootkits.Subverting.the.Windows.Kernel [Electronic resources] نسخه متنی

Index

[SYMBOL]
[A]
[B]
[C]
[D]
[E]
[F]
[G]
[H]
[I]
[J]
[K]
[L]
[M]
[N]
[O]
[P]
[R]
[S]
[T]
[U]
[V]
[W]
[Z]

Call gates

Callbacks, protocol driver

Calls

DPCs

far

in rootkit detection

Cavern infection

Chains, driver

Channels, covert.
[See Covert channels]

Checked build environments

CheckFunctionBytesNt DeviceIoControlFile function

CheckFunctionBytesSe AccessCheck function

CheckNtoskrnlForOutsideJump function

CIH virus

Cleanup routines

cli instruction

Code

introducing into kernel

patching.
[See Patching]

Code segment (CS) registers

Code-byte patching method

Code-scanning tools, automated

COMMAND BYTE for keyboard ports

Compiler libraries

Completion routines for IRPs

Connecting to remote servers

CONNECTION_CONTEXT pointer

CONNINFO101 structure

CONNINFO102 structure

CONNINFO110 structure

CONTAINING_RECORD macro

Contexts

active process

for endpoints

Control flow, rerouting

Control Register Zero (CR0) 2nd

Control registers

Controllers, keyboard.
[See Keyboard controller access]

ConvertScanCodeToKeyCode function

Covert channels

disguised TCP/IP protocols

host emulation.
[See Host emulation]

NDIS in.
[See NDIS interface]

raw network manipulation

remote command, control, and exfiltration of data

TDI in.
[See TDI (Transport Data Interface) specification]

CPLs
[See Current Privilege Levels]

CPUs

for ring enforcement

interrupts for

tables for

CR0 (Control Register Zero) 2nd

CR1 register

CR2 register

CR3 register 2nd 3rd

CR4 register

CreateRemoteThread function

CS (code segment) registers

CSDVersion key

CSRSS.EXE file

ctrl2cap driver

Current privilege levels (CPLs)

CurrentBuildNumber key

CurrentVersion key

Cyberwarfare