文件名称:Rootkit_on_Linux_x86_v2.6.pdf
文件大小:531KB
文件格式:PDF
更新时间:2012-09-07 09:36:09
Rootkit,Linux,x86,2.6
Index --------- Rootkit In Brief Rootkit based on LKM How to get sys_call_table Simple sys_call_table hook Inline hook Patching system_call Abuse Debug Registers Real Rootkit Rootkit based non-LKM Using /dev/kmem and kmalloc Using /dev/mem and kmalloc “A rootkit is a set of software tools intended to conceal running processes, files or system data from the operating system… Rootkits often modify parts of the operating system or install themselves as drivers or kernel modules. ” Rootkit, *s, Virus, Malware? Now, they often bind together, be called malware. UserSpace Rootkit Run in user space Modify some files,libs,config files, and so on. KernelSpace Rootkit Run in kernel space Modify kernel structures, hook system calls at the lowest level Hide Process Hide File Hide Network Connection Back Door Key Logger Hijack Hook System call sys_call_table sysenter IDT Debug Register How to get sys_call_table Simple sys_call_table hook Inline hook Patching system_call Abuse Debug Registers Real Rootkit