Dailydave mailing list archives
Re: Wrox: Professional Rootkits
From: "Matt Conover" <mconover () gmail com>
Date: Tue, 8 May 2007 22:39:39 -0700
This should be downloadable, but perhaps not printed out line for line. If you really want a disassembler, you'll also probably want an analyzer,
How about this one? http://www.cybertech.net/~sh0ksh0k/projects_small/tDisasm.zip The instruction analysis and code tracing is pretty extensive (especially in this newer version) as demonstrated by (and the hooking code below): http://www.cybertech.net/~sh0ksh0k/projects_small/tCodeTrace.zip and you'll want do to something cool with your analyzer
in order to make your hooks "future-proof".
How about this one? http://www.cybertech.net/~sh0ksh0k/projects_small/Hooking.zip Give 'em a try.. these days I haven't had much time to extensively regress test, so treat these as "snapshots"... but I believe these versions to be pretty stable. Sending me an email is always the quickest way to get an updated/stable version. Reporting any bugs is always appreciated
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Wrox: Professional Rootkits Dave Aitel (May 08)
- Re: Wrox: Professional Rootkits James Butler (May 08)
- Re: Wrox: Professional Rootkits matthew wollenweber (May 08)
- Re: Wrox: Professional Rootkits Jason Syversen (May 08)
- Re: Wrox: Professional Rootkits dan (May 08)
- Re: Wrox: Professional Rootkits Thomas Ptacek (May 08)
- Re: Wrox: Professional Rootkits Matt Conover (May 09)
- <Possible follow-ups>
- Re: Wrox: Professional Rootkits assault (May 08)
- Re: Wrox: Professional Rootkits James Butler (May 08)