(Technology is a double-edged sword, and our intention to study it is to use this technology to maintain our system through our research, to make our system more powerful, and to give full play to the positive use of this technology. Regarding the research on the topic of ROOTKIT, the first technologies involved are as follows: 1. There are many kernel hooks about hooks, ranging from ring3 to ring0. According to the progressive order of the api calling links, there are hook opportunities in each link. , There can be int2e or sysenterhook, ssdthook, inlinehook, irphook, objecthook, idthook and so on. Here, we introduce them one by one. 1) objecthook2) ssdthook3) inline-hook4) idthook5) IRPhook6) SYSENTERhook7) IATHOOK8) EATHOOK2. Maintenance Mode Hua Chapter Part 1: The gate of ring3 into ring0 1) Access the kernel through the call gate 2) Access the kernel through the abort gate 3) Through the command gate Accessing core 4) Accessing core 3 through the trap gate. The second part of the maintenance mode chapter: the study and research of the rootkit of windows paging mechanism)
收藏
