Designing BSD Rootkits: An Introduction to Kernel Hacking
Though rootkits have a fairly negative image, they can be used for both good and evil. Designing BSD Rootkits arms you with the knowledge you need to write offensive rootkits, to defend against malicious ones, and to explore the FreeBSD kernel and operating system in the process.

Organized as a tutorial, Designing BSD Rootkits will teach you the fundamentals of programming and developing rootkits under the FreeBSD operating system. Author Joseph Kong's goal is to make you smarter, not to teach you how to write exploits or launch attacks. You'll learn how to maintain root access long after gaining access to a computer and how to hack FreeBSD.

Kongs liberal use of examples assumes no prior kernel-hacking experience but doesn't water down the information. All code is thoroughly described and analyzed, and each chapter contains at least one real-world application.

Included:
–The fundamentals of FreeBSD kernel module programming
–Using call hooking to subvert the FreeBSD kernel
–Directly manipulating the objects the kernel depends upon for its internal record-keeping
–Patching kernel code resident in main memory; in other words, altering the kernel's logic while it’s still running
–How to defend against the attacks described

Hack the FreeBSD kernel for yourself!
1110926689
Designing BSD Rootkits: An Introduction to Kernel Hacking
Though rootkits have a fairly negative image, they can be used for both good and evil. Designing BSD Rootkits arms you with the knowledge you need to write offensive rootkits, to defend against malicious ones, and to explore the FreeBSD kernel and operating system in the process.

Organized as a tutorial, Designing BSD Rootkits will teach you the fundamentals of programming and developing rootkits under the FreeBSD operating system. Author Joseph Kong's goal is to make you smarter, not to teach you how to write exploits or launch attacks. You'll learn how to maintain root access long after gaining access to a computer and how to hack FreeBSD.

Kongs liberal use of examples assumes no prior kernel-hacking experience but doesn't water down the information. All code is thoroughly described and analyzed, and each chapter contains at least one real-world application.

Included:
–The fundamentals of FreeBSD kernel module programming
–Using call hooking to subvert the FreeBSD kernel
–Directly manipulating the objects the kernel depends upon for its internal record-keeping
–Patching kernel code resident in main memory; in other words, altering the kernel's logic while it’s still running
–How to defend against the attacks described

Hack the FreeBSD kernel for yourself!
17.99 In Stock
Designing BSD Rootkits: An Introduction to Kernel Hacking

Designing BSD Rootkits: An Introduction to Kernel Hacking

by Joseph Kong
Designing BSD Rootkits: An Introduction to Kernel Hacking
Add to Wishlist
Designing BSD Rootkits: An Introduction to Kernel Hacking

Designing BSD Rootkits: An Introduction to Kernel Hacking

by Joseph Kong

Overview

Though rootkits have a fairly negative image, they can be used for both good and evil. Designing BSD Rootkits arms you with the knowledge you need to write offensive rootkits, to defend against malicious ones, and to explore the FreeBSD kernel and operating system in the process.

Organized as a tutorial, Designing BSD Rootkits will teach you the fundamentals of programming and developing rootkits under the FreeBSD operating system. Author Joseph Kong's goal is to make you smarter, not to teach you how to write exploits or launch attacks. You'll learn how to maintain root access long after gaining access to a computer and how to hack FreeBSD.

Kongs liberal use of examples assumes no prior kernel-hacking experience but doesn't water down the information. All code is thoroughly described and analyzed, and each chapter contains at least one real-world application.

Included:
–The fundamentals of FreeBSD kernel module programming
–Using call hooking to subvert the FreeBSD kernel
–Directly manipulating the objects the kernel depends upon for its internal record-keeping
–Patching kernel code resident in main memory; in other words, altering the kernel's logic while it’s still running
–How to defend against the attacks described

Hack the FreeBSD kernel for yourself!

Product Details

ISBN-13: 9781593271589
Publisher: No Starch Press
Publication date: 04/01/2007
Sold by: Penguin Random House Publisher Services
Format: eBook
Pages: 144
File size: 1 MB

About the Author

Tinkering with computers has always been a primary passion of author Joseph Kong. He is a self-taught programmer who dabbles in information security, operating system theory, reverse engineering, and vulnerability assessment. He has written for Phrack Magazine and was a system administrator for the City of Toronto.

Table of Contents


Foreword   John Baldwin     xiii
Introduction     xv
What Is a Rootkit?     xvi
Why FreeBSD?     xvi
The Goals of This Book     xvi
Who Should Read This Book?     xvi
Contents Overview     xvi
Conventions Used in This Book     xvii
Concluding Remarks     xvii
Loadable Kernel Modules     1
Module Event Handler     2
The DECLARE_MODULE Macro     3
"Hello, world!"     4
System Call Modules     6
The System Call Function     6
The sysent Structure     7
The Offset Value     8
The SYSCALL_MODULE Macro     8
Example     9
The modfind Function     10
The modstat Function     10
The syscall Function     11
Executing the System Call     11
Executing the System Call Without C Code     12
Kernel/User Space Transitions     12
The copyin and copyinstr Functions     13
The copyout Function     13
The copystr Function     13
Character Device Modules     14
The cdevsw Structure     14
Character Device Functions     15
The Device Registration Routine     16
Example     17
Testing the Character Device     19
Linker Files and Modules     21
Concluding Remarks     22
Hooking     23
Hooking a System Call     24
Keystroke Logging     26
Kernel Process Tracing     28
Common System Call Hooks     29
Communication Protocols     30
The protosw Structure     30
The inetsw Switch Table     31
The mbuf Structure     32
Hooking a Communication Protocol     32
Concluding Remarks     33
Direct Kernel Object Manipulation     37
Kernel Queue Data Structures     37
The LIST_HEAD Macro     38
The LIST_HEAD_INITIALIZER Macro     38
The LIST_ENTRY Macro     38
The LlST_FOREACH Macro     39
The LIST_REMOVE Macro     39
Synchronization Issues     39
The mtx_lock Function     40
The mtx_unlock Function     40
The sx_slock and sx_xlock Functions     40
The sx_sunlock and sx_xunlock Functions      41
Hiding a Running Process     41
The proc Structure     41
The allproc List     42
Example     43
Hiding a Running Process Redux     46
The hashinit Function     47
pidhashtbl     47
The pfind Function     48
Example     48
Hiding with DKOM     51
Hiding an Open TCP-based Port     52
The inpcb Structure     52
The tcbinfo.listhead List     53
Example     54
Corrupting Kernel Data     56
Concluding Remarks     57
Kernel Object Hooking     59
Hooking a Character Device     59
The cdevp_list and cdev_priv Structures     60
The devmtx Mutex     60
Example     60
Concluding Remarks     62
Run-Time Kernel Memory Patching     63
Kernel Data Access Library     63
The kvm_openfiles Function     64
The kvm_nlist Function     64
The kvm_geterr Function     65
The kvm_read Function     65
The kvm_write Function     65
The kvm_close Function     66
Patching Code Bytes     66
Understanding x86 Call Statements     70
Patching Call Statements     70
Allocating Kernel Memory     73
The malloc Function     73
The MALLOC Macro     74
The free Function     74
The FREE Macro     74
Example     75
Allocating Kernel Memory from User Space     77
Example     77
Inline Function Hooking     81
Example     82
Gotchas     88
Cloaking System Call Hooks     88
Concluding Remarks     90
Putting It All Together     91
What HIDSes Do     91
Bypassing HIDSes     92
Execution Redirection     92
File Hiding     96
Hiding a KLD     101
The linker_files List     102
The linker_file Structure     102
The modules List     103
The module Structure     103
Example     104
Preventing Access, Modification, and Change Time Updates     107
Change Time     108
Example     112
Proof of Concept: Faking Out Tripwire     114
Concluding Remarks     117
Detection     119
Detecting Call Hooks     120
Finding System Call Hooks     120
Defecting DKOM     123
Finding Hidden Processes     123
Finding Hidden Ports     125
Defecting Run-Time Kernel Memory Patching     125
Finding Inline Function Hooks     125
Finding Code Byte Patches     125
Concluding Remarks     126
Closing Words     127
Bibliography     129
Index     131
From the B&N Reads Blog
Page 1 of

Related Subjects

Computers
Operating Systems
UNIX
Computers
Operating Systems
UNIX

Customer Reviews