Wednesday, April 15, 2009

Book : Professional Rootkits

Recently i am reading a book titled " Professional Rootkits" by Ric Vieler. more to go for me in Win32 kernel exploring.

" ZwOpenFile is the kernel mode equinalent of the user mode platform SDK function OpenFile. If you havent already guessed, this rootkit is a kernel mode device driver, complete with all the privilleges and complexity of kernel mode programming. File functions begin with Zw, I/O functions begin with Io, synchronization functions begin with Ke, resource functions begin with Ex, mapping functions begin with Mm, and string function begi with Rtl. "

Zw, Io, Ke, Ex,Mm,Rtl......

2 comments:

  1. "ZwOpenFile is the kernel mode equinalent of the user mode platform SDK function OpenFile"

    hmm, Zw, Io, Ex, Mm, Rtl... thanks for your information... :)

    ReplyDelete