Detour function - PowerPoint PPT Presentation

DKOM (Direct Kernel Object Manipulation)

DKOM (Direct Kernel Object Manipulation). Jamie Butler Director of Engineering HBGary, LLC http://www.hbgary.com. Operating System Design. User Land Operating system provides common API for developers to use Kernel32.dll Ntdll.dll Kernel Mode

★ ★ ★ ★ ★

918 views • 46 slides

Hidden Processes: The Implication for Intrusion Detection

Hidden Processes: The Implication for Intrusion Detection. James Butler Dr. Jeff Undercoffer Dr. John Pinkston. Rootkits. First appeared in 1993 as a collection of compromised system binaries: ls, ps, netstat, login, du , Facilitated access and masked activity Why – because they could

★ ★ ★ ★ ★

371 views • 23 slides

Living With Detours

Living With Detours. Why Use Detours?. You want to replace some target binary code with new detour code. Detours will: Replace the first instructions of a target function with JMP to the detour function. Preserve the original function callable through a trampoline function.

★ ★ ★ ★ ★

140 views • 11 slides

View Detour function PowerPoint (PPT) presentations online in SlideServe. SlideServe has a very huge collection of Detour function PowerPoint presentations. You can view or download Detour function presentations for your school assignment or business presentation. Browse for the presentations on every topic that you want.