Windows Rootkit相关链接

[ 1] Avoiding Windows Rootkit Detection/Bypassing PatchFinder 2 - Edgar Barbosa[2004-02-17]
　　 http://www.geocities.com/embarbosa/bypass/bypassEPA.pdf

[ 2] TOCTOU with NT System Service Hooking
　　 http://www.securityfocus.com/archive/1/348570

　　 TOCTOU with NT System Service Hooking Bug Demo
　　 http://www.securesize.com/Resources/hookdemo.shtml

[ 3] Hooking Windows NT System Services
　　 http://www.windowsitlibrary.com/content/356/06/1.html
　　 http://www.windowsitlibrary.com/content/356/06/2.html

[ 4] NTIllusion: A portable Win32 userland rootkit - Kdm <Kodmaker@syshell.org>
　　 http://www.phrack.org/phrack/62/p62-0x0c_Win32_Portable_Userland_Rootkit.txt

[ 5] Kernel-mode backdoors for Windows NT - firew0rker <firew0rker@nteam.ru>
　　 http://www.phrack.org/phrack/62/p62-0x06_Kernel_Mode_Backdoors_for_Windows_NT.txt

[ 6] Win2K Kernel Hidden Process/Module Checker 0.1 (Proof-Of-Concept) - Tan Chew Keong[2004-05-23]
　　 http://www.security.org.sg/code/kproccheck.html
　　 http://www.security.org.sg/code/KProcCheck-0.1.zip

[ 7] port/connection hiding - akcom[2004-06-18]
　　 http://www.rootkit.com/newsread_print.php?newsid=143

[ 8] Process Invincibility - metro_mystery[2004-06-13]
　　 http://www.rootkit.com/newsread_print.php?newsid=139

[ 9] KCode Patching - hoglund[2004-06-06]
　　 http://www.rootkit.com/newsread_print.php?newsid=152
　　 http://www.rootkit.com/vault/hoglund/migbot.zip

[10] Hiding Window Handles through Shadow Table Hooking on Windows XP - metro_mystery[2004-06-12]
　　 http://www.rootkit.com/newsread_print.php?newsid=137

[11] hooking functions not exported by ntoskrnl - akcom[2004-07-02]
　　 http://www.rootkit.com/newsread_print.php?newsid=151

[12] A method of get the Address of PsLoadedModuleList - stoneclever[2004-06-10]
　　 http://www.rootkit.com/newsread_print.php?newsid=135

[13] Fun with Kernel Structures (Plus FU all over again) - fuzen_op[2004-06-08]
　　 http://www.rootkit.com/newsread_print.php?newsid=134
　　 http://www.rootkit.com/vault/fuzen_op/FU_Rootkit.zip

[14] Getting Kernel Variables from KdVersionBlock, Part 2 - ionescu007[2004-07-11]
　　 http://www.rootkit.com/newsread_print.php?newsid=153

[15] Byepass Scheduler List Process Detection - SoBeIt <kinvis@hotmail.com>[2004-04-25]
　　 http://www.rootkit.com/newsread_print.php?newsid=117

[16] Detecting Hidden Processes by Hooking the SwapContext Function - worthy[2004-08-03]
　　 http://www.rootkit.com/newsread_print.php?newsid=170

转载于:https://www.cnblogs.com/suiyingjie/archive/2006/09/14/504195.html