STDRestore

10/08/06 Posted by geswall

Link: http://www.security.org.sg/code/sdtrestore.html

STDRestore is a tool that demonstrates the possibility of defeating rootkits by removing Kernel Native APIs hooks and restoring the ServiceTable entries back to their original state. The similar technique can be used by rootkits as well.

Isolated STDResource have not enough privileges to access physical memory device in order to modify Service Table.

Link: http://www.security.org.sg/code/sdtrestore.html

Posted in GeSWall's Security Tests, Rootkits

The official GentleSecurity's weblog on the company news, products information and computer security insights.
February 2012
Sun Mon Tue Wed Thu Fri Sat

<< < > >>

1 2 3 4

5 6 7 8 9 10 11

12 13 14 15 16 17 18

19 20 21 22 23 24 25

26 27 28 29
Categories
Archives
- December 2011 (1)
- June 2011 (1)
- April 2011 (1)
- March 2011 (1)
- February 2011 (1)
- December 2010 (2)
- October 2010 (1)
- July 2009 (1)
- January 2009 (1)
- February 2008 (1)
- January 2008 (1)
- December 2007 (1)
- More...
XML Feeds
- RSS 2.0: Posts
- Atom: Posts
More on RSS

February 2012
Sun	Mon	Tue	Wed	Thu	Fri	Sat
<< <				> >>
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29

GentleSecurity's Blog

STDRestore

Categories

Archives

XML Feeds