From Collaborative RCE Knowledge Library

Jump to: navigation, search

Mobile Platform Internals Articles

Item name: Subverting Windows Embedded CE 6 Kernel
Rating: 4.0 (1 vote)
Author: Petr Matousek                        
Home URL:
Last updated: July 1, 2008
Version (if appl.):
Direct D/L link:
Description: In this talk, the author (ex-member of 29A) presents various ways to subvert Windows Embedded CE 6 kernel to hide certain objects from the user. Architecture and inner mechanisms of the Windows Embedded CE 6 kernel and comparison with Windows CE 5 kernel are discussed first, with a focus on memory management, process management, syscall handling, and security.

Next Petr explains the methods he used for hiding processes, files, and registry keys - mainly direct kernel object manipulations, hooking of handle- and non-handle-based syscalls not only via apiset modifications but also using previously not documented ways. The author also discusses ways to detect rootkits installed on the device. A fully functional prototype rootkits, detection programs and various monitoring utilities are presented and examined.
Also listed in: Windows Mobile Internals Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)

RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.


There are 5 subcategories to this category.

No items can be added directly to this category, please rather select one of its sub-categories above to submit an item!

Category Navigation Tree