From Collaborative RCE Knowledge Library

Jump to: navigation, search

Windows Mobile Internals Articles


Item name: Subverting Windows Embedded CE 6 Kernel
Rating: 4.0 (1 vote)
Author: Petr Matousek                        
Home URL: http://www.fnop.org
Last updated: July 1, 2008
Version (if appl.):
Direct D/L link: http://www.fnop.org/public/download/COSEINC/subverting_wince6.pdf
Description: In this talk, the author (ex-member of 29A) presents various ways to subvert Windows Embedded CE 6 kernel to hide certain objects from the user. Architecture and inner mechanisms of the Windows Embedded CE 6 kernel and comparison with Windows CE 5 kernel are discussed first, with a focus on memory management, process management, syscall handling, and security.

Next Petr explains the methods he used for hiding processes, files, and registry keys - mainly direct kernel object manipulations, hooking of handle- and non-handle-based syscalls not only via apiset modifications but also using previously not documented ways. The author also discusses ways to detect rootkits installed on the device. A fully functional prototype rootkits, detection programs and various monitoring utilities are presented and examined.
Also listed in: (Not listed in any other category)
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)




RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.





Views
Category Navigation Tree
   Tools