From Collaborative RCE Knowledge Library

Jump to: navigation, search

Subverting Windows Embedded CE 6 Kernel

Item name: Subverting Windows Embedded CE 6 Kernel
Rating: 4.0 (1 vote)
Author: Petr Matousek                        
Home URL: http://www.fnop.org
Last updated: July 1, 2008
Version (if appl.):
Direct D/L link: http://www.fnop.org/public/download/COSEINC/subverting_wince6.pdf
Description: In this talk, the author (ex-member of 29A) presents various ways to subvert Windows Embedded CE 6 kernel to hide certain objects from the user. Architecture and inner mechanisms of the Windows Embedded CE 6 kernel and comparison with Windows CE 5 kernel are discussed first, with a focus on memory management, process management, syscall handling, and security.

Next Petr explains the methods he used for hiding processes, files, and registry keys - mainly direct kernel object manipulations, hooking of handle- and non-handle-based syscalls not only via apiset modifications but also using previously not documented ways. The author also discusses ways to detect rootkits installed on the device. A fully functional prototype rootkits, detection programs and various monitoring utilities are presented and examined.
Related URLs: No related URLs have been submitted for this item yet


RSS feed Feed containing all updates for this item.

You are welcome to add your own useful notes about this tool, for others to see!



If you find that any information for the item above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)


Views
Category Navigation Tree
   Tools