|
Conclusion
From reading this paper the reader should have a good understanding
of the concepts and issues related to scanning memory for signatures
in order to detect objects in the system pool. The reader should be
able to enumerate system memory safely, construct their own
customized memory signatures, locate signatures in memory, and
implement their own reporting mechanism.
It is obvious that object detection using memory scanning is no
exact science. However, it does provide a method which, for the most part,
interacts with the system as little as possible.
The author believes that the outlined technique can be successfully
implemented to obtain acceptable results in detecting objects hidden
by rootkits.
|