Bibliography

1

AMD. AMD64 Architecture Programmer's Manual Volume 2: System Programming. Dec, 2005.

2

Anonymous Hacker. Xbox 360 Hypervisor Privilege Escalation Vulnerability. Bugtraq. Feb, 2007. http://www.securityfocus.com/archive/1/461489

3

Blanset, David et al. Dual operating system computer.
Oct, 1985. http://www.freepatentsonline.com/4747040.html

4

Brown, Ralf. Pentium Model-Specific Registers and What They Reveal.
Oct, 1995. http://www.rcollins.org/articles/p5msr/PentiumMSRs.html

5

Butler, James and Sherri Sparks. Windows Rootkits of 2005.
Nov, 2005. http://www.securityfocus.com/infocus/1850

6

Cerrudo, Cesar. Microsoft Windows Kernel GDI Local Privilege Escalation.
Oct, 2004. http://projects.info-pull.com/mokb/MOKB-06-11-2006.html

7

CIAC. E-34: One_half Virus (MS-DOS).
Sep, 1994. http://www.ciac.org/ciac/bulletins/e-34.shtml

8

Conover, Matt. Malware Profiling and Rootkit Detection on Windows.
2005. http://xcon.xfocus.org/xcon2005/archives/2005/Xcon2005_Shok.pdf

9

Duflot, Loïc. Security Issues Related to Pentium System Management Mode.
CanSecWest, 2006. http://www.cansecwest.com/slides06/csw06-duflot.ppt

10

Ellch, John et al. Exploiting 802.11 Wireless Driver Vulnerabilities on Windows.
Jan, 2007. http://www.uninformed.org/?v=6&a=2&t=sumry

11

Firew0rker, the nobodies. Kernel-mode backdoors for Windows NT.
Phrack 62. Jan, 2005. http://www.phrack.org/issues.html?issue=62&id=6#article

12

fuzen_op. SysEnterHook.
Feb, 2005. http://www.rootkit.com/vault/fuzen_op/SysEnterHook.zip

13

Garfinkel, Tal. Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools.
http://www.stanford.edu/~talg/papers/traps/traps-ndss03.pdf

14

Gassoway, Paul. Discovery of kernel rootkits with memory scan.
Oct, 2005. http://www.freepatentsonline.com/20070078915.html

15

Gulbrandsen, John. System Call Optimization with the SYSENTER Instruction.
Oct, 2004. http://www.codeguru.com/Cpp/W-P/system/devicedriverdevelopment/article.php/c8223/

16

Heasman, John. Implementing and Detecting an ACPI BIOS Rootkit.
BlackHat Federal, 2006. https://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-Heasman.pdf

17

Heasman, John. Implementing and Detecting a PCI Rootkit.
Nov, 2006. http://www.ngssoftware.com/research/papers/Implementing_And_Detecting_A_PCI_Rootkit.pdf

18

Hoglund, Greg. Kernel Object Hooking Rootkits (KOH Rootkits).
Jun, 2006. http://www.rootkit.com/newsread.php?newsid=501

19

Hoglund, Greg. A *REAL* NT Rootkit, patching the NT Kernel.
Phrack 55. Sep, 1999. http://phrack.org/issues.html?issue=55&id=5

20

Hoglund, Greg and James Butler. Rootkits: Subverting the Windows Kernel. 2006. Addison-Wesley.

21

Hunt, Galen and Doug Brubacher. Detours: Binary Interception of Win32 Functions. Proceedings of the 3rd USENIX Windows NT Symposium, pp. 135-143. Seattle, WA, July 1999. USENIX.

22

Intel. 2.1.2 The Intel 286 Processor (1982).
Intel 64 and IA-32 Architectures Software Developer's Manual. Denver, Colorado: Intel, 34. http://www.intel.com/products/processor/manuals/index.htm.

23

Intel. IA-32 Intel Architecture Software Developer's Manual Volume 3: System Programming Guide.
Sep, 2005.

24

Jack, Barnaby. Remote Windows Kernel Exploitation: Step into the Ring 0.
Aug, 2005. http://www.blackhat.com/presentations/bh-usa-05/BH_US_05-Jack_White_Paper.pdf

25

Kasslin, Kimmo. Kernel Malware: The Attack from Within.
2006. http://www.f-secure.com/weblog/archives/kasslin_AVAR2006_KernelMalware_paper.pdf

26

Kdm. NTIllusion: A portable Win32 userland rootkit [incomplete].
Phrack 62. Jan, 2005. http://www.phrack.org/issues.html?issue=62&id=12&mode=txt

27

M. B. Jones. Interposition agents: Transparently interposing user code at the system interface.
In Symposium on Operating System Principles, pages 80-93, 1993. http://www.scs.stanford.edu/nyu/04fa/sched/readings/interposition-agents.pdf

28

Mythrandir. Protected mode programming and O/S development.
Phrack 52. Jan, 1998. http://www.phrack.org/issues.html?issue=52&id=17#article

29

PaX team. PAGEEXEC.
Mar, 2003. http://pax.grsecurity.net/docs/pageexec.txt

30

Plaguez. Weakening the Linux Kernel.
Phrack 52. Jan, 1998. http://www.phrack.org/issues.html?issue=52&id=18#article

31

Prasad Dabak, Milind Borate, and Sandeep Phadke. Hooking Software Interrupts.
Oct, 1999. http://www.windowsitlibrary.com/Content/356/09/1.html

32

Rutkowska, Joanna. System Virginity Verifier.
http://invisiblethings.org/tools/svv/svv-2.3-src.zip

33

Rutkowska, Joanna. Rookit Hunting vs. Compromise Detection.
BlackHat Europe, 2006. http://invisiblethings.org/papers/rutkowska_bheurope2006.ppt

34

Rutkowska, Joanna. Introducing Stealth Malware Taxonomy.
Nov, 2006. http://invisiblethings.org/papers/malware-taxonomy.pdf

35

Silvio. Shared Library Call Redirection Via ELF PLT Infection.
Phrack 56. Jan, 2000. http://www.phrack.org/issues.html?issue=56&id=7#article

36

skape and Skywing. Bypassing PatchGuard on Windows x64.
Uninformed Journal. Jan, 2006. http://www.uninformed.org/?v=3&a=3&t=sumry

37

Skywing. Subverting PatchGuard version 2.
Uninformed Journal. Jan, 2007. http://www.uninformed.org/?v=6&a=1&t=sumry

38

Skywing. Anti-Virus Software Gone Wrong.
Uninformed Journal. Jun, 2006. http://www.uninformed.org/?v=4&a=4&t=sumry

39

Skywing. Programming against the x64 exception handling support.
Feb, 2007. http://www.nynaeve.net/?p=113

40

Soeder, Derek. Windows Expand-down Data Segment Local Privilege Escalation.
Apr, 2004. http://research.eeye.com/html/advisories/published/AD20040413D.html

41

Sparks, Sherri and James Butler. Raising the Bar for Windows Rootkit Detection.
Phrack 63. Jan, 2005. http://www.phrack.org/issues.html?issue=63&id=8

42

Trusted Computing Group. Trusted Computing Group: Home.
https://www.trustedcomputinggroup.org/home

43

Trusted Computing Group. TPM Specification.
https://www.trustedcomputinggroup.org/specs/TPM/

44

Welinder, Morten. modify_ldt security holes.
Mar, 1996. http://lkml.org/lkml/1996/3/6/13

45

Wikipedia. Call gate.
http://en.wikipedia.org/wiki/Call_gate