From owner-freebsd-hackers@FreeBSD.ORG Tue Nov 18 13:30:13 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D20F31065672 for ; Tue, 18 Nov 2008 13:30:13 +0000 (UTC) (envelope-from bsd.quest@googlemail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.187]) by mx1.freebsd.org (Postfix) with ESMTP id 5D19F8FC08 for ; Tue, 18 Nov 2008 13:30:13 +0000 (UTC) (envelope-from bsd.quest@googlemail.com) Received: by nf-out-0910.google.com with SMTP id h3so1923453nfh.33 for ; Tue, 18 Nov 2008 05:30:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:reply-to:mail-followup-to:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=Hpfkqm9pGW7MfxtVk+crpHmEh9qSA6PxRGi2L4eWDgA=; b=V2icXT2AVGpUeIjar7cggbRzlt0N8ZkyexOYzgBmL5JKxe0sNDnJarPc3kZa+IxmAl 4Gey5PN5LAY1vUUDoCXpCmSBrunS+mJIDVcKFudx0lUb6lZO8ms6V2J5lU4aAaa/x3a6 bftLPqvrKsAdp1zC3yIO7ehubeBKuMnLL5fkU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=date:from:to:subject:message-id:reply-to:mail-followup-to :references:mime-version:content-type:content-disposition :in-reply-to:user-agent; b=f1uxCd1yDgjxy0TEP3no9ylKcL+B8jawbEP8fEY4vRJrjNCWh9DUvTCKbNlWRP4JxX 2Y8HdMYGk0xs3aBC3VQhaLI38kMgj9K5Bpz76J9EVNhU3z2D9VkOLD0WphEHugu56bNd 8dTKcmjkqiWiKShKHGDPa1OcBNbyxooVO1jpg= Received: by 10.86.80.5 with SMTP id d5mr2898111fgb.47.1227015011337; Tue, 18 Nov 2008 05:30:11 -0800 (PST) Received: from localhost (BADc378.bad.pppool.de [77.131.195.120]) by mx.google.com with ESMTPS id d4sm4854277fga.5.2008.11.18.05.30.09 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 18 Nov 2008 05:30:10 -0800 (PST) Date: Tue, 18 Nov 2008 14:29:44 +0100 From: Alexej Sokolov To: FreeBSD Hackers Message-ID: <20081118132944.GA2967@debian.samsung.router> Mail-Followup-To: FreeBSD Hackers References: <671bb5fc0811151927j6dcb5155oeffbf4cc95cbccb6@mail.gmail.com> <20081116100923.GU81783@hoeg.nl> <20081117113522.GA2732@debian.samsung.router> <65f70ae30811170735i60891633ja0791f3d73cee188@mail.gmail.com> <20081117204407.GY81783@hoeg.nl> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20081117204407.GY81783@hoeg.nl> User-Agent: Mutt/1.5.18 (2008-05-17) Subject: Re: =?utf-8?b?0J7RgtCy0LXRgjo=?= KLD loading, liking X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Alexej Sokolov List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Nov 2008 13:30:13 -0000 On Mon, Nov 17, 2008 at 09:43:44PM +0100, Ed Schouten wrote: > * Aleksandr Litvinov wrote: > > Hello, > > You can receive a little information about KLD from the book > > "designing BSD rootkits". > > I don't own this book myself, but a colleague at Snow B.V. once showed > it to me. I only looked through it a couple of minutes, but it seemed > like a book nice to have. It also shows some techniques on how to hide > KLD's. I have this book. It shows some techniques, but it doesn't explain many things. And for KLD loading it gives only easy examples without explaining how KLD-Loader works. It's not absolutely necessary to bye this book. There are some papers, which explain the topics of the book very well: 1. Fun and Games with FreeBSD Kernel Modules http://www.r4k.net/mod/fbsdfun.html 2. Attacking FreeBSD with Kernel Modules: http://packetstormsecurity.org/papers/unix/bsdkern.htm > > -- > Ed Schouten > WWW: http://80386.nl/ -- Alexej Sokolov