- Page 3: The Antivirus Hacker’s Handbook
- Page 7: About the Authors Joxean Koret has
- Page 11: Acknowledgments I would like to ack
- Page 14 and 15: xii Contents at a Glance Part IV Cu
- Page 16 and 17: xiv Contents Backdoors and Configur
- Page 18 and 19: xvi Contents Installing F-Prot 152
- Page 20 and 21: xviii Contents Differences between
- Page 22 and 23: xx Introduction ■ You want to wri
- Page 24 and 25: xxii Introduction from the techniqu
- Page 27 and 28: CHAPTER 1 Introduction to Antivirus
- Page 29 and 30: Chapter 1 ■ Introduction to Antiv
- Page 31 and 32: Chapter 1 ■ Introduction to Antiv
- Page 33 and 34: Chapter 1 ■ Introduction to Antiv
- Page 35 and 36: Chapter 1 ■ Introduction to Antiv
- Page 37 and 38: Chapter 1 ■ Introduction to Antiv
- Page 39 and 40: CHAPTER 2 Reverse-Engineering the C
- Page 41 and 42: Chapter 2 ■ Reverse-Engineering t
- Page 43 and 44: Chapter 2 ■ Reverse-Engineering t
- Page 45 and 46: Chapter 2 ■ Reverse-Engineering t
- Page 47 and 48: Chapter 2 ■ Reverse-Engineering t
- Page 49 and 50: Chapter 2 ■ Reverse-Engineering t
- Page 51 and 52: Chapter 2 ■ Reverse-Engineering t
- Page 53 and 54: Chapter 2 ■ Reverse-Engineering t
- Page 55 and 56:
Chapter 2 ■ Reverse-Engineering t
- Page 57 and 58:
Chapter 2 ■ Reverse-Engineering t
- Page 59 and 60:
Chapter 2 ■ Reverse-Engineering t
- Page 61 and 62:
Chapter 2 ■ Reverse-Engineering t
- Page 63 and 64:
Chapter 2 ■ Reverse-Engineering t
- Page 65 and 66:
Chapter 2 ■ Reverse-Engineering t
- Page 67 and 68:
Chapter 2 ■ Reverse-Engineering t
- Page 69 and 70:
Chapter 2 ■ Reverse-Engineering t
- Page 71 and 72:
Chapter 2 ■ Reverse-Engineering t
- Page 73 and 74:
Chapter 2 ■ Reverse-Engineering t
- Page 75 and 76:
Chapter 2 ■ Reverse-Engineering t
- Page 77 and 78:
switch ( id ) { case 15: return "UN
- Page 79 and 80:
Chapter 2 ■ Reverse-Engineering t
- Page 81 and 82:
CHAPTER 3 The Plug-ins System Antiv
- Page 83 and 84:
Chapter 3 ■ The Plug-ins System 5
- Page 85 and 86:
Chapter 3 ■ The Plug-ins System 6
- Page 87 and 88:
Chapter 3 ■ The Plug-ins System 6
- Page 89 and 90:
Chapter 3 ■ The Plug-ins System 6
- Page 91 and 92:
Chapter 3 ■ The Plug-ins System 6
- Page 93 and 94:
Chapter 3 ■ The Plug-ins System 6
- Page 95 and 96:
Chapter 3 ■ The Plug-ins System 7
- Page 97 and 98:
Chapter 3 ■ The Plug-ins System 7
- Page 99:
Chapter 3 ■ The Plug-ins System 7
- Page 102 and 103:
78 Part I ■ Antivirus Basics Othe
- Page 104 and 105:
80 Part I ■ Antivirus Basics Cryp
- Page 106 and 107:
82 Part I ■ Antivirus Basics in t
- Page 108 and 109:
84 Part I ■ Antivirus Basics to m
- Page 110 and 111:
86 Part I ■ Antivirus Basics ■
- Page 112 and 113:
88 Part I ■ Antivirus Basics This
- Page 114 and 115:
90 Part I ■ Antivirus Basics ■
- Page 116 and 117:
92 Part I ■ Antivirus Basics be d
- Page 118 and 119:
94 Part I ■ Antivirus Basics The
- Page 120 and 121:
96 Part I ■ Antivirus Basics If y
- Page 122 and 123:
98 Part I ■ Antivirus Basics Figu
- Page 124 and 125:
100 Part I ■ Antivirus Basics Bec
- Page 127:
Part II Antivirus Software Evasion
- Page 130 and 131:
106 Part II ■ Antivirus Software
- Page 132 and 133:
108 Part II ■ Antivirus Software
- Page 134 and 135:
110 Par t II ■ Antivirus Software
- Page 136 and 137:
112 Par t II ■ Antivirus Software
- Page 138 and 139:
114 Par t II ■ Antivirus Software
- Page 141 and 142:
CHAPTER 7 Evading Signatures Evadin
- Page 143 and 144:
Chapter 7 ■ Evading Signatures 11
- Page 145 and 146:
Chapter 7 ■ Evading Signatures 12
- Page 147 and 148:
Chapter 7 ■ Evading Signatures 12
- Page 149 and 150:
Chapter 7 ■ Evading Signatures 12
- Page 151 and 152:
Chapter 7 ■ Evading Signatures 12
- Page 153 and 154:
Chapter 7 ■ Evading Signatures 12
- Page 155 and 156:
Chapter 7 ■ Evading Signatures 13
- Page 157 and 158:
CHAPTER 8 Evading Scanners Antiviru
- Page 159 and 160:
Chapter 8 ■ Evading Scanners 135
- Page 161 and 162:
Chapter 8 ■ Evading Scanners 137
- Page 163 and 164:
Chapter 8 ■ Evading Scanners 139
- Page 165 and 166:
Chapter 8 ■ Evading Scanners 141
- Page 167 and 168:
Chapter 8 ■ Evading Scanners 143
- Page 169 and 170:
Chapter 8 ■ Evading Scanners 145
- Page 171 and 172:
Chapter 8 ■ Evading Scanners 147
- Page 173 and 174:
Chapter 8 ■ Evading Scanners 149
- Page 175 and 176:
Chapter 8 ■ Evading Scanners 151
- Page 177 and 178:
Chapter 8 ■ Evading Scanners 153
- Page 179 and 180:
Chapter 8 ■ Evading Scanners 155
- Page 181 and 182:
Chapter 8 ■ Evading Scanners 157
- Page 183 and 184:
Chapter 8 ■ Evading Scanners 159
- Page 185 and 186:
Chapter 8 ■ Evading Scanners 161
- Page 187:
Chapter 8 ■ Evading Scanners 163
- Page 190 and 191:
166 Part II ■ Antivirus Software
- Page 192 and 193:
168 Part II ■ Antivirus Software
- Page 194 and 195:
170 Part II ■ Antivirus Software
- Page 196 and 197:
172 Part II ■ Antivirus Software
- Page 198 and 199:
174 Part II ■ Antivirus Software
- Page 200 and 201:
176 Part II ■ Antivirus Software
- Page 202 and 203:
178 Part II ■ Antivirus Software
- Page 204 and 205:
180 Part II ■ Antivirus Software
- Page 207 and 208:
CHAPTER 10 Identifying the Attack S
- Page 209 and 210:
Chapter 10 ■ Identifying the Atta
- Page 211 and 212:
Chapter 10 ■ Identifying the Atta
- Page 213 and 214:
Chapter 10 ■ Identifying the Atta
- Page 215 and 216:
Chapter 10 ■ Identifying the Atta
- Page 217 and 218:
Chapter 10 ■ Identifying the Atta
- Page 219 and 220:
Chapter 10 ■ Identifying the Atta
- Page 221 and 222:
Chapter 10 ■ Identifying the Atta
- Page 223 and 224:
Chapter 10 ■ Identifying the Atta
- Page 225 and 226:
Chapter 10 ■ Identifying the Atta
- Page 227 and 228:
Chapter 10 ■ Identifying the Atta
- Page 229:
Chapter 10 ■ Identifying the Atta
- Page 232 and 233:
208 Part II ■ Antivirus Software
- Page 234 and 235:
210 Part II ■ Antivirus Software
- Page 236 and 237:
212 Part II ■ Antivirus Software
- Page 238 and 239:
214 Part II ■ Antivirus Software
- Page 240 and 241:
216 Part II ■ Antivirus Software
- Page 243 and 244:
CHAPTER 12 Static Analysis Static a
- Page 245 and 246:
Chapter 12 ■ Static Analysis 221
- Page 247 and 248:
Chapter 12 ■ Static Analysis 223
- Page 249 and 250:
Chapter 12 ■ Static Analysis 225
- Page 251 and 252:
Chapter 12 ■ Static Analysis 227
- Page 253 and 254:
Chapter 12 ■ Static Analysis 229
- Page 255 and 256:
Chapter 12 ■ Static Analysis 231
- Page 257:
Chapter 12 ■ Static Analysis 233
- Page 260 and 261:
236 Part III ■ Analysis and Explo
- Page 262 and 263:
238 Part III ■ Analysis and Explo
- Page 264 and 265:
240 Part III ■ Analysis and Explo
- Page 266 and 267:
242 Part III ■ Analysis and Explo
- Page 268 and 269:
244 Part III ■ Analysis and Explo
- Page 270 and 271:
246 Part III ■ Analysis and Explo
- Page 272 and 273:
248 Part III ■ Analysis and Explo
- Page 274 and 275:
250 Part III ■ Analysis and Explo
- Page 276 and 277:
252 Part III ■ Analysis and Explo
- Page 278 and 279:
254 Part III ■ Analysis and Explo
- Page 280 and 281:
256 Part III ■ Analysis and Explo
- Page 282 and 283:
258 Part III ■ Analysis and Explo
- Page 284 and 285:
260 Part III ■ Analysis and Explo
- Page 286 and 287:
262 Part III ■ Analysis and Explo
- Page 288 and 289:
264 Part III ■ Analysis and Explo
- Page 290 and 291:
266 Part III ■ Analysis and Explo
- Page 293 and 294:
CHAPTER 14 Local Exploitation Local
- Page 295 and 296:
Chapter 14 ■ Local Exploitation 2
- Page 297 and 298:
Chapter 14 ■ Local Exploitation 2
- Page 299 and 300:
Chapter 14 ■ Local Exploitation 2
- Page 301 and 302:
Chapter 14 ■ Local Exploitation 2
- Page 303 and 304:
Chapter 14 ■ Local Exploitation 2
- Page 305 and 306:
Chapter 14 ■ Local Exploitation 2
- Page 307 and 308:
Chapter 14 ■ Local Exploitation 2
- Page 309 and 310:
Chapter 14 ■ Local Exploitation 2
- Page 311 and 312:
Chapter 14 ■ Local Exploitation 2
- Page 313 and 314:
Chapter 14 ■ Local Exploitation 2
- Page 315 and 316:
Chapter 14 ■ Local Exploitation 2
- Page 317 and 318:
Chapter 14 ■ Local Exploitation 2
- Page 319 and 320:
Chapter 14 ■ Local Exploitation 2
- Page 321 and 322:
CHAPTER 15 Remote Exploitation Remo
- Page 323 and 324:
Chapter 15 ■ Remote Exploitation
- Page 325 and 326:
Chapter 15 ■ Remote Exploitation
- Page 327 and 328:
Chapter 15 ■ Remote Exploitation
- Page 329 and 330:
Chapter 15 ■ Remote Exploitation
- Page 331 and 332:
Chapter 15 ■ Remote Exploitation
- Page 333 and 334:
Chapter 15 ■ Remote Exploitation
- Page 335 and 336:
Chapter 15 ■ Remote Exploitation
- Page 337 and 338:
Chapter 15 ■ Remote Exploitation
- Page 339 and 340:
Chapter 15 ■ Remote Exploitation
- Page 341 and 342:
Chapter 15 ■ Remote Exploitation
- Page 343:
Chapter 15 ■ Remote Exploitation
- Page 347 and 348:
CHAPTER 16 Current Trends in Antivi
- Page 349 and 350:
Chapter 16 ■ Current Trends in An
- Page 351 and 352:
Chapter 16 ■ Current Trends in An
- Page 353:
Chapter 16 ■ Current Trends in An
- Page 356 and 357:
332 Part IV ■ Current Trends and
- Page 358 and 359:
334 Part IV ■ Current Trends and
- Page 360 and 361:
336 Part IV ■ Current Trends and
- Page 362 and 363:
338 Part IV ■ Current Trends and
- Page 364 and 365:
340 Part IV ■ Current Trends and
- Page 366 and 367:
342 Part IV ■ Current Trends and
- Page 368 and 369:
344 Part IV ■ Current Trends and
- Page 370 and 371:
346 Part IV ■ Current Trends and
- Page 372 and 373:
348 Index ■ B-B privileges for, 3
- Page 374 and 375:
350 Index ■ D-D intercepting, 307
- Page 376 and 377:
352 Index ■ G-I automatic of anti
- Page 378 and 379:
354 Index ■ M-N kernel-land searc
- Page 380 and 381:
356 Index ■ Q-S changing to bypas
- Page 382 and 383:
358 Index ■ T-V Stuxnet computer
- Page 384:
WILEY END USER LICENSE AGREEMENT Go