Results 1 to 9 of 9

Thread: o0 user mode rootkit for the blind o0

  1. #1
    |< x != '+' BanMe's Avatar
    Join Date
    Oct 2008
    Location
    Farmington NH
    Posts
    510
    Blog Entries
    4

    o0 user mode rootkit for the blind o0

    eh its not a rootkit but it sure has enough hooks o0..good lcations to look into attached is m rku list.
    http://www.satogo.com/en/

    very nice code.
    Attached Files Attached Files
    Last edited by BanMe; January 10th, 2011 at 13:12.
    No hate for the lost children;
    more love for the paths we walk,
    'words' shatter the truth we seek.
    from the heart and mind of Me
    me, to you.. down and across

    No more words from me, to you...
    Hate and love shatter the heart and Mind of Me.
    For the Lost Children;For the paths we walk; the real truth we seek!

  2. #2
    Registered User
    Join Date
    Oct 2010
    Location
    CO
    Posts
    10
    Wonder if there's a brail translation? :P

  3. #3
    |< x != '+' BanMe's Avatar
    Join Date
    Oct 2008
    Location
    Farmington NH
    Posts
    510
    Blog Entries
    4
    Actualy in most cases a blind person reading this would have a 'screen' reader,and if you're refering to the report as needing the translation, tools such as the pac-mate by freedom scientific have dynamic braile displays, as well which update according to line your reading.Also other hardware like daisy can interpret documents into brail and print them... :d

    regards BanMe
    No hate for the lost children;
    more love for the paths we walk,
    'words' shatter the truth we seek.
    from the heart and mind of Me
    me, to you.. down and across

    No more words from me, to you...
    Hate and love shatter the heart and Mind of Me.
    For the Lost Children;For the paths we walk; the real truth we seek!

  4. #4
    Infancy.

    Any mechanism to change the code sections, calling directly syscalls and etc. can not be named a rootkit.

  5. #5
    |< x != '+' BanMe's Avatar
    Join Date
    Oct 2008
    Location
    Farmington NH
    Posts
    510
    Blog Entries
    4
    It's not a 'rootkit', but the time investigating the hooks and coding them to be able to 'react' to a 'users' location in real time,and have a 'audio' to read whats going on.hmm?
    where you see the physical literal aspect of it, I see the variations and abstract uses.
    No hate for the lost children;
    more love for the paths we walk,
    'words' shatter the truth we seek.
    from the heart and mind of Me
    me, to you.. down and across

    No more words from me, to you...
    Hate and love shatter the heart and Mind of Me.
    For the Lost Children;For the paths we walk; the real truth we seek!

  6. #6
    BanMe
    hooks and coding them to be able to 'react' to a 'users' location in real time
    For these purposes, there are advanced techniques such as IDP.

  7. #7
    |< x != '+' BanMe's Avatar
    Join Date
    Oct 2008
    Location
    Farmington NH
    Posts
    510
    Blog Entries
    4
    I mean the 'Window'(the word control comes to mind) location and current 'text' that is displayed by that control o0,you speak of code location.words..damn them all ..
    No hate for the lost children;
    more love for the paths we walk,
    'words' shatter the truth we seek.
    from the heart and mind of Me
    me, to you.. down and across

    No more words from me, to you...
    Hate and love shatter the heart and Mind of Me.
    For the Lost Children;For the paths we walk; the real truth we seek!

  8. #8
    BanMe
    [1408]explorer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CD3 [STSAH32.dll]
    [1408]explorer.exe-->kernel32.dll+0x0000232D, Type: Inline - RelativeJump 0x7C80232D [STSAH32.dll]
    [1408]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332 [kernel32.dll]
    [1408]explorer.exe-->kernel32.dll-->ExitThread, Type: Inline - RelativeJump 0x7C80C068 [STSAH32.dll]
    [1408]explorer.exe-->kernel32.dll+0x0001CF30, Type: Inline - RelativeJump 0x7C81CF30 [STSAH32.dll]
    [1408]explorer.exe-->kernel32.dll-->WriteConsoleA, Type: Inline - RelativeJump 0x7C81CF35 [kernel32.dll]
    ...
    Intercept of these functions through an inline patch or hot patch is the height of stupidity

  9. #9
    |< x != '+' BanMe's Avatar
    Join Date
    Oct 2008
    Location
    Farmington NH
    Posts
    510
    Blog Entries
    4
    I do agree.. The author(s) went a little overboard with hooks. But 'where and why' they chose to hook the 'other' locations is what I 'find' interesting.
    No hate for the lost children;
    more love for the paths we walk,
    'words' shatter the truth we seek.
    from the heart and mind of Me
    me, to you.. down and across

    No more words from me, to you...
    Hate and love shatter the heart and Mind of Me.
    For the Lost Children;For the paths we walk; the real truth we seek!

Similar Threads

  1. Replies: 13
    Last Post: January 24th, 2008, 02:03
  2. Replies: 0
    Last Post: January 12th, 2008, 00:08
  3. Replies: 0
    Last Post: January 12th, 2008, 00:08
  4. Replies: 0
    Last Post: January 12th, 2008, 00:08
  5. Replies: 0
    Last Post: January 12th, 2008, 00:08

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •