Are you a rootkit developer?

Are you a rootkit developer?  Can you fulfill my idea in the Ideas and Challenges page?  I am looking for some articles or any resources that can help me solve the following.

  • Hide a process
  • Hide a file
  • Hide a registry
  • Hide a port
  • Contact userland application, vice versa
  • Keystroke logging

If you by chance come across any articles or books related to this please do let me know!

Reading and Writing registry in Windows using WinAPI

For those that are interested in contacting the windows registry via C, here’s a list of WinAPI functions that you need to know. Read the rest of this entry »

Sorting Registries in VB .NET

So there’s this guy from that needed some help getting a function created for him to breakup a single string that contains Name, Registry Key and Registry Data and appends the strings into a richtextbox.

AutoCAD 2010|Serial=HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\AutoCAD\R18.0\ACAD-8001:409\=SerialNumber


RichTextBox1.AppendText(“Autocad 2010” & vbNewLine)
Dim ammSteal01 As String = Registry.GetValue(“HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\AutoCAD\R18.0\ACAD-8001:409”, “SerialNumber”, Nothing)

So i created a simple function called
Private Sub AppendStringToRichTextBox2(ByVal str As String, ByVal txtbox As RichTextBox)

which does

        Dim title As String = ""
        Dim key As String = ""
        Dim data As String = ""

        Dim str_arr As String() = str.Split("=")

        key = str_arr(1)
        data = str_arr(2)

        For i = 0 To str_arr(0).Length - 1
            If str_arr(0)(i) = "|" Then
                Exit For
            End If

            title += str_arr(0)(i)

        txtbox.AppendText(title & vbNewLine)
        txtbox.AppendText(Microsoft.Win32.Registry.GetValue(key, data, Nothing))

The function generally appends the name of the application and the value of the key that have been called via Registry.GetValue. Well it’s nothing hard so port it to your own use if you need it.