Hack the FreeBSD kernel with call hooking
Source: No Starch Press
Though rootkits have a fairly negative image, they can be used for both good and evil. Designing BSD Rootkits: An Introduction to Kernel Hacking arms you with the knowledge you need to write offensive rootkits, to defend against malicious ones, and to explore the FreeBSD kernel and operating system in the process. In this sample chapter, begin your investigation into kernel-mode rootkits by studying call hooking, a programming technique that employs handler functions called hooks to modify control flow and that is used to extend or decrease the functionality of a subroutine. In terms of rootkit design, hooking is used to alter the results of the operating system's application programming interfaces (APIs), most commonly those involved with bookkeeping and reporting. Learn how to use call hooking to subvert the FreeBSD kernel.
Title: Designing BSD Rootkits: An Introduction to Kernel Hacking
Author: Joseph Kong
Publisher: No Starch Press
Chapter 2: Hooking
ISBN: 1-59327-142-5; Copyright © 2007 No Starch Press. All rights reserved.
Used with permission from the publisher. Available from booksellers or direct from No Starch Press