Đang tải... (xem toàn văn)
Đây là bộ sách tiếng anh cho dân công nghệ thông tin chuyên về bảo mật,lập trình.Thích hợp cho những ai đam mê về công nghệ thông tin,tìm hiểu về bảo mật và lập trình.
[...]... which unmanaged and managed code executables operate on top of the OS Whereas regular, unmanaged code executables interact directly with the OS, managed code executables are executed inside the managed code runtime on top of the VM 11 12 CHAPTER 1╇ Introduction Managed code runtime Unmanaged code executable Unmanaged code executable Unmanaged code executable Unmanaged code executable Managed code executable... Unmanaged code executable Managed code executable Managed code executable Managed code executable Virtual Machine Unmanaged code executable Operating system Hardware Figure 1.1╇ Application Space The managed code runtime provides the sandbox that runs on top of the OS The VM decides what happens inside the sandbox Managed Code Environments: An Overview Managed code environments provide the runtime engine... throughout the book—hence, we’ll refer to managed code as code that executes under the management of any application VM, such as code that runs under the Java JVM, NET CLR, Android Dalvik, and so on Before moving on, let’s have a brief overview of managed code runtimes Technology Background: An Overview In this section, we’ll provide a short overview of managed code runtime environments You should be... 3.0, 3.5, and 3.5 SP1 Managed versus Unmanaged Code The execution model of an MCR is different from “traditional” execution models, in that source code is compiled directly to the machine-specific code containing the instruction set for that CPU Here we’re talking about code that is compiled to bytecode, a virtual IL in which the VM transforms every instruction to “real” machine code Whereas the operating... C# • Cosmosâ•… An open source Berkeley Software Distribution (BSD) OS in C# In other words, rootkits considered user-mode rootkits today are the kernel or Ring 0 rootkits of the future TIP MCRs implemented in a managed code OS are equivalent to the kernel-level rootkits of today’s operating systems When managed code OSes are used, MCRs will become even more important, since MCRs will go even deeper Don’t... Microsoft to differentiate between VM-based managed code running on top of a VM under its “management,” and native unmanaged code running without depending on any such “management.” The code is said to be managed because the VM is responsible for managing code aspects such as memory, security, automated exception handling, and so on, rather than letting the code handle those tasks by itself Generally,... components of a managed code runtime exist, we’re covering the major ones, as they are the focus of this book Figure 1.2 illustrates a typical execution model of a managed VM runtime Source code compiled into bytecode is loaded by the VM, which loads the required classes and calls the JIT compiler to compile machine-specific code based on the CPU’s instruction set Compile Source code Bytecode Loaded Load... including C#, VB.NET, and C++/CLI (managed C++) This paradigm frees the application from the language of the source code from which it is built, since eventually, they all compile to the same IL bytecode IL Bytecode When source code is compiled, it is eventually converted to IL bytecode rather than to machine instruction assembly code, as an additional step in the code compilation and execution process... runtime version and the CLR data section containing the code The data section contains the IL bytecode along with its metadata Summary Summary In this chapter, we established the baseline for understanding what managed code environments are and how they are different from unmanaged code This chapter provided an overview of the major components of managed code found in most VM runtimes available today, while... hardware, hypervisor, and so on This book covers managed code rootkits (MCRs), a new type of rootkit targeted at managed code environments in which special types of rootkits can operate In this chapter, we’ll discuss malware in general, and then take an introductory look at MCRs, including what they are and what attackers can do with them The Problem of Rootkits and Other Types of Malware Business organizations, . source code and to download the ReFrameworker tool, please visit http://www .managedcoderootkits. com. This page intentionally left blank xi Acknowledgements This