Return C, have you looking about system call hooking or system call table modifications?
> Don't reinvent the wheel -- just use Tripwire. > http://sourceforge.net/projects/tripwire/ for the open source version, (sigh) What about learning? "Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime." Chinese Proverb -- Nuno Treez -- Being a pain in the Internet's ass since 1996. -- Si vis pacem, para bellum. (Vegetius, Epitome rei militaris, 3. Praef.) -- ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
