Subverting Windows Embedded CE 6 Kernel
  • Title: Subverting Windows Embedded CE 6 Kernel
  • Speakers: Petr Matousek
  • Language: English
  • Keywords: operating system security, rootkits, windows embedded

CANCELLED (Petr cannot come to Paris)

In this talk, the author presents various ways to subvert Windows Embedded CE 6 kernel to hide certain objects from the user. Architecture and inner mechanisms of the Windows Embedded CE 6 kernel and comparison with Windows CE 5 kernel are discussed first, with a focus on memory management, process management, syscall handling, and security. Next the author explains the methods he used for hiding processes, files, and registry keys - mainly direct kernel object manipulations, hooking of handle- and non-handle-based syscalls not only via apiset modifications but also using previously not documented ways. The author also discusses ways to detect rootkits installed on the device. A fully functional prototype rootkits, detection programs and various monitoring utilities are presented and examined.