Timing Rootkits (KD-TEAM)
http://www.kd-team.com/papers/Timing_Rootkits.pdf
“RDTSC:Read Time-Stamp Counter”、“RDPMC:Read Performance-Monitoring Counters”あたりを使ってrootkit感染時のパフォーマンス低下からrootkit検出な話(だと思う) 間違っていたら教えて(笑)
- Detect Hidden Processes
http://www.kd-team.com/tools/detecproc_KD-Team.rar - DetectCon Detect hidden ports
http://www.kd-team.com/tools/DetectCon.Kd-Team.rar - Test programs for measuring clock cycles and performance monitoring
http://www.agner.org/assem/#testp
KD-TEAMがちょっとおもしろそう