When discussing hooking techniques (In case Chapter 8, Code Injection and Hooking, in the Hooking Techniques section), we saw how some malware programs modify the call table (IAT Hooking) and some modify the API function (inline hooking) to control the execution path of the program and re-route it to the malicious code. The objective is to block calls to the API, monitor input parameters passed to the API, or to filter the output parameters returned from the API. The techniques covered in Chapter 8, Code Injection and Hooking, mainly focused on hooking techniques in the user space. Similar capabilities are possible in the kernel space if an attacker manages to install a kernel driver. Hooking in a kernel ...