7 Understanding Kernel-Mode Rootkits

In this chapter, we are going to dig deeper into the Windows kernel and its internal structures and mechanisms. We will cover different techniques used by malware authors to hide the presence of their malware from users and antivirus products.

We will look at different advanced kernel-mode hooking techniques, process injection in kernel mode, and how to perform static and dynamic analysis there.

Before we get into rootkits and learn how they are implemented, we need to understand how the operating system (OS) works and how rootkits can target different parts of the OS and use it to their advantage.

In this chapter, we will cover the following topics:

Kernel mode versus user mode
Windows internals
Rootkits ...

Get Mastering Malware Analysis - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Malware Analysis - Second Edition by Alexey Kleymenov, Amr Thabet

7

Understanding Kernel-Mode Rootkits

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly