9BOOTKIT DYNAMIC ANALYSIS: EMULATION AND VIRTUALIZATION
You saw in Chapter 8 that static analysis is a powerful tool for bootkit reverse engineering. In some situations, however, it can’t give you the information you’re looking for, so you’ll need to use dynamic analysis techniques instead. This is often true for bootkits that contain encrypted components for which decryption is problematic or for bootkits like Rovnix—covered in Chapter 11—that employ multiple hooks during execution to disable OS protection mechanisms. Static analysis tools can’t always tell which modules the bootkit tampers with, so dynamic analysis is more effective in these ...
Get Rootkits and Bootkits now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
