O'Reilly logo

Rootkits: Subverting the Windows Kernel by James Butler, Greg Hoglund

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 5. Runtime Patching

 

All I need to find you, Louis, is follow the corpses of rats.

 
 --INTERVIEW WITH THE VAMPIRE, ANNE RICE

Call hooks and other methods of modifying software logic are powerful for sure, but they’re old techniques, they’re well published, and they’re easily detected by anti-rootkit technology. Runtime patching offers a more-obscure way to achieve the same results. Runtime patching is not new, but in the published material relating to rootkits it typically has not been showcased.

Most material relating to code patches goes back to the days of software cracking and piracy. But applied in rootkits, runtime patching is one of the most advanced techniques possible. Armed with this technique, you should be able to build undetectable ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required