Chapter 7. Direct Kernel Object Manipulation

	Generally in war the best policy is to take a state intact; to ruin it is inferior to this.
	--SUN TZU

In the preceding chapters, we covered a great deal about hooking techniques. Hooking the operating system is a very effective process, especially since you cannot compile your rootkit into the manufacturer’s distribution. In certain instances, hooking is the only method available to a rootkit programmer.

However, as we saw in earlier chapters, hooking has its drawbacks. If someone knows where to look, a hook can usually be detected. In fact, it is relatively easy to detect hooking. In Chapter 10, Rootkit Detection, we will cover how to detect hooks, and you will learn about a tool called VICE that does ...

Get Rootkits: Subverting the Windows Kernel now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Rootkits: Subverting the Windows Kernel by

Chapter 7. Direct Kernel Object Manipulation

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly