Skip to Main Content
Rootkits: Subverting the Windows Kernel
book

Rootkits: Subverting the Windows Kernel

by Greg Hoglund, James Butler
July 2005
Intermediate to advanced content levelIntermediate to advanced
352 pages
7h 18m
English
Addison-Wesley Professional
Content preview from Rootkits: Subverting the Windows Kernel

Chapter 7. Direct Kernel Object Manipulation

 

Generally in war the best policy is to take a state intact; to ruin it is inferior to this.

 
 --SUN TZU

In the preceding chapters, we covered a great deal about hooking techniques. Hooking the operating system is a very effective process, especially since you cannot compile your rootkit into the manufacturer’s distribution. In certain instances, hooking is the only method available to a rootkit programmer.

However, as we saw in earlier chapters, hooking has its drawbacks. If someone knows where to look, a hook can usually be detected. In fact, it is relatively easy to detect hooking. In Chapter 10, Rootkit Detection, we will cover how to detect hooks, and you will learn about a tool called VICE that does ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Rootkits and Bootkits

Rootkits and Bootkits

Alex Matrosov, Eugene Rodionov, Sergey Bratus
The Antivirus Hacker's Handbook

The Antivirus Hacker's Handbook

Joxean Koret, Elias Bachaalany

Publisher Resources

ISBN: 0321294319Purchase book