Rootkits: Subverting the Windows Kernel
| < Day Day Up > |
| Loading and unloading the driver is easy. For starters, just download the InstDrv tool from rootkit.com.[6] [6] The InstDrv tool was not written by members of rootkit.com; it is hosted there as a convenience. Rootkit.com You can find a copy of the InstDrv tool at: www.rootkit.com/vault/hoglund/InstDvr.zip. This utility will allow you to register and start/stop your driver. Figure 2-1 shows a screenshot of this utility. Figure 2-1. The InstDrv utility.
When it comes to real-world use, you will certainly need a better method for loading your driver. However, this utility works very well while your rootkit is in development. We cover a real-world deployment program under the section Loading the Rootkit later in this chapter. |
| < Day Day Up > |