Professional Rootkits (Programmer to Programmer)

Overview

This chapter will guide you through the creation of a kernel hook. The kernel of the operating system provides high-level applications with the low-level functionality needed to perform system operations. By hooking the kernel, a rootkit can alter the low-level operations used by high-level applications. This provides a convenient mechanism for control, monitoring, and filtering, and offers many possibilities for concealment.

This chapter includes the following:

• The system call table

• Memory protection considerations

• Kernel hooking macros

• Kernel hooking functions

• A basic example of kernel hooking

• A description of kernel functions by group