Professional Rootkits (Programmer to Programmer)

We now have a rootkit that does the following:

• Hides its device driver entry

• Hides its configuration file

• Hooks the operating system kernel

Kernel hooking can provide most of the functionality required by rootkits, but there are other techniques that will also assist in the implementation of a fully functional rootkit. The next chapter adds another crucial rootkit component: process injection.