O'Reilly logo

Hacking Exposed Malware & Rootkits: Security Secrets and Solutions, Second Edition, 2nd Edition by Aaron LeMasters, Sean M. Bodmer, Michael A. Davis, Christopher C. Elisan

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 4

KERNEL-MODE ROOTKITS

Perhaps the most widely used rootkit technology in the wild, kernel-mode rootkits represent the most visible rootkit threat to computers today. StormWorm, which devastated hundreds of thousands of machines in 2007, had a kernel-mode rootkit component (see http://recon.cx/2008/a/pierre-marc_bureau/storm-recon.pdf). This component allowed the worm to do more damage and infect systems at a very deep level: the operating system.

For that reason, we’ll spend a considerable amount of time discussing the internals of the Windows operating system. Kernel mode means being on the same level as the operating system, so a kernel-mode rootkit must understand how to use the same functions, structures, and techniques that other ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required