Chapter 4 System Briefing
In Chapter 2, we found that to engineer a rootkit, we must first decide:
What part of the system we want the rootkit to interface with.
Where the code that manages this interface will reside.
We spent the previous chapter investigating the memory protection features offered by the IA-32 processor. In this chapter, we’ll see how Windows leverages these features to establish the boundary between user space and kernel space. This will give us the foundation we need to address these two issues.
As you’ll see, the mapping ...