Rootkit development (6)

In this category, rootkit technologies are discussed. The reference of most of the materials is the Professional Rootkits book by Ric Vieler from Wiley publication. Most of the source codes are the same as the original source codes in this book except the comments and minor customization. A rootkit is basically a driver so we first build a driver and then add hooking, keylogging and concealment functionalities. Please first read our introduction article to understand how to compile the rootkit, load and start it. After that you can read other articles by any order you want. While reading articles do not try to compile the codes you see, they intend to convey the knowledge so they ignore the details. At the beginning or the end of each article you see a link to download the rootkit source codes plus a compiled version in the download link. 

Latest Articles

Rootkit concealment part 2

Thursday, 04 June 2015 00:00 Written by
Rootkit concealment part 2 In my previous article: Rootkit concealment part 1 I talked about the methods to hide the registry keys and directories. In this article methods to hide the drivers and processes are discussed. In both cases the logic behind the concept is the same although kernel data…

Introduction to the rootkit development

Tuesday, 02 June 2015 00:00 Written by
Introduction to the rootkit development A rootkit is an application with high privileges that is able to manipulate the execution of other processes, intercept network traffic or a keystroke, conceal itself or etc. Some of the rootkit features are inherent capabilities of drivers. Thus we write a driver in this…

keylogger source code

Monday, 01 June 2015 00:00 Written by
Keylogger Source Code Spyware is a type of malware that aims to record every move you make. This means a spyware records your network traffics, files and things you type with your keyboard. Spyware source code mostly consists of driver related source codes. The rootkit source code should identify itself…

Kernel hooks | Kernel Hacking

Saturday, 30 May 2015 00:00 Written by
Kernel hooks | Kernel Hacking Modifying an OS’s API functionality is possible through kernel hooks. By invoking a kernel hook many examples of rootkits disrupt monitoring mechanism of OS and conceal your rootkit. System calls are registered in the operating system service table so when an application calls an API,…

Popular Articles

Rootkit concealment part 1 Rootkit concealment is really a broad…
Keylogger Source Code Spyware is a type of malware that…
Rootkit concealment part 2 In my previous article: Rootkit concealment…
Introduction to the rootkit development A rootkit is an application…

api hooking | examples of rootkits | code injection | User mode hooking

Thursday, 28 May 2015 00:00 Written by
Usage of API hooking for code injection One method of code injection is using API hooking! In this approach a kernel api like ZwMapViewOfSection (which is responsible of loading dlls) is first hooked and then in the hooking version we can easily hook Dynamic Link Library functions. By hooking ZwMapViewOfSection …
Advanced Programming Concepts
News Letter

Subscribe our Email News Letter to get Instant Update at anytime