[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"doc-detail-43281-en":3,"doc-seo-43281-105":29,"detail-sidebar-cat-0-en-105":91},{"code":4,"msg":5,"data":6},0,"success",{"doc_id":7,"user_id":8,"nickname":9,"user_avatar":10,"doc_module":4,"category_id":11,"category_name":12,"doc_title":13,"doc_description":14,"doc_content":15,"file_id":16,"file_url":17,"file_type":18,"file_size":19,"view_count":11,"is_deleted":4,"is_public":20,"is_downloadable":20,"audit_status":20,"page_count":21,"language":22,"language_code":23,"site_id":24,"html_lang":23,"table_of_contents":25,"faqs":26,"seo_title":13,"seo_description":14,"update_tm":27,"read_time":28},43281,1374391975076,"Riley","https://ap-avatar.wpscdn.com/avatar/14000253ca4ec9f6853?x-image-process=image/resize,m_fixed,w_180,h_180&k=1783305029341752051",6,"Technology","Rootkits Subverting the Windows Kernel","Rootkits: Subverting the Windows Kernel by Greg Hoglund and James Butler explains rootkit concepts, attacker motives, and how stealth techniques compromise Windows systems. The book covers offensive technologies and teaches kernel-level implementation through topics such as Windows device drivers, loading/unloading drivers, fusion rootkits, and keeping payloads across reboot. It also details core Windows kernel structures, multiple hooking methods, and runtime patching approaches (including detours and jump templates). The guide then extends to layered drivers like keyboard sniffers and covers practical detection and defenses resistant to rootkit attacks.","ABC Amber CHM Converter Trial version, [http://www.processtext.com/abcchm.html](http://www.processtext.com/abcchm.html)  \n\u003C Day Day Up >  \nRootkits: Subverting the Windows Kernel  \nBy Greg Hoglund, James Butler  \n...............................................  \nPublisher: Addison Wesley Professional  \nPub Date: July 22, 2005  \nISBN: 0-321-29431-9  \nPages: 352  \nTable of Contents | Index  \nABC Amber CHM Converter Trial version, [http://www.processtext.com/abcchm.html](http://www.processtext.com/abcchm.html)  \n\"It's imperative that everybody working in the field of cyber-security read this book to understand the growing threat o Magazine  \n\"This material is not only up-to-date, it defines up-to-date. It is truly cutting-edge. As the only book on the subject, Ro programmer. It's detailed, well researched and the technical information is excellent. The level of technical detail, resear word: Outstanding.\" --Tony Bautts, Security Consultant; CEO, Xtivix, Inc.  \n\"This book is an essential read for anyone responsible for Windows security. Security professionals, Windows system techniques used by rootkit authors. At a time when many IT and security professionals are still worrying about the lates Hoglund and Mr. Butler open your eyes to some of the most stealthy and significant threats to the Windows operating s defend the networks and systems for which you are responsible.\" -Jennifer Kolde, Security Consultant, Author, an  \n\"What's worse than being owned? Not knowing it. Find out what it means to be owned by reading Hoglund and Butle toolset--which includes decompilers, disassemblers, fault-injection engines, kernel debuggers, payload collections, cove Software left off, this book shows how attackers hide in plain sight. \"Rootkits are extremely powerful and are the next on stealthiness. They hide away from standard system observers, employing hooks, trampolines, and patches to get th that usually monitor machine behavior can't easily detect them. A rootkit thus provides insider access only to people w can hide files and running processes to provide a backdoor into the target machine. \"Understanding the ultimate attack systems. No authors are better suited to give you a detailed hands-on understanding of rootkits than Hoglund and Butl CTO, Cigital, coauthor of Exploiting Software (2004) and Building Secure Software (2002), both from Addison-W  \n\"Greg and Jamie are unquestionably the go-to experts when it comes to subverting the Windows API and creating roo surrounding rootkits, bringing this information out of the shadows. Anyone even remotely interested in security for Win on their must-read list.\" --Harlan Carvey, author of Windows Forensics and Incident Recovery (Addison-Wesley, 2  \nRootkits are the ultimate backdoor, giving hackers ongoing and virtually undetectable access to the systems they explo comprehensive guide to rootkits: what they are, how they work, how to build them, and how to detect them. Rootkit.c course in rootkits. In this book, they reveal never-before-told offensive aspects of rootkit technology--learn how attack  \nHoglund and Butler show exactly how to subvert the Windows XP and Windows 2000 kernels, teaching concepts that Server 2003 to Linux and UNIX. Using extensive downloadable examples, they teach rootkit programming technique operating system drivers and debuggers.  \nAfter reading this book, readers will be able to  \n• Understand the role of rootkits in remote command/control and software eavesdropping  \n• Build kernel rootkits that can make processes, files, and directories invisible  \n• Master key rootkit programming techniques, including hooking, runtime patching, and directly manipulating ker  \n• Work with layered drivers to implement keyboard sniffers and file filters  \n• Detect rootkits and build host-based intrusion prevention software that resists rootkit attacks  \nVisit rootkit.com for code and programs from this book. The site also contains enhancements to the book's text, such a  \n\u003C Day Day Up","cbCaikoid7ZsKiUJ","https://ap.wps.com/l/cbCaikoid7ZsKiUJ","pdf",11945892,1,233,"English","en",105,"# Praise for Rootkits\n# Preface\n## Historical Background\n## Target Audience\n## Prerequisites\n## Scope\n# Chapter 1. Leave No Trace\n## Understanding Attackers' Motives\n## What Is a Rootkit?\n## Why Do Rootkits Exist?\n## How Do Rootkits Work?\n## Rootkits and Software Exploits\n## Offensive Rootkit Technologies\n# Chapter 2. Subverting the Kernel\n## Important Kernel Components\n## Rootkit Design\n## Introducing Code into the Kernel\n## Building the Windows Device Driver\n## Fusion Rootkits: Bridging User and Kernel Modes\n# Chapter 3. The Hardware Connection\n## Ring Zero\n## Interrupt Descriptor Table\n## System Service Dispatch Table\n# Chapter 4. The Age-Old Art of Hooking\n## Userland Hooks\n## Kernel Hooks\n## A Hybrid Hooking Approach\n# Chapter 5. Runtime Patching\n## Detour Patching\n## Jump Templates\n# Chapter 6. Layered Drivers\n## A Keyboard Sniffer\n## The KLOG Rootkit: A Walk-through","[{\"question\":\"What does the book cover about rootkit purpose and background?\",\"answer\":\"It explains why rootkits exist, how long they have been around, and what distinguishes a rootkit from other techniques. It also connects rootkits to offensive technologies such as software exploits.\"},{\"question\":\"How does the book describe building rootkits at the kernel level?\",\"answer\":\"It teaches how to introduce code into the kernel, build and load/unload Windows device drivers, log debug statements, and implement fusion rootkits bridging user and kernel modes.\"},{\"question\":\"Which stealth techniques are emphasized for subverting system behavior?\",\"answer\":\"It covers stealth mechanisms using hooking (userland, kernel, and hybrid approaches) and runtime patching methods such as detour patching and jump templates.\"}]",1783379640,587,{"code":4,"msg":30,"data":31},"ok",{"site_id":24,"language":23,"slug":32,"title":13,"keywords":33,"description":14,"schema_data":34,"social_meta":86,"head_meta":88,"extra_data":90,"updated_unix":27},"rootkits-subverting-the-windows-kernel","",{"@graph":35,"@context":85},[36,53,68],{"@type":37,"itemListElement":38},"BreadcrumbList",[39,43,47,50],{"item":40,"name":41,"@type":42,"position":20},"https://docshare.wps.com","Home","ListItem",{"item":44,"name":45,"@type":42,"position":46},"https://docshare.wps.com/document/","Document",2,{"item":48,"name":12,"@type":42,"position":49},"https://docshare.wps.com/document/technology/",3,{"item":51,"name":13,"@type":42,"position":52},"https://docshare.wps.com/document/rootkits-subverting-the-windows-kernel/43281/",4,{"url":51,"name":13,"@type":54,"author":55,"headline":13,"publisher":57,"fileFormat":60,"inLanguage":23,"description":14,"dateModified":61,"datePublished":62,"encodingFormat":60,"isAccessibleForFree":63,"interactionStatistic":64},"DigitalDocument",{"name":9,"@type":56},"Person",{"url":40,"name":58,"@type":59},"DocShare","Organization","application/pdf","2026-07-16","2026-07-06",true,{"@type":65,"interactionType":66,"userInteractionCount":11},"InteractionCounter",{"@type":67},"ViewAction",{"@type":69,"mainEntity":70},"FAQPage",[71,77,81],{"name":72,"@type":73,"acceptedAnswer":74},"What does the book cover about rootkit purpose and background?","Question",{"text":75,"@type":76},"It explains why rootkits exist, how long they have been around, and what distinguishes a rootkit from other techniques. It also connects rootkits to offensive technologies such as software exploits.","Answer",{"name":78,"@type":73,"acceptedAnswer":79},"How does the book describe building rootkits at the kernel level?",{"text":80,"@type":76},"It teaches how to introduce code into the kernel, build and load/unload Windows device drivers, log debug statements, and implement fusion rootkits bridging user and kernel modes.",{"name":82,"@type":73,"acceptedAnswer":83},"Which stealth techniques are emphasized for subverting system behavior?",{"text":84,"@type":76},"It covers stealth mechanisms using hooking (userland, kernel, and hybrid approaches) and runtime patching methods such as detour patching and jump templates.","https://schema.org",{"og:url":51,"og:type":87,"og:title":13,"og:site_name":58,"og:description":14},"article",{"robots":89,"canonical":51},"index,follow",{"doc_id":7,"site_id":24},{"code":4,"msg":5,"data":92},[93,97,101,105,110,113,118,123,128,131,135],{"id":20,"doc_module":4,"doc_module_name":45,"category_name":94,"show_sort_weight":95,"slug":96},"Story & Novel",90,"story-novel",{"id":46,"doc_module":4,"doc_module_name":45,"category_name":98,"show_sort_weight":99,"slug":100},"Literature",80,"literature",{"id":52,"doc_module":4,"doc_module_name":45,"category_name":102,"show_sort_weight":103,"slug":104},"Exam",70,"exam",{"id":106,"doc_module":4,"doc_module_name":45,"category_name":107,"show_sort_weight":108,"slug":109},5,"Comic",60,"comic",{"id":11,"doc_module":4,"doc_module_name":45,"category_name":12,"show_sort_weight":111,"slug":112},50,"technology",{"id":114,"doc_module":4,"doc_module_name":45,"category_name":115,"show_sort_weight":116,"slug":117},7,"Healthcare",40,"healthcare",{"id":119,"doc_module":4,"doc_module_name":45,"category_name":120,"show_sort_weight":121,"slug":122},8,"Research & Report",30,"research-report",{"id":124,"doc_module":4,"doc_module_name":45,"category_name":125,"show_sort_weight":126,"slug":127},9,"Religion & Spirituality",20,"religion-spirituality",{"id":126,"doc_module":4,"doc_module_name":45,"category_name":129,"show_sort_weight":126,"slug":130},"World Cup","world-cup",{"id":132,"doc_module":4,"doc_module_name":45,"category_name":133,"show_sort_weight":132,"slug":134},10,"Lifestyle","lifestyle",{"id":136,"doc_module":4,"doc_module_name":45,"category_name":137,"show_sort_weight":106,"slug":138},19,"General","general"]