[BillyONeal]

Hello, all.

Some of you may know me from elsewhere; most of you probably don't. Long story short, I've worked on a few tools, but that's not what I'm here to talk about :). Everything I've done up to this point has been in usermode. I'd like to take things a bit further and to that end I've purchased (and read) what seems to be the only book on the subject, but I've not attempted anything serious as of yet.

If it's alright I'll be digging around and attempting to get my head around some of this stuff soon. Thanks for creating such a resource!

Billy3

[a_d_13]

Hello,

Welcome to KernelMode.info! Greg's book is good, but very out-dated. Most techniques used in modern rootkits are not in the book, for example. Here are some good resource, courtesy of evilcry and rkhunter:

Rootkit Techniques:
http://www.kernelmode.info/forum/viewto ... ?f=2&t=990
http://www.kernelmode.info/forum/viewto ... f=2&t=1159

Driver Development:
http://www.kernelmode.info/forum/viewto ... f=14&t=374
http://www.kernelmode.info/forum/viewto ... f=14&t=995

I also recommend installing Windows on VMWare, setup kernel debugging over COM port / named pipe, and use WinDbg to inspect kernel structures.

Please feel free to post if you have any questions.

Thanks,
--AD

[BillyONeal]

Hello there, AD. :)

Thank you. I'll be sure to take a look. Mostly interested in building a few toy "canary in a coal mine" kind of things, but I suppose one must know how to hide if one is to seek, eh?

Have a nice night,

BIlly3

[BillyONeal]

Well that first sentence is somewhat ironic, eh?

[rkhunter]

Documentation? From who? MS? This is joke? :)

[EP_X0FF]

@BillyONeal

If you have any specific question, then feel free to ask.
Google translation may result in some sense loss.