Tweet
I avoid off-topic posts here, but I think this will tickle the interests of several people here, especially those that like doing kinky things with the NT OS 
Rootkit.com is a team led by Greg Hoglund, their rootkit 'trojan/backdoor/proof-of-concept' is truly a piece of work, and "The Ultimate Compromise" of hijacking the OS kernel code itself
Rootkit comes with full C source code to get your teeth into, and the rootkit-launcher source code as well as a better explanation of it all is at http://www.rootkit.com/load_and_call.shtml
The capabilities are quite scary, but it's very fascinating stuff, especially now that Pedestal Software have released an anti-rootkit driver, turning the game into a battle of rootkit vs anti-rootkit, with the winner seemingly being the program that can go 'deeper' into the system than the other
And so the battle continues...
[This message has been edited by Wayne Diamond (edited June 08, 2001).]
Rootkit.com is a team led by Greg Hoglund, their rootkit 'trojan/backdoor/proof-of-concept' is truly a piece of work, and "The Ultimate Compromise" of hijacking the OS kernel code itself
"rootkit now loads into kernel memory using a single interrupt call - an NT system call known as ZwSetSystemInformation(). Using this call we cause the rootkit to be immediately loaded into memory and activated"
The capabilities are quite scary, but it's very fascinating stuff, especially now that Pedestal Software have released an anti-rootkit driver, turning the game into a battle of rootkit vs anti-rootkit, with the winner seemingly being the program that can go 'deeper' into the system than the other
And so the battle continues...
[This message has been edited by Wayne Diamond (edited June 08, 2001).]