No announcement yet.

Rootkit - "No Driver Required - SystemLoadAndCallImage"

  • Filter
  • Time
  • Show
Clear All
new posts

  • Rootkit - "No Driver Required - SystemLoadAndCallImage"

    I avoid off-topic posts here, but I think this will tickle the interests of several people here, especially those that like doing kinky things with the NT OS is a team led by Greg Hoglund, their rootkit 'trojan/backdoor/proof-of-concept' is truly a piece of work, and "The Ultimate Compromise" of hijacking the OS kernel code itself
    "rootkit now loads into kernel memory using a single interrupt call - an NT system call known as ZwSetSystemInformation(). Using this call we cause the rootkit to be immediately loaded into memory and activated"
    Rootkit comes with full C source code to get your teeth into, and the rootkit-launcher source code as well as a better explanation of it all is at
    The capabilities are quite scary, but it's very fascinating stuff, especially now that Pedestal Software have released an anti-rootkit driver, turning the game into a battle of rootkit vs anti-rootkit, with the winner seemingly being the program that can go 'deeper' into the system than the other
    And so the battle continues...

    [This message has been edited by Wayne Diamond (edited June 08, 2001).]