Note: This research as been discontinued. Description A kernel mode rootkit is a stealthy malicious program that allows an attacker to maintain root/SYSTEM access on a victims computer. Kernel mode rootkits run in ring 0 whilst user mode rootkits run in ring 3. Figure 1: Rings (0x0sec) Building the Windows Device Driver This is a first “hello world” example #include "ntddk.h" NTSTATUS DriverEntry(IN PDRIVER_OBJECT theDriverObject, IN PUNICODE_STRING theRegistryPath) { DbgPrint("Hello World!
