Wuhan University Journal of Natural Sciences

, Volume 11, Issue 6, pp 1473–1476 | Cite as

Kernel rootkits implement and detection

  • Li Xianghe
  • Zhang Liancheng
  • Li Shuo
Trusted Software


Rootkits, which unnoticeably reside in your computer, stealthily carry on remote control and software eavesdropping, are a great threat to network and computer security. It's time to acquaint ourselves with their implement and detection. This article pays more attention to kernel rootkits, because they are more difficult to compose and to be identified than useland rootkits. The latest technologies used to write and detect kernel rootkits, along with their advantages and disadvantages, are present in this article.

Key words

rootkit kernel rootkits rootkit detection 

CLC number

TP 309 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    Greg H, James B.Rootkits: Subverting the Windows Kernel [M]. Boston: Addison Wesley, 2005.Google Scholar
  2. [2]
    Prasad D, Milind B, Sandeep P.Undocumented Windows NT[M]. New York: M&T Books, 1999: 33–44.Google Scholar
  3. [3]
    Walter O.Programming the Windows Driver Model[M]. Washington: Microsoft Press, 2003: 77–92.Google Scholar
  4. [4]
    Peter S.The Art of Computer Virus Research and Defense [M]. Boston: Addison Wesley, 2005: 69–92.Google Scholar
  5. [5]
    Ed S, Lenny Z.Malware: Fighting Malicious Code [M]. Indiana: Prentice Hall, 2003: 34–45.Google Scholar
  6. [6]
    David S, Mark R.Microsoft Windows Internals [M]. Washington: Microsoft Press, 2004: 88–102.Google Scholar
  7. [7]
    Rutkowska J. Detecting Windows Server Compromises with Patchfinder 2 [EB/OL]. [2005-01-20].http://www.invisibleth ings. org/papers/rootkits_detection_with_patchfinder2. pdf. Google Scholar
  8. [8]
    Cogswell B, Russinovich M. RootkitRevealer [EB/OL]. [2005-06-10].http://www. sysinternals. com/ntw2k/freeware/rootkitreveal.shtml.Google Scholar
  9. [9]
    James B, Jeff U, John P, Hidden Processes: The Implication for Intrusion Detection [EB/OL]. [2005-01-20].http://www.csee. umbc. edu/~stephens/SECURITY/491M/HiddenProcesses.ppt.Google Scholar
  10. [10]
    Sven B S.Undocumented Windows 2000 Secret [M]. Boston: Addison Wesley, 2001: 143–152.Google Scholar

Copyright information

© Springer 2006

Authors and Affiliations

  1. 1.Institute of Information EngineeringInformation Engineering UniversityZhengzhou, HenanChina

Personalised recommendations