Rootkit

The Rootkit is a kernel mode Rootkit that hides all the processes that their name starts with $ROOT$

The Rootkit iterates all the processes by the LIST_ENTRY structure. The LIST_ENTRY structure has two members Flink (Forward Process) and Blink (Backward Process), both of them (Flink , Blink) are LIST_ENTRY structure. The image below can demonstrate that:

And the rootkit sets his LIST_ENTRY.Blink.Flink to LIST_ENTRY.Flink. Also he sets his LIST_ENTRY.Flink.Blink to LIST_ENTRY.Blink.Flink. Like you can see in the image below:

Name		Name	Last commit message	Last commit date
Latest commit History 20 Commits
Demonstration_Image_1.png		Demonstration_Image_1.png
Demonstration_Image_2.png		Demonstration_Image_2.png
README.md		README.md
Rootkit.cpp		Rootkit.cpp

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Rootkit

About

Releases

Packages

Languages

yehonatan1/Rootkit

Folders and files

Latest commit

History

Repository files navigation

Rootkit

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages