Page 1 of 1

How to write a RootKit?

PostPosted: 2007-04-17 14:30
by Dem
How can i write a rootkit?

PostPosted: 2007-04-17 15:45
by thamarok
For what use do you want to do a rootkit?
Asking for a full program (code) which can take full control of a system isn't something that happens everyday. Although I do know something in the sector of rootkits, I don't want to write code for you unless I know exactly what you want and if I can trust you. Do you have knowledge with C or C++?

PostPosted: 2007-04-17 16:13
by Lost Dog
thamarok wrote:Although I do know something in the sector of rootkits, I don't want to write code for you unless I know exactly what you want and if I can trust you. Do you have knowledge with C or C++?


Make sure he does not work for Sony!

PostPosted: 2007-04-17 20:13
by thamarok
Lost Dog wrote:
thamarok wrote:Although I do know something in the sector of rootkits, I don't want to write code for you unless I know exactly what you want and if I can trust you. Do you have knowledge with C or C++?


Make sure he does not work for Sony!
Maybe I missed something - Why?

PostPosted: 2007-04-17 20:33
by plugwash
rootkits come in a variety of complexities ranging from those that simply replace standard tools (easy both to write and defeat) through those that replace standard libs (harder) to those that hide in the kernel (hardest).

the awkward thing in writing a rootkit is you not only have to cover up the stuff you want the rooted box for but you also have to cover up the rootkit itself.

PostPosted: 2007-04-17 22:02
by Jackiebrown
thamarok wrote:
Lost Dog wrote:
thamarok wrote:Although I do know something in the sector of rootkits, I don't want to write code for you unless I know exactly what you want and if I can trust you. Do you have knowledge with C or C++?


Make sure he does not work for Sony!
Maybe I missed something - Why?


Sony has been in trouble in the past for putting rootkits on their cds

http://en.wikipedia.org/wiki/2005_Sony_ ... on_scandal

Re: How to write a RootKit?

PostPosted: 2007-04-18 03:48
by Optional
Dem wrote:How can i write a rootkit?


http://www.amazon.com/Rootkits-Subverti ... 020&sr=8-1

Good book, I got it for $8 off of Amazon Marketplace. It focuses on Windows though, as it's the primary rootkit platform. ;)

Basically, just write and load your own kernel module/driver. Have it hook the necessary kernel-level functions to hide itself from userspace programs. Keep tampering with the host OS to a minimum.

There's plenty of informational freely available online (for educational purposes only, of course).

PostPosted: 2007-04-18 03:52
by DeanLinkous
Lost Dog wrote:Make sure he does not work for Sony!

He doesn't work for sony! But he has a interview next week and figures the job is his if he can figure this out. :D

PostPosted: 2007-04-18 18:16
by dmn_clown
You could always dis-assemble the most famous rootkit of all... Windows Vista and see how they did it.

Oh wait, that is a trojan... n/m.