Wiley Professional Rootkits 978-0-470-10154-4 Manuale Utente

Tools

This chapter stresses the importance of building and saving the tools required for rootkit develop-
ment. Building a full-featured rootkit toolkit before you begin development enables you to
research, design, develop, test, and package your rootkit without distraction. In addition, saving
the tools, utilities, samples, scripts, and even the failed experiments enables you to pick up where
you left off at any time. As an example, the rootkit presented in this book was originally developed
and forgotten several years ago, but came to mind when I was contacted by Wiley, the publisher.
Having the code, the scripts, the utilities, and a copy of the toolkit used to develop the rootkit, all
in one convenient archive, turned an otherwise complex project into a delightful experience.

This chapter includes the following:

❑

What must go into a rootkit toolkit

❑

What should go into a rootkit toolkit

❑

How to verify the usefulness of your rootkit toolkit

How Do I Build a Rootkit?

Assembling a complete rootkit toolkit will take a lot of time. Fortunately, everything you need to get
started can be downloaded from Microsoft (

http://msdn2.microsoft.com/en-us/default

.aspx

). The three most important tools you need are the Microsoft Driver Development Kit (DDK),

a C compiler, and the Windows Platform Software Development Kit (SDK). Fortunately, these can
all be downloaded from Microsoft without cost.

Though the Visual C++ compiler and the Software Development Kit (SDK) can be downloaded
directly, the Driver Development Kit (DDK) can only be downloaded as an ISO image (unless you
happen to have a Microsoft MSDN subscription). At the time of this writing, you can get the ISO
image from 

www.microsoft.com/whdc/devtools/ddk/default.mspx

. This image can be

04_101544 ch01.qxp  2/1/07  6:23 PM  Page 1