Windows Kernel Rootkit Development (64 Bit) (c++)

  c++, driver, malware, rootkit, windows-kernel

I want to know if modern Rootkits on Windows 10 64 bit is still using Hooks? for things like:
Hide process and files, protect process and files, etc.
I know the PatchGuard make it really hard to implement.

I read the book "Windows Kernel Programming" by Pavel Yosifovich and in the book there are projects like: "The Process Protector Driver", "The Delete (File) Protector Driver", etc.

So my questions is:

Modern Rootkits still using Hooking techniques?

There is a book about Windows (64 bit) Kernel Rootkits Development in C++? I saw this book:
https://www.amazon.com/Rootkits-Subverting-Windows-Greg-Hoglund/dp/0321294319?
but it is publish at July 22, 2005, this is still good?

Source: Windows Questions C++

LEAVE A COMMENT