I want to know if modern Rootkits on Windows 10 64 bit is still using Hooks? for things like:
Hide process and files, protect process and files, etc.
I know the PatchGuard make it really hard to implement.
I read the book "Windows Kernel Programming" by Pavel Yosifovich and in the book there are projects like: "The Process Protector Driver", "The Delete (File) Protector Driver", etc.
So my questions is:
Modern Rootkits still using Hooking techniques?
There is a book about Windows (64 bit) Kernel Rootkits Development in C++? I saw this book:
but it is publish at July 22, 2005, this is still good?
Source: Windows Questions C++