< Day Day Up > |
Generally speaking, the direct code-byte patch is one of the strongest methods for modifying program logic. Almost any program code or logic can be modified. Furthermore, the technique is somewhat difficult to detect at least with current rootkit-detection technology. Code-byte patches offer an alternative way to implement many of the hooking strategies described in this book. If combined with other powerful techniques, such as direct hardware access and virtual-memory obfuscations, the direct code-byte patch can be used to develop a very deadly and hard-to-detect rootkit. Overall, runtime patching is a staple technique for modern rootkit development. |
< Day Day Up > |