We now have a rootkit that does the following:
Hides its device driver entry
Hides its configuration file
Hooks the operating system kernel
Hooks selected processes loaded by the operating system
Processes commands sent from user mode applications
Communicates with a remote controller
Filters network communication
Filters file system operations
Logs key presses
Hides registry keys
Hides directories
Hides processes
Our rootkit is now about as complete as a training example can be. There are more topics to discuss, and more code is introduced in the remaining chapters, but this marks the end of rootkit-specific development. The next chapter introduces corporate e-mail filtering. This type of filtering is usually performed at the application level and then passed to a rootkit for processing.