This chapter will help answer many of the questions you will face when designing the installation mechanism for your rootkit. Some of the installation techniques are industry standards, used by a large percentage of commercial software manufacturers, while other techniques in this chapter can only be found in rootkit literature.
This chapter includes the following:
Intended installation
Unintended installation
Privilege escalation
Installation persistence
Using ZwSetSystemInformation
Registry settings
Initialization files
Installation through exploitation
Installation cleanup
Testing your installation