Many of the considerations detailed in this chapter are relevant to conventional software as well as rootkits. If you have designed and developed installation software, you have no doubt worked with many of the details presented here, but there are also details specific to rootkits that should be new to you, including the following:
Unintended installation
Privilege escalation
Installation persistence
ZwSetSystemInformation
Installation through exploitation
Installation cleanup
The next chapter presents a basic rootkit controller. Unlike installation techniques, which should be as uncoupled as possible from the rootkit itself, the rootkit controller should be considered an integral part of every rootkit design. Knowing how a rootkit will be controlled and what responses are expected from the rootkit will greatly influence both its design and implementation.