We now have a rootkit that does the following:
Hides its device driver entry
Hides its configuration file
Hooks the operating system kernel
Hooks selected processes loaded by the operating system
Processes commands sent from user mode applications
Armed with a basic understanding of I/O processing, you’re now ready to tackle communications and filter drivers. Communications enable the rootkit to connect with a remote controller, while filter drivers enable the rootkit to inject itself into an even lower level of the operating system. Chapter 6 covers low-level communications, while Chapter 7 introduces filter drivers.