GMER - the art of exposing Windows rootkits in kernel mode

Chapters:

• Introduction
• Some basic terms
• Howto
• Exploring Win11 disk subsystem
• Set up a secure environment
• Overview of the driver
• Patching kernel data
• Securing disk I/O operations
• Securing file I/O operations
• Tracing kernel mode code
• About PPL'ed processes

Introduction
GMER is a well-known powerful anti-rootkit tool, which has been used for years by Windows IT pros to detect the presence of rootkits in the system. A rootkit is a kind of malicious software intended to hide the components and artifacts of …

art article blog exposing gmer kernel link mode research rootkits topic windows windows kernel