[kbumsik]

Then what other kinds of software need to use a privilege escalation?

[monocasa]

The code is designed to be a privilege _deescalation_. It's already running in kernel mode, and is deferring work to a user mode process.

[vardump]

To create a backdoor, you could not be obvious. Like do something obviously evil in the driver... You'd build it out of many building blocks in several components that individually look like honest mistakes. "Mistakes" that can be combined to create something malicious.

That's what you need to achieve plausible deniability. You'll need to make it look innocent.

(I also write Windows kernel mode drivers.)

[monocasa]

Did you think that the recent Apache privilege escalation exploit is a malicious piece?