|
|
|
|
|
|
by xyzzy123
1462 days ago
|
|
|
Perhaps also worth noting that rootkits don't have to follow the usual rules; you don't have to rely on the kernel linker if you don't want to. (Tradeoff of runtime DIY symbol resolution / code grovelling being it's more work, and more likely to be crashy). As a rootkit author you have considerably more flexibility than most module authors who are constrained by "sanity", maintainability, accepted practice and licensing terms. |
|
|