Win32 Rootkit Foundation


Hey all,
I'm looking for a Win32 root-kit source package. I'd like to work with a "Root-kit Foundation" that I can further build for my own project. My end result is to create a root-kit to prevent other programs from seeing my interaction with the kernel, thus creating anonymous automated control of other programs. I already have the topside scripting and command code mostly done, Just need to interact with a Win32 kernel.

Any suggestions would be greatly appreciated.

The Rootkits Book

Check out the Rootkit book by Jamie Butler and Greg Hoglund. They have lots of starter code for what you want to do.

as danny said the greg's book are great, also the rootkit arsenal book is also great .
there's a bunch of helpful source codes available in the book "Professional Rootkits" from wrox press .

Agreed on the Rootkit Arsenal book. I haven't had a chance to get too deep into it but I'm very impressed with what I've read so far.


Thanks guys for the suggestions. I picked up the Jamie Butler and Greg Hoglund book last night and cant wait to jump into it. I'll keep an eye out for the wrox press and Rootkit arsenal books.

Good luck, I've had a lot of fun with the Rootkits book since it came out.

Personally always I recommend to newbies start understanding the code by reading the obferman's articles available on Codeproject . (search keyword : Driver Development), they're great ...