The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System

From Wikipedia, the free encyclopedia
Jump to: navigation, search
The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System
Author Bill Blunden
Country United States (Original)
Language English
Series First Edition
Genre Computer Science
Publisher Jones & Bartlett Publishers
Publication date
May 4, 2009
Media type Print (Paperback)
Pages 908 pages
ISBN ISBN 1-59822-061-6, (First Edition, paperback)

The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System is a book written by Bill Blunden, published by Jones & Bartlett Publishers in May, 2009. The book takes the reader in depth about rootkit technology and uses. It covers topics such as IA-32 assembly, the Windows system architecture, kernel debugging, advanced rootkit development, and much more concerning rootkit technology and how it can be applied onto e.g. white hat hacking. The book also provides many source code examples on rootkit development and how to properly use it. It is required and recommended to have a fair understanding of computer programming and operating systems in order to fully comprehend the contents of the book, as the back cover states it is an advanced book on its topic.


The book is divided into four parts, and each of the 14 chapters goes into detail about specific technology and information required in advanced rootkit development and use. It also provides information about network and file system analysises, kernel objects, drivers, and much more related to rootkit technology. The reader can create a fully working rootkit by using the source codes in the appendix. The product description states that the book sheds light on material that has traditionally been poorly documented, partially documented, or intentionally undocumented.[1]


The book has received mostly positive reviews from websites specializing in computer reviews.

Computing Reviews writes about this book "This book addresses a controversial and timely issue in the field of network security. Rootkits are notoriously used by the black hat hacking community. A rootkit allows an attacker to subvert a compromised system. This subversion can take place at the application level, as is the case for the early rootkits that replaced a set of common administrative tools, but can be more dangerous when it occurs at the kernel level. A rootkit hides the network traffic, processes, and files that an attacker decides to keep invisible to administrators and system management tools… If you work on defensive solutions—anti-virus and malware detection tools—or are interested in low-level system programming, you must read this book. In fact, for the intended audience, this is one of the best books of 2009."[2]



  • Blunden, Bill. The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System. 1st ed. Jones & Bartlett Publishers, 2009