This is a kernel rootkit made to infiltrate a 32-bit Windows system. This project gave me a better understanding of how rootkits work and how they can be detected/mitigated.
This rootkit features the ability to:
-Protect Files (Read\Write\Create\Delete\Rename\Open\Execute)
-Hide Processes
-Protect Processes, Threads
-Protect Registry Keys (Open\Create\Delete\Set)
-Bypass Privilege Checks
Big thanks to these two books that helped me get a grasp on programming and understanding how they work.
"The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System" by Bill Blunden
https://www.amazon.com/Windows-Kernel-Programming-Pavel-Yosifovich/dp/1977593372
"Windows Kernel Programming" by Pavel Yosifovich
https://www.amazon.com/Rootkit-Arsenal-Escape-Evasion-Corners/dp/144962636X