Anti-rootkit safeguards: welcome Vista

Aleksander Czarnowski Avet

This is a follow-up to my VB2006 presentation and contains updated information regarding Windows Vista. This includes Microsoft driver signing policy, changes to PE format including 64-bit support and other technical details. It will also cover differences between beta versions used in previous research and final Vista release. Parts regarding Windows XP and 2003 will cover advances in hiding and detour techniques.