Conclusion

From reading this paper the reader should have a good understanding of the concepts and issues related to scanning memory for signatures in order to detect objects in the system pool. The reader should be able to enumerate system memory safely, construct their own customized memory signatures, locate signatures in memory, and implement their own reporting mechanism.

It is obvious that object detection using memory scanning is no exact science. However, it does provide a method which, for the most part, interacts with the system as little as possible. The author believes that the outlined technique can be successfully implemented to obtain acceptable results in detecting objects hidden by rootkits.