1. Modern Bootkit Trends:
Bypassing Kernel-Mode Signing Policy
Aleksandr Matrosov
Eugene Rodionov

2. Agenda
 Evolution of payloads and rootkits
 Bypassing code integrity checks
 Attacking Windows Bootloader
 Modern Bootkit details:
 Win64/Olmarik
 Win64/Rovnix
 What Facilitates Bootkit Attack Vector

3. Evolution of Rootkits

4. Evolution of Rootkit Installation
Malicious Exploit Bypass Escape
Web-site Vulnerability ASLR/DEP Sandbox
Execute Download Escalate
Payload Rootkit Local Privilege
Kernel-Mode
Exploit
Install Rootkit

5. Evolution of Rootkit Features
x86
Dropper Rootkit
bypassing HIPS/AV self-defense
privilege escalation surviving reboot
installing rootkit
driver Kernel mode injecting payload
User mode

6. Evolution of Rootkit Features
x86
x64
Dropper Rootkit
Rootkit
bypassing HIPS/AV self-defense
self-defense
privilege escalation surviving reboot
surviving reboot
installing rootkit bypassing signature
driver injecting payload
check
Rootkit
bypassing
MS PatchGuard
Kernel mode
User mode
injecting payload

7. Obstacles for 64-bit Rootkits
o Kernel-Mode Code Signing Policy:
 It is “difficult” to load unsigned kernel-mode driver
o Kernel-Mode Patch Protection (Patch Guard):
 SSDT (System Service Dispatch Table)
 IDT (Interrupt Descriptor Table)
 GDT (Global Descriptor Table)
 MSRs (Model Specific Registers)

8. Bypassing Code Integrity Checks

9. Subverting KMCSP
o Abusing vulnerable, signed, legitimate kernel-mode
driver
o Switching off kernel-mode code signing checks by
altering BCD data:
abusing WinPE Mode
disabling signing check
enabling test signing
o Patching Bootmgr and OS loader

10. Bypassing Integrity Checks
Bypassing Integrity Check Techniques
USER-MODE KERNEL-MODE
TESTSIGNING ON System Boot Modification
MBR
DISABLE INTEGRITY CHECKS
(Master Boot Record)
VBR
(Volume Boot Record)

11. Attacking Windows Bootloader

12. Boot Process
First
BIOS Boot Full Kernel
MBR User-Mode
Initialization Loader Initialization
Process
Early Kernel
Initialization
BIOS Services Kernel Services
Hardware

13. Boot Process with Bootkit Infection
load malicious
MBR/VBR
NT kernel
modifications
load rootkit
driver

14. Code Integrity Check
Non boot-start
OS kernel
kernel-mode drivers
OS kernel
Bootmgr OS loader
dependencies
Boot-start
drivers

15. Evolution of Bootkits
o Bootkit PoC evolution: o Bootkit Threats evolution:
 eEye Bootroot (2005)  Win32/Mebroot (2007)
 Vbootkit (2007)  Win32/Mebratix (2008)
 Vbootkit v2 (2009)  Win32/Mebroot v2 (2009)
 Stoned Bootkit (2009)  Win64/Olmarik (2010/11)
 Evilcore x64 (2011)  Win64/Rovnix (2011)

16. Win64/Olmarik

17. TDL4 Installation on x64
Prepare hidden FS
image
Write FS image,
fail patch MBR and Adjust success
SE_SHUTDOWN_PRIVILEGE
Exploitation
success
MS10-092
fail Call
ZwRaiseHardError
to create BSOD
Copy itself into
%TMP% directory
Restart
Dropper
Create
manifest requesting
admin privilege
Call
success
ShellExecute
Report to C&C
fail

18. BCD Elements determining KMCSP
(before KB2506014)
BCD option Description
BcdLibraryBoolean_DisableIntegrityCheck disables kernel-mode code integrity
(0x16000020) checks
BcdOSLoaderBoolean_WinPEMode instructs kernel to be loaded in
(0x26000022) preinstallation mode, disabling
kernel-mode code integrity checks
as a byproduct
BcdLibraryBoolean_AllowPrereleaseSignatures enables test signing
(0x16000049)

19. Abusing Win PE mode: TDL4 modules
Module name Description
mbr (infected) infected MBR loads ldr16 module and restores original
MBR in memory
ldr16 hooks 13h interrupt to disable KMCSP and substitute
kdcom.dll with ldr32 or ldr64
ldr32 reads TDL4’s kernel-mode driver from hidden file
system and maps it into kernel-mode address space
ldr64 implementation of ldr32 module functionality for 64-bit
OS
int 13h – service provided by BIOS to communicate with IDE HDD controller

20. Abusing Win PE mode: Workflow
Load infected MBR Continue kernel
Infected mbr is
initialization
loaded
and executed
Load ”drv32”
Call or “drv64"
Load “ldr16” from
KdDebuggerInitialize1
hidden file system
“ldr16” is from loaded kdcom.dll
loaded
and executed
substitute
Hook BIOS int 13h kdcom.dll
Load ntoskrnl.exe, with”ldr32”
handler and hal.dll,kdcom.dll,b or “ldr64"
restore original Original mbr is
ootvid.dll ant etc
MBR loaded
and executed
distrort
/MININT option
Load VBR Load winload.exe
VBR is loaded
and executed
Substitute
EmsEnabled
option with WinPe
Load bootmgr read bcd
Bootmgr is loaded
and executed

21. MS Patch (KB2506014)
o BcdOsLoaderBoolean_WinPEMode option no longer
influences kernel-mode code signing policy
o Size of the export directory of kdcom.dll has been
changed

22. Win64/Rovnix

23. Win64/Rovnix: Installation
Check if
success already
infected
Check OS
Windows XP Windows 2000
Version
Vista/Win7
fail
success Check Admin
fail
Privileges
Determine OS
Digit Capacity
Call ShellExecuteEx
Install Corresponding
API with “runas”
Kernel-mode Driver
Overwrite Bootstrap
Code of Active Partition
Self Delete and Exit
Initiate System Reboot

24. Win64/Rovnix: Bootkit Overview
real mode
Load MBR
real mode
Load VBR
real mode/
Load protected mode
bootstrap
code
real mode/
protected mode
Load
bootmgr
Target of
Win64Rovnix
real mode/
Load protected mode
winload.exe or
winresume.exe
Load kernel
and boot
start drivers

25. Win64/Rovnix: Infected Partition Layout
o Win64/Rovnix overwrites bootstrap code of the
active partition
o The malicious driver is written either:
 before active partition, in case there is enough space
 to the end of the hard drive, otherwise
MBR VBR Bootstrap Code File System Data
Before Infecting
Compressed After Infecting
Data
Malicious
Malicious Bootstrap
MBR VBR File System Data Unsigned
Code Code
Driver
NTFS bootstrap code
(15 sectors)

26. Win64/Rovnix: Bootkit Details
Load MBR Continue kernel
MBR is initialization
loaded
and executed
Map malicious driver into
Load ntoskrnl.exe, kernel-mode address space
Load VBR hal.dll,kdcom.dll,b
VBR is loaded ootvid.dll ant etc
and executed
Hook
BlImgAllocateImageBuffer
Load malicious
bootstrap code Load winload.exe
Malicious bootstrap
code is
loaded and executed
Bootloader parameters
Hook BIOS int 13h are read from BCD
handler and
Read BCD
restore original Original bootstrap
bootstrap code code is restored
Restore bootmgr,
hook int1 handler and
copy itself over IDT
Load bootmgr Patch bootmgr
Bootmgr is loaded
and receives control

27. Win64/Rovnix: Loading Unsigned Driver
o Insert malicious driver in BootDriverList of
KeLoaderBlock structure
o When kernel receives control it calls entry point of
each module in the BootDriverList
KeLoaderBlock
Malicious
Ntoskrnl.exe
Driver

28. Win64/Rovnix: Abusing Debugging Facilities
Win64/Rovnix:
o hooks Int 1h
 tracing
 handles hardware breakpoints (DR0-DR7)
o overwrites the last half of IDT (Interrupt Descriptor Table)
 is not used by OS
As a result the malware is able to:
 set up hooks without patching bootloader components
 retain control after switching into protected mode

29. Win64/Rovnix: Abusing Debugging Facilities
Win64/Rovnix:
o hooks Int 1h
 tracing
 handles hardware breakpoints (DR0-DR7)
o overwrites the last half of IDT (Interrupt Descriptor Table)
 is not used by OS
As a result the malware is able to:
 set up hooks without patching bootloader components
 retain control after switching into protected mode

30. Olmarik vs Rovnix
Characteristics Win64/Olmarik Win64/Rovnix
Privilege escalation MS10-092 
Reboot technique ZwRaiseHardError API ExitWindowsEx API
MBR/VBR infection MBR VBR (bootstrap code)
Inserting into boot driver list
Loading driver ZwCreateDriver API
of KeLoaderBlock structure
KeInitializeApc/ KeInitializeApc/
Payload injection
KeInstertQueueApc APIs KeInstertQueueApc APIs
Kernel-mode hooks,
Self-defense
MBR monitoring 
Number of modules 10 2
Stability of code  
Threat complexity  

31. Bootkit Attack Vector

32. Modern Bootkits’ Approaches
o Hooking BIOS 13h Interrupt Handler
 Win64/Olmarik
o Tracing Bootloader Components
 Win64/Rovnix
 “Deep Boot” (PoC)
o Stealing a Processor’s Core
 “EvilCore” (PoC)

33. Tracing Bootloader Components
o Microsoft Windows Bootloader Components:
Component Name Processor Execution Mode
Bootstrap code real mode
Bootmgr real mode/protected mode
Winload.exe/Winresume.exe protected mode
o Surviving processor’s execution mode switching
 Malware has to retain control after execution mode
switching
 IDT and GDT are most frequently abused data
structures

34. What Facilitates the Attack Vector?
o Untrusted platform problem
 BIOS controls boot process, but who controls it?
 The trust of trust is below point of attack
Point of
Attack
Non boot-start
OS kernel
kernel-mode drivers
Pre boot OS kernel
Bootmgr OS loader
firmware dependencies
Boot-start
drivers
The Root
of Trust

35. How to Defend Against the Attack?
oTo resist bootkit attacks we need the root of trust
be above point of attack:
 TPM
 UEFI Secure Boot
Point of
Attack
Non boot-start
OS kernel
kernel-mode drivers
Pre boot OS kernel
Bootmgr OS loader
firmware dependencies
Boot-start
The Root of drivers
Trust

36. Conclusion
 Bootkits  ability to bypass KMCSP
 Return of old-school techniques  MBR infections
 Win64/Olmarik (TDL4)  1st widely spread Win64
rootkit
 Win64/Rovnix  debugging facilities to subvert
KMCSP
 Untrusted platform facilitates bootkit techniques

37. References
 “The Evolution of TDL: Conquering x64”
http://www.eset.com/us/resources/white-papers/The_Evolution_of_TDL.pdf
 “Defeating x64: The Evolution of the TDL Rootkit”
http://www.eset.com/us/resources/white-papers/TDL4-CONFidence-2011.pdf
 “Hasta La Vista, Bootkit: Exploiting the VBR”
http://blog.eset.com/2011/08/23/hasta-la-vista-bootkit-exploiting-the-vbr
 Follow ESET Threat Blog
http://blog.eset.com

38. Thank you for your attention ;)
Aleksandr Matrosov
matrosov@eset.sk
@matrosov
Eugene Rodionov
rodionov@eset.sk
@vxradius