信息隐藏亮点之一： 将rootkit作为资源隐藏于用户模式程序之中

亮点之二： 将这个用户程序代码作为生成密钥的引子，可以有效地防止逆向后，隐藏信息被纰漏，因为只有逆向后生成的

代码，跟原作者的代码丝毫不差，将来才能打开其隐藏至深的下载者链接及代码。

亮点之三：用一个固定的KEY，通过某种运算，产生出1024个密钥组成的数组。

然后用这个密钥组与用户代码进行运算，最终生成一个4字节的解码KEY。

利用解码KEY，在从加载到内存的驱动中，找出隐藏在其资源中的那份肮脏的

下载者代码及名单解析出来，返回用户程序，用户程序用它来做坏事，并且最后

还要把痕迹擦得一干二净。

亮点之四：修改idt 0e号中断，让他指向一个无效地址，从而在调试的时候让你蓝屏，起到

反调试的功能。-nformation hiding one of the highlights: the rootkit as a resource hidden in the user program into

Highlights of the two: the user code will be generated key as a primer, can effectively prevent the reverse, the hidden information is flawed, because only generated after reverse

Code, the code with the original author no less, to open its hidden deep in the future who download link and code.

Highlight three: with a fixed KEY, by some calculations, to produce an array of keys 1024.

Then use this key group and the user code operation, and ultimately generate a 4-byte decoding KEY.

By decoding KEY, loaded into memory from the drive, find hidden in their share of dirty resources

The list of those who download the code and parse out and return the user program, the user program to do bad things with it, and finally

But also to trace polished completely.

Highlights of the four: No change idt 0e interrupted, so that he points to an invalid address, so when debugging your blue s