Is it posiible to unload a driver from another driver both running in kernel mode?
Both rootkits and antirootkits are drivers and antirootkits can unload rootkits and mostly I have seen anitrootkits unloaded by rootkits.
Is it possible one to unload another when the another doesnot have unload function defined and called.
>
Is it posiible to unload a driver from another driver both running in
kernel
mode?
Both rootkits and antirootkits are drivers and antirootkits can unload
rootkits and mostly I have seen anitrootkits unloaded by rootkits.
Is it possible one to unload another when the another doesnot have
unload
function defined and called.
Once you throw away the rulebook that Microsoft gave you, all things are
possible 
James
You have no way of knowing whether it is safe to unload a driver that is not your own, no matter where you attempt to do this from.
mm