Talk:I/O request packet

IRP hook
There is a Rootkit called IRP hook. I think this should be added to this article but I do not know enough about it to do it myself. Can anyone help? Biscuittin (talk) 20:53, 22 January 2014 (UTC)


 * I see a lot of discussion on the net as to how to detect and remove that, but offhand, nothing about how it works. Without reliable sources (preferably at least two) describing how it works and why it is called "IRP hook", no, we can't. I could infer that it has something to do with "hooking" entry points to drivers or system routines that handle IRPs (something very commonly done by legitimate code like live anti-malware checkers)... and assuming that the name means anything at all, that's likely close to correct... but to write that on Wikipedia would be pure WP:OR. If one wanted to just mention its existence that would go better in a "List of known malware" article, if we have one. There are plenty of RSs for its existence. Jeh (talk) 21:42, 22 January 2014 (UTC)
 * There is an article on Hooking. Biscuittin (talk) 22:22, 22 January 2014 (UTC)
 * It can't go there without RSs either. Jeh (talk) 07:06, 23 January 2014 (UTC)