So you've decided you want to write a Windows rootkit. Good thing this chap's just demystified it in a talk
Demirkapi shows how drivers can be misused for deep pwnage
DEF CON Writing a successful Windows rootkit is easier than you would think. All you need is do is learn assembly and C/C++ programming, plus exploit development, reverse engineering, and Windows internals, and then find and abuse a buggy driver, and inject and install your rootkit, and bam. Happy days....