I wrote an article about how do bypass the Execution Path Analysis used by PatchFinder utility, avoiding Windows 2k/XP rootkit detection. http://www.geocities.com/embarbosa/bypass/bypassEPA.pdf Soon, will be a version for Linux Kernel.