As all kinds of defendable and detection software protect information system from destroying by malware effectively, malware becomes more and more advanced too. Current malware continues to penetrate into the underlying bottom of computer system. Bootkit is the newest research product. Bootkit has powerful latent property and resists to most detection tools, which is harmful to information security seriously. In order to research how to detect Bootkit, we have to understand its working mechanism. The research history and actuality of Bootkit is introduced firstly. Moreover several important technologies related to Bootkit are described concretely. Further, the booting process of computer system is analyzed particularly. Then the working mechanism of Bootkit is present comprehensively from three categories of Bootkit. At last, we conclude this paper and indicate future work.