Description: 通过例子介绍了Windows系统服务调用的基本知识及Hook SSDT的方法-by example on the Windows system service called the basic knowledge and methods Hook SSDT Platform: |
Size: 1024 |
Author:zhangyoufu |
Hits:
Description: Windows XP是通过sysenter调用KiFastCallEntry将ntdll.dll的调用切换到内核的。KiFastCallEntry的原理是通过在SSDT中查找函数地址跳转。所以只要伪造一张原始SSDT,就可以使得SSDT-HOOK无效了。-Windows XP by calling KiFastCallEntry sysenter ntdll.dll call will switch to the kernel. KiFastCallEntry SSDT principle is to find the function by address jump. So long as the original forged an SSDT, you can make SSDT-HOOK invalid. Platform: |
Size: 5120 |
Author:何耀彬 |
Hits: