Windows Vista/7 Kernel Hooking of Userland
I'm looking for advice on implementing a driver under Vista and 7 which
can hook and monitor arbitrary system functions for a userland process. My
goal is to simply dump arguments for system functions called from ntdll,
kernel32, etc. Coming from XP, SSDT modification and similar techniques
were popular. On Vista+ there are filter drivers and notification
routines. Are either of these meant for hooking native functions? The
driver is for 32 and 64bit and has to play nice with Patch Guard. Any
suggestions are welcomed.
No comments:
Post a Comment