#include <windef.h>
#include <stdio.h>
#include <string.h>
typedef struct _ServiceDescriptorTable {
PVOID ServiceTableBase;
PVOID ServiceCounterTable;
unsigned int NumberOfServices;
PVOID ParamTableBase;
}*PServiceDescriptorTable;
extern "C" extern PServiceDescriptorTable KeServiceDescriptorTable;
extern "C" __declspec(dllimport) _stdcall KeAddSystemServiceTable(PVOID, PVOID, PVOID, PVOID, PVOID);
bool Hook_flag=false;
LONG * ssdt_No122;//NtOpenProcess
LONG * ssdt_No128;//NtOpenThread
LONG * ssdt_No186;//NtReadVirtualMemory
LONG * ssdt_No277;//NtWriteVirtualMemory
LONG * ObOpenObjectByPointerAddr;
LONG * KeAttachProcessAddr;
LONG * KiAttachProcessAddr;
DWORD ssdtReadReal;
DWORD readPush1;
DWORD readJump1;
DWORD ssdtWriteReal;
DWORD writePush1;
DWORD writeJump1;
VOID NtOpenProcessInlineResume();
VOID NtOpenThreadInlineResume();
VOID NtReadVirtualMemory()
过TP驱动1(SSDT部分)
最新推荐文章于 2023-08-23 00:10:49 发布
本文介绍了如何在XP SP3下通过SSDT Hook技术,稳定地绕过NtReadVirtualMemory和NtWriteVirtualMemory的头部钩子,以及KiAttachProcess函数的钩子。同时,还涉及了对多处ObOpenObjectByPoint调用的挂钩方法。目前,DebugPort清零的部分仍在进行中。
摘要由CSDN通过智能技术生成