Thread: SYSENTER hook
View Single Post
  #7  
Old 08-02-2004, 20:48
evaluator
 
Posts: n/a
>>it looks like you are interested to ring0 detouring
nope.

>>I found also it is not necessary to patch KiSystemCallExitBranch
>>from 7506 (jnz KiSystemCallExit2) to 7505 (jnz KiSystemCallExit).

verry nessesary:) remember, why we are replaicing pair SYSENTER-SYSEXIT
by INT-IRET!?

(that will your 9th power post~:)

another Q: there is III virtual address for 41000, wich is!? :)
Reply With Quote