Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page SST Hook -> Bluescreen!?
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 01-01-2005, 00:04
Cobi Cobi is offline
Friend
  
Join Date: Sep 2004
Location: Germany
Posts: 55
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
Cobi Reputation: 0
SST Hook -> Bluescreen!?
Hi there,
For educational purpose (?) i want to code a File/Regmon Clone, with the same method of SystemServiceTable Hooking described in "Undocumented Windows NT" but when i try to Patch i get a Bluescreen "DRIVER_IRQL_NOT_LESS_OR_EQUAL" !?
Code:
extern	PSERVICE_DESCRIPTOR_TABLE	KeServiceDescriptorTable;
#define	SYSTEMSERVICE(_function)	KeServiceDescriptorTable->ntoskrnl.ServiceTable[*(PULONG)((PUCHAR)_function+1)]

_asm cli;
(NTCREATEFILE)(SYSTEMSERVICE(ZwCreateFile)) = NewZwCreateFile; // <---#HERE#
_asm sti;
The System crashes directly when i try to Patch.
Is the Table in WinXP write protected or whats going on?
The whole source is attached.
Happy new Year @all
-Cobi
Attached Files
File Type: rar Fmon.rar (10.8 KB, 15 views)
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows Hook user1 Source Code 0 04-24-2021 05:23
SYSENTER hook niom General Discussion 13 08-12-2004 02:50
DriverStudio 3.1 Viaagp.sys Bluescreen bgrimm General Discussion 1 02-19-2004 02:37


All times are GMT +8. The time now is 01:09.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )