#1
|
|||
|
|||
Process hiding with SSDT modification in x64 Win7
I'm looking for a way to hide a process with SSDT in x64 Windows 7. I successfully find SSDT location and changed the value (4byte), which is RVA for a specific system function. If you want to know the details, let me know it. I'll add more information.
However, I failed to point to the hooked function from the changed SSDT because of the different base address, which is added with RVA value above. Does anybody know where to go? Thank you in advance. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Hiding a process | securedsolutions | x64 OS | 5 | 08-29-2013 17:59 |
SSDT in Windows Vista/7 x86 | _MAX_ | General Discussion | 3 | 08-30-2012 02:56 |
Best rootkit for win7? | suddenLy | General Discussion | 10 | 03-25-2011 08:52 |