Exetools  

Go Back   Exetools > General > x64 OS

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 04-05-2012, 14:05
31337guru
 
Posts: n/a
Process hiding with SSDT modification in x64 Win7

I'm looking for a way to hide a process with SSDT in x64 Windows 7. I successfully find SSDT location and changed the value (4byte), which is RVA for a specific system function. If you want to know the details, let me know it. I'll add more information.

However, I failed to point to the hooked function from the changed SSDT because of the different base address, which is added with RVA value above.

Does anybody know where to go? Thank you in advance.
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Hiding a process securedsolutions x64 OS 5 08-29-2013 17:59
SSDT in Windows Vista/7 x86 _MAX_ General Discussion 3 08-30-2012 02:56
Best rootkit for win7? suddenLy General Discussion 10 03-25-2011 08:52


All times are GMT +8. The time now is 13:23.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )