#1
|
|||
|
|||
64 bit drivers / process mangement
Hi there
i have a question about driver development on windows x64 systems. i am pretty new in this topic (drivers generally) so please have patience with me atm im playin a bit around with hooks and ofc i noticed that most stuff like ssdt and idt hooks or modifying the eprocess structure is forbidden by the kpp on 64bit ;X my question is: is there any kind of "legit" way of "hooking" functions (specialy process management) and if not how do modern antivirus programms handle this. |
#2
|
|||
|
|||
Hi,
For hook functions in kernel-mode under Windows x64 systems, u will need bypass the Kernel Patch Protection (PatchGuard), since Windows XP x64 u need bypass this protection, but the most hard is Windows 7 -8 fully updated. Wikipedia information about this. Information to bypass PatchGuard old versions. Regards! |
#3
|
|||
|
|||
Does the PatchGuard protect the IA32_SYSENTER_EIP msr ?
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Developing Drivers for 64-bit | Git | x64 OS | 16 | 01-05-2013 12:13 |
How to debug kernel Drivers?? | loman | General Discussion | 14 | 06-18-2004 21:31 |