- 注册时间
- 2011-3-10
- 最后登录
- 1970-1-1
该用户从未签到
|
PVOID HookSystemCall(
PVOID SystemCallFunction,
PVOID HookFunction
)
{
ULONG SystemCallIndex =
*( ULONG * )( ( PCHAR )SystemCallFunction + 1 );
PVOID *NativeSystemCallTable =
KeServiceDescriptorTable[ 0 ];
PVOID OriginalSystemCall =
NativeSystemCallTable[ SystemCallIndex ];
NativeSystemCallTable[ SystemCallIndex ] = HookFunction;
return OriginalSystemCall;
}
======
简单吧!SystemCallFunction的地址可以有一个函数得到,好像是Mm....对,是MmGetSystemRoutineAddress.
|
|