Obtaining KeServiceDescriptorTableShadow address
InWindowsNTbasedoperatingsystemeverysystemcalloriginatedinusermodewhichistobeprocessedbythesystem抯kernelmustgothroughthegatetothekernelitselfwhereitwouldbedispatchedandexecuted.ThisgateisaninterruptINT2Eh.Whileontheusersidelibraryntdll.dllhandlesasy
发表于 8/19/2010 8:42:20 PM
阅读(31906)
IRP hooking and Device Chains
发表于 8/16/2010 12:00:06 AM
阅读(4021)
