Obtaining KeServiceDescriptorTableShadow address
InWindowsNTbasedoperatingsystemeverysystemcalloriginatedinusermodewhichistobeprocessedbythesystem抯kernelmustgothroughthegatetothekernelitselfwhereitwouldbedispatchedandexecuted.ThisgateisaninterruptINT2Eh.Whileontheusersidelibraryntdll.dllhandlesasy
发表于 8/19/2010 8:42:20 PM
阅读(31477)
IRP hooking and Device Chains
发表于 8/16/2010 12:00:06 AM
阅读(3594)
