please wait
Virtual Files
Nov 8, 2013 at 6:34pmclosed account (13bSLyTq)
Then use device drivers (.SYS), again I have driver development in my Blog. That too device drivers hooking and security related drivers.
Take a look into my Blog for SYSENTER_MSR hook: http://codeempire.blogspot.co.uk/2013/10/kernel-driver-sysenter-hook.html
The code provided in my blog, can be easily adapted to catch and analyse and filter calls to Windows PE loader.
Apart from that there is no way to globalize your hook\monitor. Well if there is they would 1000x harder.
Take a look into my Blog for SYSENTER_MSR hook: http://codeempire.blogspot.co.uk/2013/10/kernel-driver-sysenter-hook.html
The code provided in my blog, can be easily adapted to catch and analyse and filter calls to Windows PE loader.
Apart from that there is no way to globalize your hook\monitor. Well if there is they would 1000x harder.
Last edited on Nov 8, 2013 at 6:35pm
Nov 8, 2013 at 6:36pmclosed account (Dy7SLyTq)
can i ask a quick question? why do you want to do this LB? because someone might be able to provide a different process that gets to the same end goal
Topic archived. No new replies allowed.