user194534
Reputation: 35
Windows Vista/7 Kernel Hooking of Userland
I'm looking for advice on implementing a driver under Vista and 7 which can hook and monitor arbitrary system functions for a userland process. My goal is to simply dump arguments for system functions called from ntdll, kernel32, etc. Coming from XP, SSDT modification and similar techniques were popular. On Vista+ there are filter drivers and notification routines. Are either of these meant for hooking native functions? The driver is for 32 and 64bit and has to play nice with Patch Guard. Any suggestions are welcomed.
Upvotes: 1
Views: 266
Answers (1)
Related Questions
- Is it possible to call functions from a kernel mode driver in a user mode application on Windows?
- How to call/hook kernel mode APIs from user mode?
- How to hook any API call on windows x64, x86?
- Driver to User-Mode Communication
- C++ Hooking kernel32.dll OpenProcess with detours
- Hooking in win32
- Hook process socket calls from kernel driver
- windows 7 driver ioctl call
- Hooking WinAPI functions called from DLL
- Wrapper C# for kernel32.dll API