Stealth Hook

#32592 by c6754
Sat Feb 16, 2019 1:16 pm

How do I hook without a process seeing it in the stack?

ex. replace getprocaddress in a process without the call being seen on the stack

Do I hook the stack or use KeAttachStackProcess()?

im kinda new to kernel

Username

c6754

Posts

Joined

Sat Feb 16, 2019 1:12 pm

Re: Stealth Hook

#32741 by AxtMueller
Tue Mar 26, 2019 12:41 am

Try to use VEH hook? You can do it in user mode.

Username

AxtMueller

Posts

Joined

Thu Dec 27, 2018 11:11 pm

Re: Stealth Hook

#32873 by adamdevine
Mon Apr 29, 2019 8:13 am

please give me some URL or Articles to Understand it.

Username

adamdevine

Posts

Joined

Mon Apr 29, 2019 7:58 am

Re: Stealth Hook

#32880 by R136a1
Tue Apr 30, 2019 6:28 pm

There's this new thing called search engines, I heard Google is good.

VEH hooking:
https://medium.com/@fsx30/vectored-exce ... 88754549c6

Malware Reversing
http://www.malware-reversing.com

Username

R136a1

Rank

Forum Admin

Posts

272

Joined

Wed Jul 13, 2011 4:30 pm

Location

Netherlands

Page 1 of 1
4 posts

Return to “Kernel-Mode Development”

Display:

Sort by:

Jump to: