Patching SSDT using Sign Driver
PostPosted:Tue Oct 28, 2014 5:37 pm
Hey Guys,
just finish reading the Kaspersky Hooking Engine Analysis documentation: https://quequero.org/2014/10/kaspersky- ... -analysis/
i have quick Question, the Article refers to SSDT hooking in Windows 32bit. how can they achieve the SSDT hooking on X86_64 ? Patch Guard will prevent any SSDT modification even if your driver is signed, is this correct ?
if so, how the AV engines achieve the same operation ?
Cheers,
ta10n
just finish reading the Kaspersky Hooking Engine Analysis documentation: https://quequero.org/2014/10/kaspersky- ... -analysis/
i have quick Question, the Article refers to SSDT hooking in Windows 32bit. how can they achieve the SSDT hooking on X86_64 ? Patch Guard will prevent any SSDT modification even if your driver is signed, is this correct ?
if so, how the AV engines achieve the same operation ?
Cheers,
ta10n