C++简易VT框架源码-以SyscallHook作为例子
==玩具VT,简易框架,VMX开启支持Win10,==
==SysCallHook不支持装了KPTI补丁(双Cr3)的操作系统==
==理论支持win7-win10 21h2==
参考:
https://hbxiaock.bk-free01.com/ADDD/8ee4
https://github.com/huoji120?tab=repositories
https://revers.engineering/patchguard-detection-of-hypervisor-based-instrospection-p1/
==测试系统==
版本 Windows 10 专业版
版本号 21H2
安装日期 2022/8/9
操作系统内部版本 19044.2075
体验 Windows Feature Experience Pack 120.2212.4180.0
==测试效果 Hook NtOpenProcess==
SyscallHook::GetInsctance()->fn_syshook_init(0xfffff800832018c0, 0xfffff8008280aa90, 0xfffff800827f9630, 0xfffff8008280bbc0,FALSE);
SyscallHook::GetInsctance()->fn_add_hook_by_index(0x26, (UINT64)MyOpenProcess);
NTSTATUS MyOpenProcess( _Out_ PHANDLE ProcessHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
_In_opt_ PCLIENT_ID ClientId) {
asm_stac();
DbgPrintEx(77, 0, "[+]NtOpenProcess catched\r\n");
DbgPrintEx(77, 0, "[+]Process Handle 0%llx DesiredAccess %x ClinetId %llx\r\n",ProcessHandle,DesiredAccess,ClientId);
return NtOpenProcess(ProcessHandle, DesiredAccess, ObjectAttributes, ClientId);
}
**** Hidden Message ***** C++简易VT框架源码-以SyscallHook作为例子
页:
[1]