Jump to content
Nytro

My first SSDT hook driver

By Nytro, in Programare

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

[h=1]My first SSDT hook driver[/h]by zwclose7

Hello, this is my first SSDT hook driver. My driver will hook NtTerminateProcess, NtLoadDriver, NtOpenProcess and NtDeleteValueKey.

NtTerminateProcess hook

This hook will protect any process named calc.exe from being terminated.

NtLoadDriver hook

This hook will display the driver name in the debugger/DebugView.

NtOpenProcess hook

This hook will deny access to any process named cmd.exe, and will return STATUS_ACCESS_DENIED if the process name match.

NtDeleteValueKey hook

This hook will protect any values named abcdef from being deleted.

To load the driver, run the loader.exe in the release folder. This program will install the driver to the system, and then load it. All functions will be unhooked when the driver unloads. [h=4]Attached Files[/h]

Sursa: My first SSDT hook driver - rohitab.com - Forums

zwclose7

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...