A forum for reverse engineering, OS internals and malware analysis 

Search found 1 match

 Go to advanced search

Stealth Hook

 by c6754 ¦  Sat Feb 16, 2019 1:16 pm ¦  Forum: Kernel-Mode Development ¦  Topic: Stealth Hook ¦  Replies: 3 ¦  Views: 1912

How do I hook without a process seeing it in the stack?

ex. replace getprocaddress in a process without the call being seen on the stack

Do I hook the stack or use KeAttachStackProcess()?

im kinda new to kernel