A forum for reverse engineering, OS internals and malware analysis 

Discussion on reverse-engineering and debugging.
 #31277  by TechLord
 Sun Feb 18, 2018 4:19 am
GhostHook – Bypassing PatchGuard with Processor Trace Based Hooking

I know that its a little old but decided to post it anyway since it was not found posted here.

Hooking techniques give you the control over the way an operating system or a piece of software behaves. Some of the software that utilizes hooks include: application security solutions, system utilities, tools for programming (e.g. interception, debugging, extending software, etc.), malicious software (e.g. rootkits) and many others.

The GhostHook technique discovered can provide malicious actors or information security products with the ability to hook almost any piece of code running on the machine

Full Article here :
https://www.cyberark.com/threat-researc ... d-hooking/