GhostHook :Bypass PatchGuard with Processor Trace-Based Hoo

Discussion on reverse-engineering and debugging.
Post Reply
Posts: 19
Joined: Tue Jun 16, 2015 6:15 am

Sun Feb 18, 2018 4:19 am

GhostHook – Bypassing PatchGuard with Processor Trace Based Hooking

I know that its a little old but decided to post it anyway since it was not found posted here.

Hooking techniques give you the control over the way an operating system or a piece of software behaves. Some of the software that utilizes hooks include: application security solutions, system utilities, tools for programming (e.g. interception, debugging, extending software, etc.), malicious software (e.g. rootkits) and many others.

The GhostHook technique discovered can provide malicious actors or information security products with the ability to hook almost any piece of code running on the machine

Full Article here : ... d-hooking/
Post Reply