Page 1 of 1

Stealth Hook

PostPosted:Sat Feb 16, 2019 1:16 pm
by c6754
How do I hook without a process seeing it in the stack?

ex. replace getprocaddress in a process without the call being seen on the stack

Do I hook the stack or use KeAttachStackProcess()?

im kinda new to kernel

Re: Stealth Hook

PostPosted:Tue Mar 26, 2019 12:41 am
by AxtMueller
Try to use VEH hook? You can do it in user mode.

Re: Stealth Hook

PostPosted:Mon Apr 29, 2019 8:13 am
by adamdevine
please give me some URL or Articles to Understand it.

Re: Stealth Hook

PostPosted:Tue Apr 30, 2019 6:28 pm
by R136a1
There's this new thing called search engines, I heard Google is good.

VEH hooking:
https://medium.com/@fsx30/vectored-exce ... 88754549c6