Yes, of course, not a motor is only one POC, use this method only for show, But I think everyone expected an enginekmd wrote:its good doing something mutant, thanks..
but how to say... no offense... if it were posted 10-12 years ago then something like it would be worth.. somehow. But in 2012 year post about inline hook?thats not true, see above posts..Well as we know on Windows NT there is no callback function ( From user mode ) to do this task
this lame man, what if there hook like this?In this function, we simply call the stub which contains the original 5 bytes from the hooked function
then you execute half of instuction and jump over in trash. You need at least length disassembler.
I have another method which can monitoring all processes from user mode, so I will post it.