Stealth Hook

Forum for discussion about kernel-mode development.
Post Reply
Posts: 1
Joined: Sat Feb 16, 2019 1:12 pm

Sat Feb 16, 2019 1:16 pm

How do I hook without a process seeing it in the stack?

ex. replace getprocaddress in a process without the call being seen on the stack

Do I hook the stack or use KeAttachStackProcess()?

im kinda new to kernel
User avatar
Posts: 9
Joined: Thu Dec 27, 2018 11:11 pm

Tue Mar 26, 2019 12:41 am

Try to use VEH hook? You can do it in user mode.
Post Reply