kmd wrote:its good doing something mutant, thanks..Yes, of course, not a motor is only one POC, use this method only for show, But I think everyone expected an engine :D
but how to say... no offense... if it were posted 10-12 years ago then something like it would be worth.. somehow. But in 2012 year post about inline hook?Well as we know on Windows NT there is no callback function ( From user mode ) to do this taskthats not true, see above posts..
In this function, we simply call the stub which contains the original 5 bytes from the hooked functionthis lame man, what if there hook like this?
then you execute half of instuction and jump over in trash. You need at least length disassembler.
I have another method which can monitoring all processes from user mode, so I will post it.