-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathHookSysenter.h
More file actions
31 lines (26 loc) · 745 Bytes
/
HookSysenter.h
File metadata and controls
31 lines (26 loc) · 745 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#ifndef __HOOKSYSENTER__H__
#define __HOOKSYSENTER__H__
#include <NTDDK.h>
typedef struct _KSERVICE_TABLE_DESCRIPTOR {
PULONG Base;
PULONG Count;
ULONG Limit;
PUCHAR Number;
} KSERVICE_TABLE_DESCRIPTOR, *PKSERVICE_TABLE_DESCRIPTOR;
extern PKSERVICE_TABLE_DESCRIPTOR KeServiceDescriptorTable;
VOID SetSysenterHook();
VOID UnSysenterHook();
VOID SetHook(ULONG ulHookAddr, ULONG ulHookProc);
VOID UnHook(PUCHAR pat, ULONG patLength, PVOID ulHookAddr);
ULONG SundayFind(PUCHAR pat, ULONG patLength, PUCHAR text, ULONG textLength);
#define CloseWP() \
_asm{cli}\
_asm{mov eax, cr0}\
_asm{and eax, ~0x10000}\
_asm{mov cr0, eax}
#define OpenWP() \
_asm{mov eax, cr0}\
_asm{or eax, 0x10000}\
_asm{mov cr0, eax}\
_asm{sti}
#endif