No self-introduction
Loading
Profile
Follow
codes (1)
Restore SSDT complete source program, driver-level
no vote
Restore SSDT complete source program, drive-level source, protecting your PC security. By modifying the kernel native API hooks in SSDT implementation in Windows, user mode applications calls the API to request systems services, export these many DLL API., for example, to an open file or write to a pipe or equipment data, usually calls the WriteFile API to achieve, WriteFile is exported by Kernel32.dll. in Kernel32.dll, Executing WriteFile API call ZwWriteFile the API exported by Ntdll.dll origin. this work is actually done by ZwWriteFile in kernel mode. therefore, is only the implementation of ZwWriteFile in ntdll.dll delivers some very small amount of code to the kernel space is called
1686968 1 0
1
No more~
Follows0
Fans0