HOOK SSDT hidden / protected process
no vote
Application background
Hook SSDT development process hide and process protection driver. Process hide the process of ensuring that the traversal process API, including the TaskMgr view is not the process, the process of protecting the process is to be killed.
Key Technology
SSDT hook ZwQuerySystemInformation ZwTerminateProcess func