Pancake Posted July 26, 2015 Share Posted July 26, 2015 Hello. Im developing a bot to game, and tryin to be as stealthy as possible i planned to do some stuff in kernel. On x32 it was pretty easy to hook ssdt, and it was basically it, but on x64 things are different. I know the patchguard limitations, and i cant find way to intercept the syscalls. I want to hide and preserve debug registers because im using HWBPs to intercept game loops (i know i can do it usermode, but i want the stronger way), inject the implant botting code and control it from driver (already managed to do it). The only "legal" way to get notified was ObRegisterCallbacks but it works only for process creation and some other operations with handle, i digged the entire internet and couldnt find answer how to get notified when selected process calls Zw APIs (i need several ones)? And by the way, is it possible to handle selected processes exceptions in my driver so i dont have to register a handler and do other detectable stuff in usermode process? Greetz Link to comment
Conquest Posted July 27, 2015 Share Posted July 27, 2015 Follow this thread - http://waleedassar.blogspot.com/2012/07/wow64-user-mode-system-calls-hooking.html Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now