Hi, ppl! I want to hook int 2e (KeSystemService() or whatever) on Windows NT. I have read several tutorials on this and they say that u simply find where int 2e is on the IDT and put the address to your hooking code (in your Kernel Mode Driver) there. Is it as simple as this? Does this mean that the KMD is in the same context as the kernel and all its memory is relative to the kernel? With my knowledge (or rather, lack of), the only way I can think of doing this is to allocate some kind of global memory (possible?), copy my code there, then patch the int 2e offset on the IDT to point there :P. Can someone please tell me the way to go about doing this? Thx!
Posted on 2002-08-22 13:54:27 by Rama
I asked a similar question the other day, and later I found some usefull information. http://www.codeproject.com/system/hooksys.asp
I hope this will help you
Posted on 2002-08-23 21:22:11 by dionysus