ddkwork
commented
3 months ago This can be a low-priority operation, and it's not too late to do it when I've finished laying out the ark panel
Closed ddkwork closed 2 months ago
ddkwork
commented
3 months ago This can be a low-priority operation, and it's not too late to do it when I've finished laying out the ark panel
ddkwork
commented
2 months ago 更新ssdt表
This will be used in the ark panel to take out the buffer disassembly of the api address when ssdt or win32k's tree form right-click context menu is selected, scanning for features to detect if the selected api is hooked.
This process requires the nt base address as well as reading a piece of buffer inside the start address of the nt api, which requires ssdk manipulation.