This will be used in the ark panel to take out the buffer disassembly of the api address when ssdt or win32k's tree form right-click context menu is selected, scanning for features to detect if the selected api is hooked.
This process requires the nt base address as well as reading a piece of buffer inside the start address of the nt api, which requires ssdk manipulation.
This will be used in the ark panel to take out the buffer disassembly of the api address when ssdt or win32k's tree form right-click context menu is selected, scanning for features to detect if the selected api is hooked.
This process requires the nt base address as well as reading a piece of buffer inside the start address of the nt api, which requires ssdk manipulation.