Metick
commented
7 months ago Make sure you're doing it correctly. especially when hooking a function from system space with DMA.
Closed VMWRITE closed 7 months ago
Metick
commented
7 months ago Make sure you're doing it correctly. especially when hooking a function from system space with DMA.
VMWRITE
commented
7 months ago Well. I tried to hook a PeekMessageW for tests. After a WPM my system is crashing because it starting killing all process (ntoskrnl.exe, svchosts.exe and etc. system apps)
Metick
commented
7 months ago Because when you use DMA to hook something you create a system-wide hook, so every single process will go through your hook. that calls PeekMessageW
VMWRITE
commented
7 months ago Well. It's a possible to hook/patch it for a single process ?
Metick
commented
7 months ago You could attempt to hook a function within the process, rather than hook the system dlls that are shared across all processes.
VMWRITE
commented
7 months ago I'll test it. Thx
I got BSOD everytime when tried to use call_function or just rewrite IAT/EAT function for further hooking