search

everdox / InfinityHook

Hook system calls, context switches, page faults and more.
2.38k stars 496 forks source link

about ZwQueryInformationThread and NtGetContextThread #12

Closed huoji120 closed 4 years ago

huoji120 commented 4 years ago

hi , i am learning this source and try to hook ZwQueryInformationThread and NtGetContextThread just like that:

if (*SystemCallFunction == pfn_ZwQueryInformationThread )
    {
        DPRINT("pfn_ZwQueryInformationThread! \n");
        *SystemCallFunction = MyZwQueryInformationThread;
    }
    if (*SystemCallFunction == pfn_NtGetContextThread)
    {
        DPRINT("pfn_NtGetContextThread! \n");
        *SystemCallFunction = MyNtGetContextThread;
    }

but look like my hook function never get call. Did I screw up something? i have no idea.

huoji120 commented 4 years ago

pfn_ZwQueryInformationThread and pfn_NtGetContextThread addr get by ssdt index.