Ch40zz
commented
5 years ago No, not with the current code, it only triggers in KiSystemCall64 which only gets called for syscalls.
Closed YangKi1902 closed 5 years ago
Ch40zz
commented
5 years ago No, not with the current code, it only triggers in KiSystemCall64 which only gets called for syscalls.
YangKi1902
commented
5 years ago Yes it is possible to do that. You have to replace the used function name : https://github.com/everdox/InfinityHook/blob/b4ee7cf37ba584b74bbbbfd8bcb1b3652b2ce3c4/src/kinfinityhook/entry.cpp#L23
Instead of "NtCreateFile", you're going to put your "MmXxx" function name, for example, "MmCopyVirtualMemory".
Then correctly setup your detour function, and you should be done.
well i think not easy like that, we need to change event trace class and do something more maybe.
BerkanYildiz
commented
5 years ago Actually no, as @Ch40zz, it's for usermode syscalls only.
hello, will it able to hook Mm functions ? what's the code i need to change ?