Is there anyway to hook external process?

wbenny / hvpp

hvpp is a lightweight Intel x64/VT-x hypervisor written in C++ focused primarily on virtualization of already running operating system

MIT License

1.12k stars 221 forks source link

Open wtfbbq opened 5 years ago

wtfbbq commented 5 years ago

inside ia32::cr3_t kernel_cr3 auto kprocess = reinterpret_cast<NT_KPROCESS*>(PsGetCurrentProcess());

I've found that if I KeStackAttachProcess to external process, therefore PsGetcurrentProcess returns external process

In this way it can hook external process, but it bsod sometime (when unloading driver etc..)

How can I hook external process?

trash-code commented 5 years ago

The hypervisor has nothing to do with hooking, and frankly you shouldn't even be looking at a hypervisor if you have issues hooking.