How to unhook SSDT hooks and make them gat away?
https://stackoverflow.com/questions/12237363
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianPregunta
I'm working on a rootkit and reversing it.I'm supposing to write my anti-rk specific for this kind of rootkit.The rootkit hooks some kernel-mode functions that can't be unhooked from user-mode, or if I unhook them from user-mode they will not get away and will be back. So what's your suggestions?
Solución
There are a lot of example code and open source projects out there, which does this. You can refer their source to know SSDT unhooking. Few examples:
https://code.google.com/p/arkitlib/
https://code.google.com/p/oark/
Licenciado bajo: CC-BY-SA con atribución
No afiliado a StackOverflow
