How to unhook SSDT hooks and make them gat away?
문제
I'm working on a rootkit and reversing it.I'm supposing to write my anti-rk specific for this kind of rootkit.The rootkit hooks some kernel-mode functions that can't be unhooked from user-mode, or if I unhook them from user-mode they will not get away and will be back. So what's your suggestions?
해결책
There are a lot of example code and open source projects out there, which does this. You can refer their source to know SSDT unhooking. Few examples:
https://code.google.com/p/arkitlib/
https://code.google.com/p/oark/
제휴하지 않습니다 StackOverflow