I heard, win x64 uses a timer which checks the tables which driver modifies - if it finds out a discrepancy it will bugcheck.
could someone confirm this ? Either we’ll remove hooking from our drivers or we’ll have to patch the timer :).
“faras namus” wrote in message news:xxxxx@ntfsd…
I am curious; does anyone know how does MS stop patching of the system call table on x64? On 2k3SP1 on x32 it makes the table readonly. Does it do something more on x64? Similarly how does it protect IDT, GDT etc from being patched?