Hopefully no one will tell you how to get around this stuff. Get rid of the
hooking.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply
“Petr Kurtin” wrote in message news:xxxxx@ntfsd…
I heard, win x64 uses a timer which checks the tables which driver
modifies - if it finds out a discrepancy it will bugcheck.
could someone confirm this ? Either we’ll remove hooking from our drivers or
we’ll have to patch the timer :).
“faras namus” wrote in message news:xxxxx@ntfsd…
I am curious; does anyone know how does MS stop patching of the system
call table on x64? On 2k3SP1 on x32 it makes the table readonly. Does it do
something more on x64? Similarly how does it protect IDT, GDT etc from being
patched?