Hi!!
I created a new copy of the function (which is in ntoskrnl.exe) in
memory.i want all calls to be transfered to my new function.
I patched all the call sites.but still i can’t able to figure out how to
patch exported entries.
Does windows maintains any centrallized symbol table ?
Urgent help reqd.
Thanks in advance
Prashant wrote:
I created a new copy of the function (which is in ntoskrnl.exe) in
memory.i want all calls to be transfered to my new function.
I patched all the call sites.but still i can’t able to figure out how to
patch exported entries.
What are you really trying to accomplish? Hooking a kernel function is
almost surely not the right way to do it.
–
Walter Oney, Consulting and Training
Basic and Advanced Driver Programming Seminars
Now teaming with John Hyde for USB Device Engineering Seminars
Check out our schedule at http://www.oneysoft.com