DebugBuggin

I'm getting SYSTEM_THREAD_EXCEPTION_NOT_HANDLED bluescreen both when I try the epage hook example in the driver or if I try your test binary. I'm win10 1709 and latest gen i5. This...

I got this working, but not sure if he wants me to share how, I can say though it's extremely simple.

I did the first method wbenny just listed and it works great.

> That's what I tried to do. I allocate kernel buffers and pass them through the same way as you did in the usermode example, but it just ends up...

> Maybe I am just dumb. But I don't see what I am doing wrong. > > pfnIofCallDriver IofCallDriveFn = (pfnIofCallDriver)GetSystemFunctionAddress(L"IofCallDriver"); > > PVOID OriginalFunction = (PVOID)IofCallDriveFn; > PVOID OriginalFunctionAligned...

literally just replacing ``` Data->PageRead = MmGetPhysicalAddress(Context->RdxAsPointer); Data->PageExec = MmGetPhysicalAddress(Context->R8AsPointer); ``` with ``` Data->PageRead = MmGetPhysicalAddress(OriginalFunctionBackupAligned); Data->PageExec = MmGetPhysicalAddress(OriginalFunctionAligned); ``` then using the usermod tool, worked fine for me. The...

you can use this project for reference for hooking syscalls, I couldn't get hyperbone to load for me but the author is a genius and his code is very clean...