gavinl1b0

Thanks for your applying! Maybe you are right, but when I open the docx, it doesn't output any errors. Maybe office has fixed the bug, I don't know.

Hi, I have a question about these codes in EptHookInstructionMemory function. Is these codes mean calculate the instruction length of target hook function until SizeOfHookedInstructions > 19? And Is ldisasm...

I think I have known the reason of why I got BSOD when trying to hook ZwUnhookDriver. Because the instruction of 000000014041536C has a related offset to KiServiceLinkage, so we...

I have found a trampoline code, which has length 12. And it can work well for hooking ZwUnloadDriver and ExAllocatePoolWithTag. But it can't be used to hooking functions which use...

Honestly I didn't test in the Hyperdbg, but instead Hypervisor From Scratch, whose length disassembler engine maybe has a problem. Because I try to hook ZwUnloadDriver but the SizeOfHookedInstructions is...

How much is the length of the above instruction?

That's a good way that I haven't known before! It won't modify any registers or stack. And can you provide the opcodes of these instructions? I don't find the opcode...

I create a example opcode of that, is that correct? ``` .text:00000001400052A7 FF 25 02 00 00 00 jmp cs:qword_1400052AF .text:00000001400052A7 sub_1400052A7 endp .text:00000001400052A7 .text:00000001400052A7 ; --------------------------------------------------------------------------- .text:00000001400052AD 00 unk_1400052AD...

Yeah, I check the trampoline code in Hyperdbg, it's on the function EptHookWriteAbsoluteJump. But this trampoline code is still has problems when try to hook ZwUnhookDriver I think, because its...

Ok, let me show you a example that hooking the function ZwUnhookDriver by using your trampoline code. Firstly, We will replace the first 19 bytes spaces of ZwUnhookDriver function that...