azfk
February 17th, 2010, 14:00
I'm trying to avoid ssdt hooks (I can't manually overwrite them, or restore the original because that'll set off alarms) I was wondering how I could find the base of the kernel, the size and load into my own allocated memory.
I know half (lol), but not the first half, the latter would be to allocated memory filled with zeros, dono the exact api, then memcpy into it, then get proc address to functions I need, and add or subtract to the base of my allocated memory? since I can't remember whether the function address is relative to the base of the kernel.
Thanks in advance
I know half (lol), but not the first half, the latter would be to allocated memory filled with zeros, dono the exact api, then memcpy into it, then get proc address to functions I need, and add or subtract to the base of my allocated memory? since I can't remember whether the function address is relative to the base of the kernel.
Thanks in advance