4

Can I use EasyHook to hook some API(NtOpenProcess) from kernel mode? I am not interested in user mode hooking via process wide dll injection, but as I see easy hook has a driver developed with code related to kernel mode hooking. Or am I wrong? http://easyhook.codeplex.com/

The entire goal of this task is to write a simple protection system for one application, i.e.: block openprocess for specific processes, block createfile in specific directory... plus get notifications when some process tries to call appropriate API

Any advice?

Maybe there are some other ways to make kernel mode hooking without reinventing the wheel?

WhackinMyKeyboard
  • 140
  • 11
sfireman
  • 183
  • 4
  • 9

1 Answers1

0

I think the sample demo they provided in their tutorial is for kernel mode hooking. In that demo, it hooks the CreateFileW from kernel32.dll. I believe that's the example for kernel mode hooking.

azizulhakim
  • 658
  • 7
  • 24
  • kernel32.dll is a userspace DLL. The example you refer to must be therefore for user space hooking. down voting. – Sahil Singh Aug 15 '18 at 11:46