Overview In this article, I wanted to introduce a fun approach to performing functions similar to those enabled by Windows Object Callbacks but through an alternative means (experimentally). It’s well known that anti-malware, anti-cheat, and generic monitoring tools on Windows systems often use these callbacks. However, their usability is limited to parties with signed modules, […]| Reverse Engineering
Abuse the HalPrivateDispatchTable to hook SYSCALL system-wide while maintain compliance with PatchGuard on Windows 10 and 11.| Reverse Engineering
Introduction Process suspension is a technique which is quite well-known, and it is used for a variety of reasons (even by malicious software sometimes). The term “suspension” means “stoppin…| Opcode