Cthulhu
05-26-2008, 09:11 AM
Quote:
This article shows how to get the address of KeServiceDescriptorTableShadow kernel variable. This variable is used to add new system services to kernel, or hook a existing system service. Unfortunately, it is not exported by ntoskrnl.exe, so we have to get its address manually. |
http://www.codeproject.com/KB/tips/SDTShadow.aspx
