From: Vadim Smirnov [vsmirnov@pcausa.com] Sent: Thursday, April 04, 2002 9:38 AM To: NT Developers Interest List Subject: [ntdev] Re: Hooking system call from driver. Sometimes it can be necessary, but you'd better try to avoid using it. Kernel image protection can be removed as the following: // Disable kernel image protection (Windows 2000/XP specific) __asm { mov ebx , cr0 ; get Cr0 regiter push ebx ; save it and ebx , ~0x10000 ; clear WP bit mov cr0 , ebx ; efectivly disable write protection } // Put your patching code here // Reenable kernel image protection __asm { pop ebx ; restore it mov cr0 , ebx ; enable previous CPU state. } BR, Vadim http://www.ntndis.com -----Original Message----- From: bounce-ntdev-6615@lists.osr.com [mailto:bounce-ntdev-6615@lists.osr.com]On Behalf Of Andy LaRocco Sent: Thursday, April 04, 2002 6:22 PM To: NT Developers Interest List Subject: [ntdev] Re: Hooking system call from driver. So, can I take that to mean you don't think it's a good idea? :) andy -----Original Message----- From: bounce-ntdev-8288@lists.osr.com [mailto:bounce-ntdev-8288@lists.osr.com]On Behalf Of Mark Roddy Sent: Thursday, April 04, 2002 9:06 AM To: NT Developers Interest List Subject: [ntdev] Re: Hooking system call from driver. That isn't a system call its a kernel api. The way to do this is to 'patch' the function itself with a call to your depraved hook routine. Good luck on that, and don't forget that w2k and later protect kernel code space from write operations. "Andy LaRocco" wrote in message news:25986@ntdev... > > Hi, > How would you hook a system call like IoInvalidateDeviceRelations from a > driver? > > thanks > Andy > > > > --- You are currently subscribed to ntdev as: larocco1@charter.net To unsubscribe send a blank email to %%email.unsub%% --- You are currently subscribed to ntdev as: vsmirnov@pcausa.com To unsubscribe send a blank email to %%email.unsub%% --- You are currently subscribed to ntdev as: GlennEverhart@FirstUSA.com To unsubscribe send a blank email to leave-ntdev-247T@lists.osr.com