Update README.md

master
_xeroxz 4 years ago
parent 28ac5b3ef0
commit c206543e78

@ -5,9 +5,11 @@ This project inherits VDM and uses GDRV by default but you can use whatever meth
# fdelete-km # fdelete-km
The kernel module part of this project is used to generate the assembly to call kernel functions with over four parameters. VDM hook NtShutdownSystem and since NtShutdownSystem The kernel module part of this project is used to generate the assembly to call kernel functions with over four parameters. VDM temp hooks NtShutdownSystem and since NtShutdownSystem
only takes four parameters, some of the required functions cannot be called since the arguments are not copied from the usermode stack to the kernel stack in KiSystemCall... only takes four parameters, some of the required functions cannot be called since the arguments are not copied from the usermode stack to the kernel stack in KiSystemCall...
note: I choose NtShutdownSystem since its in every single windows version ever and inline hooking this function wouldnt cause any race conditions lol.
```cpp ```cpp
VOID KiSystemService(IN PKTHREAD Thread, IN PKTRAP_FRAME TrapFrame, IN ULONG Instruction) VOID KiSystemService(IN PKTHREAD Thread, IN PKTRAP_FRAME TrapFrame, IN ULONG Instruction)
{ {

Loading…
Cancel
Save