From 10a28f270656b5b5a7338736a4bd693a92811a9a Mon Sep 17 00:00:00 2001
From: xerox <xerox@hacks.ltd>
Date: Sun, 3 May 2020 04:07:39 +0000
Subject: [PATCH] hooking NtSystemShutdown since it almost never gets called
 lol

---
 physmeme/kernel_ctx/kernel_ctx.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/physmeme/kernel_ctx/kernel_ctx.h b/physmeme/kernel_ctx/kernel_ctx.h
index 5396459..e88aab2 100644
--- a/physmeme/kernel_ctx/kernel_ctx.h
+++ b/physmeme/kernel_ctx/kernel_ctx.h
@@ -84,7 +84,7 @@ namespace physmeme
 		//
 		// you can edit this how you choose, im hooking NtTraceControl.
 		//
-		const std::pair<std::string_view, std::string_view> syscall_hook = { "NtTraceControl", "ntdll.dll" };
+		const std::pair<std::string_view, std::string_view> syscall_hook = { "NtSystemShutdown", "ntdll.dll" };
 
 		//
 		// offset of function into a physical page