From 6e35a0cc7e0d6226d3308ad6ed50b4056e18d94d Mon Sep 17 00:00:00 2001
From: xerox <xerox@hacks.ltd>
Date: Sun, 3 May 2020 06:28:18 +0000
Subject: [PATCH] changed ntoskrnl function that we hook to `NtShutdownSystem`

---
 physmeme/kernel_ctx/kernel_ctx.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/physmeme/kernel_ctx/kernel_ctx.h b/physmeme/kernel_ctx/kernel_ctx.h
index e88aab2..836b851 100644
--- a/physmeme/kernel_ctx/kernel_ctx.h
+++ b/physmeme/kernel_ctx/kernel_ctx.h
@@ -84,7 +84,7 @@ namespace physmeme
 		//
 		// you can edit this how you choose, im hooking NtTraceControl.
 		//
-		const std::pair<std::string_view, std::string_view> syscall_hook = { "NtSystemShutdown", "ntdll.dll" };
+		const std::pair<std::string_view, std::string_view> syscall_hook = { "NtShutdownSystem", "ntdll.dll" };
 
 		//
 		// offset of function into a physical page