Hi 0x00sec !!
I’m working on a behaviour detection engine for personal research, in which I should hook windows API function to have such visibility over the monitored process.
I wonder if anyone has already performed hooking in x64 mode?
Using the same technique described in x32 mode presented by dtm, here is the code I tried to inject (0xdeadbeefdeadbeef represent the address of the hooked function)
And here is how it’s looks like in the debugger
As you can see, it doesent seem like a jumpable addr .
PS : I don’t want to use other hooking library, I want to implement my own.
Thank you in advance