Hi , iam new in reverse engineering .
but iam trying to learn from internet sources
One of famous AV technique to monitor malware activities by injecting a DLL inside target process
then make hook in Nt functions and then check on function argument if it’s make malicious activities
My Problem .
While iam c++ developer iam trying to edit registery and exploit some windows 10 exploit to esclate privilage . using c++ :
the target key
and when i make changes using NtSetValueKey
the KasperSky terminate my process after the value has been set .
so the vulnerability is exploited successfully , but the process is terminated by KasperSky Antivirus
And when iam trying to disassmble the Function if there some hoook from Av it should make
Jmp 0x000 or some thing like this .
but the problem there is no Hook on NtSetValueKey and function in dissasembler is the same in IDA.
By the way i try Direct sys calls using ASM and C++ . and KasperSky Catch me Again and again
Even there no NtFunctions to hook .
My Question .
Is this problem Becouse Of Kernal-Mode hooking or some thing like this
My operating system Windows 10 64bit so there a Patch Guard Protection.
thanks in advanced .