마이크로 소프트에선 아래와 같은 사항에 대해 하지 말라고 되어있다.
On x64-based systems, kernel code and certain kernel data structures are protected from modification. Any driver that attempts to modify such code or data will cause the system to bug check (with the CRITICAL_STRUCTURE_CORRUPTION bug check).
Drivers for x64-based systems must avoid operations that might trigger this bug check. In particular, drivers must not:
-
Attempt to modify kernel code at run time.
-
Implement and use their own stacks.
-
Modify hardware dispatch tables, such as the interrupt dispatch table (IDT) or global descriptor table (GDT).
-
Modify undocumented kernel data structures.
Even though the preceding operations will not trigger a bug check on x86-based or Itanium-based systems, drivers should not perform any of these operations on any platform. These operations might not work in future versions of the Microsoft Windows operating system.
For more information about modifying kernel code and data structures, see the Patching Policy for x64-based Systems white paper and the 64-Bit Patching FAQ on the Windows Hardware Developer Central (WHDC) Web site.
For general information about programming with a 64-bit compiler, see 64-Bit Programming with Visual C++.
x64bit 환경은 알다가도 모른다.. 하지 말라고는 하나..
각 NT API 함수를 인라인 후킹한 후 테스트 해보면
어쩔땐 CRITICAL_STRUCTURE_CORRUPTION 불루 스크린이 발생 하나, 어쩔 떈 하루종일 돌려 놔도 발생하지 않는다..
검색 결과 랜덤하게 발생한다나 머라나..이건 너무 하진않나..ㅠㅠ
Attempt to modify kernel code at run time 실시간 커널 코드 변경 시도
도데체 어느 부분을 말하는 건지..
쩌ㅃ쩌ㅃ