Saturday, 30 November 2013

Detoruing x64 System Call Stub: X86SwitchTo64BitMode

Hi,

It's been a while since I posted anything, anyway now that I am here I am going to be giving a detour for: X86SwitchTo64BitMode.

X86SwthTo64BitMode is the deepest call before everything switches into 64 bit mode and other inaccessible DLL files. Additionally X86SwitchTo64BitMode can be detoured fairly easily unlike KiFastSystemCall, a usual JMP would do the job especially because we don't care if we overwrite instructions because we are not jumping back to the original instruction.

The Code is more or less pretty straightforward for any Windows savvy users.

Link: X86SwitchTo64BitMode.cpp

As said before, this code can be easily incorporated into a Global detour, additionally you may find this suitable to incorporate into your projects with credits to - Code Empire.

Regards,

2 comments:

  1. Good one. But is this code will work in 64-bit Operating system and also windows 8.
    As we can not build asm code for 64 bit. We need native api to build the code.

    ReplyDelete