-
Notifications
You must be signed in to change notification settings - Fork 7
Information for any type of hooks
Daniil edited this page Oct 13, 2022
·
5 revisions
All types of hooks can be configured using kthook_option enum.
Options can be combined using operator|
For example:
kCreateContextIntegral | kCreateContextEF | kFreezeThreadsThere are several options available:
-
kNone- default behaviour -
kCreateContextIntegral- kthook will capture Integral CPU registers. -
kCreateContextFP- kthook will capture FPU CPU state(x87 stack and SSE registers). -
kCreateContextEF- kthook will capture EFLAGS CPU state. -
kCreateContextAll- same askCreateContextIntegral | kCreateContextFP | kCreateContextEF -
kFreezeThreads- kthook will suspend all threads before installing the hook
for kthook_simple and kthook_signal it can be passed as second template argument; for kthook_naked - as first argument.