Is hooking Native Api functions reliable?
Posted: Sat Apr 01, 2017 8:23 am
Hello,
I want to hook some Native Api functions from ntdll.dll, more specifically NtCreateFile and NtWriteFile. However, according to MS Documentation, the NT functions are subject to change from one release of Windows to the next, and possibly even between service packs for each release. This includes function signatures and even deletion of the functions. So, with this in mind, is it reliable to hook these functions as their signature may change? Does madCodeHook provide workaround for this? If no, is there some other workaround?
Thanks!
I want to hook some Native Api functions from ntdll.dll, more specifically NtCreateFile and NtWriteFile. However, according to MS Documentation, the NT functions are subject to change from one release of Windows to the next, and possibly even between service packs for each release. This includes function signatures and even deletion of the functions. So, with this in mind, is it reliable to hook these functions as their signature may change? Does madCodeHook provide workaround for this? If no, is there some other workaround?
Thanks!