Updated ssdt_service_count signature.

iPower · iPower · commit a8271cb66a94 · 2022-03-27T14:51:01.000-03:00
diff --git a/KasperskyHookDrv/kaspersky.cpp b/KasperskyHookDrv/kaspersky.cpp
@@ -40,7 +40,7 @@ bool kaspersky::initialize()
 
 	// Find number of services (SSDT)
 	//
-	presult = utils::find_pattern_km( L"klhk.sys", ".text", "\x3B\x1D\x00\x00\x00\x00\x73\x56", "xx????xx" );
+	presult = utils::find_pattern_km( L"klhk.sys", ".text", "\x89\x0D\x00\x00\x00\x00\x8B\xFB", "xx????xx" );
 
 	if ( !presult )
 		return false;
@@ -94,7 +94,7 @@ unsigned int kaspersky::get_svc_count_shadow_ssdt()
 	return shadow_ssdt_service_count ? *shadow_ssdt_service_count : 0;
 }
 
-// Hooks SSDT functions by changing klhk's service table.
+// Hooks SSDT functions by changing klhk's service table
 //
 bool kaspersky::hook_ssdt_routine( unsigned short index, void* dest, void** poriginal )
 {

Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,7 @@ bool kaspersky::initialize()`
`40`	`40`
`41`	`41`	`// Find number of services (SSDT)`
`42`	`42`	`//`
`43`		`- presult = utils::find_pattern_km( L"klhk.sys", ".text", "\x3B\x1D\x00\x00\x00\x00\x73\x56", "xx????xx" );`
	`43`	`+ presult = utils::find_pattern_km( L"klhk.sys", ".text", "\x89\x0D\x00\x00\x00\x00\x8B\xFB", "xx????xx" );`
`44`	`44`
`45`	`45`	`if ( !presult )`
`46`	`46`	`return false;`
`@@ -94,7 +94,7 @@ unsigned int kaspersky::get_svc_count_shadow_ssdt()`
`94`	`94`	`return shadow_ssdt_service_count ? *shadow_ssdt_service_count : 0;`
`95`	`95`	`}`
`96`	`96`
`97`		`-// Hooks SSDT functions by changing klhk's service table.`
	`97`	`+// Hooks SSDT functions by changing klhk's service table`
`98`	`98`	`//`
`99`	`99`	`bool kaspersky::hook_ssdt_routine( unsigned short index, void* dest, void** poriginal )`
`100`	`100`	`{`